Linux-Networking Digest #292, Volume #10 Wed, 24 Feb 99 01:13:35 EST
Contents:
Re: lpr printing issue ("Jacques Engelbrecht")
Re: How to allow X-windows on a filtering firewall? ("Bill Weedon")
Is there a program to?? ("Scott MacDonald")
Re: How to allow X-windows on a filtering firewall? (Bernd Eckenfels)
Re: netatalk print queues!!! ("J. Guy Stalnaker")
Re: Use Samba on a Novell network? (DIT)
Re: How to setup a POP3 server ? HLP. pls. (Peter Baars)
Re: Help! s~l~o~w~ telnet ("Dave May")
Passing UDP packets through a linux router (Todd Hollinger)
Re: PPP/ISDN diagnostic help please (Clifford Kite)
Re: Two computer use one modem to connect internet... (John Edwards)
Re: Drivers for SMC EZ 10/100 1211 card??? Where??? (me)
Re: Syn flooding (cor gest jr)
IP to WWW address (Mohan Desouza)
Re: linux as a netware 4 (?) client - help! (Edmund H. Ramm)
Re: Away-messages in Qmail ("Cameron Spitzer")
Re: PPP failure on Slackware 3.4, Kernel 2.0.30 (Dann Church)
Running X-clients from outside firewall using IP Masq? ("Bill Weedon")
Re: Is there a program to?? ("Robert L. Ziegler")
----------------------------------------------------------------------------
From: "Jacques Engelbrecht" <[EMAIL PROTECTED]>
Subject: Re: lpr printing issue
Date: Mon, 22 Feb 1999 19:25:00 +0200
I found out what was wrong.
LPD does a reverse lookup of the ip-address and then use this name against
the entries in hosts.lpd (It's in the source code, got something to do with
preventing ip-spoofing).
This can create problems in two situations, both were problem I experianced,
and I only could figure out what was wrong by sniffing, as LPD doesn't log
any of this.
1. The name of the host might not be in the hosts file or in the DNS.
2. There might be several entries for a host in DNS. example
printer.abc.xyz, and printer.xyz. ypu might have, and maybe only know about,
printer.abc.xyz in the hosts.lpd. LPD then does a reverse lookup, and DNS
returns printer.xyz!!!!
You're info is absolutely correct! although I read it a bit late. I know
there are a couple of other people who has the same problem!!!!! Think they
should include it in the Printing HOWTO, as this isn't so obvious as it
seems. Especially for beginners, not excluding hard-core UNIX guys. I asked
a couple of them for help also, and they just shook thier heads.
Carl R. Friend wrote in message <[EMAIL PROTECTED]>...
>Jacques Engelbrecht wrote:
>>
>> I've been trying to print from NT, using lpr, to my Linux box.
>>
>> " linux01: lpd: lp: Your host does not have line printer access. "
>
> Is the NT machine's name (fully-qualified, if you're running DNS)
>in the /etc/hosts.lpd file? On some versions, you could use wildcards
>for portions of hostname (e.g. *.somedomain.org) and have the thing
>work. Some versions don't let you do that and you need an entry of
>"NT.somedomain.org" in there.
>
> Note that for this to work gracefully, the NT box must have a valid
>reverse IP mapping. This, of course, gets very sticky when you have
>a large number of dynamic IP machines and no reverse (in-addr.arpa)
>mappings. Another way might just be to get rid of the check in the
>source code and recompile.
>
>--
>_______________________________________________________________________
>| | |
>| Carl Richard Friend (UNIX Sysadmin) | West Boylston |
>| Minicomputer Collector / Enthusiast | Massachusetts, USA |
>| mailto:[EMAIL PROTECTED] | |
>| http://www.ultranet.com/~crfriend/museum | ICBM: N42:22 W71:47 |
>|________________________________________________|_____________________|
------------------------------
From: "Bill Weedon" <[EMAIL PROTECTED]>
Subject: Re: How to allow X-windows on a filtering firewall?
Reply-To: "Bill Weedon" <[EMAIL PROTECTED]>
Date: Wed, 24 Feb 1999 02:45:15 GMT
Thanks John for the info on the ports.
I still don't know if it is possible to do what I want to do using
a filtering firewall. That is, it's still not clear how to tell the
firewall
where to send the X. If I set the DISPLAY variable on the external
client machine to the router/firewall address, the firewall doesn't
know where to send the X data.
Regards,
BW
John Edwards <[EMAIL PROTECTED]> wrote in article
<7OFA2.192$[EMAIL PROTECTED]>...
