Linux-Networking Digest #536, Volume #10 Thu, 18 Mar 99 03:13:54 EST
Contents:
Re: is there any freeware programs like Novell (Patrick Dunford)
Re: Security/Password Questions ("David Z. Maze")
Difference Between NAT and IPMasquerade ("Nathan Vuong")
Re: Beginner problem (bklimas)
Re: MS Exchange server vs Intranet: What's the difference? (Bill Anderson)
Re: Help with routing dial-up w/ masq'ing. (Tobias Reckhard)
Re: Setting up 2 nics under Linux RH 5.1 ("Hat Trick")
Re: ip_masqurade question (bklimas)
SAMBA Share-level security (Jason Kircher)
Re: The truth about the Pentium III chip and ID --- **boycott info** ("Rufus V.
Smith")
unknown interface ("Keith Clethero")
Re: crossed cables for direct 10/100 base-T connections (Saulius)
SSH 2.0 client? (Stefan Negritoiu)
Re: Frontpage and ASP under linux? (Ulrich Eckhardt)
Re: HELP!! Linux server behind firewall ([EMAIL PROTECTED])
Re: Need strong ruleset ( rc.firewall ) script for IPCHAINS (Chris Hanrahan)
Re: VNC (Iztok Polanic)
Re: Frontpage and ASP under linux? ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Patrick Dunford)
Crossposted-To: nz.comp
Subject: Re: is there any freeware programs like Novell
Date: Thu, 18 Mar 1999 19:22:12 +1300
=====BEGIN PGP SIGNED MESSAGE=====
Behold, on Thu, 18 Mar 1999 14:46:22 +1300 in
nz.comp:<[EMAIL PROTECTED]>, DK
([EMAIL PROTECTED]) didst uttereth:
>Is there any freeware programs anyone knows of that are similar to
>Novell, just basically something that logs a person in and you can give
>them rights to directories etc?
>
>Any ideas?
Linux + Samba :)
- --
Patrick Dunford, Christchurch, NZ
PRO VSM - Human Rights for students!
http://patrick.dunford.com/
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQEVAwUBNu/y0YQbtaGa2X4LAQFevAf7B2Tou206n44M8G0oMR3yPeWXBi9+7ZvS
KolA6XvOQxZwrDzqLHIOt+SffYNScTiibRIgsxkbt6YdPH7DVjas66nnq15kXlED
tD2Zp4gM5mJ1VUdBvkwMtrtYAIVTizPZY53lxMw8Tdgn8XGBW9MVMtxAdfrz9mjg
+rP0qUU79b1UeuoGbSnQ5RBe5lgnHLNZiP82e8IVbaPss2rxQ6ZJmByLaqNxU+Am
YqHHEtO3691nI56y3g8cJ4oWNaUxqLSGsMJTVcWaEFeNUR+o0oBlnZgQ1259cLHf
F+bwMAKTL3piCjV14Cct8FvMPpNUyhsOKL6FfyNObpuCraQ4w7WuZA==
=2LZu
=====END PGP SIGNATURE=====
------------------------------
From: "David Z. Maze" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.questions,comp.os.linux.redhat
Subject: Re: Security/Password Questions
Date: 18 Mar 1999 01:26:24 -0500
Vincent Raffensberger <[EMAIL PROTECTED]> writes:
VR> I can't answer many of your questions, but I do have a comment:
VR> One great security measure that I recommend is deleting su from
VR> /bin (or is it /sbin?). This will prevent many of the usual
VR> hacking attempts (or at least provide a nice obstacle) and it's
VR> not much of an inconvenience.
I have my doubts on both of the assertions in the last sentence.
AFAICT most break-ins are a result of (a) sniffed passwords and (b)
weaknesses in system services. Having a normal working su is probably
not one of the major holes an attacker will try to use. (If they have
the root password already, maybe by sniffing it, they can use
/bin/login or the like; if not, I doubt there would be holes in su.)
