Linux-Networking Digest #406, Volume #10 Sat, 6 Mar 99 21:13:43 EST
Contents:
Linux C2 security compliance ("doug")
Re: Linux as a router to replace school NT4 box? ([EMAIL PROTECTED])
Re: identd logs: how to interpret? (Karsten Patzwaldt)
Re: SAMBA, please? ("GA")
isdn and internet ("Hans-Juergen Seifen")
Re: SuSE Linux / IBM Token Ring (Mike)
Re: leafnode dumping core (Greg Weeks)
ipfwadm problem with smtp - "no route to host" (Darrell Young)
Re: Cannot connect to shared drives on SAMBA SERVER from WIN98 CLIENT (David
Kirkpatrick)
Re: No rlogin through a Linux Firewall? (Paul B. Brown)
trouble getting ppp working under V2.2 (Bob Berman)
Re: Web cache: how to force caching dynamic pages? (Job Eisses)
slakware 3.6 with ASUS P2B DS (adaptec 2940) and matrox millennium II AGP ("Gilles
Chrzaszcz")
Re: IP Masqurading? Please Help (Whammy)
----------------------------------------------------------------------------
From: "doug" <[EMAIL PROTECTED]>
Subject: Linux C2 security compliance
Date: Fri, 5 Mar 1999 16:06:52 -0800
Clearly, linux has proven to have better security features and enhancements
that NT 4.0, but does anyone know whether linux has been accredited with C2
security compliance for use in government or government contractor
applications as NT 4.0 has? Any help would be appreciated.
doug
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Linux as a router to replace school NT4 box?
Date: 6 Mar 1999 22:27:07 GMT
Andy <[EMAIL PROTECTED]> wrote:
> We have just configured a NT4 box to route between two subnets on our school
> LAN, however as the current setup with the NT4 box is tying up a machine we
> are wondering if we could run linux on a old 486 or 386 todo the routing.
Yes. A 486DX2/66 should be able to keep up the routing. In the kernel
config, be sure to say yes to the act as router and not as host setting
which will give you extra speed in the kernel networking code for routing.
--
Charles Rutledge | Liberty is a tenuous gift. Hard to win, easy
[EMAIL PROTECTED] | to give away, and no will protect it for you.
------------------------------
From: [EMAIL PROTECTED] (Karsten Patzwaldt)
Crossposted-To: comp.security.unix,comp.protocols.tcp-ip
Subject: Re: identd logs: how to interpret?
Date: Fri, 5 Mar 1999 23:06:09 +0100
In article <IpCD2.156$Ey6.8748@burlma1-snr2>, Barry Margolin wrote:
>In article <[EMAIL PROTECTED]>,
>jerome <[EMAIL PROTECTED]> wrote:
>>On Thu, 04 Mar 1999 20:26:13 GMT, Barry Margolin wrote:
>>[snip]
>>>
>>>No, b.b.b.b can trust this only if they trust the sysadmin of this Linux
>>>box (i.e. the user posting the original question).
>>>
>>according to you bbb.bbb.bbb.bbb originated the identd request ?
>
>Correct. The log message said that identd on the Linux box was answering a
>query that it received from bbb.bbb.bbb.bbb. IDENT queries come from
>servers trying to log who is connecting to them. Sendmail and tcp_wrappers
>can be configured to perform IDENT queries, and some other servers may also
>do it.
>
>--
>Barry Margolin, [EMAIL PROTECTED]
>GTE Internetworking, Powered by BBN, Burlington, MA
>*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
>Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
--
Karsten Patzwaldt [EMAIL PROTECTED]
------------------------------
From: "GA" <[EMAIL PROTECTED]>
Subject: Re: SAMBA, please?
Date: Sun, 07 Mar 1999 00:40:06 GMT
That's interesting... my experience is exactly the opposite. 'smbclient'
gives you an ftp-like interface but 'smbmount' actually mounts the shared
drive just like mounting a floppy or cd-rom. With this method, there is
less headache because you don't have to worry about smbpasswd.
To mount my NT server's shared C drive, I just enter:
smbmount '//server/c' /mnt/server
Enter the NT password at the prompt and you're set!
Then I can 'ls /mnt/server' or do any other folder/file manipulation,
including browsing with X-Windows (KDE).
David Kirkpatrick wrote in message <[EMAIL PROTECTED]>...
>From linux --> MS its not as nice as MS --> Linux. You can
>smbmount MS drives to linux and get an "ftp like" interface for
>transfering files. For managing files its much better to be on
>the NT side and manipulate Linux shares from the Explorer.
> For seemless operation for Linux --> NT the easier thing would
>be to mount MS shares as linux file systems with NFS - no Samba.
