Linux-Networking Digest #688, Volume #10 Wed, 31 Mar 99 07:13:35 EST
Contents:
2nd CFV: comp.os.linux.security (Jeremy Billones)
Re: IDENT on masquerade? ("Curt")
Re: Problem with Diald (Mike Jagdis)
Re: Network Traffic Monitoring (Mike Jagdis)
Re: Two NIC's in 1 machine for double bandwidth? (Ong Lon Voon)
Work With Linux!! ("Jon Essen-M�ller")
Re: Using Linux instead of NT Server in home environment.... (Matthew Kirkcaldie)
Setting up a diskless station. (Stanislaw Salik)
Re: am-utils (amd) & smbfs (smbmount) -- automount frustation
([EMAIL PROTECTED])
Re: Help me spend $2,000 on a new Linux-based computer ("David Lloyd-Jones")
Re: Machine name themes - what do you use? (Sameer Vijay)
----------------------------------------------------------------------------
From: Jeremy Billones <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To:
news.announce.newgroups,news.groups,comp.os.linux.setup,comp.security.unix
Subject: 2nd CFV: comp.os.linux.security
Date: Thu, 25 Mar 1999 14:35:01 GMT
LAST CALL FOR VOTES (of 2)
unmoderated group comp.os.linux.security
Newsgroups line:
comp.os.linux.security Security and the GNU/Linux Operating System.
Votes must be received by 23:59:59 UTC, 5 Apr 1999.
This vote is being conducted by a neutral third party. Questions
about the proposed group should be directed to the proponent.
Proponent: Erik de Castro Lopo <[EMAIL PROTECTED]>
Votetaker: Jeremy Billones <[EMAIL PROTECTED]>
RATIONALE: comp.os.linux.security
The number of users of the Linux Operating System has grown
significantly over the last few years. A large number of these new
users are connecting their machines to the internet via modems with
little or no thought about the security of their machines. In
addition, the standard installation procedure of most Linux
distributions results in a machine with maximal capabilities but also
with a number of possible security holes. A search of a usenet
archiving site such as dejanews would quickly find a large number of
linux security discussion threads scattered across numerous existing
newsgroups.
The existing newsgroup comp.security.unix is useful but its
discussion content is aimed more at the unix administrator level.
Therefore a newsgroup specifically aimed at the home/small business
Linux user would complement rather than replace discussion on
comp.unix.security.
CHARTER: comp.os.linux.security
This newsgroup is dedicated to the discussion of issues related to
establishing and maintaining the security of machines running the
Linux Operating System on all processor architectures.
Open discussion of techniques and software for protecting machines
against remote attacks (via a network connection) as well as attacks
from untrusted local users are welcome. This discussion can include
information about which applications are vulnerable, the form of the
vulnerability and snippets of source code for demonstrating the
vulnerability.
The posting of commercial information to this group is permitted only
if the information is directly relevant to security and the Linux
Operating System.
Messages which are cross-posted to or from any advocacy newsgroup are
not welcome. As this is a discussion group, the posting binaries is
strongly discouraged. Spamming, ECP and EMP of any sort is absolutely
not tolerated.
END CHARTER.
HOW TO VOTE:
Follow these instructions *exactly*! Votes are counted by computer.
You should send E-MAIL (posts to a newsgroup are invalid) to:
[EMAIL PROTECTED]
Please do not assume that just replying to this message will work.
Check the address before you mail your vote. Your mail message
should contain one and only one of the following vote statements:
I vote YES on comp.os.linux.security
I vote NO on comp.os.linux.security
Voter name:
If your mail software does not indicate your real name (for example, AOL
does not), include _exactly_ the statement above on a _separate_ line
and add your name after the colon. Having your name in your signature line
is NOT enough! Do NOT join the lines together or remove the words
"Voter name"!
You may also vote ABSTAIN (which records an empty vote) or CANCEL (which
removes any earlier votes). ABSTAIN does not affect the final vote count
in any way but is listed, whereas CANCEL is not.
If these instructions are unclear, please consult the Introduction to
Usenet Voting or the Usenet Voting FAQ at http://www.iki.fi/~jpatokal/uvv/.
IMPORTANT VOTING PROCEDURE NOTES:
Standard Guidelines for voting apply. One vote per person, one account
per voter. Votes must be mailed directly from the voter to the votetaker.
Anonymous, forwarded or proxy votes are not valid. Votes mailed by
WWW/HTML/CGI forms are considered to be anonymous votes.
