Linux-Networking Digest #394, Volume #10 Sat, 6 Mar 99 03:13:38 EST
Contents:
Re: CGI with root-privileges ("William R. Mattil")
Re: NAT Support (Rick Onanian)
IP tunneling through firewalls? (Matt Harrell)
Re: IIOP CORBA (mico?) and IP Maskerading on a Linux cluster ("Alain Coetmeur")
Re: psychotic modem (well, OK just says it's busy...) ([EMAIL PROTECTED])
Re: DNS questions ("Cameron Spitzer")
Re: 2 network boards problem ("William R. Mattil")
Setting shadow password: login error (S P Arif Sahari Wibowo)
IP source code! (Kishore)
isapnptools configuring NE2000 compatible card ("Martin Hurst")
Help! How do I build a tulip ethernet driver under REDHAT ? (lenny wintfeld)
Re: DSL & Linux (Luca Filipozzi)
problem with anonymous ftp ("Jens Axelsen")
Re: Linux + pppd + Lasat 1280i a/b (Chiyu Wang)
Re: very basic samba connection failure (David Kirkpatrick)
Re: IP Masqurading? Please Help (Bill Unruh)
----------------------------------------------------------------------------
From: "William R. Mattil" <[EMAIL PROTECTED]>
Subject: Re: CGI with root-privileges
Date: Sat, 06 Mar 1999 00:07:55 -0600
Holger von Ameln wrote:
> Hello,
>
> while writing a few cgi-scripts for systemadministration-purposes I
> encountered the problem of having to run a couple of them with
> su-privileges. I do not want to run the whole apache as root.
> suid root doesnt seem to work. How can I execute those scripts with the
> proper rights? I have already tried to use cgiwrap but I can�t seem to
> get it properly configured.
> Any help would be nice.
>
> Thanks
>
> Holger von Ameln
> [EMAIL PROTECTED]
CGIWRAP works just fine for this type of stuff. I would lean towards
getting that to work.
Bill
--
William R. Mattil | Fred Astaire wasn't so great.
[EMAIL PROTECTED] | Ginger had to do it all backwards
(972) 256-3219 | and... in high heels.
------------------------------
From: Rick Onanian <[EMAIL PROTECTED]>
Subject: Re: NAT Support
Date: Fri, 05 Mar 1999 11:48:01 -0500
Allen wrote:
>
> Does Linux support NAT?
>
> Thanks.
> Allen
Yes, but it's called IP Masquerading. Linux supports it very well,
indeed. http://ipmasq.cjb.net is the official home page.
--
rick - a guy in search of raw (ISO) cd images of SuSE and Slackware
===============
My opinions don't exist, and as such, are not anyone elses. I do not
represent anyone, not even myself, and especially not my employer.
---
Looking for a 1968 Camaro SS convertible, black interior,
beat-up rustbucket that is in need lots of restoration and TLC.
---
To email me, take out the papers and the trash
[EMAIL PROTECTED]
------------------------------
From: Matt Harrell <[EMAIL PROTECTED]>
Subject: IP tunneling through firewalls?
Date: Fri, 05 Mar 1999 10:49:39 -0500
I'm trying to set up IP tunneling, at first between two Linux systems,
and then hopefully between a Linux box and an HP-UX (10.20) box.
However, I've had no luck getting it to work. In our testing, both
Linux boxes, which are connected to the Internet, have firewalls to
shield the LAN behind the firewalls. Can IP tunneling be done in this
situation? If so, are there any special commands that have to be used
that are not listed in the examples in the NET-3-HOWTO? Thanks.
Matt Harrell
Plexus Systems
[EMAIL PROTECTED]
------------------------------
From: "Alain Coetmeur" <[EMAIL PROTECTED]>
Crossposted-To: comp.object.corba
Subject: Re: IIOP CORBA (mico?) and IP Maskerading on a Linux cluster
Date: Fri, 5 Mar 1999 17:42:03 +0100
Rudolf Schreiner a �crit dans le message ...
>The first big disadvantage is that you have to proxify the IORs. MICO
>supports this now, but most commercial ORBs do not.
do you mean that one must write the gateway with MICO, but that this will work
with any IIOP implementation,
or that only MICO can be used as the IIOP implementation,
since other implemention don't accept proxyfication?
how does work proxyfication ? (maybe I should check at the OMG)
>We also learnt that
>proxified ORBs are quite a nightmare in complex systems.