>
>James Wanless wrote:
>>
>> How easy is this using RedHat5.2 to "see" (MS)windows machines on a
>> LAN - I haven't succeeded yet. Any pointers, please?
>>
>> --
>>
>> James Wanless
>> http://www.jwanless.freeserve.co.uk
>
>--
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
------------------------------
From: "Hans-Juergen Seifen" <[EMAIL PROTECTED]>
Subject: isdn and internet
Date: Sat, 6 Mar 1999 01:14:11 +0100
I have a small net. (5 Winnt and 2 linux boxes). The linux box has an isdn
card inside. It works as an internet router. I have linked up with the nt
workstations. internet works fine, but i' ve a big problem: every time i
logon with the nt clients the linux box connects me to the internet.
The nt boxes have the linux box as their default gateway and the linux box
has as default route the isdn device (ippp0).
What can I do? Please help me.
Thank you!
------------------------------
From: Mike <[EMAIL PROTECTED]>
Subject: Re: SuSE Linux / IBM Token Ring
Date: Sat, 06 Mar 1999 20:34:19 -0500
Ashik wrote:
>
> I've recently purchased a copy of the excellent SuSE Linux 6.0 from The
> Linux Emporium (in the UK) and i'm trying to connect two PCs via
> token-ring. I'm using 2 IBM 16/4 token ring cards. Does anyone know if
> these cards are supported?
They sho' are. Though you'll likely have to recompile the kernel to
get the support in there. I wasn't really paying attention when I did
mine the other day (SuSE 6.0 install that is), since I have Olicom TR
cards, I didn't need the IBM support.
=======================================================================
Mike Stella Software / Systems Engineer
http://www.sector13.org/kazin Thirteen Technologies, LLC
kazin at sector13 dot org
=======================================================================
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Greg Weeks)
Subject: Re: leafnode dumping core
Date: Sat, 6 Mar 1999 19:25:41 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (xcitor) writes:
> leafnode (1.9) just started dumping core on me, or I should say fetch:
>
> [news@axel news]$ fetch
> Segmentation fault (core dumped)
You might try fetch -vvvv to get more debug info out of fetch. The
most common reason for fetch to segment fault is a badly corrupted
message in out.going or a corrupted groupinfo file. You might also try
asking this question on the leafnode mailing list.
Greg Weeks
--
http://durendal.tzo.com/greg/
------------------------------
From: Darrell Young <[EMAIL PROTECTED]>
Subject: ipfwadm problem with smtp - "no route to host"
Date: 7 Mar 1999 01:31:36 GMT
Hi. I have a problem with a red-hat 5.1 linux router. It is using ipmasq to
act as an dial on demand internet gateway for < 5 clients (all the clients
are win95/98). From behind the linux router, it is possible use Internet
Explorer or Netscape without a hitch, and recieving mail via a pop3 client
is not a problem. The problem is sending mail with SMTP. When trying to
send
mail from the client (using outlook), there is a timeout and a message ("no
route to host"). I thought there might be a problem with the client, so I
went to the router and telneted to port 25 of the mailserver I was trying
to
contact, and I immediately got "no route to host". Any ideas? I am using a
dynamic ppp connection to the internet and these rules:
ipfwadm -F -p accept
ipfwadm -F -a m -S 192.168.93.0/24 -D 0.0.0.0
192.168.93.0 is the network number I am using behind the router
Thanks
D. Young
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
From: David Kirkpatrick <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.smb
Subject: Re: Cannot connect to shared drives on SAMBA SERVER from WIN98 CLIENT
Date: Sat, 06 Mar 1999 20:33:54 +0000
Reply-To: [EMAIL PROTECTED]
Well what does smbusers look like?
Ronald Hovens wrote:
>
> David,
>
> My smbpassword file is setup, but I cannot connect!
>
> David Kirkpatrick wrote in message <[EMAIL PROTECTED]>...
> >Ronald,
> > Your smbpasswd may not be setup. Look at the man for
> >smbpasswd its simple. Also look at /etc/smbusers.
> > The encryption is OK set at yes.
> >After you execute smbpasswd you shoud have something like the
> >following in your /etc/smbpasswd.
> >
> ># Samba SMB password file
> >root:0:7E638C38F146E9A6AAD3B435B51404EE:611B779573C5481E8091149DFC6A68EC:ro
> ot:/root:/bin/bash
> >
> >
> >
> >
> >Ronald Hovens wrote:
> >>
> >> I am running a Linux samba server (1.9.18p10) and I want to connect to it
> >> with a Laptop that runs on Win98.
> >>
> >> TCP networking is running fine: I can telnet and ping from one to
> another.
> >> Furthermore, I can see the shared devices on the laptop when I run
> >> smbclient -L hostnameoflaptop> on my linux samba server.
