Linux-Networking Digest #842, Volume #10 Tue, 13 Apr 99 14:13:38 EDT
Contents:
Re: Telnet and FTP woes (Robert Ribnitz)
Re: PPP - SIGHUP (jason)
Re: DNS & BIND V.8 ("jeff")
Re: Network Printer (Linux + MacOS + HP JetDirect) (Nick B.)
IP Masq + firewall dhcp ("Ste")
Re: loadlin for linux? (Peter Benie)
Re: BT Speedway ISDN and RH 5.2... still trying... need help! ("Jeff")
Re: .shosts: Your host key cannot be verified: unknown or invalid host key? ("Alan
J. Flavell")
Supernetting? (Ralf Folkerts)
SN3200 ("Bertrand Le Breton")
Re: ISDN / BT Speedway Problem (HiSax/Fritz) ("Anthony")
Re: .shosts: Your host key cannot be verified: unknown or invalid host key? (Georg
Schwarz)
Re: Linux networking question... ("Quiney, Philip (EXCHANGE:HAL02:HM10)")
Re: Netgear ISA EA201c NIC ("J. R.")
Re: Help. Unable to browse HTTPS from IP Masq'ed workstations -- more info ("Mike
Ellis")
Re: Telnet and FTP woes (Luca De Vitis - De Whiskey's -)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Robert Ribnitz)
Crossposted-To: alt.os.linux,comp.os.linux.admin,comp.os.linux.help
Subject: Re: Telnet and FTP woes
Date: Tue, 13 Apr 1999 12:20:24 GMT
On Tue, 13 Apr 1999 02:27:08 +0000, "Douglas A. Haines"
<[EMAIL PROTECTED]> wrote:
>Hi folks,
>I'm running RedHat Linux 5.1 (2.0.34 kernel). I finally have TCP
>networking operating after some kernel compile problems, yet I still
>have
>some issues. The one I'm working on now involves Telnet and FTP. I
>cannot connect my Windows machine to my Linux box with either;
>both clients on the Windows side indicate a closed connection.
>
> Telnet gives me no message other than "connection closed". I never
>get a login.
> FTP gives me the message "Connection closed by remote host". I
>never get a login here either.
> Both clients are the simple programs that ship with Windows 95.
>
> I can ping my Linux box from Windows and vice-versa. I'm assuming I
>need to change some settings in my network, but I'll be damned
> if I know what they are. I have checked /etc/services and it shows
>both ftp and telnet as being set up. Do I need a telnet and ftp
> daemon running? Any information would be appreciated.
>
>Doug Haines
edit /etc/hosts.allow and /etc/hosts.deny to suit your needs (did the
trick for me)
------------------------------
From: jason <[EMAIL PROTECTED]>
Subject: Re: PPP - SIGHUP
Date: Tue, 13 Apr 1999 08:22:04 -0400
Does it do this after 15 minutes of inactivity, or just 15 minutes, period?
-jason
(to reply via email, make the appropriate substitution in my email address)
------------------------------
From: "jeff" <[EMAIL PROTECTED]>
Subject: Re: DNS & BIND V.8
Date: Mon, 12 Apr 1999 23:45:30 -0700
What happens when you do:
>nslookup
>server your_isp's_nameserver
>www.redhat.com
Does it resolve then? if so then...
got a good resolv.conf?
#resolv.conf
search your_domain your_isp's_domain
nameserver your_nameserver
nameserver your_isp's_nameserver
You have your ISP's nameserver as your secondary nameserver in your
networking setup?
Seems like if you can ping out of your firewall that ipfw is not the culprit
though I may be wrong and it could be a point worth pursuing.
<[EMAIL PROTECTED]> wrote in message
news:7erqr1$p97$[EMAIL PROTECTED]...
> I am setting up DNS on slackware V3.6 (Kernel 2.0.35) using BIND version
8.
> The configuration files all seem to be correct. The server acting as the
> nameserver is also a firewall server using IP-filtering.
>
> I can ping and resolve names from the nameserver to hosts within our
network,
> and also from anywhere within the network. I then tried to ping hosts on
the
> internet through our dial-up connection to the ISP - this works OK.
However,
> when I try and resolve names using nslookup, of hosts on the internet it
fails
> and times-out.
>
> The configuration files for the root domain servers are correct as well as
the
> reference to them.
>
> I have tried debugging using nslookup without much luck.