> Hi Bill,
> I replied to your last post about this. Your part right on the ports
> that X will use. If you have three simultaneous X clients your range of
> ports will probably be 6000-6003. But if you have four X clients your
range
> would be 6000-6004. The point is that the number of TCP ports that X
will
> use is directly related to the number of X clients connected to the X
> server!
>
> Bill Weedon wrote in message
> <01be5f38$477f87a0$[EMAIL PROTECTED]>...
> >Hi. I'm still trying to get X-windows clients to be accepted from
> >a specific known host on my filtering firewall with masquerading.
> >Apparently X-windows uses tcp ports 6000:6003.
> >
> >I think the ipfwadm command should be of the form:
> >ipfwadm -F -a m -P tcp -D $ROUTER_IP/$ROUTER_BITS 6000:6003
> >
> >But if I specify my DISPLAY variable on the external client as my router
> >IP address, how do I tell the router to forward the X information to my
> >local machine inside the firewall? Is there a better way to do this
using
> >a filtering firewall with IP masquerading?
> >
> >Another thing is my local machines don't have a DNS address visible
> >from the outside. So I can't specify the local machine in the DISPLAY
> >variable on the outside X-client. Is this normal?
>
>
>
------------------------------
From: "Scott MacDonald" <[EMAIL PROTECTED]>
Subject: Is there a program to??
Date: Mon, 22 Feb 1999 11:32:28 -0600
Is there a program that goes out and looks for linux servers or hosts on the
net? I'm catching people trying to get in our servers that shouldn't be, and
I was just wondering how in the heck they found us? Any help would be
greatly appreciated! Thanks.
Scott
------------------------------
From: Bernd Eckenfels <[EMAIL PROTECTED]>
Subject: Re: How to allow X-windows on a filtering firewall?
Date: 24 Feb 1999 03:24:36 GMT
Bill Weedon <[EMAIL PROTECTED]> wrote:
> where to send the X. If I set the DISPLAY variable on the external
> client machine to the router/firewall address, the firewall doesn't
> know where to send the X data.
You can set multiple ports (aka display) to different internal hosts, or you
can use a transparent firewall. But I would recommend u use ssh.
Greetings
Bernd
------------------------------
From: "J. Guy Stalnaker" <[EMAIL PROTECTED]>
Subject: Re: netatalk print queues!!!
Date: Mon, 22 Feb 1999 11:59:57 -0600
Reply-To: [EMAIL PROTECTED]
> Please help! I'm trying desperately to get my x86 linux box to print to three
> Laserwriter IIg printers that speak only appletalk. I have tried every
> suggested printcap entry I could find on the web, but all that ever happens
> is that the jobs get queued up, and don't go anywhere. Could someone please
> direct me to a CURRENT set of instructions for setting up Appletalk printers
> on Linux? I'm at the end of my rope, and if I can't make this happen, the
> linux box gets reformatted as an NT server - not my wish, but it's what my
> boss'll tell me to do if he can't print anymore.
Hi,
>From reading man pages last night regarding pap and psf, part of the
netatalk 1.42b package, pap and psf are designed to get printing from
Linux to Appletalk printers. Suggest, therefore, that you look into
netatalk as the solution to your problem (there's a netatalk howto you
can find at www.linux.org to get you started).
Regards,
J. Guy Stalnaker
------------------------------
From: [EMAIL PROTECTED] (DIT)
Subject: Re: Use Samba on a Novell network?
Date: Mon, 22 Feb 1999 11:44:35 -0500
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> We're running a Novell Netware 4.11 network in our office. I have set up
> a Linux box to be our intranet. No problem. Everybody can see it. I
> want to give somebody access to it so they can post their own web pages
> to the server. But they don't want to do ftp. They'd rather make a
> drive letter on their NT Workstation to access it.
>
> Is Samba the answer here even though we are on a Novell network or is
> there another solution? I have tried setting Samba up but haven't had
> much success. I can see that Samba is running and I can see it in
> Network Neighborhood on my NT Workstation. But when I click on it,
> nothing happens. And the 'Map network drive' selection is greyed out.
>
> Am I going in the right direction or is there a "Novell solution"?
>
I've been playing around with some settings in the smb.conf and now I can
get a logon box from my NT Workstation, but when I enter my username and
password I get this:
\\CityIntranet is not Accessible
The account is not authorized to login from this station
I'm getting closer. I have set up a smb group and added my username to
it.
------------------------------
From: Peter Baars <[EMAIL PROTECTED]>
Subject: Re: How to setup a POP3 server ? HLP. pls.
Date: Mon, 22 Feb 1999 19:18:15 +0100
This is a multi-part message in MIME format.
