Linux-Networking Digest #771, Volume #10 Tue, 6 Apr 99 21:13:41 EDT
Contents:
Chap <05> --> exactly what input is my isp (MCI) expecting?? (mario wilson)
Re: linux firewall (Luca Filipozzi)
Re: telnet to host as root (Luca Filipozzi)
USR/3COM I-MODEM (Randy Prakken)
Home networking question (Long) (Linux newbie) (Credence Ross)
Re: Modem problem with RedHat 5.2 ("The Lone Scribe")
Re: Problem with modem after kernal upgrade to 2.2.3 (Clifford Kite)
Re: Redhat ipmasquerading timeout? (dont spam me)
Re: static & dynamic NAT with multiple external interfaces? (Luca Filipozzi)
Re: cable modems? (Greg Kettmann)
Re: Help me spend $2,000 on a new Linux-based computer ([EMAIL PROTECTED])
Re: home network using Linux ("Curt")
Re: ipfwadmin setup for ftp, icq and quakeworld (jeff kendall)
MX records (Gavin McCord)
Re: MX records (Gavin McCord)
----------------------------------------------------------------------------
From: mario wilson <[EMAIL PROTECTED]>
Subject: Chap <05> --> exactly what input is my isp (MCI) expecting??
Date: 06 Apr 1999 17:06:45 PDT
Reply-To: [EMAIL PROTECTED]
Hi all,
Here is the /ver/messages log. I have configured my chap secrets file
and yet I do not get a connection.
Thanks in advance for the insight.
.. mario
______________________
Apr 2 15:49:49 mwodessey chat[506]: OK
Apr 2 15:49:49 mwodessey chat[506]: -- got it
Apr 2 15:49:49 mwodessey chat[506]: send (ATD9084600^M)
Apr 2 15:49:49 mwodessey chat[506]: expect (CONNECT)
Apr 2 15:49:49 mwodessey chat[506]: ^M
Apr 2 15:50:07 mwodessey chat[506]: ATD9084600^M^M
Apr 2 15:50:07 mwodessey chat[506]: CONNECT
Apr 2 15:50:07 mwodessey chat[506]: -- got it
Apr 2 15:50:07 mwodessey chat[506]: send (\d)
Apr 2 15:50:08 mwodessey pppd[505]: Serial connection established.
Apr 2 15:50:09 mwodessey pppd[505]: Using interface ppp0
Apr 2 15:50:09 mwodessey pppd[505]: Connect: ppp0 <--> /dev/ttyS0
Apr 2 15:50:09 mwodessey pppd[505]: sent [LCP ConfReq id=0x1 <magic
0xffff0237> <pcomp> <accomp>]
Apr 2 15:50:10 mwodessey pppd[505]: rcvd [LCP ConfReq id=0x1 <mru 1500>
<asyncmap 0x0> <auth chap 05> <magic 0x41222014> <pcomp> <accomp>]
Apr 2 15:50:10 mwodessey pppd[505]: sent [LCP ConfRej id=0x1 <auth chap
05>]
Apr 2 15:50:10 mwodessey pppd[505]: rcvd [LCP ConfReq id=0x2 <mru 1500>
<asyncmap 0x0> <magic 0x41222014> <pcomp> <accomp>]
Apr 2 15:50:10 mwodessey pppd[505]: sent [LCP ConfAck id=0x2 <mru 1500>
<asyncmap 0x0> <magic 0x41222014> <pcomp> <accomp>]
Apr 2 15:50:12 mwodessey pppd[505]: sent [LCP ConfReq id=0x1 <magic
0xffff0237> <pcomp> <accomp>]
Apr 2 15:50:13 mwodessey pppd[505]: rcvd [LCP ConfAck id=0x1 <magic
0xffff0237> <pcomp> <accomp>]
Apr 2 15:50:13 mwodessey pppd[505]: sent [IPCP ConfReq id=0x1 <addr
0.0.0.0> <compress VJ 0f 01>]
Apr 2 15:50:40 mwodessey last message repeated 9 times
Apr 2 15:50:43 mwodessey pppd[505]: IPCP: timeout sending
Config-Requests
Apr 2 15:50:43 mwodessey pppd[505]: sent [LCP TermReq id=0x2 "No
network protocols running"]
Apr 2 15:50:43 mwodessey pppd[505]: rcvd [LCP TermAck id=0x3]
Apr 2 15:50:43 mwodessey pppd[505]: Connection terminated.