> >>
> >> My problem is that I cannot connect to (the shared devices on) my samba
> >> server: everytime I enter data in the win98 logon dialog, I get the
> message
> >> "the domain password you supplied is not correct, or access to logon
> server
> >> has been denied".
> >> ------------------------
> >> On my laptop I have set:
> >>
> >> primary logon: Client for micorsoft network
> >> workgroup in Identification: MYGROUP
> >> properties for Client for microsoft networks: Log on to windows NT domain
> >> MYGROUP
> >> wins enabled for the network connection (wins adress is the linux samba
> >> server IP adress)
> >> ------------------------
> >> Some relevant(?) settings on my samba server (in /etc/smb.conf):
> >>
> >> workgroup = MYGROUP
> >> encrypt passwords = yes (I have read that win98 sends encrypted
> passwords)
> >> smb passwd file = /etc/smbpasswd
> >> os level = 34
> >> domain master = yes
> >> preferred master = yes
> >> domain logons = yes
> >> wins support = yes
> >>
> >> I assume that something is wrong with password encryption. What can I do?
> >> Please help.
> >> R. Hovens
> >
> >--
> >[EMAIL PROTECTED]
> >[EMAIL PROTECTED]
> >[EMAIL PROTECTED]
--
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Paul B. Brown)
Crossposted-To: comp.security.firewalls
Subject: Re: No rlogin through a Linux Firewall?
Date: 6 Mar 1999 00:32:13 GMT
>I have a firewall with ip_masquerading enabled.
>
>linux A <-> firewall (linux B) <-> internet
>
>It works fine with telnet and ftp from the linux A to internet. But
>rloging from Linux A returns the saying error permission denied. Rlogin
>from Linux A to LAN and rlogin from firewall (Linux B) to internet and
>to LAN does work too.
>I have tried it with -P all. No chance.
>
>If any idea, please an e-mail to: [EMAIL PROTECTED]
Habib,
This usually happens when you forget to apply the kernel patch called:
ipportfw.c
This is for IP Port Forwarding. It will allow you to send connections
inbound to specific IPs inside.
http://www.ox.compsoc.org.uk/~steve/portforwarding.html
Enjoy!
Paul
===========================================================================
Paul B. Brown [EMAIL PROTECTED]
President
Brown Technologies Network, Inc. http://www.btechnet.com/
Unix Systems Administration "Sailing is a state of mind . . . ."
===========================================================================
------------------------------
From: Bob Berman <[EMAIL PROTECTED]>
Subject: trouble getting ppp working under V2.2
Date: Sat, 06 Mar 1999 20:42:36 -0500
I've been using pppd v2.2.0 along with diald 0.16 for what seems like forever
now on my Linux 2.0.35 system. The whole setup has been very reliable. I am now
trying to get kernel V2.2.1 working. I have upgraded all required software and
now have a glibc 2 system and have built V2.2.1 successfully. Unfortunately, I
can not get ppp working. I built ppp v2.3.5. All software compiled fine and
installed correctly. So its probably a small problem. I hope.
Anyway, in order to avoid complications from modules in the kernel, I tried to
build nearly everything into the kernel itself. Later on I will generate modules
and as I've done with 2.0.35. But for now, I have selected no modules for
anything, except parallel port stuff.
OK - if I boot into 2.2, the system comes up OK, and feels kind of faster. When
I try to connect to the Internet, by sending a connect message to diald, here is
what I see in my log:
Mar 6 17:19:29 boomer diald[119]: FIFO: monitor connection to /tmp/00206aaa
requested
Mar 6 17:19:34 boomer diald[119]: FIFO: Link up request received.
Mar 6 17:19:35 boomer diald[119]: Running connect (pid = 208).
Mar 6 17:19:41 boomer FaxGetty[108]: ANSWER: Can not lock modem device
Mar 6 17:19:58 boomer diald[119]: Running pppd (pid = 216).
Mar 6 22:19:59 boomer modprobe: can't locate module ppp0
Mar 6 17:20:30 boomer diald[119]: child process 216 terminated with signal 1
Mar 6 17:20:30 boomer diald[119]: Nonzero exit status (7) on command
'/sbin/route add 207.69.188.11 metric 2000 dev sl0'
Mar 6 17:20:30 boomer diald[119]: Nonzero exit status (7) on command
'/sbin/route add default gw 207.69.188.11 metric 2000 dev sl0'
Mar 6 17:20:30 boomer diald[119]: Nonzero exit status (7) on command
'/sbin/route add 207.69.188.11 metric 2000 dev sl0'
Mar 6 17:20:30 boomer diald[119]: Nonzero exit status (7) on command
'/sbin/route add default gw 207.69.188.11 metric 2000 dev sl0'
Mar 6 17:20:31 boomer diald[119]: Delaying 30 seconds before clear to dial.