Vote counting is automated. Failure to follow these directions may
mean that your vote does not get counted. If you do not receive an
acknowledgment of your vote within three days contact the votetaker
about the problem. It's your responsibility to make sure your vote
is registered correctly. Duplicate votes are resolved in favor of
the most recent valid vote. Addresses and votes of all voters will
be published in the final voting results post.
The purpose of a Usenet vote is to determine the genuine interest of
persons who would read a proposed newsgroup. Soliciting votes from
disinterested parties defeats this purpose.
** Please do not redistribute this CFV. **
If you must, direct people to the official CFV as posted
to news.announce.newgroups. Distributing pre-marked or otherwise
edited copies of this CFV is generally considered to be vote fraud.
When in doubt, ask the votetaker.
DISTRIBUTION:
Pointers directing readers to this CFV will be posted in these groups:
comp.os.linux.misc
This CFV was created with uvpq 1.0 (Jul 22 1998).
PQ datestamp: 980322
--
Voting address : [EMAIL PROTECTED]
Voting information: http://www.iki.fi/~jpatokal/uvv/
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: IDENT on masquerade?
Date: Wed, 31 Mar 1999 06:24:03 -0500
Actually there is a patch to make pident work that way if you're using a
socks proxy server. It probably works there, since socks operates
at the transport layer, rather than at the IP layer as IP Masq does.
It would seem that IP Chains might be able to pass the correct ident
info, if it were setup in a many-to-many form, but that's not very practical
for
most of us.
Sorry I don't have any ideas why your setup is having trouble. At least
without more detailed info. Keep looking.
D. C. Sessions wrote in message <[EMAIL PROTECTED]>...
>Jon-o Addleman wrote:
>>
>> Once upon a Mon, 29 Mar 1999 06:28:51 -0500, "Curt"
>> <[EMAIL PROTECTED]> wrote:
>>
>> >I use mident to deal with this. I think it is a part of the RH5.2
>> >distribution.
>> >
>> >ftp://ftp.code.org/pub/linux/midentd/
>>
>> I use it as well, and it is also available in the latest Debian
>> distro. And, of course, you can get it on freshmeat.
>
>Got it, had compile troubles, installed the precompiled,
>found out it doesn't like comment (^#.*$) lines in the
>config file, got it running, traffic still hangs, checked
>the logs, found out what it was sending back to the ISP,
>looks good, dang if I know.
>
>So far no answers from tech support other than "your firewall
>must be misconfigured." (Duh!) Could be that they also
>finger the result or some such and want a positive response.
>
>While on the subject, why are all of the forwarding-aware
>identd daemons config-file based? One would think that in
>principle the daemon could identify masqueraded sockets and
>forward the (edited) query back to the originating machine.
>
>--
>D. C. Sessions
>[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Mike Jagdis)
Subject: Re: Problem with Diald
Date: 31 Mar 1999 11:16:52 GMT
In article <[EMAIL PROTECTED]>, Voglhuber wrote:
>I am running a LAN with 192.168.1.*.
>On the machine with the modem connected i want to run diald, so that
>everyone on the LAN could make a ppp connection to the internet. I also
>run on this machine a samba server.
>But if diald is running the directories from the samba server arent
>accessable form the winnt clients.
Well, from the information you have given I deduce that
something is wrong. Try looking at your routing table
before and after starting diald and see if there is a
clue there.
Mike
--
A train stops at a train station, a bus stops at a bus station.
On my desk I have a work station...
.----------------------------------------------------------------------.
| Mike Jagdis | Internet: mailto:[EMAIL PROTECTED] |
| Roan Technology Ltd. | |
| 54A Peach Street, Wokingham | Telephone: +44 118 989 0403 |
| RG40 1XG, ENGLAND | Fax: +44 118 989 1195 |
`----------------------------------------------------------------------'
------------------------------
From: [EMAIL PROTECTED] (Mike Jagdis)
Subject: Re: Network Traffic Monitoring
Date: 31 Mar 1999 11:12:22 GMT
In article <[EMAIL PROTECTED]>, Eric Rossing wrote:
>I'm running Linux 2.2.2, and I'm using IPChains to allow my internal LAN to
>access our direct Internet connection through the Linux system (a dual-homed
>firewall).
>
>How can I monitor the traffic passing through the firewall? I'd like to be
>able to see what level of traffic is going through at any given moment, and,
>if possible, where the traffic is coming from and where it's going.
The 0.99 diald which I intend to put on http://diald.unix.ch in the
next couple of days is capable of managing, or just watching, general
links.