Apr 2 15:50:43 mwodessey pppd[505]: Hangup (SIGHUP)
Apr 2 15:50:43 mwodessey pppd[505]: Exit.
[root@mwodessey /root]# /usr/sbin/pppd /dev/ttyS0 57600 debug connect
"/usr/sbin/chat -v '' AT OK ATD9084600 CONNECT '\d\c'"
[root@mwodessey /root]# /usr/sbin/pppd /dev/ttyS0 57600 debug connect
"/usr/sbin/chat -v '' AT OK ATD9084600 CONNECT '\d\c'"
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: linux firewall
Date: Tue, 6 Apr 1999 16:00:41 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> i have default accept for everinting except acounting where i have nothing... should
>i
> add accounts and if yes how and where???????
>
> thanx again... Luca
Your welcome.
You don't need accounting unless you want to know how many packets to
which address/port are being sent/received/rejected/denied. I don't have
any accounting rules.
Steps to make your system somewhat safe:
1a) remove all entries in /etc/inetd.conf that you don't need
1b) stop and remove all standalone daemons you don't need
2) set ipfwadm to reject spoofing
3) set ipfwadm to deny all forwarding by default (ipfwadm -F -p deny)
4) set ipfwadm to accept some forwarding/masquerading as needed
For even more security:
5) deny all incoming packets by default (ipfwadm -I -p deny)
6) and only accept those protocols/port you really need
For even more security: (overkill for a home network)
7) set up a DMZ (read O'Reilly's book on firewalls)
8) get patches that will do state inspection filtering
(don't even know if these are available for ipfwadm)
For TOTAL security;
9) pull the plug :)
Hope this helps,
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: telnet to host as root
Date: Tue, 6 Apr 1999 16:14:11 -0700
In article <7ee36c$g0g$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> While trying to login as root from a95pc (samba connection)
> by telnet i get msg "login inncorect"
> why ?
> (other users can login fine ..)
>
>
>
It's a security feature. When you attempt to login, your username and
password are send in CLEAR text. Anybody with a packet sniffer can pick
off this packet and hack your system.
If you want to log in as root, do one of the following:
1) login as a normal user and run /bin/su
2) use SSH (secure shell), which uses encryption
(Yes, you can turn this security feature off, but why would you?)
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: Randy Prakken <[EMAIL PROTECTED]>
Subject: USR/3COM I-MODEM
Date: Tue, 06 Apr 1999 16:45:12 -0700
I want to set up a Linux box at work which supports dial-in from home using both
56k and ISDN.
Seems like I would need an internal I-modem - true?
I don't see any signs of Linux support anywhere for internal I-modem - true?
Any other options to I-modem?
Any info at all greatly appreciated.
Best regards
Randy
mailto:[EMAIL PROTECTED] http://www.ndg.com
------------------------------
Date: Tue, 06 Apr 1999 16:19:24 -0700
From: Credence Ross <[EMAIL PROTECTED]>
Subject: Home networking question (Long) (Linux newbie)
Hi. I am doing research prior to setting up a home network with two
computers and have hit a stumbling block. There is plenty of
documentation on how to do IP Masquerading with linux, but I intend my
Windows NT box to be the one with actual connection to my ISP, and the
_second_ machine will be a dual-boot NT/Linux. So, all the
documentation about IP Masquerading with linux doesn't apply, and
products like WinGate only work with all-Win32 networks.
Before someone says it, using the linux box as the server/proxy/router
is not an option. The reason is, I do alot of experimentation,
upgrading, and OS switching. This means that the NT/linux box will be
down sometimes, rebooted often, and always switching between OS's. The
NT-only box, which will be my girlfriend's, is very static, and so can
be connected (more or less) constantly. She wouldn't appreciate getting
kicked off the net whenever I reboot _my_ machine.
I am not asking specifically how to set this up. What I would like is a
reccomendation as to what general approach to use (Routing vs. Proxy vs.
