Linux-Networking Digest #612, Volume #10 Wed, 24 Mar 99 03:13:40 EST
Contents:
Re: Encrypted Passwords on a Linux Samba box?! (Leslie Mikesell)
Re: Firewall & NT RAS Server. (Edward Lee)
Re: Cable Modem and Networking. (Ron Flory)
Bitte um Hilfe sendmail und mutt unter SUSE5.X ("Hartmut Berger")
Re: Simple Samba problem (Sean Schultz)
Re: Linux as a firewall!! (Cody Sherr)
Routing (Web-Hotel Danmark)
Re: Static address and domain name: What joins them together? (Wasim Juned)
Re: NIS or better ypserv 1.3.6 doesnt't work (Brueckner)
Can Linux Do This ??? (peter)
Re: KNE100TX can't ping modem, but DHCP works ([EMAIL PROTECTED])
Re: telnet and ftp - delay by 1 mnt (Raymond Li)
smbmount used to work (Marc Hering)
Re: Problem with Mail (Wiley Hill)
squid denies access to download?? (Martin Brakus)
ipmasqadm errors .. plz help ([EMAIL PROTECTED])
redefined Functions for JavaScript are needed (s2961221)
samba: strange authentication message ([EMAIL PROTECTED])
Cable modem Howto ("Theo Mallinson")
Re: Port Forwarding and dynamic IP (Preston F. Crow)
Re: reposted ipmasq/routing Question w/update ("Curt")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Leslie Mikesell)
Subject: Re: Encrypted Passwords on a Linux Samba box?!
Date: 22 Mar 1999 22:28:03 -0600
In article <[EMAIL PROTECTED]>,
Jason McKnight <[EMAIL PROTECTED]> wrote:
>This is what the documentation with SAMBA says to do
>
>cat /etc/passwd | mksmbpasswd.sh > /etc/smbpasswd
>
>The docs actually tell you to put it somewhere else, but the default smb.conf
>is looking there.
>
>However, i can't get my SAMBA to work with passwords still.
This just creates a file with all the users in the right format. You
still have to run smbpasswd to enter each user's password. The
reason you need the separate file is that the encryption is different
and can't be done from the old file.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: Edward Lee <[EMAIL PROTECTED]>
Subject: Re: Firewall & NT RAS Server.
Date: Tue, 23 Mar 1999 18:10:44 -0800
NT couldn't do packet filtering. Perhap i don't know how to do it with NT.
I read it somewhere that NT has copies of un-encryted password somewhere
in the system. Again, i could be wrong about this. In any case, i am too
scare
to put my NTs on the internet without a firewall.
David Boyd wrote:
> My IT Manager has decided that our NT RAS Server needs extra security.
>
> According to a paper I've read, there are three ways to improve the
> security:
>
> Dialback Modems - NT RAS already provides this mechanism.
> Digital ID Cards - V. Expensive - However does provide additional security.
> Access Firewall - ?
>
> The third option is what we our focusing on at the moment, we're hoping to
> use Linux to add (cheaply) some extra security to our RAS server.
>
> However, looking into this, it seems the NT RAS is already acting as a
> firewall providing:
>
> two stage access - one for ras - one for the network.
> ip range scopes
> hours people can access the service.
> encryption, etc?
>
> Can a Firewall provide extra security since the RAS server would be on a
> different ip segment, or is the only alternative for extra protection for
> our RAS server - Digital ID cards?
>
> Any suggestions/information would be greatly appreciated. I'm not looking
> for an over techical explanation.
>
> Thanks
------------------------------
From: Ron Flory <[EMAIL PROTECTED]>
Subject: Re: Cable Modem and Networking.
Date: Tue, 23 Mar 1999 20:37:46 -0600
Randy Kayfish wrote:
>
> Is it possible to have a Cable modem and a home lan work off the same
> nic?
don't even try. buy a cheapo NE2000 clone for ten bucks, forward the
packets and get online. It'l work, and its a whole lot easier.
ron
------------------------------
From: "Hartmut Berger" <[EMAIL PROTECTED]>
Subject: Bitte um Hilfe sendmail und mutt unter SUSE5.X
Date: Wed, 24 Mar 1999 06:38:05 +0100
Hallo,
ich nutze Linux SUSE5.1.
wenn ich mit mutt mails verschicke wird mein domainamen im Absender als @
dargestellt z.B. Hartmut.Berger@@.
