Linux-Networking Digest #772, Volume #10 Tue, 6 Apr 99 22:13:37 EDT
Contents:
Re: Problems dialing up to ISP ("K.A. Steensma")
Allied Telesyn AT2560 Network card? (L J Bayuk)
Re: linux firewall (Hugo Theriault)
No connection without tcpdump (David Kirschey)
Re: Apache and UserDir (Brian Turner)
Re: Network Newbie Question (jeff kendall)
Re: Exchange Server clone for Linux?? (jeff kendall)
packet header!! (minix unix)
Re: linux firewall (Hugo Theriault)
Turbo 16/4 Token-Ring (PCMCIA) setup (Karl Buck)
Re: packet sniffer for Linux (James Singleton)
Re: linux firewall (Luca Filipozzi)
Re: Backing up to tape over network? (Johannes Niess)
3COM 3C509 ERROR: Boots @ IRQ 255 ("Deon")
----------------------------------------------------------------------------
From: "K.A. Steensma" <[EMAIL PROTECTED]>
Subject: Re: Problems dialing up to ISP
Date: Wed, 07 Apr 1999 00:31:23 GMT
Check if your ISP is using PAP by trying to log in with minicom. If you get
text that asks for a login and then a password, your ISP is scipt automated
(write down the prompts for later). If you get an (almost) immediate string
of 'garbage' character, you ISP is using PAP. Then download, install and run
the pppsetup script. It is available from -
ftp://sunsite.unc.edu/pub/Linux/system/network/serial/ppp/pppsetup-2.11.tar.gz
When you are finished, follow the instructions on the last screen of the
script. KAS
Christian Freet wrote:
> I have followed the instrucions at the site
>
> http://axion.physics.ubc.ca/ppp-linux.html but to no avail... seems as
>
> though even as I have placed the noauth command in the /etc/ppp/options
>
> file, it looks like my system is still requestion authorization from the
>
> ISP (of course, it looks like this from my untrained eye); while tailing
>
> the ppp log, there is the message saying "sent auth <pap>" or whatever (I
>
> can be more specific), the key idea is that it is sending auth request in
>
> addition to authorizing itself; you follow?
>
> If anyone has some sort of fix or idea, please help; thanks in advance.
>
> ------------------ Posted via SearchLinux ------------------
> http://www.searchlinux.com
------------------------------
From: [EMAIL PROTECTED] (L J Bayuk)
Subject: Allied Telesyn AT2560 Network card?
Date: 7 Apr 1999 00:33:21 GMT
All I know is that this Allied Telesyn AT2560 is a PCI 10/100 Ethernet
card. I can't find any reference in Linux drivers or HOWTOs on this
card, nor could I find out from AT's web site what chipset it uses.
I'm being offerred a server that has one it in, and I can't open the
box and inspect the card until they take down the server. Anybody
know/use this card with Linux? I've used AT1500's and AT2450's
but never this one. Is the AT2560 also based on an AMD chipset?
------------------------------
From: Hugo Theriault <[EMAIL PROTECTED]>
Subject: Re: linux firewall
Date: Wed, 07 Apr 1999 00:31:14 GMT
Luca Filipozzi wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
> > Luca Filipozzi wrote:
> >
> > > In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> > > says...
> > > > i have default accept for everinting except acounting where i have nothing...
>should i
> > > > add accounts and if yes how and where???????
> > > >
> > > > thanx again... Luca
> > > Your welcome.
> > >
> > > You don't need accounting unless you want to know how many packets to
> > > which address/port are being sent/received/rejected/denied. I don't have
> > > any accounting rules.