Masquerading), and most importantly, where I can find more information
on this subject. As I mentioned earlier, almost all of the information
I dig up applies only to linux-as-the-server setups or All-Win32
setups. Any input and pointers would be greatly appreciated 8)
Backround:
Machine one: Windows NT 4.0 Workstation, Cyrix MII 300, 32M RAM (soon to
be increased), 408M HD (to increase, but not soon), 56K Win-modem,
LinkSys 10/100 PCI card.
Primary use: Girlfriend's computer (That's why it's Win32). Used almost
exclusively for e-mail, IRC, ICQ, and web browsing, occasional light
office apps, print server?.
Machine two: NT 4.0 Workstation/Red Hat Linux 5.2/other OS's depending
on mood (Maybe stampede linux or BeOS), K6-II 350, 128M RAM, 12.7G HD,
LinkSys 10/100 PCI card.
Primary use: Experimentation with new OS's, multi-platform development,
3D modeling, light internet use (web, ftp, usenet). Configuration to
change fairly frequently.
User one: Nearly computer-illiterate net-junkie girlfriend. Can name a
dozen different IRC servers off the top of her head, but doesn't know
how to format a floppy. Not interest in learning linux.
User two: Ambitious young Computer Science student seeking to spread my
wings into new territory (Linux/BeOS?) and tired of fighting over time
on the computer (I am in the process of building machine two, so we
technically only have one right now).
Network: I will be using a LinkSys 4-port Fast Ethernet hub. The hub
and both the cards were part of a Network starter kit. The network kit
says it supports linux, but the internet-sharing software is 3rd party
(Internet LanBridge?) and probably only supports Win32. I have just a
standard personal dial-up ISP account with Dynamic IP and nothing
unusual like PAP, etc.
Thanks in advance,
Credence Ross
Remove NOSPAM from address to e-mail me
P.S. Is there a FAQ available for this newsgroup?
------------------------------
From: "The Lone Scribe" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,comp.os.linux.setup
Subject: Re: Modem problem with RedHat 5.2
Date: Tue, 6 Apr 1999 17:11:33 -0700
Mojoman wrote in message <[EMAIL PROTECTED]>...
>I have a Diamond SupraExpress 56k modem.
But is it a WinModem? If so, you cannot make it work in Linux. If not, then:
>It is set to Com Port 3 in win95
So your Linux analogs for COM3 are /dev/cua2 and /dev/ttyS2. You might want
to make a symlink of /dev/modem to make life easier, if your install didn't
already do this for you. Then you can just use the symlink instead for all
apps that use your modem.
>however, when I try dialing out in minicom or seyon etc I don't even get a
>dial tone or hear the modem dialing or anything
Besides your device name, you need to pay attention to your IRQ. What was
the device's IRQ in Windows? Make sure you use that IRQ as well in Linux. To
set it, you'll need the setserial package. Try 'man setserial' for
information on the command's syntax. You can put this command in your
rc.local file so that it is set each time you boot the system, rather than
having to type it in by hand.
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: Problem with modem after kernal upgrade to 2.2.3
Date: 6 Apr 1999 17:16:28 -0500
Les Hazelton ([EMAIL PROTECTED]) wrote:
: I am having the same problem on my Mandrake 5.3 system with the 2.2.3-ac4
kernel.
: My system has Redhat 5.2 with a 2.2.1 kernel in one partition and
Mandrake 5.3 with the 2.2.3 kernel in another. Using the same Minicom
binary on both systems:
: When I boot the Redhat side I can access the modem (/dev/ttyS1), get
response to ATI11 commands and dial a number.
: When I boot the Mandrake side, Minicom outputs the modem init string
and just hangs there - no OK from the modem etc..
Minicom usually uses /dev/modem in it's configuration which is a
symbolic link to some real device file, say /dev/ttySx . If the ttySx
to which the Mandrake (where do they get these names?) /dev/modem points
is not the one that the modem needs then minicom will fail.
: I have tried a ppp-on script to cause chat to dial a number and on the
: Mandrake 2.2.3 side and that works. But then the connection drops with
: a report of write error from pppd in the message log.
I've seen a lot of ppp logs but "write error" doesn't ring any bells.
Exact messages, cut and pasted into the post with some adjacent lines
for context, are better.
: The results from a setserial query are the same from both systems.
: I sure hope someone has some suggestions. And to [EMAIL PROTECTED], while I am
:sorry
: you are having a problem, I sure am glad to learn I am not the only one with this
:one.
