Linux-Networking Digest #701, Volume #10 Thu, 1 Apr 99 08:13:32 EST
Contents:
problem with nfs (Ali Boudani)
^^^ SOS IP Masq & Forward can only access some sites.... ^^^ ("alvin")
change file mode by FTP? (GEMINI)
Re: diald and DNS queries (Mike Jagdis)
Re: Machine name themes - what do you use? ("Angela")
Re: NT provider - new to Linux ("Mike Kokinda")
diald and DNS queries (Ronald Hovens)
Re: NT provider - new to Linux ("Mike Kokinda")
Re: Leased Line Firewall (Rob van der Putten)
no enough ip address ! (Kameneff Ivan)
Problems setting up ISDN with debian 2.0 ("Chris")
Re: 3c509b not found in slackware 3.6 kernel 2.2.5 (Geoff Allsup)
Re: Setting up *non-default* routes through ppp0 (Brian McCauley)
----------------------------------------------------------------------------
From: Ali Boudani <[EMAIL PROTECTED]>
Subject: problem with nfs
Date: Thu, 1 Apr 1999 11:37:50 +0200
hello,
i upgrade to 2.2.3 , and i have this message at boot :
nfs warning : mount version older than kernel .
so i installed the the newer version of nfs-server ( showmount --version
=2.2beta40 ) , but i have always the same message
can anyone helpe me please
------------------------------
From: "alvin" <[EMAIL PROTECTED]>
Subject: ^^^ SOS IP Masq & Forward can only access some sites.... ^^^
Date: Thu, 1 Apr 1999 18:25:19 +0800
Hi,
After some months of struggling with diald and IP Masquerading, i've finally
set it up....but with some problems.
I am only able to access some websites. I suspect there might be some
problems with my ipfwadm rules, and included the rules under this message.
here's my setup :-
MY ISP ====== PPP =======Linux box ---------- Win98 clients
In case you require, I'm running the following services :-
Redhat 5.2 kernel 2.0.36
DNS
resolv.conf having the following :-
search my.domain
nameserver 10.0.0.10 (my linux box ip number which is a DNS server in my
local network)
nameserver 203.122.23.10 (MY ISP DNS server ip number) (am i require to put
my ISP dns ip numbers ???)
nameserver 203.122.23.20 (My ISP secondary ip number)
named.conf without the forwarder and slave statement (do i need the
forwarders and slave statement??)
IP masquerading and ip forwarding turn on
My win98 workstations are configured with the following :-
Gateway = pointing to my linux box which is connected to the internet by ppp
DNS contains my linux box ip number, and both my isp dns number (do i
require to put the isp dns ip number here??)
Oh yes, by the way, I'm intending to run samba, sendmail, apache, and
probably hylafax services in the same linux box as well, will there be a
problem with IP Masquerading and Forwarding ??? Will there be any conflict
with the rest of the service???
Thanks for your help in advance.
# Some definitions for easy maintenance.
# To obtain the dynamic PPP IP address, the output of ifconfig is piped to
# grep which strips out all the lines except the one containing the address
# and pipes it to awk which strips out the 2nd field containing the address.
# The final step has sed eliminate the text string "addr:" leaving just the
# IP address. There is probably a simpler way to do this but it works for
me.
ISP_IP=`ifconfig ppp0 |grep 'inet addr'| awk '{print $2}'|sed -e
"s/addr\://"`
echo $ISP_IP
# My fixed addresses
ME="10.0.0.10"
FIRE_NET="10.0.0.0/8"
PRIV_NET="10.0.0.0/8"
ALLIP="0.0.0.0/0"
HIPORTS="1024:65535"