>
> We are in the process of moving from a server using BIND Version 4. We
> copied all the files over and then altered them to match the new BIND
version
> format - the root server file was not changed.
>
> I am fresh out of ideas, could there be a firewall problem??
> OR in the format of the root server config file??
>
>
>
>
>
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Nick B. <[EMAIL PROTECTED]>
Subject: Re: Network Printer (Linux + MacOS + HP JetDirect)
Date: Tue, 13 Apr 1999 12:34:57 GMT
Thanks for the suggestions Ron,
I'll take a look on the HP site for the Linux version of the JetDirect admin.
I can't loose the Mac connectivity to this printer. Since it is currently
Appletalk (only?), I wonder if the Mac supports a TCP/IP protocol printer?
In one of the HP documents I located, it did note that X.01.nn firmware could
NOT be upgraded! That only X.02.nn and above could be upgraded. If this is
true, then it leaves me out for the upgrade.
Thanks for the help, I think I will work on this a little longer before
deciding to spend more money on another card, although an external print
server does sound enticing.
Regards,
Nick B.
In article <[EMAIL PROTECTED]>,
Ron Watkins <[EMAIL PROTECTED]> wrote:
> I thought I saw that HP had released the JetDirect admin software for Linux.
> You might do a search on Linux at their site. I think I even downloaded it,
> but I'm not sure where I put it offhand -- I never got around to installing
> it. If you can't find it, send me email and I'll see if I can scrounge it up.
>
> If you connect the printer via a parallel cable, you *should* be able to
> enable TCP/IP that way. The odd network addresses you're seeing are Appletalk
> network numbers, which do not correspond in any way to TCP/IP. You probably
> cannot do a network snoop and find the printer, because it probably is
> accessed only via Appletalk at the moment.
>
> With TCP/IP disabled on the printer, the HP will suppress any TCP/IP settings
> at the control panel until that protocol is enabled. The JetAdmin utility,
> even though it claims otherwise, MIGHT be sufficiently compatible to at least
> allow that much.
>
> There is probably also some method of upgrading to a more recent firmware
> revision.
>
> The prior poster's idea of using an external print server isn't a bad one. I
> bought one for a client for about $250 a year ago; it's very fast and works
> very well. The one I got was from Lexmark. Had more options than you could
> shake a stick at. :-)
>
> <<RON>>
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Ste" <[EMAIL PROTECTED]>
Subject: IP Masq + firewall dhcp
Date: 13 Apr 1999 08:48:58 +0100
Hi,
I installed dhcpd (v.2 patchlevel 25) on a firewall (ipfwadm-2.3.0-6)
running linux rh 5.2, kernel 2.0.36.
Dhcp don't works :((, even adding: route add -host 255.255.255.255 dev eth0
Pinging the firewall from any of the win95 clients i get:
Destination host unreachable.
Running /usr/sbin/dhcp -d -f:
Listening on Socket/eth0/192.168.1.0
Sending on Socket/eth0/192.168.1.0
And nothing else ...
According to dhcp gurus, my firewall rules are preventing the linux pc from
sending or receiving DHCP packets.
This is /etc/rc.d/rc.local (the firewall ip is 192.168.1.1):
echo "ip_masq 192.168.1.1"
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp.o
/sbin/modprobe ip_masq_raudio.o
/sbin/modprobe ip_masq_irc.o
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -I -p deny
/sbin/ipfwadm -I -f
/sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
/sbin/ipfwadm -I -a accept -S 192.168.1.0/24 -D any/0
/sbin/ipfwadm -I -a accept -S 127.0.0.1 -D any/0
/sbin/ipfwadm -I -a accept -P tcp -S any/0 -D any/0 1024:65535
/sbin/ipfwadm -I -a accept -P udp -S any/0 -D any/0 1024:65535
/sbin/ifconfig eth0 192.168.1.1
/sbin/route add -net 192.168.1.0
How can I fix it ?
Thanks
Ste
------------------------------
From: [EMAIL PROTECTED] (Peter Benie)
Crossposted-To: comp.os.linux.setup,comp.os.linux.setup,ucam.comp.linux
Subject: Re: loadlin for linux?
Date: 13 Apr 1999 16:39:44 GMT
In article <[EMAIL PROTECTED]>,
J.E. Scott <[EMAIL PROTECTED]> wrote:
>
>Hi,
>
>is there an equivalent of loadlin that runs _from_ linux? What I want to
>do is make a small linux distribution that susses out various local
>parameters, and then downloads and runs the real linux from the network.