: --
: Les Hazelton
: --------------------------------------------
: The camel has a single hump;
: The dromedary two;
: Or else the other way around.
: I'm never sure. Are you?
: -- Ogden Nash
>From the "Golden Trashery of Ogden Nashery?" Or, more likely, from
a linux fortune? :)
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
------------------------------
From: dont spam me<[EMAIL PROTECTED]>
Subject: Re: Redhat ipmasquerading timeout?
Date: Tue, 06 Apr 1999 23:10:47 GMT
On 6 Apr 1999 13:36:09 GMT, [EMAIL PROTECTED] (John Kim)
wrote:
the way I bypass this in my office is I telnet to the linux box
running the firewall then once logged in there, telnet out the the
remote system, I've had Idle telnets open for longer than an hour
this way.
I too would actually like to know how to at least change the timeout
value of the firewall for the sake if ICQ. AIM constantly downloads
advertisements so it's uneffected.
tng
>I think I've read in the past from somewhere(sorry it's so vague), that
>the default setting for IP masquerading is to disconnect any TCP/IP
>connection that has been idle for 5 minutes. I've never ventured out to
>find out how to disable this feature. Since it mainly effects telnet
>sessions, I just created a simple shell script that sends a character to
>my screen every 4 minutes. And if I'm not doing anything, I just have the
>script running. Seems to work well. But if anyone out there knows how to
>actually disable the 5 minute limit, I'd love to hear from you.
>
>Curt ([EMAIL PROTECTED]) wrote:
>: Check your syslog, the site you're trying to reach may need a vaild ident
>: on you.
>: I use mident to take care of this.
>: ftp://ftp.code.org/pub/linux/midentd/
>
>
>: Gary Hodder wrote in message
>: <[EMAIL PROTECTED]>...
>: >Hello all,
>: >I need to run a telnet session through a redhat router using
>: >ipmasquerading. My problem is that after a short time of no activity
>: >the telnet session times out. I have tried opening port 23 back to my
>: >box with ipfwadm but still times out.
>: >Does anyone know how this can be overcome without the need to buy
>: >another live ip address?
>: >Any help would be most appreciated.
>: >
>: >Gary
>: >[EMAIL PROTECTED]
>: >
>
>
>
>--
>-----------------------------------------------------signature begins here
>John D. Kim [DK] FC @ MMF [EMAIL PROTECTED] ICQ # 4736158
>donotfearthepenguins...donotfearthepenguins...walkintothelight...
>-------------------------------------------------------signature ends here
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Crossposted-To: comp.security.firewalls
Subject: Re: static & dynamic NAT with multiple external interfaces?
Date: Tue, 6 Apr 1999 16:11:59 -0700
In article <[EMAIL PROTECTED]>, sl3nf.cc@usu says...
> Are there any NAT firewalls out there that allow multiple external
> logical interfaces and allow port _ranges_ on those interfaces to be assigned
> to specific internal addresses?
>
> For instance, I want say, 8 external addresses mapped to the ethernet device on
> the outside network. I want port 2125 on each to map to specific machines
> inside my network, but I want the rest of the ports on those interfaces to be
> available to behave as normal NAT devices. (My problem is much more complex,
> but that will do for the question at hand.)
>
> thanks for your time...
>
> rOn barry
>
A combination of ip address aliasing, and masquerading, and port
forwarding should do the trick for you, I would think.
ifconfig will allow you to assign extra ip addresses to a single
interface
ipportfw will allow you to forward ip_addr/port packets as you choose
ipfwadm will allow you to do masquerading/NAT for the rest of the traffic
Hope this helps,
Luca
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
Date: Tue, 06 Apr 1999 19:19:25 -0500
From: Greg Kettmann <[EMAIL PROTECTED]>
Subject: Re: cable modems?
Robert Ziegler also has a great web site on this subject (MediaOne Cable
Modems).