# Clear out whatever rules are still set
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -f
# Start by completely denying any network access.
ipfwadm -I -p deny
ipfwadm -O -p deny
ipfwadm -F -p deny
# Deny spoofed packets.
ipfwadm -I -a deny -V $ISP_IP \
-S $FIRE_NET \
-D $ALLIP
ipfwadm -I -a deny -V $ISP_IP \
-S $ISP_IP \
-D $ALLIP
# Allow unlimited traffic within the local network
# (All all traffic on the ethernet interface - attached to the
# Linux file/print server. This does not affect the behavior of
# the PPP/Internet connection.)
#
ipfwadm -I -a accept -V $ME \
-S $ALLIP \
-D $ALLIP
ipfwadm -O -a accept -V $ME \
-S $ALLIP \
-D $ALLIP
# Allow outgoing TCP packets for the specified protocols
# I use duplicate rules for both the specific PPP IP address (obtained
# from the first command line in this script) as well as the firewall
# subnet. The first rule allows you to access the Internet from the firewall
# network since outgoing packets use the PPP connection IP as their source
# address (Note that this is superfluous if you follow the instructions
# in chapter 11 that remove most network applications from the firewall to
# increase security.) The second rule permits computers on the firewall
network
# and the private network to reach the Internet since they arrive at the
# PPP interface with the source address of the Linux file/print server which
# routes packets from the private network to the firewall network and
# masquerades them.
ipfwadm -O -a accept -P tcp \
-S $FIRE_NET $HIPORTS \
-D $ALLIP pop-3 smtp ftp ftp-data www telnet domain
ipfwadm -O -a accept -P tcp \
-S $ISP_IP $HIPORTS \
-D $ALLIP pop-3 smtp ftp ftp-data www telnet domain
Allow outgoing UDP packets for the specified protocols (name service here).
ipfwadm -O -a accept -P udp \
-S $FIRE_NET $HIPORTS \
-D $ALLIP domain
ipfwadm -O -a accept -P udp \
-S $ISP_IP $HIPORTS \
-D $ALLIP domain
# Allow the return packets of sessions originating internally for the
# specified protocols. The -k option allows only those packets with their
# SYN bit set. When the SYN bit is set, it means that the packet is being
# returned by a remote process after having originated locally.
ipfwadm -I -a accept -k -P tcp \
-S $ALLIP pop-3 smtp ftp www telnet domain \
-D $FIRE_NET $HIPORTS
ipfwadm -I -a accept -k -P tcp \
-S $ALLIP pop-3 smtp ftp www telnet domain \
-D $ISP_IP $HIPORTS
# Allow the remote ftp server to initiate a connection back to you. This
# happens when you issue an ftp command like "dir" or "get" or "put", etc.
# Note that this is not necessary if you use the ftp passive mode.
ipfwadm -I -a accept -P tcp \
-S $ALLIP ftp-data \
-D $FIRE_NET $HIPORTS
ipfwadm -I -a accept -P tcp \
-S $ALLIP ftp-data \
-D $ISP_IP $HIPORTS
ipfwadm -I -a accept -P udp \
-S $ALLIP domain \
-D $FIRE_NET $HIPORTS
ipfwadm -I -a accept -P udp \
-S $ALLIP domain \
-D $ISP_IP $HIPORTS
# Allow forwarding TCP packets from internal to external network
ipfwadm -F -a accept -P tcp \
-S $FIRE_NET $HIPORTS \
-D $ALLIP ftp ftp-data www telnet domain
ipfwadm -F -a accept -P tcp \
-S $ISP_IP $HIPORTS \
-D $ALLIP ftp ftp-data www telnet domain
# Allow forwarding TCP packets from external to internal network with SYN
bit set
ipfwadm -F -a accept -k -P tcp \
-S $ALLIP ftp www telnet domain \
-D $FIRE_NET $HIPORTS
ipfwadm -F -a accept -k -P tcp \
-S $ALLIP ftp www telnet domain \
-D $ISP_IP $HIPORTS
# Allow ...
ipfwadm -F -a accept -P tcp \
-S $ALLIP ftp-data -D $FIRE_NET $HIPORTS
ipfwadm -F -a accept -P udp \
#
# Set masquarading rules. (The second rule is necessary if you do not
# set up masquerading on the router - in our case the Linux file/print
# server - between the private and firewall networks. If that is the
# case, you also have to add a route on the firewall server to point
# back to the private network. For example:
# route add -net 192.168.1.0 gw 192.168.32.254
#
ipfwadm -F -a masquerade -S $FIRE_NET -D 0.0.0.0/0
# ipfwadm -F -a masquerade -S $ISP_IP -D 0.0.0.0/0
------------------------------
From: [EMAIL PROTECTED] (GEMINI)
Subject: change file mode by FTP?