> > >
> > > Steps to make your system somewhat safe:
> > > 1a) remove all entries in /etc/inetd.conf that you don't need
> > > 1b) stop and remove all standalone daemons you don't need
> > > 2) set ipfwadm to reject spoofing
> > > 3) set ipfwadm to deny all forwarding by default (ipfwadm -F -p deny)
> > > 4) set ipfwadm to accept some forwarding/masquerading as needed
> > >
> > > For even more security:
> > > 5) deny all incoming packets by default (ipfwadm -I -p deny)
> > > 6) and only accept those protocols/port you really need
> > >
> > > For even more security: (overkill for a home network)
> > > 7) set up a DMZ (read O'Reilly's book on firewalls)
> > > 8) get patches that will do state inspection filtering
> > > (don't even know if these are available for ipfwadm)
> > >
> > > For TOTAL security;
> > > 9) pull the plug :)
> > >
> > > Hope this helps,
> > > --
> > > Luca Filipozzi <[EMAIL PROTECTED]>
> >
> > Iguess then all i need to do now is to set up my linux box tp forward requests
>from other
> > workstations back to them.... just don t know how to do that.
> >
> > ip forwarding is on...
> >
> > also do you know how i could make the file i created with rules in them actually
>in effect
> > i was told to try
> >
> > chmod 700 blablabla .. to make it executable.. how to i know it worked..
> >
> > signed .. sorry newbie
> >
> > hugo
> >
> >
> Yikes... you are a newbie.
>
> ls directory listing
> ls -l "long" directory listing
>
> If you do "ls -l rc.firewall" you should see something like
>
> -rwxr-xr-x 1 <username> <group> <size> <date> <filename>
>
> where the permissions on the file are given by
>
> -rwxrwxrwx three groups of "rwx"
> r is for read (bit 2 - value 4)
> w is for write (bit 1 - value 2)
> x is for execute (bit 0 - value 1)
> 1st "rwx" <username>
> 2nd "rwx" <group>
> 3rd "rwx" <all>
>
> So, a chmod 700 means
> 7 - "rwx" for <username>
> 0 - "---" for <group>
> 0 - "---" for <all>
>
> All scripts should start with (this MUST be on the first line)
>
> #!/bin/sh
>
> You need to get a good book on the Unix shell. Check out O'Reilly's
> offerings. The book on BASH is pretty good. There are probably good
> references on the web. Try a query on www.ask.com for bash tutorial or
> something.
>
> --
> Luca Filipozzi <[EMAIL PROTECTED]>
thanx will do
------------------------------
From: [EMAIL PROTECTED] (David Kirschey)
Subject: No connection without tcpdump
Date: Tue, 06 Apr 1999 15:58:35 GMT
Reply-To: [EMAIL PROTECTED]
Hello,
for a new server I just installed SuSe Linux 6.0 ( AMD K6 350, 256MB,
GDT Raid 5 30GB, tulip NIC 100MBit) and have a severe problem
connecting through the lan:
It is not possible to ping, from/to my linux server. Ping/Telnet from
another Computer don't work, too.
Now I try to debug, and when I start "tcpdump -i eth0" on my new
server, everything works fine, everything works. But when I press
Ctrl- C to stop the tcpdump, it's all over... Nothing works any more.
All remote x-windows are dieing, telnet disconnects etc.
I don't know, what's going on... Why do I have to start an "tcpdum -i
eth0 >/dev/null&" to work with the computer?
Thanks a lot
David Kirschey
------------------------------
From: Brian Turner <[EMAIL PROTECTED]>
Subject: Re: Apache and UserDir
Date: 6 Apr 1999 21:35:45 GMT
Tom Hennen III <[EMAIL PROTECTED]> wrote:
> Once I get all this set up I restart httpd by using kill -HUP PID However
> when I go to www.domain.com/~user/ I get error #403 access forbidden. What
> am I doing wrong?
Are the permissions set properly for those directories/files?
i.e. issue a command like
ls -ld /home /home/~user /home/~user/public_html \
/home/~user/public_html/index.html
And, for example, chmod a+r /home/~user/public_html/index.html
(you can also have your httpd user be in the same group as your
user, i.e. chmod g+r /home/~user/public_html/index.html ; chgrp
internetgroup /home/~user/public_html/index.html)
I'm sure you already checked this, but...