For instance:
# diald proxy eth1 device eth1 tcpport 10000 \
-buffer-packets ifsetup=true
starts a diald passively monitoring traffic on eth1, listening for
monitor connections on TCP port 10000, not buffering packets and
not doing anything when the interface changes from idle to active
and back. (If the router beyond eth1 drops packets while connecting
its link you may want buffer-packets enabled :-) )
With that running you can connect a monitor such as dctrl (which
comes with diald). Dctrl will show you incoming and outgoing load
through the interface diald is monitoring, the connections that
exist across the link, plus some per connection traffic statistics
so you can see where the bandwidth is going.
Mike
--
A train stops at a train station, a bus stops at a bus station.
On my desk I have a work station...
.----------------------------------------------------------------------.
| Mike Jagdis | Internet: mailto:[EMAIL PROTECTED] |
| Roan Technology Ltd. | |
| 54A Peach Street, Wokingham | Telephone: +44 118 989 0403 |
| RG40 1XG, ENGLAND | Fax: +44 118 989 1195 |
`----------------------------------------------------------------------'
------------------------------
From: Ong Lon Voon <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.ibm.pc.hardware.networking
Subject: Re: Two NIC's in 1 machine for double bandwidth?
Date: 30 Mar 1999 04:11:56 GMT
Hi,
It's called channel bonding, and is mainly used in research in beowulf
clusters to achieve high-bandwidth networks.
http://www.beowulf.org/software/bonding.html
In article <prNL2.137$[EMAIL PROTECTED]>,
Alex Nobert <[EMAIL PROTECTED]> wrote:
>I haven't seen/used/read about this in 2-3 years, but doesn't EQL do
>something similar? I remember using it over PPP connections, but that was
>quite a while ago.
>
>>Depends on the operating system running on the machines. What you are
>>referring to is called "load balancing" or "trunking", depending on how
>>it is implemented. NetWare 4.x or higher servers will do this (although
>>the load is only really balanced outbound). Many switch vendors have
>>implemented this as well. I'm unaware of any features/add-ons that will
>>let you do this with WinNT, Mac, Linux or Sun. I would expect you would
>>see it on Linux before anything else. ;)
>
>
>
--
--
Ong Lon Voon Webworks Pte Ltd
[EMAIL PROTECTED] 103A, Geylang Road
Engineering Singapore 389212
------------------------------
From: "Jon Essen-M�ller" <[EMAIL PROTECTED]>
Subject: Work With Linux!!
Date: Wed, 31 Mar 1999 13:29:27 +0200
Are you interested in working with Linux and live in Stockholm Sweden?
Send an e-mail to [EMAIL PROTECTED]
Best regards
Jon Essen-M�ller
Linkar AB
08-54540560 t.o.m 31 mars
08-54590865 f.o.m 1 April
------------------------------
From: [EMAIL PROTECTED] (Matthew Kirkcaldie)
Crossposted-To:
microsoft.public.windowsnt.misc,microsoft.public.windowsnt.setup,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: Using Linux instead of NT Server in home environment....
Date: Wed, 31 Mar 1999 07:28:06 GMT
In article <7dsf41$3a9$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul
Anderson) wrote:
>>How about Macintosh clients?
>>
>Does NT support AppleTalk out of the box?
NT Server does, sometimes flakily ("Services for Macintosh"). You can get
"netatalk" for Linux; I don't know how good it is.
Matthew.
------------------------------
From: Stanislaw Salik <[EMAIL PROTECTED]>
Subject: Setting up a diskless station.
Date: Wed, 31 Mar 1999 13:21:06 +0200
Can anybody help me setting up a diskless station?
Here is a list of my problems:
1. How to run lockd? I have Debian 2 and i cant find anything
named similiar.
2. How to run kernel NFS server? (not really necessary)
3. Can i configure my diskless client to mount swap over network?
I would really appreciate any help.
Staszek
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
comp.os.linux.help,comp.os.linux.misc,comp.os.linux.questions,comp.os.linux.redhat,comp.os.linux.setup
Subject: Re: am-utils (amd) & smbfs (smbmount) -- automount frustation
Date: Wed, 31 Mar 1999 11:43:43 GMT
On Tue, 30 Mar 1999 16:02:56 -0500, "Steve Levitt" <[EMAIL PROTECTED]>
wrote:
>RedHat 5.1 distribution:
> kernel-2.0.34-0.6
> smbfs-2.0.1-4
> autofs-3.1.1-4
> am-utils-6.0a16-4
> samba-1.9.18p10-5
I know there is now a 2.* version of Samba
> portmap-4.0-11
> nfs-server-2.2beta29-5 (installed, not active)
> nfs-server-2.2beta29-5 (installed, not active)
>
>Trying to automount NT (host name=cc90014-a) folder g:\public (share
>name=public) on mountpoint /mnt/cc90014-a/public.