Eigentlich ist der MTA, also sendmail daf�r verantwortlich.
Wo kann ich in der sendmail.cf eine Einstellung t�tigen oder global f�r alle
user den domainnamen setzen ?
In der sendmail.cf ist der Parameter FROM_Header = lkvsachsen.de gesetzt.
Herzlichst
Hartmut Berger
------------------------------
From: Sean Schultz <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Simple Samba problem
Date: Wed, 24 Mar 1999 02:24:21 GMT
try
smbpasswd -add XXX
where XXX is the username
I found that I had to add the username of the
windows client directly, not just "import" from
the user password file...
--
Sean Schultz
LogiVox, Inc.
Product Development
[EMAIL PROTECTED]
(vox) 919-571-1527
(fax) 919-571-2625
http://www.logivox.com
------------------------------
From: Cody Sherr <[EMAIL PROTECTED]>
Subject: Re: Linux as a firewall!!
Date: Wed, 24 Mar 1999 05:59:33 GMT
You might want to check out http:/www.linuxrouter.org, too.
Chad Osgood wrote:
> I've got a couple of questions, I hope someone has the answers, or ideas at
> least :-).
>
> I've got DSL installation in about a month. I want to have my 4
> workstations, behind a firewall, and still have a DMZ (Demilitarized zone).
> I know I can setup the Linux box as a multihomed system with 2 network
> adapters, but can I put in 3? 1 for access to the Intranet, one for the
> DMZ, and one for DSL? Here's a simple layout of what I'm trying to
> accomplish...
>
> [Internet (DSL)]
> |
> |
> [Firewall (Linux)] ---- [DMZ]
> |
> |
> [Intranet]
>
> Make any sense? I know all about ipfwadm, so I'm really just curious as to
> how to implement the network. Without the DMZ, I can clearly see how a
> multihomed system with 2 network adapters would work, but how can I add the
> DMZ? I will only have 2 systems on that segment, but it needs to be
> completely free of the policies on the firewall. If any of this needs
> clarification, please let me know. I greatly greatly appreciate any
> response...
>
> TIA,
> Chad
------------------------------
Date: Wed, 24 Mar 1999 01:57:42 +0100
From: Web-Hotel Danmark <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Routing
Hi,
I've been trying to get my RedHat 5.2 to do some routing, and I believe
that I've done everything I need to, but it still don't work...
The machine has 3 Intel EtherExpress PRO 10/100 netcards.
Card1 is a line to the internet
Card2 is a local network
Card3 is an other local network
I start out executing the following commands:
ifconfig eth0 <THIS MACHINE's IP> netmask 255.255.255.240 broadcast <The
Internet Router's IP>
ifconfig eth1 <THIS MACHINE's IP> netmask 255.255.255.240
ifconfig eth2 <THIS MACHINE's IP> netmask 255.255.255.240
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 up
ifconfig eth0 promisc
ifconfig eth1:0 <A Server's IP> netmask 255.255.255.240
ifconfig eth1:1 <An Other Server's IP> netmask 255.255.255.240
ifconfig eth1:2 <A Third Server's IP> netmask 255.255.255.240
route add -net 0.0.0.0 dev eth0
route add -net default gw <Internet Router's IP>
route add -host <First server's IP> dev eth1:0
route add -host <Second server's IP> dev eth1:1
route add -host <Third server's IP> dev eth1:2
---
Now after my knowledge it should work...
Okay...
Then I plug in some trafic on eth0 (and I can se it with tcpdump), and i
plug a Hub on eth1....
But when there is some traffic on eth0 for the specified servers on
eth1, there is still no traffic on the hub on eth1
The netcards are working (I've tried to plug the internet-traffic on
eth1 and eth2 and used tcpdump on those, and it worked fine).
If I ping a specified machine on eth1 (eg. "First Server IP"), the ping
uses eth0 ????
If I just write "route" in the shell, it lists all the rules as they
should be, and if I write "ifconfig" in the shell, is lists all Cards
and Aliases, no problem....
well there is a problem.... ;-)
Anyone out there able to help me ?
-Palle Nielsen
------------------------------
From: Wasim Juned <[EMAIL PROTECTED]>
Subject: Re: Static address and domain name: What joins them together?