Brian
------------------------------
From: jeff kendall <[EMAIL PROTECTED]>
Subject: Re: Network Newbie Question
Date: Tue, 06 Apr 1999 20:40:47 -0400
frank, ng, other residents of the linux-networking circle of dante's
inferno:
one nice thing about linux is that you can install it on a 486, then
move the hard
disk to a 386 or a pentium two and it will boot anyway. the only thing
you need to
look out for is if you have different video in the machine you are
moving to and want
to run x then you must re-run xconf on the new machine. also if the new
machine has
different network card(s) than the first machine, you will need to run
netconf to
tell linux about the new cards and (optionally) their irq and
addresses. it would be
a good idea to set up a prospective linux box with dos first and work
out all of its
irq problems (sound card vs video card vs network cards vs scsi
adapters). you can
run the dos utilities that come with the network cards to switch them
out of plug and
pray mode and lock their irq's to something you can remember. sometimes
linux finds
the irqs with autoprobe during install, sometimes it does not. you
should know ALL
your irq's and addresses. this is also needed when you get a root
canal, o i mean
rebuild the kernel (hehe).
-jeff
[EMAIL PROTECTED]
<a href="http://come.to/rocketland">rocketland</a>
"Ng, Choon Hooi" wrote:
>
> I dont think there is much different installing onto a stand-alone machine
> compared to a main machine. Theoritically speaking, a stand-alone machine
> can act as a main machine.What I suggest is, you might wanna install it on
> another machine first. Get everything working on this machine, then swap in
> this machine with the main machine. That way, at least you have a back-up,
> just in case things do work work you want it to. You can always use back the
> old one.
> Getting the NIC to work with linux should be straight forward, at least for
> RH. Just plug in the nic, and watch for the kernel to detect it upon
> booting-up. Setup the hostname, ip addresses, subnet, etc. and of it goes.
> good luck.
>
> Frank Ramsay wrote:
>
> > I've installed Linux several times (Slackware and Redhat) onto varius
> > stand alone machines. I'm about to install it onto my main computer and
> > but I've never set up Linux to use NIC cards before. I'm going to be
> > using RedHat 5.1 ('cause I have the CD) are there any gotchas I should
> > be aware of?
> >
> > -fjr
------------------------------
From: jeff kendall <[EMAIL PROTECTED]>
Subject: Re: Exchange Server clone for Linux??
Date: Tue, 06 Apr 1999 20:53:23 -0400
craig,
i administer several NT servers and a newly set-up linux server.
While i like linux's design, i am not impressed with it's lack of
maturity and support. that being said, i don't envy you going to NT to
run exchange server, because while linux has no corporate support, NT
support comes down to $$$$$$$$$.
NT is a money pit.
$1K for the server version is only the tip of the iceberg.
I'm sure Microsoft is not giving away copies of exchange server or
backoffice.
(without time bombs anyway).
Plus there is the inevitable issue of creating all the user accounts,
etc you made for samba. NT crashed? Oh reinstall the OS and create
them all again. There is no
/etc/passwd file. As for security, check out l0pht heavy industries and
see their take
on NT password security.
While Samba sat on top of Unix, NT file sharing can be a rat's nest.
If you use an NTFS partition, you can set permissions by file and
directory. With FAT, your security plans are hosed.
NT user administration is a JOKE.
One machine die? Need to move the NT hard disk to a backup machine? It
had better be
an EXACT clone of the previous machine, right down to the irq
assignments,
chipset and BIOS version and date. Otherwise you will be looking at
bluescreens
(the world recognized NT screensaver) while your users make your pager
go BEEEEP.
I strongly suggest that you find another mail, etc solution. For
instance, there is supposed to be a FREE sql server that comes with some
linux distributions. There is your bulletproof data repository, maybe
somebody makes a front end that will talk to netscape or even (ugh)
outlook.
-jeff
[EMAIL PROTECTED]
Craig Manske wrote:
>
> My company has an NT/95 network using a Linux/Samba server. I love the
> server it works just like an NT server without the headache.
>
> My boss asked me about MS Outlook the other day and how we could share
> scheduals, faxes, etc... with it. I told him that was a function of
> Exchange Server for windows NT server. Is there a clone of Exchange server
> out there that would allow us to use Outlook Schedual Sharing and Folder
> sharing?