>
>Here's my latest stab at the auto.* files...
>
>[root@levits03 steve]# cat /etc/auto.master
>/mnt/cc90014-a/public file /etc/auto.cc90014-a
^^^^^^^^^^^^^^^^^^^
That's wrong, here you have to indicate which directory is controlled
by automount (ie the directory that, when being accessed by any
command, launches automount operation). Replace your line by:
/mnt/cc90014-a file /etc/auto.cc90014-a
this way your smbfs will be mounted in /mnt/.../public, with your
definition it would be in /mnt/.../public/public
[But this problem can't break the automount, that's just something
cosmetic.]
>
>[root@levits03 steve]# cat /etc/auto.cc90014-a
>public -fstype=smbfs ://cc90014-a/g
I don't know anything about smbfs, but here you only indicate g:, not
g:\public (just a remark, I'm totally ignorant in smbfs).
>and, here's the outcome...
>
>[root@levits03 steve]# /etc/rc.d/init.d/autofs restart
>Checking for changes to /etc/auto.master ....
>Start /usr/sbin/automount /mnt/cc90014-a/public file /etc/auto.cc90014-a
>
>[root@levits03 steve]# cat /var/log/messages
>Mar 30 15:09:59 levits03 automount[890]: starting automounter version 3.1.1,
>pat
>h = /mnt/cc90014-a/public, maptype = file, mapname = etc/auto.cc90014-a
>Mar 30 15:09:59 levits03 automount[890]: /mnt/cc90014-a/public: mount
>failed!
>[root@levits03 steve]# mount
>/dev/hdb1 on / type ext2 (rw)
>none on /proc type proc (rw)
>/dev/hda1 on /dosc type msdos (rw)
>/dev/hdb6 on /home type ext2 (rw)
>/dev/hdb5 on /usr type ext2 (rw)
>automount(pid685) on /mnt/cc90014-a type autofs
>(rw,fd=5,pgrp=685,minproto=2,max
>proto=3)
>
>[root@levits03 steve]# df
>Filesystem 1024-blocks Used Available Capacity Mounted on
>/dev/hdb1 99507 25629 68739 27% /
>/dev/hda1 334256 149280 184976 45% /dosc
>/dev/hdb6 191260 3037 178347 2% /home
>/dev/hdb5 495714 211187 258926 45% /usr
>
>Where am I going wrong?
------------------------------
From: "David Lloyd-Jones" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.hardware,comp.os.linux.setup
Subject: Re: Help me spend $2,000 on a new Linux-based computer
Date: Wed, 31 Mar 1999 06:43:54 -0500
Richard Stovall <[EMAIL PROTECTED]> wrote
> I've gotten used to an 20" SGI (Sony) monitor at work and find that I have
a real hard time coming
> back to my weeny little 17" number at home. Virtual desktops are cool and
all that, but there's
> nothing like having it all there on one screen to make you a believer in
the big ones.
>
If you match the number of pixels on the screen against the number of rods
and cones in your eyes, you see a sorta severe deficit. Your normal
functioning field of vision is equal to something like four square metres of
high density screen, I've read.
Think multiple 20-inchers -- and multiple operating systems to keep 'em fed.
-dlj.
------------------------------
From: [EMAIL PROTECTED] (Sameer Vijay)
Crossposted-To:
vmsnet.networks.misc,microsoft.public.windowsnt.domain,comp.unix.solaris,comp.os.os2.networking.server,comp.os.ms-windows.nt.admin.networking,comp.infosystems.www.servers.unix,comp.protocols.tcp-ip.domains
Subject: Re: Machine name themes - what do you use?
Date: 31 Mar 1999 10:49:45 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (Eric Peterson):
> My home network machines are called:
> Beauty (PII chip)
> Beast (Pentium)
> Brat (486)
> If I ever add a 4th machine I'm thinking of calling it Babe 8-)
In out dept. we use names of greek god/goddesses for major machines.
eg medusa, psyche, janus etc. other machines in the dept are often
named after some great worker in the prof.s/labs research field eg.
nyquist, bode In my lab we have named the machines after cartoon
characters eg calvin, garfield, marvin.
one of the dept uses the names of indian classical ragas for the names
of major machines. smaller machines are named after carnatic classical
ragas eg. bhairav, vaijayanti, deepak etc.
CS dept uses the names of higher himalayan mountains for their major
machines.
--
S a m e e r V i j a y.
==================================================
Res. Engnr., ChE-IIT Bombay.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