HTTP://RLZ.NE.MEDIAONE.NET
mbrown wrote:
>
> hello
>
> i was wondering if anyone had any experience with cable modems and setting
> them up
>
> any help or just pointing to a faq would be great thanks
>
> keith
------------------------------
Date: Mon, 05 Apr 1999 12:34:38 -0400
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.misc,comp.os.linux.hardware,comp.os.linux.setup
Subject: Re: Help me spend $2,000 on a new Linux-based computer
==============0EFD322EFFBB592E04CC46E9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
ATI Rage series of Video Cards work excellent with the Mach64 XFree86
Server. Im using an 8meg ATI Rage Pro on one of my systems right now.
arthur
http://www.linuxberg.com
[EMAIL PROTECTED] wrote:
> I've gotten the go-ahead from my better half (read: my wife) to spend
> around 2K on a new system. I'd like to hear _specific_ success and/or
> horror stories on systems and peripherals that have worked and not
> worked with Linux. My prequisites:
>
> 400mhz CPU
> 96mb RAM
> 8mb video card
> 19" monitor
> sound card, speakers
> 4GB hard drive
> CD-ROM
>
> Bonuses:
> DVD
> Color printer
> Tape backup
> Dual CPUs
>
> Notes:
> I don't play video games, so 3D video doesn't mean anything to me.
> I'm open to build-my-own or buying from Micron, Gateway, Dell, etc.
>
> Best regards,
> Ed
>
> Q: Why do PCs have a reset button on the front?
> A: Because they are expected to run Microsoft operating systems.
--
Arthur H. Johnson II Linuxberg Webmaster
Tucows International [EMAIL PROTECTED]
==============0EFD322EFFBB592E04CC46E9
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
ATI Rage series of Video Cards work excellent with the Mach64 XFree86
Server. Im using an 8meg ATI Rage Pro on one of my systems right
now.
<p>arthur
<br><A HREF="http://www.linuxberg.com">http://www.linuxberg.com</A>
<p>[EMAIL PROTECTED] wrote:
<blockquote TYPE=CITE>I've gotten the go-ahead from my better half (read:
my wife) to spend
<br>around 2K on a new system. I'd like to hear _specific_ success and/or
<br>horror stories on systems and peripherals that have worked and not
<br>worked with Linux. My prequisites:
<p>400mhz CPU
<br>96mb RAM
<br>8mb video card
<br>19" monitor
<br>sound card, speakers
<br>4GB hard drive
<br>CD-ROM
<p>Bonuses:
<br>DVD
<br>Color printer
<br>Tape backup
<br>Dual CPUs
<p>Notes:
<br>I don't play video games, so 3D video doesn't mean anything to me.
<br>I'm open to build-my-own or buying from Micron, Gateway, Dell, etc.
<p>Best regards,
<br>Ed
<p> Q: Why do PCs have a reset button on the front?
<br> A: Because they are expected to run Microsoft
operating systems.</blockquote>
<pre>--
Arthur H. Johnson
II
Linuxberg Webmaster
Tucows
International
[EMAIL PROTECTED]</pre>
</html>
==============0EFD322EFFBB592E04CC46E9==
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: home network using Linux
Date: Tue, 6 Apr 1999 07:07:00 -0500
You probably want to setup a IP Masquerading firewall.
It will require 2 ethernet cards, since you have a cable modem.
You can use any one of the C class 192.168.x..x IP as your local
network. Then just 1 IP from your ISP for the 'outside' ethenet
interface.
Use samba for sharing files and printers with your WIN PCs.
E R S wrote in message <[EMAIL PROTECTED]>...
>Hi,
>
>I have three computers at home. They are all connected to
>each other (10baseT LAN) via a hub and the hub is connected
>to a cable modem (each computer has seperate account/ip
>address -assigned by isp).
>
>**Problem:
>
>When sharing files over the LAN (i.e. sending files from
>computer A to computer B -within my home), the files end up
>going over the larger LAN (Road Runner-Albany) before going
>to the destination computer -just 2 feet away! This makes
>for slower file transfers and network printing than if all
>those electrons stayed within my room. :)
>
>**Proposed Fix:
>
>I would like to setup a LAN within a LAN -if you will.
>Here's what I would like to do: 1) connect my two main
>computers to a hub, 2) connect that hub to a third (LINUX)
>computer, 3)connect the LINUX box to a printer and, using a
>second NIC, to the cable modem . This arrangement should
>ensure that file transfers/print jobs between my two main
>computers will stay within the house - not be sent over the
>Road Runner LAN. ***NOTE: I realize that this could be done
>*without* using Linux, but I want to learn and use programs
>that run on Linux --I'm sure you guys can appreciate that.