>
> Thanks a bunch.
> Craig
------------------------------
From: [EMAIL PROTECTED] (minix unix)
Subject: packet header!!
Date: Tue, 06 Apr 1999 13:36:03 -0800
i would like to capture IP packet on a given port change it destination
address and forward the packet!!
Please let me know how to go about it in detail.
regards Kobian
-**** Posted from RemarQ, http://www.remarq.com/?a ****-
Search and Read Usenet Discussions in your Browser - FREE -
------------------------------
From: Hugo Theriault <[EMAIL PROTECTED]>
Subject: Re: linux firewall
Date: Tue, 06 Apr 1999 23:56:10 GMT
Luca Filipozzi wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> says...
> > i have default accept for everinting except acounting where i have nothing...
>should i
> > add accounts and if yes how and where???????
> >
> > thanx again... Luca
> Your welcome.
>
> You don't need accounting unless you want to know how many packets to
> which address/port are being sent/received/rejected/denied. I don't have
> any accounting rules.
>
> Steps to make your system somewhat safe:
> 1a) remove all entries in /etc/inetd.conf that you don't need
> 1b) stop and remove all standalone daemons you don't need
> 2) set ipfwadm to reject spoofing
> 3) set ipfwadm to deny all forwarding by default (ipfwadm -F -p deny)
> 4) set ipfwadm to accept some forwarding/masquerading as needed
>
> For even more security:
> 5) deny all incoming packets by default (ipfwadm -I -p deny)
> 6) and only accept those protocols/port you really need
>
> For even more security: (overkill for a home network)
> 7) set up a DMZ (read O'Reilly's book on firewalls)
> 8) get patches that will do state inspection filtering
> (don't even know if these are available for ipfwadm)
>
> For TOTAL security;
> 9) pull the plug :)
>
> Hope this helps,
> --
> Luca Filipozzi <[EMAIL PROTECTED]>
Iguess then all i need to do now is to set up my linux box tp forward requests from
other
workstations back to them.... just don t know how to do that.
ip forwarding is on...
also do you know how i could make the file i created with rules in them actually in
effect
i was told to try
chmod 700 blablabla .. to make it executable.. how to i know it worked..
signed .. sorry newbie
hugo
------------------------------
From: Karl Buck <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,redhat.networking.general,comp.os.linux.portable
Subject: Turbo 16/4 Token-Ring (PCMCIA) setup
Date: Tue, 06 Apr 1999 23:57:45 GMT
The TokenRing mini HOWTO on this mentions that it should run "fine"
after configuring using lanaidc, and gives the incorrect syntax for the
command. I think I've found the correct command (LANAIDC /MODE=AUTO16),
but pretty much everything having to do with networking freezes up if I
try to ifconfig up the tr0 interface.
I'm very interested in talking to anyone that has successfully managed
to get this card working. Right now I'm using 2.2.x on RedHat 5.2 with
updates.
Thanks! --Karl
------------------------------
From: James Singleton <[EMAIL PROTECTED]>
Subject: Re: packet sniffer for Linux
Date: Tue, 06 Apr 1999 20:17:58 -0500
Scott Blayney wrote:
>
> I have a problem with one of my RAS devices (3Com SuperStack II RAS 1500).
> When a user dials in they can't access anything beyond the RAS device. Our
> AS/400 is the router. What I can't tell is whether the packets are getting
> blocked at the RAS device, or by the AS/400. The only way I can think of to
> find out is to use a packet sniffer. We run NT only here, but if I could
> get a packet sniffer for free it might be the way for Linux to make a debut
> here.
>
> Can someone point me in the right direction?
>
> Scott Blayney
> Systems Engineer
You might try a utility called iptraf, is a GNU version of LanWatch.
Very nice!
Hope this helps
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: linux firewall
Date: Tue, 6 Apr 1999 17:15:01 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Luca Filipozzi wrote:
>
> > In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> > says...
> > > i have default accept for everinting except acounting where i have nothing...
>should i
> > > add accounts and if yes how and where???????