Mar 6 17:20:33 boomer diald[119]: FIFO: Force request received.
Mar 6 17:20:46 boomer FaxGetty[108]: MODEM DIAMOND MULTIMEDIA SYSTEMS, INC.
SupraFAXModem 288i/V1.4
40-25-V34_DP
My questions:
1) Why is modprobe looking for a module ppp0? It doesn't exist in /lib/modules.
Under 2.0.35, I have a module ppp.o. Is it called ppp0 now under 2.2 if I had
built it as a module? Can't you have ppp as part of the kernel? Must it be built
as a module?
2) What's with the error status on the route commands? What's issuing them? I
know the route command behaviour has changed in 2.2. How do I fix this?
3) Why does modprobe log time in GMT rather than local (EST)? It's confusing.
Any help would be appreciated. I really tried to figure this out myself, but I'm
stuck now. Thanks again!
------------------------------
Date: Sun, 07 Mar 1999 02:49:40 +0100
From: Job Eisses <[EMAIL PROTECTED]>
Subject: Re: Web cache: how to force caching dynamic pages?
Dr. Yuan Liu wrote:
>
> Dear David Wooley,
>
> I just read your posting on mailing.unix.squid-users regarding Squid not
> caching dynamic pages; you mentioned the lack of Last-Modified and
> Content-Length. I use both squid and Apache.
> I have an urgent need to cache dynamic pages for a Web site. Is there
> anyway I can force Squid or Apache to cache something? Or fool them? I
> don't care if I have to go change my scripts to add Last-Modified field,
> but will this do the trick? Or do I have to have Content-Length? The
> latter obviously is difficult to produce. Will the cache limit its
> storage to Content-Length if I fake it?
This evening i came across the text in /etc/httpd/conf/httpd.conf
and wondered what it meant - perhaps it is what you need:
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line
disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
Good luck -job
------------------------------
From: "Gilles Chrzaszcz" <[EMAIL PROTECTED]>
Crossposted-To:
alt.os.linux.slackware,comp.os.linux.setup,comp.os.linux.questions,comp.os.linux.help,comp.os.linux
Subject: slakware 3.6 with ASUS P2B DS (adaptec 2940) and matrox millennium II AGP
Date: Fri, 5 Mar 1999 19:32:49 -0500
Hi,
I have some problems to make a kernel on my computer and to config XFree86.
I have a ASUS P2B Ds motherboard and two scsi disk, a scsi cdrom (Toshiba
XM-6201TA), a scsi CDRW (Yamaha CRW 4260), an ensoniq PCI sound card, an
ethernet card (3Com 509b) and a ViewSonic G790 monitor.
When i use the kernel aic7890.s, my computer work correctly but if i config
the kernel to use my ethernet card i do not obtain a kernel that work
correctly. This new kernel does not recognise my scsi drivers.
Plus, I can not create a XF86Config file that work with my computer
Thank you very very much
------------------------------
From: Whammy <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,comp.ps.linux.hardware,alt.os.linux
Subject: Re: IP Masqurading? Please Help
Date: Sat, 06 Mar 1999 00:15:31 GMT
On RH4.2, the ip masquerading was turned off and required you to run
'make config' (or whatever your favorite tool is) to get the kernel to
do the firewall related functions. This may have changed on RH 5.2. Even
so, recompiling the kernel is no harder than installing a device driver
on Winblows. It's just different. %99 percent of the questions you will
be asked can be answered by taking the default. Actually, I have had
more fights to the death with the Winblows device manager going beserk
than I ever have had with a linux kernel compile. The nice thing about
the linux kernel is that once its compiled with the options you want,
you may never have to do it again unlike windows which seems to require
periodic reloads.
I can't dispute with the fact that the Linux docs are not for the timid.
Hopefully, this will improve as Linux gets more mainstream.
Wolfgang Viechtbauer wrote:
>
> The original post indicated that the guy was using RH 5.2, correct?
>
> Well, everything for ip masq is compiled into the kernel. There is no
> need to recompile the kernel. I agree with Fred that compiling the
> kernel is something that most people should attempt and learn (Bill
> probably agrees with that as well!), but Bill is right when he says that
> telling people to recompile the kernel when there is no need for that is
> silly. It drives me nuts as well, when people ask a question, and the
> first thing that people tell them is "recompile the kernel". If you need
> to recompile to get something working, hey, then that's what you gotta
> do. But if it is already compiled in, then it's a waste of your time.
>
> --
> Wolfgang Viechtbauer
> [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