>So I made the proxy transparent. The server provides the normal IOR to
>the client, the client tries to connect directly to the server. But this
>connect is intercepted and relayed by the proxy.
this suppose the server have a valid address.
I was much interested in proxy since in the bewulf cluster
I'll use, the address of the inner nodes are not routable
(10.x.x.x and alike), and have no sense out of the cluster inner network.
This is why we use masquerading, and why we must
change the IOR.
>Now I'm developing a kind of general purpose IP filter/TCP-level proxy with
>a CORBA interface. The CORBA application can completly control the
>firewall, for example launch proxies at the server ports and set
>additional packet filters. The problem is not the functionality itself,
>the first prototype works. The problem is making the whole stuff secure.
>Which CORBA objects are allowed to change which properties of the
>firewall? For example a client should be allowed to accept a callback
>from its server, but of course it should not be able to allow access to
>the organisation's big servers.
do you use the security IDL ?
>> they talk about a "proxyfying" IOR that have to be implemented
>> by the ORB ? they seems to think about it at the OMG...
>I have to admit that I'm not very happy about the OMG Firewall Draft.
why ? where is the problem?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: psychotic modem (well, OK just says it's busy...)
Date: 6 Mar 1999 05:55:42 GMT
Stephanie Clark <[EMAIL PROTECTED]> wrote:
> Every time I try to do anything w/my modem, it says it's busy... used to
> say it was locked- guess I graduated :) Any ideas? oh- btw it's Open
> Linux 1.3 w/kde. The software's looking for the modem in the right
> place and no, nobody's on the phone ;)
Check the permissions on the serial devices (/dev/ttyS0 and /dev/cua0,
etc). Sometimes you need to add world read/write rights to use the
serial lines.
--
Charles Rutledge | Liberty is a tenuous gift. Hard to win, easy
[EMAIL PROTECTED] | to give away, and no will protect it for you.
------------------------------
From: "Cameron Spitzer" <[EMAIL PROTECTED]>
Subject: Re: DNS questions
Date: 6 Mar 1999 06:05:58 GMT
In article <[EMAIL PROTECTED]>,
Brent Rader <[EMAIL PROTECTED]> wrote:
>I just registered a domain name and I have to use my Linux server as the
>primary DNS. What do I have to do to set this up? I assume I have to
>tell it things like ftp.mydomain.com = IP address? Where do I put that
>information?
1. Go to your favorite computer bookstore or www.ora.com and get
the latest edition of _DNS and BIND_ by Albitz and Liu.
Read it. Take notes. (Great book. Yay, o'reilly!)
2. Go to www.isc.org/bind.html and get BIND-8.
Read the documentation that comes with it.
This is excellent software in that it will build and run perfectly
if you just follow the instructions.
And the documentation is complete enough and accurate enough.
Really. Do not attempt to run DNS (except as a local cache-only)
if you do not know what you are doing.
This is not like setting up a Win-95 client station where the goal is
to install in the least amount of time and nobody gets hurt if it
blows up.
3. If you "have to use my Linux server as the primary DNS" it had
better be up 24/7 on a fixed IP address. Therefore, it better
be secure. Don't try it if you do not know how to test your
SMTP server for third party relaying, for one thing.
4. InterNIC requires at least two nameservers. You can cheat and
give the same machine two IP numbers, but you're just fooling yourself.
To do it right, you need a friendly machine on a different network
to be your secondary. (See http://soa.granitecanyon.com if you're stuck.)
Cameron
http://rs.internic.net/cgi-bin/whois?STRING=greens.org
------------------------------
From: "William R. Mattil" <[EMAIL PROTECTED]>
Subject: Re: 2 network boards problem
Date: Sat, 06 Mar 1999 00:18:10 -0600
Ovidiu Dressler wrote:
> I have the following problem and I don't know how to solve it:
> I installed 2 network boards into my computer (I want to enable Masquerading
> to my private LAN network).
> Both network boards are NE2000 compatible.
> When I put both boards into the conf.modules file as it is stated in the
> Ethernet HOW-TO the computer recognizes only the last one declared.
> Both boards work but they load only separately.
> What should I do about this ?