Date: 1 Apr 1999 09:57:44 GMT
when I use ftp to put some files
in my account of a server, the default file mode
is 0644 (-rw-r--r--). if I wish the change the mode
to 0664, then how should I do? can I do that by some
command in FTP program? or I should setup the ftp daemon
of the server? how??
thanks.
------------------------------
From: [EMAIL PROTECTED] (Mike Jagdis)
Crossposted-To: comp.protocols.smb,comp.os.linux.setup
Subject: Re: diald and DNS queries
Date: 1 Apr 1999 10:42:31 GMT
In article <[EMAIL PROTECTED]>, Ronald Hovens wrote:
>However, when I use diald 0.16 for
>a virtual permanent connection, the linux box starts dialing my ISP on
>very strange moments:
>
>sit. 1 after starting my laptop, that connects to my ethernet
>sit. 2. when I look at network neighbourhood and click on the linuxbox
>icon on my laptop
>sit. 3 when I take a look at the printer queue of the printer that is
>connected to the Linux box and is usable from the Win98 laptop thru
>samba.
>
>According to the systemlog, the diald rule that brings up the connection
>is a DNS packet rule (port 53). I can see that a DNS query is done to my
>ISP's DNS servers, (the ones that are stored within the win98 DNS
>settings an in /etc/resolv.conf). I'ts ok that diald brings up the
>connection for a DNS query, since the ISP's DNS servers are outside my
>ethernet, BUT WHY IS THE DNS LOOKUP PERFORMED, EVEN WHEN I LOOK AROUND
>WITHIN MY ETHERNET (sit 1...3)?
All together now... "BECAUSE ITS WINDOWS!"
Windows does all kinds of weird and wonderful look ups. If it is
configured to use WINS samba may be relaying requests through DNS.
If Windows is set up to use DNS it generates requests itself.
>Does running a DNS server on my own
>linux box resolve this problem?
No, but if you point Windows at that instead of your ISP and have
your local server forward requests externally it gives you a useful
point to trace DNS queries. Once you know what bogus queries are
going on you can trap them either with hosts files or by setting
up dummy zones on your local server.
Mike
--
A train stops at a train station, a bus stops at a bus station.
On my desk I have a work station...
.----------------------------------------------------------------------.
| Mike Jagdis | Internet: mailto:[EMAIL PROTECTED] |
| Roan Technology Ltd. | |
| 54A Peach Street, Wokingham | Telephone: +44 118 989 0403 |
| RG40 1XG, ENGLAND | Fax: +44 118 989 1195 |
`----------------------------------------------------------------------'
------------------------------
From: "Angela" <[EMAIL PROTECTED]>
Subject: Re: Machine name themes - what do you use?
Crossposted-To:
vmsnet.networks.misc,microsoft.public.windowsnt.domain,comp.unix.solaris,comp.os.os2.networking.server,comp.os.ms-windows.nt.admin.networking,comp.infosystems.www.servers.unix
Date: Wed, 31 Mar 1999 16:14:08 GMT
we did colors and the oceans, marine animals....
I've seen the names of muppets and all kinds of things... i don't
think you have to do anything special, just have fun.
Ian Hogben <[EMAIL PROTECTED]> wrote in article
<[EMAIL PROTECTED]>...
> We use computer names from Science Fiction shows. Thus we have ZEN,
> ORAC, HAL, ZIGGY, and MARVIN (as in the paranoid android :).
>
> We are running out of names, though. This is the fault of unimaginative
> Star-Trek shows yelling out "computer" when speaking to their agent.
> While I'm moaning, if anyone has any other good ideas of another name,
> please drop me a line.
>
> Goes to show; there's nothing that compares to the originals: Blake's 7,
> HHGTG, 2001. :)
>
> --
>
>
>
> Ian Hogben
> Computer User Consultant
> Curtin University of Technology Kalgoorlie
> mailto:[EMAIL PROTECTED]
> http://www.kalg.curtin.edu.au/~HogbenI/buscard.html
> +61 8 9088 6857
> ***************************************************
> "Cat's Motto: No matter what you've done wrong,
> always make it look like the dog did it."
