Linux-Networking Digest #589, Volume #10 Mon, 22 Mar 99 04:13:40 EST
Contents:
Linux gatewaying for MS PPTP client and server ([EMAIL PROTECTED])
IP Masquerading and diald ("Ryan Lynch")
Re: D-link anyone??? (Jeff Bishop)
Re: Book on up-to-date network administration ("ping")
Re: setting up a tftp server (Rop Slijkerman)
Re: "Industrial" Ethernet ("MattW")
Reeeeeaaaallll sloooowwww FTP (Jim Jerzycke)
D-link anyone??? (Ewings)
Pacbell ADSL and Linux (jaydub)
Re: how to install linux over NFS server ("A. Rahman Jamaluddin")
Re: RAID ([EMAIL PROTECTED])
resolv.conf question ("Eddy")
Re: Smc-ultra fails to load... (device not available) (Vidar Andresen)
Re: IP Masquerading and diald ("Quiney, Philip (EXCHANGE:HAL02:HM10)")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Linux gatewaying for MS PPTP client and server
Date: Mon, 22 Mar 1999 07:05:11 GMT
Linux PPTP masquerade question, for Linux masq or MS PPTP/VPN experts.
There's a body of Linux info about how to do this (references below).
I've implemented it. Packets get so far and no further.
I'm trying to get a Linux gateway to pass thru Microsoft PPTP traffic
between a W95 machine on the internet (PPTP client) and an NT machine
in the LAN (PPTP server). It gets from W95 to NT; nothing further
ensues.
THIS WORKS (Scenario A)
My Network
_
|_| W95 (MS PPTP local LAN client)
192.168.3.1
|
_
|_| NT (MS RAS/PPTP server)
192.168.3.2
yields a working tunneled connection and reassuring GUI evidence to go
with it.
THIS IS WHAT I WANT TO EXTEND IT TO (Scenario B)
_
|_| W95 (MS PPTP remote internet client)
206.170.217.130
|
|
My Network
_ 206.170.217.165
|_| Linux gateway (IP masq <--W95 machine above,
192.168.3.1 (ipportfw rebooted to Linux
| (ipfwd
| (patch to ip masq
_
|_| NT (MS RAS/PPTP server)
192.168.3.2
The above 4 adaptations of Linux are to get different kinds of PPTP
traffic in-and-out of the LAN, to-and-from its PPTP server. Normal
PPTP communication begins by W95 sending TCP/port-1723 packets to
the PPTP server/NT machine. THEN A REPLY IS EXPECTED. In Scenario A
there is one, evidenced by the "successful connection" GUI
dialog. Between Scenario A and B the NT machine is UNTOUCHED, but...
Scenario B: the incoming 1723 packets appear within the LAN,
evidenced by the Linux tcpdump utility (tcpdump -i eth0) which
captures:
19:34:32.858294 206.170.217.130.1039 > 192.168.3.2.1723: S
32171336:32171336(0) win 8192 <mss 536,nop,wscale
0,nop,nop,timestamp[|tcp]> (DF) [tos 0x9]
19:34:35.958294 206.170.217.130.1039 > 192.168.3.2.1723: S
32171336:32171336(0) win 8192 <mss 536,nop,wscale
0,nop,nop,timestamp[|tcp]> (DF) [tos 0x9]
That's it. Two incoming packets, no subsequent back-traffic; remote
W95 says "you've been disconnected." The encouraging piece is that
that ipfwd is succeeding to make the Linux server pass
through packets addressed to it, onward to the NT machine instead. But
NT evidences no reply. This seems an NT issue as opposed to a problem
with gateway operation.
