Linux-Networking Digest #788, Volume #10 Thu, 8 Apr 99 09:13:36 EDT
Contents:
Re: What man pages should I start with? (Bob Tennent)
Re: CDE for Linux ([EMAIL PROTECTED])
Re: secure ftp (mamo)
Re: help - PPPD: Serial line is looped back. Connection terminated. ("Jan Johansson")
Re: Network problems ("Curt")
Re: Using ipchains to block ICQ. ("Jan Johansson")
Re: Autoresponders (Evan Wolenzik)
Why FTP/Telnet connection to Linux box is very slow ? ([EMAIL PROTECTED])
Re: DSL masquerading firewall craziness ("Jan Johansson")
Re: server assigned dns? (Brian McCauley)
Re: mailserver global address book ("murali")
Re: DSL masquerading firewall craziness ("Curt")
Re: How to set default gateway ? (Brian McCauley)
----------------------------------------------------------------------------
Subject: Re: What man pages should I start with?
From: r d t@c s.q u e e n s u.c a (Bob Tennent)
Date: 26 Mar 1999 13:03:25 GMT
On 26 Mar 1999 09:39:14 GMT, Gary Helbig wrote:
>
>This is a RFM question, but I need to know which FM's.
>
>Going to build a Linux box to replace an existing server, and
>turn it into a "Not There (tm)" box.
>
>The linux box will have two ethernet ports, and needs to be
>a web server, a proxy server, a mail server, and a firewall.
>Oh, and it needs to be a DHCP host for the (proxy) served clients.
>
>The DNS and NNTP server will be provided by the ISP.
>
>I will want to administer the system remotely, preferably
>with my X server.
>
>Pointers, or BTDT stories? It's a matter of pride to make this
>go as smoothly/quickly as possible; the current server works,
>and I'm the only lobbiest for Linux "there".
Don't start with man pages; start with the Networking-Overview-HOWTO,
the NET-3-HOWTO and the Network Administrators Guide, which is part of
the LDP (Linux Documentation Project). These are all available
from, for example,
ftp://metalab.unc.edu/Linux/docs
Bob T.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: CDE for Linux
Date: Thu, 08 Apr 1999 10:17:45 GMT
U never will??? unless it is pirated.
CDE is a commercial software, sold by Caldera. It is the Motif-2.0 (with
its new WM)... and Motif itself is a copyrighted stuff, help by a big
consortium of Cos. called X-open or something (i am not 100% sure on the
last bit !)
U can find a much sillier, and drab looking Motif-1.X implimentation from
many people, like Redhat, Calders, MeteoWerks etc....
LessTif (which is API level compliant, and 99% LNF compatible) with Motif1.2
but nothing close to CDE of Motif-2.0.
KDE is much much better in LNF, and usability, than CDE, and when tuned,
can look almost like CDE, and work like one, and is free, and pretty stable
with real rich feature set... but on a buggy Celeron machine, it crashes
often, but on my Cyrix266 if has been working fine for the last 1 year
without a single crash.
try KDE, u'd wish u'd met her earlier...!
;-)
N'joy
BDutta... BTW, this is not the right forum for ur Q!
[EMAIL PROTECTED] wrote:
> Hi All,
>
> Pls can any body tell where can i get Free CDE (Common Desktop
> Environment) for my Redhat Linux 5.2
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (mamo)
Subject: Re: secure ftp
Date: Thu, 08 Apr 1999 10:52:19 GMT
On Thu, 08 Apr 1999 01:04:07 +0200, Job Eisses
<[EMAIL PROTECTED]> wrote:
>mamo wrote:
>>
>> I have a unix box that have to be a web server.
>>
>> A lot of users have to put pages on it. I do not want them to put the
>> ftp password in clear text but i want the password cripted .
>>
>> Is there a protocol that have a server for linux and clients for unix
>> and win and if possible other that do it.
>> It should be free
>> Thanks in advance
>
>"ssh" is free for unix (not sure about win), and will crypt the whole
>session including password. -job
I haven't found a free scp client for win (usable). Scp is the
utility that permit to send file using an encypted channel.
