Linux-Networking Digest #266, Volume #10 Sat, 20 Feb 99 19:13:45 EST
Contents:
Firewall with 1 IP ([EMAIL PROTECTED])
Re: PPP under linux 2.2.1 (Matt Jackson)
Having a SLIP connection terminate after no TCP/IP activity (Fred Heitkamp)
About an Internet Server howto? ("Juan Riera")
Re: Machine name themes - what do you use? (Nathan Fiedler)
Re: Linux brings Sun Solaris NFS server down (James MacKinnon)
Re: MS Explorer 4.0 for Unix [LONG] (Bill Anderson)
Re: _Good_ (support 5+ systems) Monitor/Mouse/Keyboard switch for pc... (Frederic
Faure)
INETD.CONF HELP! ("Scott MacDonald")
Re: IRC , identd and firewalls ??? ("Robert L. Ziegler")
Re: Beowulf for Web Serving? (Bill Anderson)
Re: MS Explorer 4.0 for Unix [LONG] (Bill Anderson)
Installing 3com 3c905 card on Redhat 5.0 ([EMAIL PROTECTED])
pam_smb working at home, not in lab -- arrgh! ("Sean O'Connor")
Re: INETD.CONF HELP! (Juergen Heinzl)
bootp problem : bad addr len from from Ethernet (Vijay Moorthy)
Re: StarOffice 5.0 Key ? (Andre Boeder)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.os.linux,comp.os.linux.misc,comp.os.linux.setup
Subject: Firewall with 1 IP
Date: Sat, 20 Feb 1999 21:08:34 GMT
- My ISP has asigned me 1 static IP.
- I have a LAN, and 3 NT Web servers on it that I want to make available to
Inet with 192.168.X.X IPs.
- I want to put a Linux RedHat 5.2 based firewall before the LAN.
Would it be possible with just 1 IP, maybe with IP Masquerading or should I
ask for a Class C Network?
Answers will be welcome by private e-mail.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Matt Jackson <[EMAIL PROTECTED]>
Subject: Re: PPP under linux 2.2.1
Date: 20 Feb 1999 07:12:31 +1100
[EMAIL PROTECTED] (Clifford Kite) writes:
> The <CONNECT ''> sends an extra carriage return that sometimes causes the
> ISP to become confused. <CONNECT '\c'> avoids this, but you use the
> same scripts for 2.0.36 so it's almost certainly not the problem.
I didn't know that but I agree it's not the problem. I can't ever recall
the chat failing but I changed it anyway. Thanks.
> The ISP seems to be asking for Multilink PPP, at least I *think* that
> the unnamed options below refer to. Pppd can't do this and rejects them.
>
Yup. When running under 2.0.36 they appear as well but shortly after I
receive an ack from the other end which doesn't appear for 2.2.1
> Feb 17 19:07:46 emjay pppd[368]: rcvd [LCP ConfReq id=0x1 <mru 1524>
> <asyncmap 0xa0000> <pcomp> <accomp> < 11 04 05 f4>
> < 13 09 03 00 c0 7b 7e 0a 8a>]
>
> The ppp-2.3.5 pppd was compiled under 2.0.36, I don't see why it shouldn't
> work under 2.2.1 without recompiling but it's something to think about.
> I do know that there is new 2.2.1 kernel support for PPP relative to
> the 2.0.36 kernel support.
>
Actually, I think it was compiled under 2.2.1 since I have two Linux
boxes on my local network a P166 and a 486/33. The 486 is the workhorse
and has the PPP connection but I do my compiles on the P166, NFS mount
the partition onto the 486 and install from there. To be on the safe
side, I rebuilt PPP entirely on the 486 whilst running 2.2.1 but as you
have probably guessed, no joy.