*** Why doesn't NT put anything back on the wire after the
1723-packets addressed to it have appeared there??? ***
=============
Published info on the methodology
vpn-masq kernel patch:
ftp://ftp.rubyriver.com/pub/jhardin/masquerade/VPN-howto/VPN-Masquerade-3.html
ipfwd:
http://www.cag.lcs.mit.edu/~cananian/Projects/IPfwd/
ipportfw:
http://www.ox.compsoc.org.uk/~steve/portforwarding.html
=============
Linux gateway status, per ifconfig, ipfwadm, ipportfw, and ipfwd:
eth0 Link encap:Ethernet HWaddr 00:80:C8:E2:AF:61
inet addr:192.168.3.1 Bcast:192.168.3.255
Mask:255.255.255.0
ppp0 Link encap:Point-to-Point Protocol
inet addr:206.170.217.165 P-t-P:209.233.193.22
Mask:255.255.255.0
==========
IP firewall forward rules, default policy: accept
type prot source destination ports
acc/m all 192.168.3.0/24 0.0.0.0/0 n/a
==========
Prot Local Addr/Port > Remote Addr/Port
TCP 206.170.217.165/1723 > 192.168.3.2/1723
==========
395 1 S 0:00 ipfwd --masq 192.168.3.2 47
------------------------------
From: "Ryan Lynch" <[EMAIL PROTECTED]>
Subject: IP Masquerading and diald
Date: Mon, 22 Mar 1999 00:05:44 -0700
Hi all. I have a gateway set up using IP Masquerading on kernel version
2.0.36. I got a little friendly reminder from my ISP about usage, so I'm
trying to get diald working. It works correctly when I request an outside
host from the machine running diald, but doesn't bring up the link when I
request an outside host from another machine on my internal network. I
understand very little about the internals of IP at this point so the diald
filter rules are pretty cryptic...even after reading the docs. I'm guessing
that there's some rule in there that's blocking the requests from my
internal machines. I'm using diald-0.16 and pppd-2.2. Thanks in advance
for any help!
-Ryan
------------------------------
From: Jeff Bishop <[EMAIL PROTECTED]>
Subject: Re: D-link anyone???
Date: Mon, 22 Mar 1999 07:40:58 +0000
Reply-To: [EMAIL PROTECTED]
> I'm thinking of making a small home network with my win98 and linux
> machines. Since I can't afford 3com Fast Ethernet cards, I'm thinking of
> settling for a pair of D-link DFE-530TX (PCI) and was wondering if
> anyone know whether this model is compatible with Red Hat 5.2 or not???
> I had a look at the Red Hat hardware compatibility list but can't find
> this particular model. Thanks for your help.
I use those very cards. They use the via-rhine drivers. The cards are
next to nothing to configure (read real pnp).
--
Jeff
------------------------------
From: "ping" <[EMAIL PROTECTED]>
Subject: Re: Book on up-to-date network administration
Date: Sun, 21 Mar 1999 10:45:45 -0500
I found The Linux Network to be a pretty good book. It covers IP masq among
many other topics.
The only problem with it is that a whole lot of the book is covering
installing a network card and cabling.
It is published by IDG Books
ISBN: 1-55828-589-X
Arcady Genkin wrote in message <[EMAIL PROTECTED]>...
>Hi all.
>
>I am thinking of buying the subj. Any recommendations?
>
>I have heard very good things about "linux network administrator's guide"
by
>O'Reilly, but it was published in 1995, and I would like smth more
up-to-date,
>preferably covering ip-masquerading and the other new stuff.
>
>Thanx a lot for any input!
>
>Arcady
>
------------------------------
From: Rop Slijkerman <[EMAIL PROTECTED]>
Subject: Re: setting up a tftp server
Date: 21 Mar 1999 14:36:23 +0100
Greg Telles <[EMAIL PROTECTED]> wrote:
> Could someone point me to some documents illustrating how to setup a
> tftp server on Redhat's Linux 5.2.
Fot tftp check out the Diskless mini HOWTO. It tells you how and it gives some
examples.
-
Rop
------------------------------
Reply-To: "MattW" <[EMAIL PROTECTED]>
From: "MattW" <[EMAIL PROTECTED]>
Subject: Re: "Industrial" Ethernet
Date: Sun, 21 Mar 1999 23:04:07 -0800
O.K.
I kinda thought this was what you were doing. Kept picturing Armageddon
when I was thinking about the platforms :-)
I found a link with some diagrams.
http://www.omnitron-systems.com/Ethernet/cn20appl.htm#4500-a7.
I liked the 7th application diagram. Don't take it as a recomendation for
equipment... but the application is similiar to what your needs may be.
I think it is a good representation of what you are looking at. It's a good
page also. Should give you a visual idea of what the different topologies
are.
You are absolutely correct with the fiber backbone. 100 meters is along
way. In my opinion the fiber should extend across the bridges with {don't
know if this exists} breakpoints at each bridge connection point. You don't
want to have to keep fixing the fiber everytime there is a storm.
If you only plan on having 3 platforms and they are not going anywhere and
no more are planned then the second platform would be ideal for the central
managment site.
1<---------<-2->------------->3
If constant communication is IMPORTANT then your stepping into redundancy.
That also means connecting each platform to each other and by not using the
bridges as the carrier of the cable for the redundant connect.
That's a whole other world... but can be done to :-)
Matt W
<[EMAIL PROTECTED]> wrote in message
news:7d3d6u$q1i$[EMAIL PROTECTED]...