> > >
> > > thanx again... Luca
> > Your welcome.
> >
> > You don't need accounting unless you want to know how many packets to
> > which address/port are being sent/received/rejected/denied. I don't have
> > any accounting rules.
> >
> > Steps to make your system somewhat safe:
> > 1a) remove all entries in /etc/inetd.conf that you don't need
> > 1b) stop and remove all standalone daemons you don't need
> > 2) set ipfwadm to reject spoofing
> > 3) set ipfwadm to deny all forwarding by default (ipfwadm -F -p deny)
> > 4) set ipfwadm to accept some forwarding/masquerading as needed
> >
> > For even more security:
> > 5) deny all incoming packets by default (ipfwadm -I -p deny)
> > 6) and only accept those protocols/port you really need
> >
> > For even more security: (overkill for a home network)
> > 7) set up a DMZ (read O'Reilly's book on firewalls)
> > 8) get patches that will do state inspection filtering
> > (don't even know if these are available for ipfwadm)
> >
> > For TOTAL security;
> > 9) pull the plug :)
> >
> > Hope this helps,
> > --
> > Luca Filipozzi <[EMAIL PROTECTED]>
>
> Iguess then all i need to do now is to set up my linux box tp forward requests from
>other
> workstations back to them.... just don t know how to do that.
>
> ip forwarding is on...
>
> also do you know how i could make the file i created with rules in them actually in
>effect
> i was told to try
>
> chmod 700 blablabla .. to make it executable.. how to i know it worked..
>
> signed .. sorry newbie
>
> hugo
>
>
Yikes... you are a newbie.
ls directory listing
ls -l "long" directory listing
If you do "ls -l rc.firewall" you should see something like
-rwxr-xr-x 1 <username> <group> <size> <date> <filename>
where the permissions on the file are given by
-rwxrwxrwx three groups of "rwx"
r is for read (bit 2 - value 4)
w is for write (bit 1 - value 2)
x is for execute (bit 0 - value 1)
1st "rwx" <username>
2nd "rwx" <group>
3rd "rwx" <all>
So, a chmod 700 means
7 - "rwx" for <username>
0 - "---" for <group>
0 - "---" for <all>
All scripts should start with (this MUST be on the first line)
#!/bin/sh
You need to get a good book on the Unix shell. Check out O'Reilly's
offerings. The book on BASH is pretty good. There are probably good
references on the web. Try a query on www.ask.com for bash tutorial or
something.
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Johannes Niess)
Subject: Re: Backing up to tape over network?
Date: Wed, 07 Apr 1999 00:14:17 GMT
Peter Eacmen <[EMAIL PROTECTED]> wrote:
>Has anyone shared a tape drive with Samba over a network and allow Win95
>Clients to backup hard drives onto it?
Do you really want to use (and relay on) msbackup? No.
Do you trust a win95 user to do his own backup? No.
Do you want to be held responsible for backups screwed up by others?
No.
You want to do it the other way around. Amanda (www.amanda.org) is a
GPL'ed unix backup system and can be used to backup some dozen hosts
and 100's of GBytes. You share your win95 drives and read them from
the linux box. Some of the good features are automatic load
distribution (On tape a: full backup of host 1 and incremental of
host2; On tape b: incremental backup of host 1 and full backup of host
2) and a selfcheck programm that mails you about wrong tapes, hosts
down etc...
Put it into your crontab, change tapes and forget it.
Johannes Niess
------------------------------
From: "Deon" <deonr(omit)@home.com>
Subject: 3COM 3C509 ERROR: Boots @ IRQ 255
Date: Wed, 07 Apr 1999 02:06:24 GMT
HELP!
Caldera OpenLinux 1.3 boots up with 3COM 3C509 @ IRQ=255 and of course
doesn't activate the card.
I tried passing the string " ether=9,0,0,0,eth0" to no avail. Also, after
reviewing the HOW TO for Ethernet, I tried to edit the conf.modules file it
mentions but I can not find such a damd file.
ANY help is greatly appreciated!
Thanks in advance!
Deon
Please reply to [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