------------------------------
From: "Jan Johansson" <[EMAIL PROTECTED]>
Subject: Re: help - PPPD: Serial line is looped back. Connection terminated.
Date: Thu, 8 Apr 1999 12:33:10 +0200
try adding -nm to your ppp options.
>Apr 8 20:23:49 sport pppd[492]: pppd 2.3.3 started by root, uid 0
>Apr 8 20:23:50 sport pppd[492]: timeout set to 10 seconds
>Apr 8 20:23:50 sport pppd[492]: Serial connection established.
>Apr 8 20:23:51 sport pppd[492]: Using interface ppp0
>Apr 8 20:23:51 sport pppd[492]: Connect: ppp0 <--> /dev/modem
>Apr 8 20:23:51 sport pppd[492]: Serial line is looped back.
>Apr 8 20:23:51 sport pppd[492]: Connection terminated.
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: Network problems
Date: Thu, 8 Apr 1999 05:55:25 -0500
IRQ 9 may not be available, since it's use to redirect irqs from 2nd
interrupt controller to 1st
you might try disabling a COM port via the BIOS setup and use its interrupt
Also, are you sure you don't have any io address overlap?
APPANAH ravi wrote in message <[EMAIL PROTECTED]>...
>Hi !!!
> I install a redhat 5.2 system.
> I configure the PC with 4 network cards :
> - 3 DLINK PCI 530 TX (IRQ 5, 9, 11 assigned to eth0, eth1 and
>eth2)
> - and 1 SMC ISA ULTA 8216C (IRQ 10 assigned to eth3)
>
> When I connect all the networks cards to the hub, the system didn't
>boot.
> When I connect only 1 network card to the hub, no problem...
> Can anyone help me ???
>
> Thanks in advance.
> Regards,
> Ravi APPANAH
>
>
>--
>Ravi APPANAH
> Product Validation & Support Engineer
>------------------------------------------
> EolRinG International
> 10, rue Alfred Kastler
> 14000 Caen - FRANCE
> Tel : +33 (0)2 31 06 19 75
> Fax : +33 (0)2 31 06 19 76
> Email : [EMAIL PROTECTED]
> Web : http://www.eolring.fr
>------------------------------------------
>
>
------------------------------
From: "Jan Johansson" <[EMAIL PROTECTED]>
Subject: Re: Using ipchains to block ICQ.
Date: Thu, 8 Apr 1999 12:54:27 +0200
Yeah, i figured that out. Just a hassle to list all icq servers.. i have a
list of about a hundred or so... Wondered if there was a way to someow
"fingerprint" the ICQ traffic.
Thanks anyway :)
>Ipchains?
>
>/sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d icq.mirabilis.com
>
>Assuming the boxes forward their stuff through the linux box. And
>repeat that line replacing icq.mirabilis.com with the names of the icq
>servers.
------------------------------
From: Evan Wolenzik <[EMAIL PROTECTED]>
Subject: Re: Autoresponders
Date: 8 Apr 1999 11:03:04 GMT
#!/usr/bin/perl
# Autoresponder (c) 1999 InterLink BBS [EMAIL PROTECTED]
# Change the value of $data to be the location of a text file which
# contains your auto response message.
#
# Edit your return address as you see fit.
#
# To activate, set permissions and then add an entry to /etc/aliases :
# auto: "|/bin/autoresponder"
# where "auto" is the incoming address that you want to use, and the
# part in quotes is the full path of the program. DON'T USE LEADING HASH #!
# Then run newaliases.
$data = "/path/of/auto_response.txt";
$toggle = 0;
while (<STDIN>) {
chop if (/\n$/);
if (/^From /x) {
if ($toggle == 0) {
($garbage1, $to, $garbage2) = split (/ /, $_, 3);
$to =~ tr/[A-Z]/[a-z]/;
$toggle = 1;
}
}
}
if ($to =~ /mailer-daemon/) {
exit(0);
} elsif ($to =~ /postmaster/) {
exit(0);
}
open SENDMAIL, "| sendmail -bm -oi -f [EMAIL PROTECTED] $to";
print SENDMAIL "From: \"Imirkin\" <imirkin\@lan.tjhsst.edu>\n";
print SENDMAIL "To: $to\n";
print SENDMAIL "Subject: This is an automated response.\n\n";
open (FILE, $data);
while (<FILE>) {
print SENDMAIL;
}
close (FILE);
close SENDMAIL;
exit(0);
------------------------------
From: [EMAIL PROTECTED]
Subject: Why FTP/Telnet connection to Linux box is very slow ?