Date: Wed, 24 Mar 1999 02:54:26 GMT
Bill Cripe wrote:
> What is it exactly that tells the world that that domain and address are
> intended to go together?
A DNS machine.
> easy for someone to "piss in the routing pool", so to speak. What prevents
> another site from snatching your domainname, address, etc.?
They don't have access to any of the DNS servers that eventually resolve
your name.
> I need to tell the Internet that my domain has a new address, and to stop
> using the old one. This shouldn't be a big deal, but I'd really like to get
> it right the first time.
Contact the ISP running the DNS for this domain and ask them to point
this
domain at your new IP address. Many ISP's will charge for this or
complain
though - usually because it's something out of the ordinary and the
regular technicians don't know how to do it.
Cheers Wasim.
--
Wasim Juned
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Brueckner)
Subject: Re: NIS or better ypserv 1.3.6 doesnt't work
Date: 10 Mar 1999 21:57:50 GMT
I solved it !!!
to everybody who`s interested:
at first i compiled it with gcc 2.7.2.3 with is the standard gcc for suse linux 6.0.
because i like the egcs compiler much better i recompiled the server with egcs-2.91.60
and .... now it works !!!!
this looks like a very strange bug somewhere. either in the ypserv sources but i think
its gcc. well anyway now i`m happy ;))
happy bug hunting who ever is willing to do it ;))
Holger
--
_/\/\/\/\/\____________________________/\/\___________________
_/\/\____/\/\__/\/\/\______/\/\__/\/\__/\/\__/\/\____/\/\/\/\_
_/\/\____/\/\______/\/\____/\/\/\/\____/\/\/\/\____/\/\/\/\___
_/\/\____/\/\__/\/\/\/\____/\/\________/\/\/\/\__________/\/\_
_/\/\/\/\/\____/\/\/\/\/\__/\/\________/\/\__/\/\__/\/\/\/\___
______________________________________________________________
http://www.fet.org [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (peter)
Subject: Can Linux Do This ???
Date: Wed, 24 Mar 1999 04:49:08 GMT
1) Does linux support 56k v90 modems ???
(not win-modems, I know they wont work)
2) Now, linux also supports multiple modems, does my IP have to
support it as well???
(I've use a program called "midpoint teamer" in windows 98 and was
successful with 2 modems (my IP doesn't support this type of bonding
using just win98)
I would love to setup two or three modems and see what kind of speed I
can get.
Two modems under windows98 kicked ass...
Has anyone done this with Linux???
peter
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: KNE100TX can't ping modem, but DHCP works
Date: Wed, 24 Mar 1999 03:02:06 GMT
In article <7d3ru7$619$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> eth0 Link encap:Ethernet HWaddr 00:C0:F0:3B:A7:90
> inet addr:209.6.194.29 Bcast:209.6.194.255 Mask:255.255.255.0
> UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1 errors:2 dropped:0 overruns:0 frame:0
> TX packets:2 errors:4 dropped:0 overruns:0 carrier:12
> collisions:0
> Interrupt:11 Base address:0xe400
Replying to my own post, here...
It turns out that errors like this in ifconfig output generally indicate
driver problems - either the card is being set/detected at the wrong
IRQ or IO ports, or there's a driver incompatibility. In my case it was the
latter; I upgraded the driver from the .89 to the latest .90 and it
works just fine. Apparently Kingston changed the chipset in this
card to a 'compatible' one that wasn't quite, without changing the
model number at all, a sadly common practice, I gather...
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Raymond Li <[EMAIL PROTECTED]>
Subject: Re: telnet and ftp - delay by 1 mnt
Date: Tue, 23 Mar 1999 22:10:30 -0800
Hello,
As I mentioned in another mail in this newsgroup, we can add an
entry of your client host to the /etc/hosts of your Linux server. I
think may be the Linux server is trying to resolve the login host's
hostname but failed and the timeout caused the 1-2mins delay.
Someone doesn't agree with me on editing /etc/hosts. Anyway, this
works in my machines. I think if dns server is available, then we don't
need to edit /etc/hosts.
Yours,
Raymond Li
Ramesh Kumar wrote:
> I m logging on to a Red Hat Linux 5.1 machine thru telnet.
> The connection seems to go through but the login prompt comes
> after a delay of 1-2 mnts ??