No, there isn't, but you can solve your problem with a writable boot floppy.
The first time a machine boots, it loads a kernel from the floppy and
uses initrd or NFS for the root filesystem. You then partition the
hard disk and install the OS.
After the installation, but before rebooting, use 'lilo -R' to
reconfigure the floppy to chain lilo on the hard disk.
('-R' reconfigures lilo for one session only.)
Peter
------------------------------
From: "Jeff" <[EMAIL PROTECTED]>
Crossposted-To:
alt.os.linux.dial-up,btinternet.linux,de.alt.comm.isdn4linux,uk.comp.os.linux
Subject: Re: BT Speedway ISDN and RH 5.2... still trying... need help!
Date: Tue, 13 Apr 1999 16:58:43 +0100
So what was wrong ?
I'm about to try setting up my linux for my card as well.
Jeff.
Seyed Razavi <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Not too worry I finally did it! Thanks everyone who helped.
>
> Goodbye Windoze
>
> Good riddance.
>
> Paul Black wrote:
> >
> > "Seyed Razavi" <[EMAIL PROTECTED]> wrote:
> > > As per usual I am at a loss. Any help would be appreciated.
> >
> > The contents of your script producing these problems would be useful.
> >
> > Paul
------------------------------
From: "Alan J. Flavell" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.ssh
Subject: Re: .shosts: Your host key cannot be verified: unknown or invalid host key?
Date: Tue, 13 Apr 1999 17:57:31 +0200
On 13 Apr 1999, Georg Schwarz wrote:
> now when trying to log in from the one (helena) to the other (luthien),
> with an appropriate .shosts file being in place, I get:
...
> helena.physik.tu-berlin.de: Remote: The host name used to check the key
> was 'helena.physik.tu-berlin.de'.
> helena.physik.tu-berlin.de: Remote: Try logging back from the server
> machine with the canonical host name using ssh, and then try again.
And what happened when you did what it suggested?
This is the normal behaviour when the host doesn't know its partner's
host key. There are of course other ways of making the host key files,
but the above hint is a good one. Try it.
------------------------------
From: Ralf Folkerts <[EMAIL PROTECTED]>
Subject: Supernetting?
Date: Tue, 13 Apr 1999 07:50:28 +0200
Hi,
I have a question re. Supernetting! Unfortunately I didn't find any "OS
independent" TCP/IP Newsgroup :-( Since, however, all our Intranet
Servers are Linux-driven I hope I may post here:
We are about to replace our Network Infrastructure. Currently we run
several Shared-Ethernet Networks which are routed amongst each other (we
have more than 255 hosts so we needed more networks).
Now, since we're gonna make everything new and use Swicthed Ethernet
(Alcatel Packet Engine) I voted for Supernetting several Class-C
Networks into one big Network and thus circumvent all the routing issues
etc...
However, I'd like to get some "real world" prove for this Idea; I never
ever supernetted anything ;-)
We will use a complete Class B Network, which we got from our group.
We are two companies plus 6 branches which need to be "networked" and
interconnected.
I think supernetting three "Class-C" Networks into one big Network; e.g.
we have the complete 10.41.0.0 network.
Our company will use 10.41.1.0 - 10.41.3.0 with a 22 bit Subnet-Mask.
Our "sister" company will use 10.41.16.0 - 10.41.18.0, with a 22-Bit
subnet Mask, too.
The branches will use 10.41.32.0/24 and so on.
Now, will this work??
How do we have to set the routes on the different networks??
MTIA,
_ralf_
------------------------------
From: "Bertrand Le Breton" <[EMAIL PROTECTED]>
Subject: SN3200
Date: Tue, 13 Apr 1999 08:58:11 +0200
Hi
does any one knows where and how i can found and install the good device
files on my computer runnin with redhat-5.2
------------------------------
From: "Anthony" <Anthony@spim>
Crossposted-To: comp.os.linux.hardware
Subject: Re: ISDN / BT Speedway Problem (HiSax/Fritz)
Date: Tue, 13 Apr 1999 08:36:49 +0100
You have to get the ISDN package - part of isdn4linux from ftp.suse.com and
run the std2kern -d.
This will update your kernel source with the correct drivers.
I tried working with this and various 2.2 kernels - upto 2.2.5 and found it
to be unstable.
I use 2.036 and find it works great - do you really need 2.2.x? I'm going
to wait a bit until things become a little more stable.