>
------------------------------
From: "Mike Kokinda" <[EMAIL PROTECTED]>
Subject: Re: NT provider - new to Linux
Date: Thu, 1 Apr 1999 06:25:48 -0500
Reply-To: "Mike Kokinda" <[EMAIL PROTECTED]>
Typically webhosts will do anything for money....
One server will be for a client. I will be using it solely for running
socks. There will be a pipe between their website (currently on a NT
machine) to a special program on their AS400. I will also configure their
W95 workstations to use socks for proxy.
The second server is for several reasons:
a. used to use Unix years ago, pricing allows me to get back into the game
b. I might have problems calling the Java program from my client's AS400,
would be hard to get support from IBM if I were using a MS based server.
c. I have a few clients that have their sites hosted on Apache systems, my
opinion is that FrontPage extensions works better on Apache than IIS4.0
(imagine that)
I am 6'2" ~230 pounds....lets see if I can give you anymore information
:-)
One of the important issues is I can't spend six months getting the thing
configured. The Socks host will have two NIC's (seems it is better to have
two different cards....)
Thanks for your input
Mike Kokinda
------------------------------
From: Ronald Hovens <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.smb,comp.os.linux.setup
Subject: diald and DNS queries
Date: Thu, 01 Apr 1999 11:38:49 +0200
I have a linux (redhat 5.2) desktop machine and a win98 laptop. The
linux desktop functions as a file and printer server thru Samba. This
works fine.
Besides that, the linux machine is my gateway to the internet (a modem
is connected to this machine, I don't use a permanent connection). This
also works fine if I connect the Linux desktop to my ISP manually by
activating interface ppp0: I can surf, telnet etc. from the laptop via
my linux desktop's modem connection. However, when I use diald 0.16 for
a virtual permanent connection, the linux box starts dialing my ISP on
very strange moments:
sit. 1 after starting my laptop, that connects to my ethernet
sit. 2. when I look at network neighbourhood and click on the linuxbox
icon on my laptop
sit. 3 when I take a look at the printer queue of the printer that is
connected to the Linux box and is usable from the Win98 laptop thru
samba.
According to the systemlog, the diald rule that brings up the connection
is a DNS packet rule (port 53). I can see that a DNS query is done to my
ISP's DNS servers, (the ones that are stored within the win98 DNS
settings an in /etc/resolv.conf). I'ts ok that diald brings up the
connection for a DNS query, since the ISP's DNS servers are outside my
ethernet, BUT WHY IS THE DNS LOOKUP PERFORMED, EVEN WHEN I LOOK AROUND
WITHIN MY ETHERNET (sit 1...3)? Does running a DNS server on my own
linux box resolve this problem?
Many thanks in advance.
Ronald Hovens
------------------------------
From: "Mike Kokinda" <[EMAIL PROTECTED]>
Subject: Re: NT provider - new to Linux
Date: Thu, 1 Apr 1999 06:29:02 -0500
Reply-To: "Mike Kokinda" <[EMAIL PROTECTED]>
I have never had so many affordable options....
We hope to get lots of traffic. The first Linux machine I put up will be a
socks host. It will used as proxy for about 10 machines as well as mask an
AS400 (need to call Java program from website, Java program resides on
AS400)
It will be good to get back into REAL computing/networking (he says that
now!!!!)
Mike Kokinda
------------------------------
From: Rob van der Putten <[EMAIL PROTECTED]>
Subject: Re: Leased Line Firewall
Date: Thu, 1 Apr 1999 13:36:59 +0200
Hi there
On Wed, 31 Mar 1999, Greg Kettmann wrote:
> 1) put a special "high speed synchronous card" in the PC and have a
> firewall do all the work,
Of course you can use your Linux box as a firewaal as well.
Regards,
Rob
+------------------------------------------------------------------------+
| http://www.sput.webster.nl/spam-policy.html |
+------------------------------------------------------------------------+
------------------------------
From: Kameneff Ivan <[EMAIL PROTECTED]>
Subject: no enough ip address !