Since I don't have a copy of the HOW-TO I am not sure what *it* told you to do.
but
you could always try the following:
alias eth0 ne
alias eth1 ne
options ne io=0x300,0x320 irq =3,5
This is from memory but should be close. BTW be sure to substitute your ioaddr
and irq's :^)
>
> I also tried to "append" to the lilo.conf file the commands ether=.......
> but nothing happens.
This is a very popular misconception. you cannot pass arguments to the modules
using LILO. For this approach to work support must be comoiled directly into
the kernel.
Hope this helps
Bill
--
William R. Mattil | Fred Astaire wasn't so great.
[EMAIL PROTECTED] | Ginger had to do it all backwards
(972) 256-3219 | and... in high heels.
------------------------------
From: S P Arif Sahari Wibowo <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.install,linux.redhat.misc
Subject: Setting shadow password: login error
Date: Thu, 4 Mar 1999 19:32:23 -0600
Hi!
I tried to set up shadow password in a RedHat Linux 5.1 machine. I use
pwconv and it works fine. However after that I cannot login to the
machine. Interestingly, imap and pop login works.
I looked into the pam setup and it look fine:
login:
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
session required /lib/security/pam_pwdb.so
password:
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_pwdb.so shadow use_authtok nullok
The login program is part of package util-linux-2.7-18
The passwd program is part of package passwd-0.50-11
The pam package is pam-0.64-2
The shadow package is shadow-utils-980403-3
The Linus itself is RedHat Linus 5.1, with 2.0.34 kernel.
Do you have any idea on what's wrong?
Thanks.
S. P. Arif Sahari Wibowo
_____ _____ _____ _____ [EMAIL PROTECTED]
/____ /____/ /____/ /____ http://www.uiuc.edu/ph/www/arifsaha
_____/ / / / _____/
------------------------------
From: Kishore <[EMAIL PROTECTED]>
Subject: IP source code!
Date: 5 Mar 1999 01:31:32 GMT
Folks:
Can you please point me to a place where I can look at IP module source
code.I have to hack into that and make some changes in it ie., find the
router alert option in it.
I want to get the entire source but could not figure it out.
Thanks for your interest in helping out people like us,
Kishore
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
From: "Martin Hurst" <[EMAIL PROTECTED]>
Subject: isapnptools configuring NE2000 compatible card
Date: Thu, 4 Mar 1999 20:36:31 -0500
Just started working with Linux on my 486 machine.
I installed it using RedHat 5.0
My network card is a NE2000 compatible isapnp type, which during the RedHat
install did not, obviously, see my card.
(Under Win95 it picks it up and I am able to network my two computers).
Therefore I have "eth0" not associated with my card yet. When I run
"ifconfig" only the internal loopback show up.
I was able to create a config file that the "isapnp mynetcard.conf" utility
was able to configure and pick my network card with an address and IRQ
setting.
Two questions, actually three:
1) now that I have the isapnp configuring my card on the system, what are
the simple, specific steps to get my card to be picked now on boot up?
2) how do I associate my card to "eth0" ?
3) I know there are some good Linux and isapnp news groups or news lists
around, but don't know where to find them on the Internet.
Could you point me in the right direction?
------------------------------
From: [EMAIL PROTECTED] (lenny wintfeld)
Subject: Help! How do I build a tulip ethernet driver under REDHAT ?
Date: Fri, 05 Mar 1999 02:11:24 GMT
Hi-
I've got to build a revised tulip driver for my Netgear FA310tx
ethernet card. Evidently I need v .89 or higher & I've got v .88 now. The
instructions that came with the driver are very clear but are for non
RPM linux's. Can you give me instructions on how to do the build under
REDHAT's quite different file tree?
The instructions that come with the driver on Netgears floppy are as
follows (verbatim):
\HELP\LINUX\LINUX.TXT
NETGEAR FA310TX Fast Ethernet PCI Adapter
-----------------------------------------
LINUX Driver Installation Overview
----------------------------------
Preamble
--------
This software may be used and distributed according to the terms
of the GNU Public License, incorporated herein by reference.
This driver is for the Digital "Tulip" ethernet adapter interface.
It should work with most DEC 21*4*-based chips/ethercards, as well as
PNIC and MXIC chips.
This program was originally written and maintained by Donald Becker
who may be reached as [EMAIL PROTECTED], or C/O Center of
Excellence in Space Data and Information Sciences Code 930.5,
Goddard Space Flight Center, Greenbelt MD 20771
The program is further modified and customized for use in the
Netgear FA310TX series of Fast Ethernet PCI adapter cards. For
customer support, please call your local Netgear technical support.