Date: Thu, 08 Apr 1999 07:39:54 GMT
Help !
I am setting up a Linux box with RedHat 5.1 and try connected with FTP/Telnet
but the connection is very slow. I must wait approx. 1-2 minutes to connect.
Any hints ?
Hie Joen
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Jan Johansson" <[EMAIL PROTECTED]>
Subject: Re: DSL masquerading firewall craziness
Date: Thu, 8 Apr 1999 14:02:51 +0200
Kernel 2.2.x and ipchains does most of the stuff you'd like.
------------------------------
From: Brian McCauley <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions,comp.protocols.ppp
Subject: Re: server assigned dns?
Date: 08 Apr 1999 12:53:14 +0100
root <[EMAIL PROTECTED]> writes:
> A lot of ISPs I've looked at recently seem to use the server assigned
> DNS 'feature' of DUN under windows. I've yet to find a reference to a
> way of duplicating this functionality under Linux. Am I just looking in
> the wrong places or is this not possible under Linux? Any ideas?
Passing DNS address in IPCP (RFC1877) is a hideous violation of
protocol layering.
Pppd supports the server side of RFC1877 but not the client side.
The pppd maintainers will not consider applying the trivial patch
necessary to support the client side of RFC1877. They will not even
acknowledge any mail suggesting that they might consider it.
ftp://www.wcl.bham.ac.uk/pub/bam/patches/pppd-2.3.5-get-ms-dns.diff
(Note: this has been discussed several time before - you should have
used Dejanews).
--
\\ ( ) No male bovine | Email: [EMAIL PROTECTED]
. _\\__[oo faeces from | Phones: +44 121 471 3789 (home)
.__/ \\ /\@ /~) /~[ /\/[ | +44 121 627 2173 (voice) 2175 (fax)
. l___\\ /~~) /~~[ / [ | PGP-fp: D7 03 2A 4B D8 3A 05 37...
# ll l\\ ~~~~ ~ ~ ~ ~ | http://www.wcl.bham.ac.uk/~bam/
###LL LL\\ (Brian McCauley) |
------------------------------
From: "murali" <[EMAIL PROTECTED]>
Subject: Re: mailserver global address book
Date: Thu, 8 Apr 1999 13:46:29 +0200
Crossposted-To: comp.os.linux.setup,microsoft.public.mcis.mailserver
just pick up any free LDAP distributions from the Internet.......and make
your own directory structure
and attributes you want in the address book...like street name ..Tel.No,
First name etc.
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: DSL masquerading firewall craziness
Date: Thu, 8 Apr 1999 07:43:29 -0500
If you have the IPs, doing away with port forwading is probably a good idea.
Why setup a firewall just to poke holes in it.
tcpwrappers seem to work well for us. IP Chains under 2.2 kernel probably
could provide you with more filtering options.
Go with sshd telnet and pop clients to keep passwords from travelling over
the internet in text form.
Rregarding DNS: Are you hosting your own domain? If you are, you'll
want to have a DNS for the outside, and one for the inside. Only put
the hosts you want the world to know about in the outside DNS. Restrict,
zone transfers to your secondary DNS (usually your ISP). Your inside
DNS should only be accessible to the inside network, and act as a
forwarder to an outside DNS.
You might consider using a socks proxy server as part of your firewall, with
IP forwarding off of course. IMO it results in a more secure firewall than
IP Masq. www.socks.nec.com
Zach Copley wrote in message <370c92f1$0$[EMAIL PROTECTED]>...