==============A45A150325E7BA35DB3B3932
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Uhm, I had just your problem and got an answer of this newsgroup (look 573
messages above) and the answer (in RedHat) is simple: install Imap and there you
are: ready! Simple simple. In Suse it is easy also (again look xxx messages
above).
binaryhead wrote:
> I would like to setup a pop3 server on my Linux box, but I am having trouble
> finding anything on this subject...
>
> Any help greatly appreciated.
>
> tia.
==============A45A150325E7BA35DB3B3932
Content-Type: text/x-vcard; charset=us-ascii;
name="pbaars.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Peter Baars
Content-Disposition: attachment;
filename="pbaars.vcf"
begin:vcard
n:Baars;Peter
x-mozilla-html:TRUE
url:http://www.knoware.nl/users/pbaars
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;-1
fn:Peter Baars
end:vcard
==============A45A150325E7BA35DB3B3932==
------------------------------
From: "Dave May" <[EMAIL PROTECTED]>
Subject: Re: Help! s~l~o~w~ telnet
Date: Thu, 11 Feb 1999 13:01:55 -0700
Your system may be doing reverse DNS lookups while there is no host entry
in /etc/hosts for the other system and no DNS server available, or the DNS
information is wrong.
Taking ALL: PARANOID out of /etc/hosts.deny may also solve the problem, but
I suggest setting up /etc/hosts to include your other system's IP address
and host name.
Dave
Ivan Cheng <[EMAIL PROTECTED]> wrote in article
<[EMAIL PROTECTED]>...
> Hi all,
>
> I'm now setting up a server with one nic (3com 3c905 PCI). I
> can ping that machine alright (and the round trip rate is normal), but
> it takes me > 3 minutes to get the login prompt. And the speed is ok
> after I telneted to it. What's wrong? There's no such annoying lag
> when I telnet from that machine to itself. How can I fix that? TIA.
>
..
------------------------------
From: Todd Hollinger <[EMAIL PROTECTED]>
Subject: Passing UDP packets through a linux router
Date: Mon, 22 Feb 1999 10:23:45 -0800
I have a linux router where I have one interface
with 2 different class C IP networks. I want to
be able to pass certain broadcasts between
the two subnets on the same ethernet interface.
I'm running Meeting Maker here and I need to be
able to advertise my server on both of these
subnets. Its using UDP 417.
If anyone can help, I would much appreciate it.
Thank you in advance,
Todd Hollinger
------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Subject: Re: PPP/ISDN diagnostic help please
Date: 22 Feb 1999 12:16:14 -0600
Nick Kew ([EMAIL PROTECTED]) wrote:
: I'm trying to connect to a new ISP, who may have[1] some very useful
: services over and above my existing one.
: The connection appears to work, but doesn't. What's puzzling is that it
: looks like a local problem, yet the local system works fine with my
: existing ISP. The main difference (AFAICT) is static vs dynamic address
<snip>
: The PPP debug output looks like my box refusing the ISP's terms: it goes
: successfully through PAP authentication and IP assignment:
: [ chop ]
: Feb 22 15:48:45 jarl pppd[1190]: rcvd [0][IPCP ConfReq id=0x3 <addr 195.166.129.2>]
: Feb 22 15:48:45 jarl pppd[1190]: sent [0][IPCP ConfAck id=0x3 <addr 195.166.129.2>]
: Feb 22 15:48:45 jarl pppd[1190]: rcvd [0][CCP ConfReq id=0x1 < 11 05 00 01 04>]
: Feb 22 15:48:45 jarl pppd[1190]: sent [0][CCP ConfReq id=0x1]
: Feb 22 15:48:45 jarl pppd[1190]: sent [0][CCP ConfRej id=0x1 < 11 05 00 01 04>]
: Feb 22 15:48:45 jarl pppd[1190]: rcvd [0][CCP ConfReq id=0x2 < 11 05 00 01 03>]
: Feb 22 15:48:45 jarl pppd[1190]: sent [0][CCP ConfRej id=0x2 < 11 05 00 01 03>]
: Feb 22 15:48:45 jarl pppd[1190]: rcvd [0][CCP ConfReq id=0x3 < 11 05 00 00 00>]
: Feb 22 15:48:45 jarl pppd[1190]: sent [0][CCP ConfRej id=0x3 < 11 05 00 00 00>]
: Feb 22 15:48:46 jarl pppd[1190]: rcvd [0][CCP ConfReq id=0x4 < 12 06 00 00 00 01>]
: Feb 22 15:48:46 jarl pppd[1190]: sent [0][CCP ConfRej id=0x4 < 12 06 00 00 00 01>]
The ISP is attempting to negotiate Multilink PPP, which, AIUI, is not
the same as the bonding technique used for IDSN. Pppd doesn't support
it but I can't say with complete certainty that this is the cause of
your problem.