>
> Why does it take so much time ??
> Same is true for ftp.
>
> -Ramesh
------------------------------
From: Marc Hering <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions
Subject: smbmount used to work
Date: Wed, 24 Mar 1999 04:31:40 GMT
ok, here is one that is quite annoying ;)
I am running SuSE 6.0 and was successfully mounting my shared dir's off
my NT server using smbmount no prob. the other day I upgraded from
2.0.36 kernel to 2.2.3 kernel and now I cannot mount my shares anymore.
When building the new kernel I make sure to include support for
smbfilesystem and I can ping the server no problem
this is the output I get when trying
Darkstar:~ # smbmount //stargate/mhering$ /mnt/win -I 192.168.1.2 -U
mhering
Password:
mount error: Invalid argument
Please look at smbmount's manual page for possible reasons
Darkstar:~ #
I have reread the man page and this is what is says should work
this is the same command that always worked before,,,I went to suse
website and DL and installed the new samba they have out there no
dice,,,winblows sees the shares no prob ;(
Any help is appreciated
please reply to email as well as Newsgroup ;)
thanks in advance
------------------------------
From: [EMAIL PROTECTED] (Wiley Hill)
Subject: Re: Problem with Mail
Date: Wed, 24 Mar 1999 07:42:57 GMT
On Tue, 23 Mar 1999 21:44:16 -0600, Moses Ling <[EMAIL PROTECTED]>
wrote:
How about using one of those third party email accounts such as
HotMail, or what ever. I pay my ISP thirty bucks extra per year for a
seperate email account for my wife. Currently using fetchmail to
download from ISP. It put's the mail into the local user mail system.
Wiley
>Hi!
> I'm setting up a small network at home with about 5 clients. The
>problem I have is how to setup a mail so everyone have their own mail
>box since my ISP only give me one E-mail address.
> I was think maybe I can have my linux box pull all the mail from the
>POP and the reroute them to each clients. What I have in mind is to have
>some kind of "KeyWord" in the "Subject" field or some where in the
>message to tell who the mail belongs to under my local network. This way
>I can use my single E-mail account to serve all my need...
> Can anyone tell me is there any program out there that does what I
>wanted to do?? or anyone done it with different way may be with
>"sendmail" or "smail"..... Please Help
>
>Thanks!!
>Moses
------------------------------
From: Martin Brakus <[EMAIL PROTECTED]>
Subject: squid denies access to download??
Date: 11 Mar 1999 20:16:13 GMT
We use squid 2. Is it possible to avoid download for the users but not
for the admins?
------------------------------
From: [EMAIL PROTECTED]
Subject: ipmasqadm errors .. plz help
Date: Wed, 24 Mar 1999 03:28:37 GMT
HI,
I'm trying forward packets from my gateway to my interal web server. So I
use:
ipmasqadm portfw -a -P tcp -L net.net.net.net 80 -R 192.168.0.2 80
Which returns:
portfw: setsockopt failed: Invalid argument
I figured I may have typed something wrong, but when I try to get a table list
(ipmasqadm portfw -l), the following comes up:
portfw: setsockopt failed: Invalid argument
Could not open "/proc/net/ip_masq/portfw"
Could not open "/proc/net/ip_portfw"
IPv4 is turned on.
I'm missing something here, but I don't know what to download.
Cheers
Ryan C
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: s2961221 <[EMAIL PROTECTED]>
Subject: redefined Functions for JavaScript are needed
Date: Wed, 10 Mar 1999 17:42:53 +0200
I am building a program that uses The " FindProxyForURL(url,host) "
function
( http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html
)
that browsers uses in order to evaluate which proxy server to send the
requests.
The program download this function and then run it in order to get the
proxy server address,
my question is about the functions that function
FindProxyForURL(url,host)
uses like : isPlainHostName() dnsDomainIs() ,
localHostOrDomainIs() ,
isResolvable() dnsResolve() myIpAddress()
dnsDomainLevels()
shExpMatch() weekdayRange()
dateRange() timeRange()
Where can i find their implementation in order to run this function in
my program.
the program run on linux , written in C and uses an API libraries
(http://www.nombas.com/us/toolkit/index.htm )
to run the FindProxyForURL(...) function.