> Thanks for the help. This is my first time to ever use a newsgroup or
forum,
> so I hope I am doing this right.
>
> A "Platform" is an offshore oil and gas drilling or production platform in
the
> ocean. This particular project is in the Bay of Campeche near the Mexican
> Yucitan Peninsula. These things are generally massive structures but the
> equipment I am referring to will all be in a small control room per each
> platform. The platforms are indeed in a single line connected by bridges
and
> generally a 100 meters or so apart. That is why I am thinking about the
Bus
> configuration for the backbone. On this thought, I guess I will need a Hub
of
> the pass-through type instead of a central concentrator. Please expand on
this
> for me.
>
> You make a good point about the ocean environment. I can see why UTP/RJ45
may
> not be a good choice. All of the hardware is located inside the control
room
> in a controlled environment, i.e., air conditioned and humidity
controlled.
> The only components directly exposed to the elements of the humid salt air
is
> the fiber cable between platforms. I guess 10Base2 will be the logical
choice
> inside the buildings. Is the 10Base2 Hub considered "standard" equipment?
>
> Thanks again for your help. Please reply.
>
> Rick
>
> In article <yvTI2.1703$[EMAIL PROTECTED]>,
> "MattW" <[EMAIL PROTECTED]> wrote:
> > I don't have any recommendations for equipment for you. Other then the
> > standards. Cisco, BayNetworks, 3Com, Dlink, etc...
> >
> > Just depends on what you wnat to spend or what you need to spend to
protect
> > epuipment from the environment... Ocean and UTP RJ45... Sounds a
little
> > scary. But your the Engineer so... Post back with info on type of
cabling
> > you would use in this environment. Sounds interesting.
> >
> > MattW <[EMAIL PROTECTED]> wrote in message
> > news:RoTI2.1702$[EMAIL PROTECTED]...
> > > Yes...
> > >
> > > Design each "Platform" as a standalone zone. "Star config" is fine.
I
> > > don't know what a "Platform" is but if it is small enough then each
> > > "platform" could be designed exactly the same with the exception of
> > > different address' for each host.
> > >
> > > If they are all designed the same then each platform can essentially
> > become
> > > "Plug and Play" if one is not connected it should not effect the
others.
> > >
> > > But you must use one as a Central Point for it to be that easy.
> > >
> > > Ex:
> > > platform 1 : CENTRAL CONCENTRATOR port 0
> > > platform 2 : connects to Platform 1: CENTRAL CONCENTRATOR
port
> > 1
> > > platfomr 3: connects to Platform 1: CENTRAL CONCENTRATOR
port
> > 2
> > >
> > > I am just making up words to somewhat match what you asked. If it's
not
> > > possible because of what a platform is then... It should work.
> > >
> > > Do the platforms circle a central platform or are they in line. In
line
> > > will be much harder to configure this way from a cabling point of
view.
> > >
> > > Hope this helps.
> > >
> > > Matt W
> > >
> > >
> > > <[EMAIL PROTECTED]> wrote in message
> > > news:7d0u0g$rdd$[EMAIL PROTECTED]...
> > > > I am designing a Emergency Shutdown and Fire and Gas System for an
> > > offshore
> > > > platform complex consisting of three platforms. I will have a ESD
and
> > F&G
> > > PLC
> > > > on each of the three platforms. Each PLC will have its own PC based
> > > > workstation (or HMI). Each platform is a stand alone system, not
> > depending
> > > on
> > > > the other platforms. All of the mentioned components are
Ethernet/IEEE
> > > 802.3
> > > > compatible. I want to link all of these components via an Ethernet
> > > network.
> > > > My proposed topology and cabling is as follows:
> > > >
> > > > Install a backbone consisting of redundant fiber between platforms
in a
> > > Bus
> > > > configuration. Install a media converter and hub on each platform
thus
> > > > converting to a Star configuration.
> > > >
> > > > My limited knowledge of Ethernet tells me that a Bus topology
depends on
> > > > being "terminated" at every end and will fail the entire network if
a
> > > cable
> > > > breaks, and that a Star topology will continue to operate if one
segment
> > > > fails as long as the hub continues to operate. My concern is (with
this
> > > given
> > > > topology) if the backbone is cut between the platforms, does the
star
> > > network
> > > > on the "stand- alone" platform continue to operate?
> > > >
> > > > Any advice on this subject, as well as some advice on latest
technology
> > > > hardware to implement this project, is appreciated.