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* Better is the enemy of good enough. */
------------------------------
From: John Edwards <[EMAIL PROTECTED]>
Subject: Re: Two computer use one modem to connect internet...
Date: Mon, 22 Feb 1999 13:36:45 -0500
Install diald on your Linux box to manage your modem. This will take
care of demand dialing your ISP.
You can either use the Squid caching proxy or IP masquerading and IP
forwarding (these are a subset of NAT) on the linux box.
Kris Dong wrote:
>
> Hello,everyone:
> I have two computers.One is Windows NT workstation 4.0 and the other is
> Linux slackware.
> How can I use only one modem and one phone to connect Internet?
>
> Thank you!!
--
-- john edwards
[EMAIL PROTECTED]
301.470.4805
------------------------------
Subject: Re: Drivers for SMC EZ 10/100 1211 card??? Where???
From: [EMAIL PROTECTED] (me)
Date: 23 Feb 1999 23:12:39 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>Does anyone know where I can get 1211 drivers for Red Hat 5.2?
>
>I would like to get this card to work.
>
>[EMAIL PROTECTED]
I have the same card ... I think the drivers come with the card. It's a
Realtek card ... you need to use the rtl8139.o module.
I have RedHat 5.1 and the card is recognized, now I'm just having a hell of a
time getting the thing to talk to the win 98 box.
If the driver is not part of your distribution, check
cesdis.gsfc.nasa.gov/linux/drivers
Sean
------------------------------
From: cor gest jr <[EMAIL PROTECTED]>
Crossposted-To: alt.www.webmaster,nl.comp.os.linux
Subject: Re: Syn flooding
Date: 24 Feb 1999 05:02:41 GMT
On Tue, 23 Feb 1999, jay wrote:
>en englais, sil vous plais.
>
>jay
>
>cor gest jr wrote in message ...
>>On 22 Feb 1999, Fridtjof wrote:
>>
>>>Dear experts,
>>>
>>>I'm running an Apache server and I found an unusual messages in on of the
>>>logfiles (messages). It reads:"Warning: possible SYN flooding. Sending
>>>cookies."
>>>I've got two questions.
>>>1. What triggers such a messages (is it a hacker attack)?
>>>2. What can I do about it?
>>>
>>>Any help appriciated, thx in advance.
>>>
>>1:iemand probeerd een SYN-attack op jouw www server.
>>
>>2: nope, is reeds gebeurd : sending syn-coookies!,syn-flooding
>>protection zit al in je kernel, anders was je
>>plat gegaan.
a votre sevice:
1. someone tried to SYN-Flood your server.
2. nope, you already have the syn-cookie protection
installed in your kernel, otherwise your server would be downwed.
cor
--
Do not get dumbed down by unintelligible binaries
There is a solution
LINUX and X11
http://www.knoware.nl/users/ccgestjr/index.html
------------------------------
From: Mohan Desouza <[EMAIL PROTECTED]>
Subject: IP to WWW address
Date: Wed, 24 Feb 1999 05:29:33 +0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Under Linux, given an IP address how do I get the WWW address
corresponding to this IP address as well as the hostname.
For example given 138.23.169.122 how do I get the corresponding WWW
address (www.cs.ucr.edu) and the corresponding hostname (thoth.ucr.edu).
Regards
Mohan DeSouza
- ---------------------------------------------------------------
Mohan DeSouza
University of California at Riverside
Mobile and Multimedia Networking Laboratory
Ph:(909)787-2893
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBNtONv9horJ36fcWeEQILFQCfXtDFhSTx4kW0HQ+wtJomQIyTfUMAn3IU
nfVF1YwaJeKh37KNo9z3/S/7
=sexL
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Edmund H. Ramm)
Subject: Re: linux as a netware 4 (?) client - help!
Date: Mon, 22 Feb 1999 16:20:41 GMT
In <7akoqg$ekq$[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
> I need to access the netware network at work. It uses NDS instead
> of the bindery, I think its version 4.
> [...]
> So I went digging around on debian dselect and found ncpfs and thought
> COOL, here we are.
ncpfs should get you there provided the NetWare servers are
doing broadcasts. Otherwise slist won't find anything. Your
machine's kernel needs to be compiled with IPX support.
> [...]
> Has anyone done this using ANY distribution other than OpenLinux?
> If so, how? Or at least, point me to a web site or documentation,
Caldera has an NDS client for download. For non-personal use
you'll need to get their payware version on CD.