Date: Thu, 01 Apr 1999 13:43:03 +0000
I have a problem : ... this graph will be more explicit than everything
:
=========================================================================
( network )
| | |
+-------+ +-------------+
| PC | | my PC under |
| under | | linux |
| win98 | +-------------+
+-------+ ip adress : 195.221.233.198
no ip adress
PC under win 98 are connected by netbeui protocol.
Because all ip adresses (for an internet acces) have been adribuated
(from 195.221.233.0
to 195.221.233.255), the PC under win 98 can't have an internet acces.
I would like to know if it was possible for th PC under win98 to have
acces to
internet throw my PC (under linux) ? Even if the Pc under win98 will be
disconnect to
intranet.
One more problem is that i have only one network card.
Somebody told me that my Pc have to be a route !!! (how can y do that ?
) ...
It is not win !!!
------------------------------
From: "Chris" <[EMAIL PROTECTED]>
Subject: Problems setting up ISDN with debian 2.0
Date: Thu, 1 Apr 1999 14:52:00 +0200
Hi
I'm trying to use ISDN on Linux with Debian 2.0 . I'm using isdnutils
2.1.beta.1-2 and Kernel 2.2.2. I edited the config files, but when I boot up
Linux I get the following error message:
Starting isdn services: interfacesSIOADDRT: Operation not supported by
device.
When I run ifconfig and route they report that ippp0 is up and the proper
route to my provider is set. Just the netmask is not the same as I wrote
down in ipppd.ippp0. It is 255.255.255.255 rather than 255.255.255.0
And when I try to run ipppd with ipppd.ippp0 as pidfile it reports that
there are no devices
What went wrong?
thanks
Chris
------------------------------
From: [EMAIL PROTECTED] (Geoff Allsup)
Crossposted-To:
alt.linux,alt.linux.slakware,alt.os.linux,alt.os.linux.slackware,comp.os.linux,comp.os.linux.hardware,comp.os.linux.setup
Subject: Re: 3c509b not found in slackware 3.6 kernel 2.2.5
Date: 1 Apr 1999 11:44:43 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 01 Apr 1999 03:52:13 GMT, Todd Goyen <[EMAIL PROTECTED]> wrote:
>Oh and one other thing
>i have a dimaond viper v330 which refuses to give up irq 10
>so i had to use three
>
>
well, IRQ 3 is a standard COM port IRQ - I wouldn't use that :-)
Most machines I've seen have IRQ 9 available, or 10 (which you say
is used) or 11.
--
******************************************************************
Geoff Allsup Upper Ocean Processes Group
Woods Hole Oceanographic Institution Woods Hole, MA, USA
******************************************************************
------------------------------
From: Brian McCauley <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: Setting up *non-default* routes through ppp0
Date: 01 Apr 1999 12:46:12 +0100
[EMAIL PROTECTED] (Clifford Kite) writes:
> Walter Hunt ([EMAIL PROTECTED]) wrote:
>
> : I recently set up my machine with a new cable-access modem for getting
> : to the Internet. This works great.
>
> : However, I still need to (for a while at least) connect to my old ISP
> : (netcom) in order to get mail from my old account. (As far as I know, netcom
> : can't/won't set up forwarding for my mail.)
>
> ..
>
> : to access hosts through ppp0, but not exactly what. For my purposes, I'd be
> : happy just to be able to route anything to 199.182.120.255 through ppp0.
>
> You might try
>
> /sbin/route add -net 199.182.120.0 netmask 255.255.255.0 dev ppp0
>
> in /etc/ppp/ip-up.
Better still replace "ppp0" with $1, just in case it's not ppp0.
You'll probably also want to make this conditional:
Something like
case $5 in
199.182.120.* )
/sbin/route add -net 199.182.120.0 netmask 255.255.255.0 dev $1
esac
--
\\ ( ) No male bovine | Email: [EMAIL PROTECTED]
. _\\__[oo faeces from | Phones: +44 121 471 3789 (home)
.__/ \\ /\@ /~) /~[ /\/[ | +44 121 627 2173 (voice) 2175 (fax)
. l___\\ /~~) /~~[ / [ | PGP-fp: D7 03 2A 4B D8 3A 05 37...
# ll l\\ ~~~~ ~ ~ ~ ~ | http://www.wcl.bham.ac.uk/~bam/
###LL LL\\ (Brian McCauley) |
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