>So here's the situation. I'm using IP masq. My LAN is setup with
>fakey 192.168.0.x addresses. I have a gateway machine running Linux
>(2.0.36) with two ethernet cards in it. eth0 is connects to my DSL
>(216.99.11.96), which is the default gateway, and eth0 is set to
>192.168.0.1. IP masquerading is enabled. On the 192.168.0.x side (eth1),
>I
>have several windows machines, a mac, and two unix boxes. I am port
>forwarding mail (port 25) to 192.168.0.5 (the mail server) and a bunch
>of other things, including www, to 192.168.0.3. DNS serving is
>currently being done by the gateway machine, but I'll probably move
>that to another machine. At this point, everything seems to be
>working. What a struggle!
>
>Here's what I would like to do and can't figure out.
>
>Right now, anyone can hit on any port on the DSL/eth0 side
>(216.99.11.96), so if they hit on any of the forwarded ports, the
>traffic is automatically forwarded inside the firewall. I would like
>to control this, restricting it on a host-by-host basis. It's okay
>for anyone in the universe to use the web server, but I want to lock
>down who is allowed to hit on my pop server and my ssh server, etc.
>That's one thing. I don't think tcpwrappers is enough.
>
>Secondly, since I have IP addresses with static routes from my
>provider (Pac Bell), I would like to be able to use the rest of them.
>I have a block 216.99.11.96-30. So I would like to be able to hook
>another machine up on my LAN, as say, 216.99.11.97, and have my
>gateway do routing for it over the DSL. The reason I want to do this
>is so I can make a "bastion host." I want to have my good machines
>behind the IP masq firewall and all the public services all on a
>machine that I don't care about on 216.99.11.97. And do away with
>port forwarding. I'm ultra-paranoid about hackers these days. But
>this is a long-range goal. I am much more concerned about the first
>problem.
>
>Does any of this make sense? Any suggestions or ideas or help along
>these lines would be SUPER appreciated.
>
>Here's what my rc.firewall looks like:
>
>---------------->8----------------
>#! /bin/sh
>
># rc.firewall -- IP Masquerading stuff
># Last Edit: 04/07/99 (El Snatcher)
>#
>#
>
>PATH=/sbin:/bin:/usr/sbin:/usr/bin
>
># DSL IP
>DSL=216.99.11.96
>
># Load modules
>/sbin/depmod -a
>
># special modules
>/sbin/modprobe ip_masq_ftp
>/sbin/modprobe ip_masq_irc
>/sbin/modprobe ip_masq_raudio
>
># make sure IP forwarding is on
>echo "1" > /proc/sys/net/ipv4/ip_forward
>
># Masq timeouts
>#
># 2 hrs timeout for TCP session timeouts
># 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
># 60 sec timeout for UDP traffic
>/sbin/ipfwadm -M -s 7200 10 60
>
>echo "setting incoming rules..."
>###########################################################################
##
># Incoming, flush and set default policy of reject. Actually the default
>policy
># is irrelevant because there is a catch all rule with deny and log.
>#
>ipfwadm -I -f
>ipfwadm -I -p reject
>
># local interface, local machines, going anywhere is valid
>ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
>
># remote interface, claiming to be local machines, IP spoofing, get lost
>ipfwadm -I -a reject -V $DSL -S 192.168.0.0/24 -D 0.0.0.0/0 -o
>
># remote interface, any source, going to permanent DSL address is valid
>ipfwadm -I -a accept -V $DSL -S 0.0.0.0/0 -D $DSL/32
>
># loopback interface is valid.
>ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
>
># catch all rule, all other incoming is denied and logged.
>ipfwadm -I -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
>
>echo "setting outgoing rules..."
>###########################################################################
##
># Outgoing, flush and set default policy of reject. Actually the default
>policy
># is irrelevant because there is a catch all rule with deny and log.