Thanks for your suggestions,
--
Matt Jackson
[EMAIL PROTECTED]
------------------------------
Date: Sat, 20 Feb 1999 17:17:12 -0500
From: Fred Heitkamp <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Having a SLIP connection terminate after no TCP/IP activity
I often have my PC downloading large files over a SLIP connection to my
ISP. I was wondering if there is a utility to watch the TCP/IP activity
and execute my SLIP stop script after the activity stops. I'm thinking
along the lines of the dialer in OS Warp that has a Hangup after x
minutes of no activity feature.
--
Fred
------------------------------
From: "Juan Riera" <[EMAIL PROTECTED]>
Subject: About an Internet Server howto?
Date: Sat, 20 Feb 1999 23:10:14 +0100
Hi,
I have installed a Linux intranet site on Apache; it works OK. I have not
set up the DNS server.
I want to convert my intranet server in an internet site. I would like to
know what are the steps to follow.
I have registered a domain name at Internic (through Network Solutions).
I have read the www-howto and DNS-howto on Linux RedHat 5.2 distribution,
but it is not very clear to me... Is there any ressource (book, web page,
...) where I could see step by step all that I need to do to get my home web
site working?
Thanks alot!
Juan
------------------------------
From: Nathan Fiedler <[EMAIL PROTECTED]>
Crossposted-To: comp.unix.solaris
Subject: Re: Machine name themes - what do you use?
Date: Sat, 20 Feb 1999 13:34:02 -0800
Here are a couple of schemes I've seen used:
Use names of baseball teams: dodgers, pirates, giants, etc.
Use names of elements or compounds: boric, salt, testosterone, etc.
Use names of famous mathematicians: euler, hawking, newton, euclid, etc.
nathan
------------------------------
From: James MacKinnon <[EMAIL PROTECTED]>
Subject: Re: Linux brings Sun Solaris NFS server down
Date: Sat, 20 Feb 1999 15:49:49 -0700
On Wed, 10 Feb 1999, Jim Webster wrote:
> I had put this one in the X newsgroup, but now think it may be better here
> in network group. Excuse me if I break ettiquette by duplicating posts. If
> there is a way to "link" them, please let me know.
>
>
> This is one for the books. Maybe more appropriate for the network
> newsgroup, but it seems related to X so I post it here.
>
> We have a Sun Solaris (Sparc) NFS server that all users use for their home
> directory; e.g. /home is mounted on the Sun. There are other mounted
> directories also.
>
[snipped]
>
> Anyone ever heard of a problem like this?
>
We encountered exactly the same problem last year with the introduction
of several Linux machines (30 or so) getting users' $HOMEs from a
Solaris NFS server (sun4m, Solaris 5.5, four 4gig drives).
This server was previously hosting approx 150 other Unixes (Ultrix,
SunOS, Solaris, SGI, Dec/OSF1, NeXT) without any problems, and
our choice of SUN at the time was based on the concept that since they
invented NFS, it should be the "best of breed", which later proved
to be a completely false assumption on our part.
As soon as we added the Linux machines (RH 4.x at that time), the
Solaris server would falter on NFS as soon as users logged in on X
- no diagnostic notification could be found on the Solaris server, and
one could telnet to it just fine. It appeared as if the NFS server
functionality just went down the tubes. The Linux machines appeared
to freeze also, with many 'NFS server xxx not responding' errors.
We also had NFS mounts on the Linux machines from other architectures
(including our older SunOS servers) and these funtioned just fine.
SUN could not offer any assistance other than the standard patter
of "upgrade to the latest release", which put me off entrely to
SUN and Solaris especially. IMHO Solaris NFS sucks big-time.
I was so disgusted and disappointed in Solaris that I purchased
a Linux dual box and made it the NFS server for $HOME's. It has
currently been running now for over a year, serving up an 18 Gig
drive over NFS to 250+ clients (mounted with rsize=8192,wsize=8192),
running RH 5.1 with latest patches to nfsd.
Problem solved, but only be abandoning what appears to be a real
dud of a server type. ( I would much rather have seen SUN provide
a real fix on their flakey Solaris NFS ...)