>;)
>
>**Questions:
>
>How hard will this be to do? (I've played around with linux
>before -I'm not afraid)
>What sites can you direct me to for
> -file sharing between win98 and linux?
> -sharing a printer between win98 and linux?
>
>
>Your help is greatly appreciated. :)
>
>Take care,
>
>E R S
>
>
>
>
>
------------------------------
From: jeff kendall <[EMAIL PROTECTED]>
Subject: Re: ipfwadmin setup for ftp, icq and quakeworld
Date: Tue, 06 Apr 1999 20:28:16 -0400
The plot thickens:
Now tried the fix i received from hannu. It did not work. However, my
quakeservers
running on my linux box did stop functioning. I figured that it was the
ip_masq module
so i tried to unload it. HAH! Cant unload it. So i rebooted linux,
then commented out
the ipmasq modules, and basically fell back to the setup i had before.
Now the quakeserver
works one on port 27500 and one on 18000. The problem is that i bet if
i try to load
ip_masq_quake, my quakeserver will be blocked. OK. I'm willing to live
without ip_masq_quake, keep my quakeservers running and just get ftp
working. However THIS does
not work either.
Perhaps I really do need to rebuild the kernel to allow the ip_masq
loadable modules to function?
I tried the following:
1) ran my firewall script, everything worked as before http, mail, news
and dns only
2) ran firewall.no to turn off the firewall
3) ran hannu's script.
4) NOTHING worked, not http, not ftp, not anything
5) checked the quakeservers (qwsv 2.30 linux version)
and they had stopped talking to eth0,
5a) i was getting a OPERATION NOT AUTHORIZED
error message for every heartbeat (wording of message approximate)
6) ran firewall.no
7) attempted to unload ip_masq_quake using insmod -r ip_masq_quake.o
7a) comingled hannu's script with mine to try to mix my working http,
mail, etc
firewall with his script for masquerading.
7b) again, NOTHING worked, and I could not even telnet or ping my linux
box
from my win98 box!
8) re-ran my partially working firewall from step one.
9) STILL got the error from the quakeservers
10) rebooted
11) started the two quakeservers, they work fine and are online now
12) reran my partially working firewall after removing ALL ip_masq*.o
modules AND
reverting to the script I originally posted to this newsgroup.
I sense some progress here, in that I when i try to run ip_masq_quake, I
can take over
the ports the quakeservers normally use.
However I am still frustrated with my inability to make certain
connections through my firewall no matter what permutations I try, even
with all the
ip_masq_* modules loaded.
I apologize for the length of this post, but I feel it is better to
provide all possible
detail in the hopes of finding a knight out there with the right sword
to slay this
dragon before it sends me limping back to windows NoTechnology.
-jeff
jeff kendall wrote:
>
> Greg Weeks wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > jeff kendall <[EMAIL PROTECTED]> writes:
> > > Somebody out there knows how to make this work, beyond the cryptic
> > > "how-to" pages,
> > >
> > > 1 - I installed linux kernel version 2.0 something (uses ipfwadmin NOT
> > > ipchains).
> > > 2 - http works fine, mail and news work fine. dns works fine.
> > > 3 - I can't get ftp, icq and quakeworld to run through my firewall.
> >
> > Is this incoming or outgoing that's not working?
> >
> > > 4 - I have repeatedly rebuilt the kernel with DISASTROUS results
> > > (I almost lost the eight gig drive with my only copy of this
> > > broken-but-the-best-I-can-do script).
> > >
> > > 5 - Also using insmod to load verious .o modules dealing with ftp and
> > > quake makes no
> > > difference.
> > >
> > > I want to run quakeworld on the firewall when this is done and I want to
> > > be able to
> > > connect to it via ip forwarding as well as use gamespy, etc. I also
> > > want to be able
> > > to play halflife, Quake 3, KingPin, etc...
> > > If I can't make this work SOON, I'm gonna have to defect back over to NT
> > > (ugh!)
> > > and use some bluescreen-generating proxy software!
> >
> > I think you probably have your firewall rules too tight. Have you
> > tried using a really loose (wide open) firewall script and seeing if
> > it works that way?
> >
> > I'm also somewhat confused by two sets of network addresses. Are you
> > running two ethernet cards and a dial-up connection?