Eddi
--
email: ehramm AT dk3uz DOT hh DOT provi DOT de | AMPRNET: [EMAIL PROTECTED]
If replying to a Usenet article, please use above email address.
Linux/m68k, the best U**x ever to hit an Atari!
------------------------------
From: "Cameron Spitzer" <[EMAIL PROTECTED]>
Subject: Re: Away-messages in Qmail
Date: 22 Feb 1999 19:22:31 GMT
In article <7arjjf$3v8$[EMAIL PROTECTED]>,
Kent Nilsen <[EMAIL PROTECTED]> wrote:
>Is there a way to have Qmail respond to any mail to a specific user saying
>"User "BOB" is away for two weeks" or something like that? I have an
>employee who's going on a 3 week holiday, and is constantly bombarded with
>mail from lots of different customers.
bash$ cat .qmail-autorespond
| (formail -r -A"X-Loop: [EMAIL PROTECTED]"; cat /etc/stuff/blurb) |
|/u/qmail/bin/qmail-inject
This is oversimplified. You need to reject messages that come in
with the X-Loop in them already. But it's the general idea.
formail(1) is in the Procmail package.
>In all other aspects, Qmail is heaven to work with, since I installed it all
>I've been doing is moving logs and making .qmail files as we need them. My
>uptime count is now 120 days, and that's because I had to physically move
>the server to another room. Before that the uptime was about 100 days, but
>then we're back in the update and reconfigure stage.
Qmail has been great. I especially appreciate its thorough, accurate
documentation, which was the original reason I chose it over Sendmail
and Smail. The only problem is the poor support by other mail software
for $HOME/Mailbox instead of /var/spool/mail/$USER
I still haven't been able to get IMAP working. IMAP-4.5BETA doesn't
compile on Debian-2.0, patched or not, and the RPMs are useless if you
changed "Mailbox" to some other name.
Cameron
------------------------------
From: Dann Church <[EMAIL PROTECTED]>
Subject: Re: PPP failure on Slackware 3.4, Kernel 2.0.30
Date: 24 Feb 1999 05:58:05 GMT
Clifford Kite wrote:
> Chris Small ([EMAIL PROTECTED]) wrote:
>
> : I'm basically using the following parameters at the moment:
>
> : lock
> : defaultroute
> : noipdefault
> : modem
> : /dev/ttyS3
> : 19200 # Dropped down to a lower speed for testing.
> : crtscts
> : debug
> : passive
> : asyncmap 0 # also tried 0xa0000
> : name "xxxxx"
> : connect :chat -v -f /etc/ppp/cnetscript"
> : ipcp-accept-local
> : ipcp-accept-remote
> : 0.0.0.0:<ip>.<ip>.<ip>.<ip>
> : netmask 255.255.255.0
>
> If you haven't already tried it, you might drop the last two pppd options
> and see what happens. You are trying to tell the ISP what address it
> should use and you are assuming a netmask that may not be correct.
>
>
Actually, the netmask is definitely not correct. On a point-to-point link,
the netmask should always be 255.255.255.255.
As for the ip of the ISP, as long as it was provided by them, it should work
fine. Either way, this should be renegotiated if the server has a different
IP. Still, wouldn't hurt to remove and see what happens.
Dann Church
------------------------------
From: "Bill Weedon" <[EMAIL PROTECTED]>
Subject: Running X-clients from outside firewall using IP Masq?
Reply-To: "Bill Weedon" <[EMAIL PROTECTED]>
Date: Mon, 22 Feb 1999 19:07:05 GMT
I'm running IP masquerading on my firewall. Is there any
way I can run X-windows client programs outside my
firewall from a machine inside my firewall?
If so, what address do I setenv my DISPLAY variable to
on the outside machine?
Thanks in advance. By the way, nice article on Linux and GNU
in yesterday's Boston Globe Magazine. They claimed that linux
was going to take over Windows 95, but they didn't present any
convincing evidence as to how/why it is going to happen.
------------------------------
From: "Robert L. Ziegler" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Is there a program to??
Date: Mon, 22 Feb 1999 13:17:48 -0500
Scott MacDonald wrote:
>
> Is there a program that goes out and looks for linux servers or hosts on the
> net? I'm catching people trying to get in our servers that shouldn't be, and
> I was just wondering how in the heck they found us?
Yes, depending on the type of system information you provide publically.
For example, do you offer telnet? If so, what system information does
your login banner provide? Additionally, DNS, identd, finger, snmp etc.
can all provide a wealth of system information.
In another vein, do you deny incoming packets to broadcast address 0?
This is a specific mechanism to identify Unix systems as opposed to
non-Unix systems.
Bob
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