> > > >
> > > > Rick
> > > >
> > > > -----------== Posted via Deja News, The Discussion Network
==----------
> > > > http://www.dejanews.com/ Search, Read, Discuss, or Start Your
Own
> > >
> > >
> >
> >
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Jim Jerzycke <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Reeeeeaaaallll sloooowwww FTP
Date: Sun, 21 Mar 1999 22:20:37 -0800
Hello, all. I'm pulling what's left of my hair out trying to do
something that should be really simple. I have one Win95 machine, and
one Linux machine. They both have functional 10BaseT cards, running
through a 4-port hub. I can ping both ways, and ftp to the Linux
machine, but file transfer speed is only about 8000 bytes/sec, and it
doesn't seem to transfer continuosly, but goes in sputs, and then just
sits for 5-10 secs. I thought 10BaseT could do 10 megabits/sec, which
should(?) translate to 1.25 megabytes/sec. I have samba installed, and
am having all the problems a samba newbie usually has, but do I really
need samba to do a simple file transfer? My Win95 box has an ISDN T/A,
and the Linux box has a Zoom K56Flex modem. That part of both machines
works perfectly, but I'd like to be able to download at ISDN speed, and
then just transfer the files from box-to-box. I also have a third Linux
machine that I can
plug into the hub, and samba works just great Linux-to-Linux.
I'd REALLY like to put the ISDN card in the Linux box, but that's a
project I don't even want to think about now.
SO.....Do I need samba for a simple file transfer, and if not, what am I
doing wrong?
OR....Do I just have to grit my teeth and learn how to get samba
properly configured.
I've been using RHL since 4.2, so I'm not a total rookie, but this is
the first time I've tried to network two machines using Win95 and RHL
5.2.
The funny thing is they both work just great (Win95 working great??) by
themselves, but seem to need some counseling to play nicely together.
Thanks in advance.....I've learned most of what I know from the ng's,
and this is the first time in 2 years I've ever had to ask for help.
Regards, Jim
------------------------------
From: Ewings <[EMAIL PROTECTED]>
Subject: D-link anyone???
Date: Mon, 22 Mar 1999 18:11:53 +1100
Hi,
I'm thinking of making a small home network with my win98 and linux
machines. Since I can't afford 3com Fast Ethernet cards, I'm thinking of
settling for a pair of D-link DFE-530TX (PCI) and was wondering if
anyone know whether this model is compatible with Red Hat 5.2 or not???
I had a look at the Red Hat hardware compatibility list but can't find
this particular model. Thanks for your help.
Regards,
Ewings.
------------------------------
From: [EMAIL PROTECTED] (jaydub)
Subject: Pacbell ADSL and Linux
Date: Mon, 22 Mar 1999 08:13:16 GMT
hello all,
I am getting ADSL setup at home this week. I am running
Debian Slink/Potatoe and I was wondering if there
is anything I need to be prepared for in setting up
the DSL service. Any advice is appreciated.
Jeff
[EMAIL PROTECTED]
------------------------------
From: "A. Rahman Jamaluddin" <[EMAIL PROTECTED]>
Subject: Re: how to install linux over NFS server
Date: Mon, 22 Mar 1999 15:20:37 +0800
urgrue wrote:
> hello. i have two machines wired together through ethernet cards connected to
> a hub. one machine is successfully running suse linux onto which i configured
> as an NFS server. the other computer is running an older dos.
> how can i test to see if the nfs server is running correctly?
> second, how do i actually do the install?
>From my experience, in your already installed linux machine:
in /etc/hosts.allow type:
portmap: <your other machine ip address>
in /etc/exports type in where linux install files are: e.g:
/var/Linux
in /etc/hosts
<your other machine's ip address>
> suse's bootdisk provides the option
> to install over NFS but it claims there is no network module loaded, though i
> specified one (although, the problem is the ethernet card seems to be
> incorporated in the motherboard and hence i have no idea what brand/model it
> is, so i just went through the module list until one claimed it loaded
> properly). anyone know what i can do to try and get this working?
>
> thanks
hope someone can help you with the suse boot-up disk. Is there any boot-up disk
which can recognize the network card?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RAID
Date: Mon, 22 Mar 1999 08:27:11 GMT
In article <7d48ss$gng$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I am currently working on a project to implement a logical RAID system, and I
> am looking for source codes to get some basic ideas. Could you tell me where
> i can find the RAID source code ? Your help will be greatly appreciated.
>
> Have a nice day,
>
> Sylvia
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
>
Hi! Sylvia,
Subscribe to:
[EMAIL PROTECTED]
You will find people are talking about WORKING software RAID.