Thanks in advance raanan.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: linux.samba
Subject: samba: strange authentication message
Date: Wed, 24 Mar 1999 03:38:09 GMT
Hi, I have had samba (v. 2.0.2) up and running fine now for a couple of
months on our network. However every time I log into the linux box from a
win95 box I get the following error message in /var/log/messages:
Mar 23 22:16:08 mypc PAM_pwdb[3172]: 1 authentication failure; (uid=0) ->
pwharton for samba service
I dont understand this message as I am able to login fine and everything seems
to be working fine.
Any suggestions?
Thanks
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Theo Mallinson" <[EMAIL PROTECTED]>
Subject: Cable modem Howto
Date: Tue, 23 Mar 1999 21:23:08 -0600
I'll be hooked up the Time Warner RoadRunner cable modem service soon (SW
Houston). I was wondering if anyone could point me towards resources
available online so that I could do a little research on how to integrate
this service with a planned LAN between my place and a couple of neighbors.
The Cable Modem miniHowto is suprisingly unhelpful (12/8/1998 rev).
What I'd really like to do is to hear from someone who has the service. Is
there a business service available, including fixed IP and allocated
bandwidth? If you have the residential service, what is your normal
throughput? Any advice on setting up a LAN incorporating the cable modem
(besides reading DHCPd Howto)?
Thanks for any help,
Theo
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Preston F. Crow)
Subject: Re: Port Forwarding and dynamic IP
Date: 24 Mar 1999 03:05:08 GMT
[EMAIL PROTECTED] (Preston F. Crow) writes:
> I have a single real IP, behind which I have my home network, with a
> typical IP Masquarade solution. I would like to use port forwarding
> to forward port 6001 on the outside machine to port 6000 on an inside
> machine (so that I can make X connections to it from the outside).
> Port forwarding appears to be the ideal solution. In fact, it works
> great! I use a command line like:
>
> ipmasqadm portfw -a -P tcp -L 123.45.67.89 6001 -R 172.25.5.218 6000
>
> Now the only problem is that my IP number is dynamic--DHCP can change
> it at any time. So for a robust solution, I need to somehow specify
> 'eth0' instead of the IP number currently assigned to it. I tried
> using 0.0.0.0, which is sometimes used as a wildcard address, but it
> doesn't work.
[EMAIL PROTECTED] (Greg Weeks) responds:
>Your going about it from the wrong angle. You're not going to be able
>to specify the forward with the interface instead of the IP
>address. The routing table doesn't work that way. What would happen if
>you had DHCP run a script every time the IP address changes?
Yes, I could hack DHCP to solve the problem, but I want to just make
it dependent on the interface, so my forwarding can be kept isolated
from my DHCP configuration. Fortunately, I found a solution:
ipchains -A input -i eth0 -p TCP -y -d 0/0 6001 -m 1
ipmasqadm mfw -A -m 1 -r 172.25.5.218 6000
This does the same thing as I was trying to do, only in a two-step
process. First, my firewall detects attempted connections from eth0
to port 6001, and marks the packets. Then I use ipmasqadm to redirect
those marked packets to the internal system. At no point do my
firewalling and forwarding rules need to know anything about IP
numbers that I don't control, which makes for a nice isolation of
features.
--PC
--
=== "My 'tomorrow' is pretty flexible." ===
=== --Bob Gray, Dartmouth CS grad student ===
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: reposted ipmasq/routing Question w/update
Date: Tue, 23 Mar 1999 22:36:19 -0500
This is a multi-part message in MIME format.
=======_NextPart_000_0058_01BE757D.926AFF00
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Here is a solution to a similar problem , maybe this will help.
http://www.helius.com/DirecPC/Software_Downloads/HeliusNE-20R20-Manual.pd=
f
Stephen M. Shelly wrote in message <[EMAIL PROTECTED]>...