>#
>ipfwadm -O -f
>ipfwadm -O -p reject
>
># local interface, any source going to local net is valid
>ipfwadm -O -a accept -V 192.168.0.1 -S 0.0.0.0/0 -D 192.168.0.0/24
>
># outgoing to local net on remote interface, stuffed routing, deny
>ipfwadm -O -a reject -V $DSL -S 0.0.0.0/0 -D 192.168.0.0/24 -o
>
># outgoing from local net on remote interface, stuffed masquerading, deny
>ipfwadm -O -a reject -V $DSL -S 192.168.0.0/24 -D 0.0.0.0/0 -o
>
># outgoing from local net on remote interface, stuffed masquerading, deny
>ipfwadm -O -a reject -V $DSL -S 0.0.0.0/0 -D 192.168.0.0/24 -o
>
># anything else outgoing on remote interface is valid
>ipfwadm -O -a accept -V $DSL -S $DSL/32 -D 0.0.0.0/0
>
># loopback interface is valid.
>ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
>
># catch all rule, all other outgoing is denied and logged.
>ipfwadm -O -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
>
>echo "setting up IP masq..."
>###########################################################################
##
># Forwarding, flush and set default policy of deny. Actually the default
>policy
># is irrelevant because there is a catch all rule with deny and log.
>#
>ipfwadm -F -f
>ipfwadm -F -p deny
>
># Masquerade from local net on local interface to anywhere.
>ipfwadm -F -a masquerade -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0
>
># catch all rule, all other forwarding is denied and logged.
>ipfwadm -F -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
>
>#port forwarding stuff
>
>echo "setting up port forwarding..."
>/usr/local/sbin/ipportfw -C
>
># www
>/usr/local/sbin/ipportfw -A -t$DSL/80 -R 192.168.0.3/80
>
># ssh
>/usr/local/sbin/ipportfw -A -t$DSL/22 -R 192.168.0.3/22
>
># ftp
>/usr/local/sbin/ipportfw -A -t$DSL/20 -R 192.168.0.3/20
>/usr/local/sbin/ipportfw -A -t$DSL/21 -R 192.168.0.3/21
>
># gopher
>/usr/local/sbin/ipportfw -A -t$DSL/70 -R 192.168.0.3/70
>
># cvs server
>/usr/local/sbin/ipportfw -A -t$DSL/2401 -R 192.168.0.3/2401
>
># imap
>/usr/local/sbin/ipportfw -A -t$DSL/143 -R 192.168.0.3/143
>
># pop-3
>/usr/local/sbin/ipportfw -A -t$DSL/110 -R 192.168.0.3/110
>
># mail
>/usr/local/sbin/ipportfw -A -t$DSL/25 -R 192.168.0.5/25
>
># ident
>/usr/local/sbin/ipportfw -A -t$DSL/113 -R 192.168.0.5/113
>---------------->8----------------
>
>Thanks!
>
>
>Zach
>
>--
> .^....^. "I don't like the feel of
> ! .\/. ! [the sun] on my skin."
> (. oo .) --Christopher Walken
> `{""}'
------------------------------
From: Brian McCauley <[EMAIL PROTECTED]>
Subject: Re: How to set default gateway ?
Date: 08 Apr 1999 12:37:59 +0100
Doug Snowden <[EMAIL PROTECTED]> writes:
> On of the requirements on our network is for our hosts to set their
> network default gateway to themselves.
That is nonsensical. If you could really do this you'd get a routing
loop. Linux will not allow you to set this.
Some other Unix systems may allow you to appear to set your default
gateway to your own address this but will, in fact, behave as though
you'd set an interface (_not_ gateway) default route. You probably
don't want to do this.
For compatibility with these systems, if you try to set a route with
a gateway equal to your own interface address Linux will actually
create the appropriate interface route.
You probably should be leaving the default gateway blank (on all your
machines, not just the Linux ones).
--
\\ ( ) No male bovine | Email: [EMAIL PROTECTED]
. _\\__[oo faeces from | Phones: +44 121 471 3789 (home)
.__/ \\ /\@ /~) /~[ /\/[ | +44 121 627 2173 (voice) 2175 (fax)
. l___\\ /~~) /~~[ / [ | PGP-fp: D7 03 2A 4B D8 3A 05 37...
# ll l\\ ~~~~ ~ ~ ~ ~ | http://www.wcl.bham.ac.uk/~bam/
###LL LL\\ (Brian McCauley) |
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