OTOH, it gets you into trouble if you decide for whatever reason that
you want root access to your own machine. Certainly you can do some
(many, all) things with sudo, but The Right Way to get a legitimate
root shell is with su. (And the same arguments that apply to removing
su apply to sudo.) If you do this then you have no good way to go
from normal user to root when you need it.
VR> You can also mess around with the rights for your passwd file. I
VR> haven't done that but I've heard it mentioned before.
The right permissions on /etc/passwd are 0644 owned by root.root, and
on /etc/shadow 0600 root.root. (My system seems to have 0640
root.shadow for the latter.) You can't really make permissions any
stricter on /etc/passwd, since userspace applications (e.g. fingerd)
need to read information out of that file. root-writable makes no
difference. /etc/shadow should be as tight as you feel comfortable
with, since nothing besides login, su, sudo should ever use it, and
they need to be suid root anyways.
--
David Maze [EMAIL PROTECTED] http://donut.mit.edu/dmaze/
"Hey, Doug, do you mind if I push the Emergency Booth Self-Destruct Button?"
"Oh, sure, Dave, whatever...you _do_ know what that does, right?"
------------------------------
From: "Nathan Vuong" <[EMAIL PROTECTED]>
Subject: Difference Between NAT and IPMasquerade
Date: Thu, 18 Mar 1999 00:52:27 -0500
Hi All,
Could someone shed some light into the difference between NAT
and IPMasquerade. Functionally, both seem to have same objective
that is to translate internal IP to external/valid IP.
If both can coexist, which process come/goes first?
Thanks,
Nathan
email: [EMAIL PROTECTED]
------------------------------
From: bklimas <[EMAIL PROTECTED]>
Subject: Re: Beginner problem
Date: Thu, 18 Mar 1999 04:11:56 GMT
Try my family homepage for a simple answer how to set up
you ip masquerading:
http://www.magma.ca/~bklimas/FAQ.htm#masquerading
Hope this helps. Best regards,
Stan
Julio Olivares wrote:
> Hello.
>
> - I have 2 computer with RedHat 5.2. Network between the 2 pc's is fine.
>
> - 1 of them have a ppp connection in order to access Internet. Works
> well.
> - I cannot put the other PC accessing the internet. Why ? I've exported
> my default route and IP forwarding is enable in the server side.
>
> Thank's for any answer.
>
> --
> Julio Manuel Olivares
> Praceta Sao Joao Batista
> N. 3 - 3Dt.
> 2735 Cacem
> PORTUGAL
> 0931 7 30 20 30
------------------------------
From: Bill Anderson <[EMAIL PROTECTED]>
Subject: Re: MS Exchange server vs Intranet: What's the difference?
Date: Wed, 17 Mar 1999 20:19:24 +0000
[EMAIL PROTECTED] wrote:
>
> >I'd like to propose something I have played with, but never actually used
> >anywhere, maybe some1 else can comment on this or maybe they use something
> >similar. What I did was to install Apache 1.3.x with the mod_php module.
> >php3 is a scripting language you embed within a web page, that allows you
> >to do all kinds of server side includes, including database conectivity.
> >As far as I remember it has ODBC, so you can use it to connect to an
> >Access database. On the other hand, you could use a different sql
> >database, I use postgres, but you said you already have Access in place :)
> >The big advantage of php to cgi is that it is a LOT faster.
> >
> >As far as I can remember the url for the php stuff is www.php.net.
> >
> >hope this helps.
> >
> >regards
> >Izak
>
> Izak.... something just occurred to me.
>
> I have too old 486's at home. Could I network them
> together with 10BaseT.....install Linux on one of
> them..... and make my own intranet at home for
> training purposes?
>
> I know very little abt Linux.... and even less abt
> intranets.... but want and need to learn.
>
> Could I setup such a system at home for training
> purpose to learn PHP, CGI, etc??