Cheers,
--
James S. MacKinnon Office: P-139 Avadh-Bhatia Physics Lab
Team Physics Voice : (780) 492-8226 [old AC 403]
University of Alberta email : [EMAIL PROTECTED]
Edmonton, Canada T6G 2N5 WWW : http://www.phys.ualberta.ca/
------------------------------
From: Bill Anderson <[EMAIL PROTECTED]>
Crossposted-To: alt.linux,linux.redhat,linux.redhat.misc,comp.windows.x.kde
Subject: Re: MS Explorer 4.0 for Unix [LONG]
Date: Fri, 19 Feb 1999 20:44:34 +0000
Peter Buelow wrote:
>
> All or nothing? I beg to disagree. The beautiful thing about Linux, and the mass
> of computer choices now is that there is no all or nothing argument any more. I
> write HTML all the time. I write simpler HTML and leave the fancy stuff to CGI or
> Java. And I write it in FP. Actually, let me clarify, I lay it out in FP and then
> edit it in notepad, vi, or whatever text editor is handy. When you design a large
> page, it is much easier if most of the tag layout is done for you, leaving some
> cleanup and tweaking, but not the work involved in writing it all by hand, then the
> cleanup and tweaking. Cutting steps is easy.
Sorry if it was vague, but my references to *writing* html had nothing
to do with OSes, rather with semantics. Granted once could go to the
extreme, and say you type html or you don't (unless you have some cool
graphics pen and handwriting recognition software). Saying one writes
html using <insert dnd gui here> is making a bogus statement, much like
thse who say "I *program* HTML". I beleive you grock this, as you
clarified your use of FP.
> I don't knock any developer at this point. If you look at the mind boggling
> amount of stuff out there, the best is written in a variety of ways, using a
> variety of tools. Anyone who says that there is only one way to do it is really
> pushing the limit in arrogance and close-minded thinking. I am a full time Linux
> user in a sea of NT boxes, but I also have an NT box, and a laptop that has 98.
I agree, the complexity of*web pages* can be staggering, and there are
many tools available. What you use should depend upon what is available
and/or appropriate for the task.
> I
> would be a fool not to use what was available to me. My first page was written
> entirely using vi. My second was also. They sucked. My pages are still not
> professional, but that's ok, I'm not a professional web designer. It's a hobby. For
> most people in this world, it's a hobby. Get past the better than thou attitude and
> don't fault someone 'cause they think differently than you.
>
> Peter Buelow
I believe you are mixing posts here. I was responding to a
holier-than-thou attitude.
> Bill Anderson wrote:
>
> > Rowan Volvo wrote:
> > >
> > > In article <7a0ogd$[EMAIL PROTECTED]>,
> > > Alexander Viro <[EMAIL PROTECTED]> wrote:
> > > >
> > > >OK, it's time for flame, kids.
> > >
> > > < --snip-- > been pissed about this for a long time, have we?
> > >
> > > >engine/style chosen by client. Get a decent textbook and read it (if you can
> > > >read, that is).
> > > >
> > >
> > > I'll bite, suggestions ?
> > >
> > > >>As for having a fscking idea of HTML, who in their right mind, that is a
> > > >>serious web page creator, hand-writes HTML anymore?
> > > >
> >
> > You should keep in mind that *most* gui tools do not actually write
> > decent html, let alone html that fits the standard. Most of them emulate
> > the stucture of a document, using all sorts of nasty, space-wasting
> > elements.
> >
> > Clean html loads faster.
> > FWIW, I prefer to use vim for writing html. It is easier than the
> > unwashed gui-nauts are led to believe, which is fine with me. I can get
> > more done using vi than using FP, HS, etc.. I have them, I don't use
> > them anymore.
> >
> > Either you 'hand-write' html, or you do not write html period. There is
> > no in between. Saying you write html, and using a wysiwys gui, is like
> > saying you write a program by dragging some images in place in, say, VB.