Getting Started
---------------
There are two methods to install the FA310TX Linux driver.
<<<<<<<<<< I'd rather not build it in if I can avoid it >>>>>>>>>>>>>>
Installation Procedure for Monolithic Kernel
--------------------------------------------
1. cp tulip.c /usr/src/linux/drivers/net/tulip.c
2. /user/src/linux# make config
set the following
a. EISA, VLB, PCI and on board controllers (CONFIG_NET_EISA)
[N/y/?] Y
b. DECchip Tulip (dc21x4x) PCI support (CONFIG_DEC_ELCP) [N/y/m/?]
Y
3. Rebuild and install new kernel and reboot.
a. make dep
b. make clean
c. make zImage or make zlilo
<<<<<<<<<<<<<< What do I have to change here for REDHAT??? >>>>>>>>>>>>
Installation Procedure for Modular Kernel
-----------------------------------------
1. Compile tulip.c.
gcc -DMODULE -D__KERNEL__ -I/usr/src/linux/net/inet -Wall -Wstrict-
prototypes -O6 -c tulip.c
2. Copy tulip.o into the latest kernel's modules.
cp tulip.o /lib/modules/2.0.XX/net/tulip.o
3. Update kernel's module dependencies.
/sbin/depmod -a
4. Add the following in /etc/conf.modules.
alias eth0 tulip
5. Reboot the system.
NOTE:
The latest testing version of the driver should compile with all
1.2.*, 1.3.* development, 2.0.* and 2.1.* kernels.
THANKS IN ADVANCE FOR YOUR HELP!
Lenny Wintfeld
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: DSL & Linux
Date: Thu, 4 Mar 1999 18:13:34 -0800
In article <7bn0tv$prf$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Our local TelCo offering ADSL says they only support PCs running Windows
> 95/98 and MACs. Do you think they have done something unique? Or could I
> let them set it up on a PC with Win95 as they require, then just move the
> NIC to the Linux box?
This is what my telco/isp does:
1) uses DHCP server that requires client to send correct hostname
2) uses a secure web page where the user (me) logs into the service...
this enables access to news and other servers
1) is no problem with linux (dhcpcd is the client I use)
2) is also no problem thanks to my local linux user group who put
together an SSL-based script to automate the login process
> Also, in your network, how does each computer access the internet? Are you
> running a proxy server on the machine connected to DSL modem?
I suspect he is accomplishing this with ip masquerading. Check out the IP
Masquerade HOWTO at:
http://metalab.unc.edu/linux/HOWTO/mini/IP-Masquerade.html
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: "Jens Axelsen" <[EMAIL PROTECTED]>
Subject: problem with anonymous ftp
Date: Fri, 5 Mar 1999 03:23:27 +0100
I have recently installed my server with RedHat Linux 5.2
(Apollo).....the anonymous rpm was installed using the installation program,
and not after the installation was complete.
I can succesfully login as anonymous using ftp, but I can't ANY files as
anonymous.....as normal user it works fine! :/
I've checked the permission on /home/ftp and subdirs to be drwxrwxrwx, so
that shouldn't be the problem.....a minor security flaw instead, but I had
to check if turning on the w attrib to other people on would have any
effect.
I sure hope you can help me!
Regards
Jens
------------------------------
From: Chiyu Wang <[EMAIL PROTECTED]>
Subject: Re: Linux + pppd + Lasat 1280i a/b
Date: Fri, 05 Mar 1999 23:11:47 -0800
Hello Morten,
I am now trying to use pppd to make OmniNET dial up to an access server
via 5ESS. Can you let me know your init-string, chat-script and other
config files?
Thanks,
Chiyu Wang
Morten Poulsen wrote:
> Hello
>
> Has anybody made the stuff in SUBJ work together? I cannot convince
> the Lasat to make a proper ppp-connection to my ISP. It worked
> perfectly with my OmniNET, but the Lasat will not. If you have it
> working could I have you chat-script or just your init-string.
> My ISP supports PPP and V.120, but which of modes in the Lasat should
> I use for this?
>
> Thank you very much!