Absolutely!
------------------------------
From: [EMAIL PROTECTED] (Tobias Reckhard)
Subject: Re: Help with routing dial-up w/ masq'ing.
Date: Wed, 17 Mar 1999 20:11:29 GMT
On Mon, 15 Mar 1999 14:23:50 -0700, "J. S. Jensen"
<[EMAIL PROTECTED]> wrote:
>I have a box that I want to do all routing for an internal network. The
>internal network 172.17.?.?/16 is masqueraded through a point-to-point
>connection. This works fine as routing is relatively easy.
Good.
>Now we are adding several dial-in lines to the same box, and those PPP
>connections are generally IP numbered in the 192.168.1.?/32 range.
OK..
>However, those PPP `clients' connecting into the box can only see the IP
>addresses local to that box!
Umm, I'm not sure I understand you completely there..
> Though the routing tables that exist seem
>to be appropriate, is the masquerading entry:
>
>IP firewall forward rules, default policy: deny
>type prot source destination ports
>acc/m all 172.17.0.0/16 0.0.0.0/0 n/a
>
>causing all incoming packets destined to the PPP `clients' to masq to
>default destination 0.0.0.0 ?
What this rule causes to happen is this: any packets coming from
network 172.17.0.0/16 and going anywhere (destination 0.0.0.0/0) is
masqueraded on forwarding, so it receives the *source* address of the
Linux masquerading router.
> The routing table is:
>
>Destination Gateway Genmask Flags Iface
>xxx.xxx.xxx.11 0.0.0.0 255.255.255.255 UH ppp0
>192.168.1.2 0.0.0.0 255.255.255.255 UH ppp1
>172.17.0.0 0.0.0.0 255.255.0.0 U eth0
>127.0.0.0 0.0.0.0 255.0.0.0 U lo
>0.0.0.0 xxx.xxx.xxx.11 0.0.0.0 UG ppp0
>
>Such that when it sees a packet for 192.168.1.2 it /should/ go through
>ppp1, vs. the default gateway.
Correct.
> But are the masquerading rules applied
>first, such that the source is obviously 172.17.0.0 but the destination
>matches the 0.0.0.0/0 in the masq'ing entries.
Again, unfortunately, I don't understand what you mean. If a packet
that is for 192.168.1.2 is received by the gateway, it is masqueraded
according to the rule above and receives the address of the interface
it will be output on. In this case, that'll be the address of
interface ppp1.
>How do I solve this?
Since I don't understand the line above, I have to ask, "solve what?"
Sorry.
Tobias
------------------------------
From: "Hat Trick" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions,comp.os.linux.setup,alt.2600
Subject: Re: Setting up 2 nics under Linux RH 5.1
Date: Thu, 18 Mar 1999 01:53:45 -0500
You most likely have chosen io and irq addresses that aren't correct.
Assuming you didn't get a plug and play device, you can put it in a win95
box, install it, and find the correct io and irq numbers. Make sure that
your new NIC isn't conflicting with any other piece of hardware. Run
linuxconf and make sure you enable the card. In fact, you might as well
just use linuxconf to add the thing. It works nicely. Then shutdown -r to
restart your computer. Check the man pages on conf.modules to learn how to
test your card, also take a look at www.redhat.com go to the frequently
asked questions page and look at the problem with NE2000 series adapters.
The answer to that particular question will show you how to test your card
correctly.
Ian Charnas.
the new guy wrote in message <[EMAIL PROTECTED]>...
>I'm trying to install t nics under Red Hat linux 5.1
>One is a 3c509 (pci) and the second is a 3c503 (isa0
>
>Now, the 3c506 was detected and installed fine when I installed RH5.1
>and is ETH0.
>
>I tried to set up the 3c503 as ETH1 by adding the following entries
>in my conf.moduels file
>
>alias 3c509
>alias 3c503
>* snd card stuff*
>options 3c503 io=0x350 irq=9
>
>However nothing happened.