> >
> > Bill
>
> --
> Peter Buelow
> Motorola GSM/Bedrock
> (847)632-6390
------------------------------
From: [EMAIL PROTECTED] (Frederic Faure)
Crossposted-To:
comp.os.ms-windows.nt.admin.networking,comp.os.linux.hardware,comp.sys.ibm.pc.hardware.video,comp.os.linux.misc,comp.os.ms-windows.nt.misc
Subject: Re: _Good_ (support 5+ systems) Monitor/Mouse/Keyboard switch for pc...
Date: Sat, 20 Feb 1999 22:04:25 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 20 Feb 1999 07:04:26 GMT, "Man" <[EMAIL PROTECTED]> wrote:
>I currently have a two-computer vga/serial/kb switch that is made by PC
>Concepts that I purchased from Fry's Electronics for ~$35. Now, I am
>looking to add another computer and would still like to have control over
>all three boxen from my single monitor, mouse, and keyboard. Could anyone
>suggest a better one than the one I have now, possibly one that just just
>push a soft button instead of turning a large (0.5") switch for each
>computer...
Watch out: "passive/manual" switches are no good if you use higher
resolutions (eg. 1024*768, 1200*1024, etc.). You'll get a ghosting
effect, where all windows will be doubled. Casper at work.
Also, there's the problem of turning connections on and off through
the switch: Remember to switch to the right PC when booting it,
otherwise it will complain it can't find a keyboard, and the OS won't
load the mouse driver.
Finally, although NT allows your "unplugging" mouse/keyboard during a
session (ie. switching to another PC), 9x will disable the mouse if
you do this -> you'll have to reboot or switch to DOS to have the
driver reloaded. Uncool.
"Active" switches cost a lot more (eg. 8-port OmniView costs over
$500), but they don't suffer from the problems above.
FF.
--
The system required Windows 95 or better, so I installed Linux!
------------------------------
From: "Scott MacDonald" <[EMAIL PROTECTED]>
Subject: INETD.CONF HELP!
Date: Fri, 19 Feb 1999 14:32:12 -0600
howdy,
I have just disabled the imap service in inetd.conf and need to know how to
activate the changes. I have read about sending a sighup signal, and ps x |
grep inetd, then killing stuff, but i don't understand it completely. Can
someone walk me through it in a little more detail? Please? I am running
redhat 5.1. Thanks!
Scott
------------------------------
From: "Robert L. Ziegler" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: IRC , identd and firewalls ???
Date: Fri, 19 Feb 1999 15:53:19 -0500
Stan Smiley wrote:
Is there some way I can get the identd requests from the IRC server
back to my masqueraded client?
I'm not sure you'd want this to happen.
can I run an identd (Unix auth service I think, tcp port
113)on the firewall to get around this?
Yes. identd can be enabled in /etc/inetd.conf.
There is some disagreement over whether or not to enable identd because
of the information it gives out, but it is not a security risk per se.
Some people insist on running it just as a matter or courtesy. The
service is usually called when you send email, for example.
One thing you don't want to do is to "deny" the incoming messages to the
AUTH port, because that results in annoying timeout waits for you. If
you don't want them, you should either reject them, or else leave the
port open but not enable the identd service.
To enable the port in the firewall, you'd need some rules something like this:
# AUTH server (113)
# -----------------
ipfwadm -I -a accept -P tcp -W $EXTERNAL_INTERFACE \
-S $ANYWHERE $UNPRIVPORTS \
-D $IPADDR 113
ipfwadm -O -a accept -P tcp -k -W $EXTERNAL_INTERFACE \
-S $IPADDR 113 \
-D $ANYWHERE $UNPRIVPORTS
# AUTH client (113)
# -----------------
ipfwadm -I -a accept -P tcp -k -W $EXTERNAL_INTERFACE \
-S $ANYWHERE 113 \
-D $IPADDR $UNPRIVPORTS
ipfwadm -O -a accept -P tcp -W $EXTERNAL_INTERFACE \
-S $IPADDR $UNPRIVPORTS \
-D $ANYWHERE 113
Bob
------------------------------
From: Bill Anderson <[EMAIL PROTECTED]>
Subject: Re: Beowulf for Web Serving?