>
> Morten Poulsen
> Author of
> FileManager PRO and
> Programmer's Site Updater
> http://www.poulsen.org
> [EMAIL PROTECTED]
------------------------------
From: David Kirkpatrick <[EMAIL PROTECTED]>
Subject: Re: very basic samba connection failure
Date: Sat, 06 Mar 1999 00:05:17 +0000
Reply-To: [EMAIL PROTECTED]
TJ,
You got to get the ping working first of all.
If you have the network card configured on 95 and running TCP
then your ok. So configure the 95 machine tcpip properties etc.
Same on Linux. See the setup section of NET-3-HOWTO. There
is not specific Samba protocol as such - just TCPIP on both
machines. Samba uses it.
Tcp will be running by default on linux, check ps xw | grep
inetd. For RH 5.2 setup in the network configurator and control
pannel system button. You've got to read a bit in the NET-3 to
see what's what. Make some changes and look at route on both
machines, netstat and ifconfig. Do a man or help depending.
When things are up you can do smbclient -L xxxxx without the 4
\\\\'s.
The NET-3 will tell you about setting up your /etc/hosts
lmhosts and networks files. Do this on both machines. On 95
they go in the windows dir. There are sample files in there
already copy hosts.sam to hosts, the same for lmhosts and
networks. The use a class C network like 192.168.1.1 and
192.168.1.2 for the two machines - netmask 255.255.255.0. You
network number will be 192.168.1.0 and the name whatevery you
have for a domain name like mydomain.com.
TJ wrote:
>
> I have a Linux box running samba, and a Win95 box connected via an
> ethernet hub.
> Both lamps are green at the hub.
> I can't ping the machines (either direction) to see them.
> Is my win95 box supposed to have a network protocol specifically for the
> linux connection? I already have a TCP - and I don't see any way to
> configure it to see the linux box. The linux box isn't running as a
> server anyway - as far as I know.
>
> I can see that samba is running. (ps aux | grep smb)
> I dont see the linux box in Network Neighborhood
This will not show up until you have the network part up between
the two.
> I dont see the win95 box using smbclient -L \\\\mywindowsbox
just mywindowsbox no slashes
> I do have the workgroups set identically on both machines.
good
> I have file sharing enabled on the win95 box.
good
> I have the user setup on the linux box as "TJ, password" which I use for
> the windows networking prompt.
>
> Here is my smb.conf (in part):
>
Add encrypt passwords = yes ; required for NT works on 98 and
probably the same for 95.
Also if you have not setup smbpasswd read the man for smbpasswd
is short and easy but
you need to set it up. And put in the users in /etc/smbusers
My smbusers is
root = administrator admin
nobody = guest pcguest smbguest but I'm always comming in as
administrator, never anything else.
You have done quite a bit and have a bit of a ways to go but have
taken on a big task here.
GL davidk
> [global]
> workgroup = LOS_ANGELES
> guest account = nobody
> keep alive = 30
> os level = 2 can be blank
> security = user
> log file = /var/log/s
> lock directory = var/lock/samba
> share modes = yes
> interfaces = 198.162.1.1 recheck the man for a /24 on the end here
> wins support = no
> [homes]
> browseable = yes
> read only = no
> create mode = 750
> [tmp]
> path = /tmp
> read only = no
> public = yes
> [public]
> path = /home
> public = yes
> writeable = yes
--
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: comp.os.linux.setup,comp.ps.linux.hardware,alt.os.linux
Subject: Re: IP Masqurading? Please Help
Date: 6 Mar 1999 07:33:46 GMT
In <7bpd3v$8k6$[EMAIL PROTECTED]> fred anger <[EMAIL PROTECTED]> writes:
I will not repeat my arguments.
>> Let them get
>> used to Linux first, let them learn that Linux is useful and is really
>> not that intimidating.
>Ahh, so you admit that it's not all that bad...
Excuse me. I certainly think Linux is great and I love playing with it.
But that is a hobby.
...
>Linux can't please everyone (not yet anyway). I know a guy that complains
>about having to mount and unmount floppies. That's just the way it goes. If
That IS something to complain about. Not everything MS does is stupid or wrong.
Linux is not some little enclave, fighting off everything from outside. It is an
operating system, which should get out of the way as much as possible and let
people do their jobs, not give them arbitrary hoops to jump through. Why Linux cannot
use
the "change disk" line and automatically remount the disk, I do not know.
This is not some great feature of Linux. It is a failure. It certainly does not make
Linux useless, it just makes it less convenient to use than it could be.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