>
>These are the instructions I followed out of the ethernet-howto file.
>
>Could someone clue me in as to what I've done wrong.
>
>Thanx
>
>BTW If possible, please send response to [EMAIL PROTECTED]
>The New Guy
------------------------------
From: bklimas <[EMAIL PROTECTED]>
Subject: Re: ip_masqurade question
Date: Thu, 18 Mar 1999 04:09:12 GMT
You might be able to find some easy answers to your many questions
on our family homepage at:
http://www.magma.ca/~bklimas/FAQ.htm#network_setup
It is mostly intended for home users like myself, but your network
seems small too, except that you have better hardware.
Hope this helps. Best regards,
Stan
Claus Meisel wrote:
> Hi,
>
> I just got Redhat 5.2 and now I am not quite sure what to do.
> I ordered ADSL and I want to set this old Pentium machine up with RedHat and
> ip_Masqurage so I can feed access into our little network.
> Here is what I have so far:
>
> 4 Machines, running Win98 and 2 run NT and a 10Mbps Hub and 4 10 Mbps cards.
> I also have cables in the wall, so everything is set up to be plugged in.
> Oh, by the way, I hope 10Mbps is enough. Somebody suggested I should get a
> 100Mbps Hub and cards but my budget said no...
> Now, what do I need to install ? RedHat Server ? I really only need it for
> the Internet access but at one point I might add more services, like web
> server and so on.
> But, nobody here programs so I guess I don't need all the development tools,
> right ?
> And, how do I set up RedHat for ADSL ? I will get an assigned IP but how do
> I set it up and how do I set up the other machines ?
> And, will they be able to surf the net ? How do I make sure that when they
> telnet somewhere or browse somewhere, it recognizes the name and not only
> the number ?
> Example, I set up RedHat before and it never recognized, when I was online
> (used RedHat 4.0 ) what autobahn.org is. It did recognize 206.79.223.12,
> which is autobahn.
> Thanks so much for your help.
>
> Claus Meisel
>
> p.s. please e-mail me answers.
------------------------------
From: Jason Kircher <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: SAMBA Share-level security
Date: Thu, 18 Mar 1999 04:46:46 GMT
(Without getting into why...)
What I'm looking for is how to set up SMB shares protected by
passwords, not users. I found plenty of documentation on how to set up
the user-level security, but not share-level security. The best way to
describe what I'm trying to accomplish is putting passwords on shared
resources, like you do in Win95 sharing.
For example, let's say I have a directory called /share1, under the
heading [Share1]. I'd like to place a full-access password on it, so
that anyone with the password can access it - if not, then (if possible)
don't even list the resource on his browse list.
Another example is I'd like to share /ltdshare, under [Limited].
I'd like to set this up as Depends on Password, with a Full-Access
password, but no Read-Only password. This allows anyone to read this
resource, but only those who have the password can write to this
resource.
I can make captures of what this would look like under Win95, doing
the same thing, but I don't want to attach big files on the newsgroups.
Any/all information on this stunt would be appreciated.
--
-Jason Kircher
[EMAIL PROTECTED]
------------------------------
From: "Rufus V. Smith" <[EMAIL PROTECTED]>
Crossposted-To:
comp.lang.perl.misc,comp.lang.python,comp.lang.tcl,comp.mail.sendmail,comp.os.linux.setup,comp.os.ms-windows.advocacy
Subject: Re: The truth about the Pentium III chip and ID --- **boycott info**
Date: Wed, 17 Mar 1999 15:48:55 -0500
All that is needed to get to the dial up user is an address of the service
provider's modem that the user called in on!
This is obviously not unique to an individual.
The IP address he gets when he logs in is also out of a pool of addresses
and is also non-unique.
Michael Barnes wrote in message <[EMAIL PROTECTED]>...