Date: Fri, 19 Feb 1999 20:33:37 +0000
"Robert N. Pratt" wrote:
>
> Hi Bill,
>
> So, where would I go on the web to learn more about using seperate modern
> hardware for each of these tasks, and how to implement, network it physically
> and through software?
>
> Thanks for the reply!
> Rob
>
The first one that pops up, and IIRC you mentioned in another post, is
the database machine. I would put that on a rather beefy machine (if
possible).
There are many databses available for Linux. If initial cost is an
issue, you can go with MySQL, for example (please, no DB wars ;^). The
details on how to set it up for a webserver to access would be in the
documentation for whatever DB you choose. (www.mysql.org www.oracle.com
www.informix.com are but a few).
Unless you expect a large hit in the beginning, you could likely start
out with:
Machine A:
SQL database server
Machine B:
webserver
dns (primary or secondary)
Machine C:
mail
dns (primary or secondary)
Machine D:
Firewall
Granted, some of these could be further merged, this is just an example,
given the short amount of detail available. I prefer to keep mail, db,
and www seperate, as they are likely to be the hardest hit (at least
until you get really large, then dns ranks up there too).
For mail, I recommend qmail.
Bill Anderson
http://www.libc.org //Home of the Linux in Boise Club
My opinions are just that, *my* opinions.
------------------------------
From: Bill Anderson <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,linux.redhat.misc,comp.windows.x.kde
Subject: Re: MS Explorer 4.0 for Unix [LONG]
Date: Fri, 19 Feb 1999 20:36:05 +0000
Jeraimee wrote:
> <STANDING CLAP> <STANDING CLAP> <STANDING CLAP>
...sounds like a bad disease...
------------------------------
From: [EMAIL PROTECTED]
Subject: Installing 3com 3c905 card on Redhat 5.0
Date: Fri, 19 Feb 1999 18:59:35 GMT
I've just installed a 3c905 card and I'm trying to register it under Linux RH
5.0. I decided to do the simple thing described in the RH Manual. Under the
Control Panel I clicked on the Kerneld manager, select module eth0/3c59x and
restart the Kerneld.
Unfortunately, nothing happens, I don't even see error messages. Where does
the Kernel Log get written? What am I missing here? It is my understanding I
should be able to register the eth0 manually.
I am running kernel 2.0.36-0.7. I am also working on recompiling the kernel
with the 3c59x driver included.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Sean O'Connor" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,comp.os.linux.setup,comp.protocols.smb,linux.redhat.pam
Subject: pam_smb working at home, not in lab -- arrgh!
Date: Sat, 20 Feb 1999 18:34:27 -0500
Hello,
I am feeling very dense at the moment. I have an NT 4.0 sp3 server at
home which I have succeeded in using to authenticate my Linux RedHat 5.2
users.
I am now trying to implement this setup in the lab where I have 180+
users on Win95 machines, trying to get email. I can't find the missing
pieces between the working installation and the non-working one.
I have tried both pam_smb 1.1.1 and 1.3.4. If I understand the concept
correctly, those users I want to authenticate to the NT server should have
an '*' in their password field in /etc/passwd. Shadow passwords has no
effect one way or another. I do not _need_ samba. I do have samba 2.0.0
running however. Because samba is running, I am already entered in the
domain (server mgr shows the Linux box as a server). I do use dhcp (from the
NT server currently) to get my ip address. This seems to be doing funky
things to my hostname (ie: node19, node 41,... changing each login).
I have turned on debug in /etc/pam.d/login:
...
"auth required /lib/security/pam_smb_auth.so debug"
...
The module is in /lib/security, chmod 755, root & root.
I have /etc/rc.d/init.d/smb starting pamsmbd (using "daemon
/usr/local/sbin/pamsmbd").