This is a repost, but I have some other things I wanted to ask =
about:=20
I have asked this question b/4, and gotten some very thoughtful and=20
helpful replies, but I think I failed to ask the proper question, so =
here goes again:=20
I have a Debian Linux box w/ 3 interfaces:=20
ppp0 : dials up to cable company and ONLY outbound traffic goes =
upstream=20
eth0 : connects directly to cable modem. Only inbound traffic from=20
internet comes this way=20
eth1 : connected to hub on local network=20
I need to use ip masquerade (i think) to hide the machine on my =
local=20
lan.=20
Addresses:=20
ppp0 : real.ip.addr.ess netmask 255.255.255.0=20
eth0 : 10.0.0.1 netmask 255.255.255.240=20
eth1 : 192.168.1.1 netmask 255.255.255.0=20
I am having a real bear getting this to work.=20
I have tried ipfwadm w/2.0.36 and ipchains w/2.2.1 kernels. I think =
it=20
is a matter of the weird routing that must occur. ppp interface only =
handles outbound traffic, eth0 is only incoming from the internet,=20
eth1 is on local lan w/ only one client.=20
If anyone can give me a clue, it would be (as clues always are) =
greatly=20
appreciated.=20
=20
=20
Is there a way for me to masq the 192.168.x.x traffic and route =
traffic from 10.0.0.1 interface to my ppp interface to get ipmasq to =
work?=20
In other words, since ppp0 only is outbound for parts unknown, and =
eth0 is return traffic destined for my ppp interface, can I trick ipmasq =
to expect return traffic on another interface or to route return traffic =
from the cable modem< not destined for linux machine, to my ppp =
interface, and have ipmasq sense it properly and return it to my client =
on the 192.168.x.x segment?=20
=20
=20
Peace=20
=20
=20
=20
=20
=20
=20
=======_NextPart_000_0058_01BE757D.926AFF00
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type><!doctype html public "-//w3c//dtd html 4.0 =
transitional//en">
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2>Here is a solution to a similar =
problem , maybe=20
this will help.</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT><FONT size=3D2><A=20
href=3D"http://www.helius.com/DirecPC/Software_Downloads/HeliusNE-20R20-M=
anual.pdf">http://www.helius.com/DirecPC/Software_Downloads/HeliusNE-20R2=
0-Manual.pdf</A></FONT></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 solid 2px; MARGIN-LEFT: 5px; PADDING-LEFT: =
5px">
<DIV>Stephen M. Shelly<[EMAIL PROTECTED]> wrote in message <<A=20
=
href=3D"mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</=
A>>...</DIV>This=20
is a repost, but I have some other things I wanted to ask about:=20
<P>I have asked this question b/4, and gotten some very thoughtful =
and=20
<BR>helpful replies, but I think I failed to ask the proper =
question, so=20
<BR>here goes again:=20
<P>I have a Debian Linux box w/ 3 interfaces: <BR>ppp0 : dials up to =
cable=20
company and ONLY outbound traffic goes upstream=20
<P>eth0 : connects directly to cable modem. Only inbound traffic =
from=20
<BR>internet comes this way <BR>eth1 : connected to hub on local =
network=20
<P>I need to use ip masquerade (i think) to hide the machine on my =
local=20
<BR>lan.=20
<P>Addresses: <BR>ppp0 : real.ip.addr.ess netmask 255.255.255.0 =
<BR>eth0 :=20
10.0.0.1 netmask 255.255.255.240 <BR>eth1 : 192.168.1.1 netmask=20
255.255.255.0=20
<P>I am having a real bear getting this to work. <BR>I have tried =
ipfwadm=20
w/2.0.36 and ipchains w/2.2.1 kernels. I think it <BR>is a matter of =
the=20
weird routing that must occur. ppp interface only <BR>handles =
outbound=20
traffic, eth0 is only incoming from the internet, <BR>eth1 is on =
local lan=20
w/ only one client. <BR>If anyone can give me a clue, it would be =
(as clues=20
always are) greatly <BR>appreciated. <BR> <BR> =20
<P>Is there a way for me to masq the 192.168.x.x traffic and route =
traffic=20
from 10.0.0.1 interface to my ppp interface to get ipmasq to work?=20
<P>In other words, since ppp0 only is outbound for parts unknown, =
and eth0=20
is return traffic destined for my ppp interface, can I trick ipmasq =
to=20
expect return traffic on another interface or to route return =
traffic from=20
the cable modem< not destined for linux machine, to my ppp =
interface, and=20
have ipmasq sense it properly and return it to my client on the =
192.168.x.x=20
segment? <BR> <BR> =20
<P>Peace <BR> <BR> <BR> <BR> <BR> =
<BR> =20
</P></BLOCKQUOTE></BODY></HTML>
=======_NextPart_000_0058_01BE757D.926AFF00==
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