>Every MODEM has a MAC address also...so your friends pc is nicless, but not
>macless
>As far as I know you cannot network anywhere without a mac address since
>IP's map directly to machine addresses at lower levels to identify your
>particular machine on any network. So, if your connected to any network
via
>any hardware device (router, switch, modem, nic) those devices must have
mac
>addresses.
>
>and modems are easy to replace compared to CPU's also...
>
>
>
------------------------------
From: "Keith Clethero" <[EMAIL PROTECTED]>
Subject: unknown interface
Date: Thu, 18 Mar 1999 20:09:15 +1300
Please help!
I'm trying to set Red Hat 5.1 to work with two network cards. One is a
NE1000 and the other is a NE2000. Both cards work when installed
separately, I have compiled a kernel with IP forwarding enabled and pass the
following to the kernel with lilo.conf
append="ether=5,0x320,eth0 ether=10,0x300,eth1"
At boot the first NIC is found followed by delaying eth1 initialisation.
ifconfig shows lo and eth0. When I type ifconfig eth1 it returns a message
saying unknown interface.
What do I do to have the NIC recognised by the system?
Any help would be very welcome, thank you.
Cheers
Keith
------------------------------
From: Saulius <[EMAIL PROTECTED]>
Crossposted-To: comp.networks
Subject: Re: crossed cables for direct 10/100 base-T connections
Date: Thu, 18 Mar 1999 08:13:39 +0200
> *If* i want 10baseT cables to do this it is ``easy''
> you just cross the wires via:
> RJ45 Plug 1 Tx+ -------------- Rx+ 3 RJ45 Plug
> 2 Tx- -------------- Rx- 6
> 3 Rx+ -------------- Tx+ 1
> 6 Rx- -------------- Tx- 2
> what do i do for 100Base-T8 (which uses pins 4-5, 1-2, 3-6, 7-8)?
It's same for 100Base-Tx. 100Base-Tx use only two pairs (1-2 and 3-6).
Saulius
------------------------------
From: Stefan Negritoiu <[EMAIL PROTECTED]>
Subject: SSH 2.0 client?
Date: Thu, 18 Mar 1999 01:57:11 -0500
Hi,
Does anybody know of any Windows/DOS clients for version 2.0 of the SSH
protocol. I recently installed the daemon on my Linux system but I can't
find any clients for it?
Thanks,
--
Stefan Negritoiu
------------------------------
From: Ulrich Eckhardt <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,comp.os.linux.setup
Subject: Re: Frontpage and ASP under linux?
Date: 18 Mar 1999 07:18:53 GMT
Aaron Saikovski wrote:
>
> I am an internet developer, primarily using microsoft tools and WinNT.
> Is it at all possible to have frontpage extensions and the ASP engine
> running under linux to as to
> allow my existing sites to be ported from NT to linux?
> Also what is a decent database to use for dynamic web content?
>
> I have heard of php..can anyone give me more info on this...Thanks
Hi,
the frontpage extensions can be get from Microsoft, but i haven't
heard any good about the security.
AFAIK an ASP Port does not exisits.
PHP runs very nice. It has native connections for every larger
database, a nice scripting language and is very well documented.
Have a look at http://www.php.net for more infos about php.
Uli
--
Ulrich Eckhardt Tr@nscom GbR
http://people.frankfurt.netsurf.de/uli http://www.transcom.de
Lagerstra�e 11-15 A8
64807 Dieburg Germany
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: HELP!! Linux server behind firewall
Date: Thu, 18 Mar 1999 07:23:45 GMT
In article <7cjv97$cch$[EMAIL PROTECTED]>,
"ab" <[EMAIL PROTECTED]> wrote:
> How do I go about so that someone on the internet can access information on
> the server behind the proxy?
This can be done by using the "reverse proxying" feature in MS Proxy
Server 2.0. In case you have the MSDN library CDs, it's described in
"Tools and Technologies / MS Proxy Server 2.0 / Introduction /
Understanding Proxy Server / New Features".