I have /etc/pam_smb.conf: "TANDEM,TANDEM-NT1,TANDEM-NT1", because I only
have one NT server (and it works at home, though that might be pam_smb 1.1.1
not 1.3.4).
The messages I seem to be getting are as follows:
============[snip]==================
Feb 20 18:15:11 node47 pamsmbd[282]: Got SIGALRM: going cleaning cache
Feb 20 18:15:54 node47 login: pam_smb: Local UNIX username/password pair
correct.
Feb 20 18:16:11 node47 pamsmbd[282]: Got SIGALRM: going cleaning cache
Feb 20 18:16:23 node47 login: pam_smb: Local UNIX username/password check
incorrect.
Feb 20 18:16:23 node47 pamsmbd[282]: db_get: found no entry return ENOENT
Feb 20 18:16:23 node47 pamsmbd[282]: Reauthenticating user soc soc TANDEM
TANDEM-NT1 TANDEM-NT1
Feb 20 18:16:24 node47 login: pam_smb: got back 1 username soc
Feb 20 18:16:24 node47 login: FAILED LOGIN 1 FROM (null) FOR soc,
Authentication service cannot retrieve authentication info.
============[snip]==================
I must be missing something obvious, but seem to have brain lock at the
moment. Can anyone throw some ideas at me?
TIA
SoC
------------------------------
From: [EMAIL PROTECTED] (Juergen Heinzl)
Subject: Re: INETD.CONF HELP!
Date: Fri, 19 Feb 1999 21:38:51 GMT
In article <[EMAIL PROTECTED]>, Scott MacDonald wrote:
>howdy,
>
>I have just disabled the imap service in inetd.conf and need to know how to
>activate the changes. I have read about sending a sighup signal, and ps x |
>grep inetd, then killing stuff, but i don't understand it completely. Can
>someone walk me through it in a little more detail? Please? I am running
>redhat 5.1. Thanks!
Usually there is a file /var/run/inetd.pid and you can do a ...
kill -1 $( cat /var/run/inetd.pid )
... or, if you already know the process id ...
kill -1 processid
...
Cheers,
Juergen
--
\ Real name : J�rgen Heinzl \ no flames /
\ EMail Private : [EMAIL PROTECTED] \ send money instead /
\ Phone Private : +44 181-332 0750 \ /
------------------------------
From: Vijay Moorthy <[EMAIL PROTECTED]>
Subject: bootp problem : bad addr len from from Ethernet
Date: Fri, 19 Feb 1999 16:47:52 -0500
I have a network of PCs (mostly Linux, a couple of NT machines).
the following error keeps occuring on the bootp server :
nowlab bootpd[464]: bad addr len from from Ethernet address
52:41:53:20:30:4E
The ethernet address doesn't belong to any node on the network - in fact
it is a "local" ethernet address. I have no idea what generates these
messages. There are a couple of NT machines on the network and I am
wondering maybe it comes from them. Has anyone seen an error like this ?
Any idea what causes it ?
--vijay
------------------------------
From: Andre Boeder <[EMAIL PROTECTED]>
Subject: Re: StarOffice 5.0 Key ?
Date: Fri, 19 Feb 1999 21:09:16 +0100
Markus Wochele wrote:
> =
> Hi !
> =
> Ich wollte heute das StarOffice 5.0 unter Linux installieren ... das
> Paket was bei Suse Linux 6.0 dabei ist.
> Bis zu "sosetup "bin ich gekommen, doch leider verlagt StarOffice einen=
> Key von mir ?
> Woher bekomme ich denn einen solchen Key ?
> Eine private Nutzung sollte ja angeblich kostenlos sein ...
> =
> =DCber zahlreiche Antworten w=FCrde ich mich freuen.
> =
> Gruss
> Markus
Ruf einfach bei der StarOffice Hotline an (siehe www.stardivision.de)
und die generieren Dir einen.
CU
Andre
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