Good luck
CN
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Eddy" <[EMAIL PROTECTED]>
Subject: resolv.conf question
Date: Mon, 22 Mar 1999 20:26:40 +1200
Hi there:
can anyone please briefly explain what linux does with resolv.conf when
its booting up? Does it try to ping or find out whether the DNS server is
active or not when its booting up?
Ok, my little problem, and also an anonying one is, since I am using an
Internet Server (Dlink DP-602) for my LAN, all traffic outside LAN will
initialize the modem attached to it and start dialing automatically. (this
is the Dial-on-Demand feature of the DP602, and cannot be turned off!)
if i remove the "nameserver xx.xx.xx.xx" line in resolv.conf, then when
linux's booting up the modem will not dial.
here is my resolv.conf:
----
nameserver xx.xx.xx.xx (my isp's DNS server ip address)
search
----
is there a workaround for making linux not try to contact the nameserver at
bootup? Instead, I'd like it to contact the DNS server only when required.
thanks for your help.
Ed.
------------------------------
From: [EMAIL PROTECTED] (Vidar Andresen)
Subject: Re: Smc-ultra fails to load... (device not available)
Date: Mon, 22 Mar 1999 09:09:04 +0100
In article <36f5773b$0$7396@pascal>,
"Hans Seyferth" <[EMAIL PROTECTED]> wrote:
>We have a problem with a nic that is supposed to be really supported well,
>the smc-ultra.
>
>when booting, it msgs that the card is not found, and trying to load the
>modules by hand results in a
>
>device or resource busy...
'cat /proc/interrupts'
Is irq 10 busy?
Can you use irq3, jumper no2 on the card. (It will probably conflict
with com2, but if you dont need com2, sacrifice it. Disable in bios
if neded.)
Can you set the irq you use to be 'pure isa' in bios? (probably
overkill, but i do.)
>tried specifying io and irq, and also different dip settings on the board
>(autoconfig & irq=10,io=300) checked all other devices, machine:
www.smc.com (i think...) have dos utils for the card.
>intel 200 mmx pentium
>2 ide on board controllers PCI mapped
>an S3 video card PCI
>smc-ultra
>64 mb simms
>
>modprobe smc-ultra io=300 irq=10, worked for a while, but the network was
>never available...
>
>what is wrong here (card works well in win95)
Found by win95 as 'SMC Ethercard 16 ultra (8216 8216C 8216T)' or 'SMC
Ethercard ultra 32'?
I have a couple of the first one, no problem on a NexGen P100 where
3com 509b was unhappy in win and whith old drivers in linux.
But i have it into the kernel. (2.0.36, original kernel, not redhat)
Vidar Andresen
------------------------------
From: "Quiney, Philip (EXCHANGE:HAL02:HM10)" <[EMAIL PROTECTED]>
Subject: Re: IP Masquerading and diald
Date: Mon, 22 Mar 1999 08:06:37 +0000
Ryan Lynch wrote:
>
> Hi all. I have a gateway set up using IP Masquerading on kernel version
> 2.0.36. I got a little friendly reminder from my ISP about usage, so I'm
> trying to get diald working. It works correctly when I request an outside
> host from the machine running diald, but doesn't bring up the link when I
> request an outside host from another machine on my internal network. I
> understand very little about the internals of IP at this point so the diald
> filter rules are pretty cryptic...even after reading the docs. I'm guessing
> that there's some rule in there that's blocking the requests from my
> internal machines. I'm using diald-0.16 and pppd-2.2. Thanks in advance
> for any help!
>
> -Ryan
Have you set the 'other' machine to use the 'diald' box as a gateway?
Check with tcpdump on the ethernet port on the diald box when requesting
an outside machine from the other machine... You should see some
incoming packets - try ping as this is nice and simple This will
indicate the diald box being used as a gateway.
The diald box should have a default route to the dummy SLIP interface -
this would appear to be present otherwise it would not work locally.
Check it with 'route' just to be sure.
Another test - bring up the link from the diald box.
Do an ifconfig and note the remote IP address of the ppp link
>From the other box try pinging the remote ip address - if the above
mentioned default route is correct this should work.
Try pinging an internet host by name - checks if DNS is OK
Regards
Phil Q
--
Phil Quiney Digital PowerLine,
[EMAIL PROTECTED] Nortel Networks,
Telephone: +44 (1279) 402363 London Rd, Harlow,
Fax: +44 (1279) 402885 Essex CM17 9NA,
United Kingdom.
"This message may contain information proprietary to Northern
Telecom so any unauthorised disclosure, copying or distribution
of its contents is strictly prohibited."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