> >
> > Greg Weeks
> > --
> > http://durendal.tzo.com/greg/
>
> i have the following setup
>
> --------- -------
> [ win98 ] - 10baseT - - [ hub ]
> --------- / -------
> /
> -------
> [linux ]
> -------
> /
> /
> ------------
> [ mediaone ]
> [ cablemodem ] - - - mediaone coax/ fiber/ etc - - -
> ------------
>
> 1) All interconnects above are 10baseT except upstream from the cable
> modem.
> 2) There is NO phone modem of any kind involved.
> 3) The linux box is the only machine with two ethernet cards.
>
> My local subnet is 192.125.125.0/24
>
> My usual ip is 24.131.20.x
>
> My mediaone netmask (received from their dhcp server) is 24.131.20.0/21
>
> I can get out from win98 using netscape to read mail or newsgroups or
> http.
> when i try to use ftp, whether it is from netscape or from ws_ftp or
> DOS,
> I can log in but the connection times out receiving the directory.
>
> I cannot run gamespy and see anything out on the 'net.
> I cannot run icq and connect to mirabilis to pick up my messages, which
> i am
> sure are overflowed by now...
>
> TODAY:
> I can run netscape on my pc and surf the web through my firewall, as
> well
> as receive and send email and read newsgroups.
> WHAT I NEED:
> The above, plus the ability to play quake, quake two, halflife, tribes,
> use icq
> and ftp.
>
> I saw something about port forwarding mentioned in one of the how-to's
> someplace
> but can't figure out what it does or if it would help me with my present
> predicament.
>
> One major problem is that my current hard disk is over 8 gig and lilo
> has not been
> booting for me. It hangs at LI. I saw in another faq or how-to that
> lilo hangs at
> LI only when it thinks you have a scsi device. I do see an error
> regarding scsi
> as I boot, IF I boot. I sure wish I could rid myself of this bug as
> well...
>
> Your help is GREATLY appreciated.
>
> -Jeff Kendall
>
> ps: thanks, hannu for the fix,
> while i have tried loading the masq modules before,
> perhaps there is something in the order of the script you supplied...
>
> Hannu wrote:
> > echo "Enabling IP MASQ, MASQ timeouts, MASQ modules and advanced firewalling"
> >
> > #Load the MASQ modules
> > #
> > echo Loading MASQ modules
> > #/sbin/modprobe ip_masq_cuseeme
> > /sbin/modprobe ip_masq_ftp
> > /sbin/modprobe ip_masq_irc
> > #/sbin/modprobe ip_masq_quake
> > #/sbin/modprobe ip_masq_vdolive
> > /sbin/modprobe ip_masq_raudio
> >
> > # Finished with MASQ modules
> >
> > echo "Enabling IP Masqurading.."
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> > /sbin/ipfwadm -F -p reject
> > /sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0
> >
> > echo "rc.firewall done."
>
> i will try the fix and post to this newsgroup if it works...
------------------------------
From: Gavin McCord <[EMAIL PROTECTED]>
Subject: MX records
Date: Wed, 07 Apr 1999 01:18:11 +0100
I've got two linux boxes, one of which runs DNS. I'm not
sure about my MX records though. Here's an extract from
my localdomain file
NS ns ; Inet address of nameserver
MX 10 server.domain. ; 1st Mail exchanger
;
localhost A 127.0.0.1
ns A 192.168.0.1
client A 192.168.0.1
MX 20 client.domain.
MX 10 server.domain.
server A 192.168.0.2
MX 10 server.domain.
MX 20 client.domain.
Is there an more optimum setting I can use?
--
"I'm Keyser Soze. No, I'm Keyser Soze. I'm Keyser Soze and so's
my wife..."
-Monty Python plays The Usual Suspects
------------------------------
From: Gavin McCord <[EMAIL PROTECTED]>
Subject: Re: MX records
Date: Wed, 07 Apr 1999 01:24:57 +0100
Gavin McCord wrote:
I think the line under localhost... should be
ns A 192.168.0.2
as that is the one running the nameserver.
The original question still stands, though.
--
"I'm Keyser Soze. No, I'm Keyser Soze. I'm Keyser Soze and so's
my wife..."
-Monty Python plays The Usual Suspects
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