HTH
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Chris Hanrahan)
Subject: Re: Need strong ruleset ( rc.firewall ) script for IPCHAINS
Date: Thu, 18 Mar 1999 04:38:44 GMT
"Wadels" <[EMAIL PROTECTED]> wrote:
>I once downloaded and used a long (thorough) rc.firewall ruleset for
>ipfwadm, which worked well on Caldera OpenLinux. But I needed DHCPcd, so had
>to upgrade to RedHat, and went straight to kernel 2.2.3. I finally have the
>networking up, but can't find a comparable ruleset for IPCHAINS (and lost my
>old script, so I can't translate it with the wrapper).
>
>The rc.firewall script ver. 1.5.1 from Freshmeat.net seems so small and
>less DHCPcd friendly. Does anyone know where I can get a more powerful
>script? It needn't support nfs, coda, XWindow ports, etc, just basic web and
>e-mail services, very securely.
>
>Thanks!
>
>
>
I'm not sure if this site covers IPCHAINS or not, but give it a look
anyway. http://rlz.ne.mediaone.net
Chris Hanrahan
------------------------------
From: Iztok Polanic <[EMAIL PROTECTED]>
Subject: Re: VNC
Date: Thu, 18 Mar 1999 07:25:09 GMT
> Using VNC on Windows to view the Linux box, it works quite well -- as good
> as the free X I was using, or better. Yes, even running Netscape on the
> Linux box from a window on Win98 (I needed to download some stuff directly
> to the Linux box).
You just run netscape &? Because If I do it like this then netscape says that
it can't open linux:2. Do you know maybe how I can fix this?
Bye.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.os.linux,comp.os.linux.setup
Subject: Re: Frontpage and ASP under linux?
Date: Thu, 18 Mar 1999 07:26:08 GMT
Scribe, you must intend to live a monklike existence of deprivation and
spiritual purity. In the real world, a place you seem not to have visited
recently, ASP is not only the most scalable and versatile of web/database
platforms, but the most profitably deployed (Dell) and the most widely used.
My daily mochas are funded by Active Server Pages. PHP's a scripting
language; really cute for how-cute-my-cat-is home pages, but for hard-core
e-commerce, ASP's where it's at.
Michael
ThinkWorks Inc.
www.ThinkWorksInc.com
How's your e-commerce lately?
In article <7cpaqc$[EMAIL PROTECTED]>,
"The Lone Scribe" <[EMAIL PROTECTED]> wrote:
> Aaron Saikovski wrote in message
> <7cp8sn$na7$[EMAIL PROTECTED]>...
> >I am an internet developer, primarily using microsoft tools and WinNT.
> >Is it at all possible to have frontpage extensions and the ASP engine
> >running under linux to as to
> >allow my existing sites to be ported from NT to linux?
>
> If you insist on mucking up an already wonderful setup, you can get the
> frontpage extensions for linux from Micro$haft's website. Don't know about
> ASP though; I personally wouldn't touch that stuff with a 10-foot keyboard,
> way too immature and dangerous for production use.
>
> >Also what is a decent database to use for dynamic web content?
> >I have heard of php..can anyone give me more info on this...Thanks
>
> PhP is one of the many languages that you can use to let the web browser
> "talk" to a database server. You would generally include PhP code in your
> html pages (or replace them completely with phtml pages) to do queries,
> insert, delete, etc. You could also use DBI and perl, or perhaps Python. Or
> you can compile Java or C/C++ to do the job. Use whichever language and
> method you're most comfortable with.
>
> For a "free" and relatively easy-to-program solution, try using mySQL
> (http://www.tcx.se/) and PhP (http://www.php.net/). Or, if you have money to
> burn, you can go for the big boys like Sybase, Oracle, InterBase or DB2, who
> all have Linux ports of their database servers out now.
>
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