Anthony
Simon Griffiths wrote in message <[EMAIL PROTECTED]>...
>
>
>Simon Griffiths wrote:
>>
>> Heeeeeelp.....
>>
>> I've currently got a 2.2.5 kernel with modular support for IDSN/HiSax
>> (Fritz)
>> and a BT Speedway PCI card. All looks fine....
>>
>> but I get :
>>
>> Apr 10 14:10:24 localhost kernel: HiSax: Card AVM A1 not installed !
>> Apr 10 14:10:24 localhost kernel: ISDN-subsystem unloaded
>>
>> everytime I try to load the HiSax module with...
>>
>> modprobe -v hisax io=0x6400 irq=9 protocol=2 type=5 id=Fritz
>>
>
>OK, I've had a chance to look further into this, and I come to the
>following conclusions....
>
>1. The card I have - a BT speedway internal - is a Fritz/PCI version.
>2. There are 3 Fritz types in the ISDN4Linux Hisax driver module: Fritz,
>Fritz!PnP, Fritz!PCI
>3. The internal BT Speedway needs the Fritz!PCI
>4. Each type of card requires a different type argument in the insmod
>call. I should have been using:
> modprobe -v hisax protocol=2 type=27
>
>But....
>
>5. the Fritz!PCI & Fritz!PnP drivers are included in 2.0.36, but not in
>2.2.x
>6. the Fritz!PCI driver included in the latest version of ISDN4Linux
>won't compile in 2.2.n
> (at least I can't get it to!)
>7. 2.2.x is great - there's so much good stuff in here I don't want to
>regress
>
>
>Conclusion - I'll just have to manage with my 33.6 modem until some
>wonderful person can tell
>me how to get the Fritz!PCI driver compiled in 2.2.n !
>or...
>the Fritz!PCI driver gets rolled into the 2.2 kernel distribution.
>
>Any takers ?
>
>Also, I think the BT Speedway card is being pushed pretty strongly with
>the new
>BT Highway products and is selling pretty well, - there may be lots pf
>people out there
>with the same problem as me !
>
>Simon.
------------------------------
From: [EMAIL PROTECTED] (Georg Schwarz)
Crossposted-To: comp.security.ssh
Subject: Re: .shosts: Your host key cannot be verified: unknown or invalid host key?
Date: 13 Apr 1999 16:06:09 GMT
[EMAIL PROTECTED] (Georg Schwarz) writes:
>I've installed the ssh 1.2.6 rpms from ftp.reply.com on two machines
^^^^^^
that was ftp.replay.com of course. Sorry for the typo.
--
Georg Schwarz ([EMAIL PROTECTED], [EMAIL PROTECTED], PGP 2.6ui)
Institut f�r Theoretische Physik +49 30 314-24254 FAX -21130 IRC kuroi
Technische Universit�t Berlin http://home.pages.de/~schwarz/
------------------------------
From: "Quiney, Philip (EXCHANGE:HAL02:HM10)" <[EMAIL PROTECTED]>
Subject: Re: Linux networking question...
Date: Tue, 13 Apr 1999 08:09:02 +0100
Jerry wrote:
>
> Hi,
>
> I am new to networking in Linux. Is there any
> considerations to be made when buying network
> adapter for Linux networking? What are the best
> cards around? Better still if you can recommend
> a SOHO kit... Please kindly advise. Thanks in
> advance.
Hi,
I have used a variety of network cards under Linux including
WD8003 - ancient 8 bit card obtained second hand for next to nothing.
Uses shared memory so is a match for polled IO ne2000 cards whether
16bit or PCI.
ne2000 - clone cards - have had some problems with Plug & Play but these
cards can be set to 'jumperless' so you can specify IO/IRQ etc (the ones
I used could - some really obscure ones - Longshine I think the 'brand'
was - can't though. I dumped this card as it was intermittent in being
recognised even in Win95).
3Com 3C900 - AFAIK worked straight out of the box.
Things to Consider
Automatic detection of AUI/Coax/RJ45 usually fails - force it to what
you want. YMMV
Jumperless mode is useful if all else fails.
I think there is a list of Network cards in the NET3-HOWTO document (in
/usr/doc/HOWTO) as well as some detail on getting this to work.
Regards
Phil Q
--
Phil Quiney Digital PowerLine,
[EMAIL PROTECTED] Nortel Networks,
Telephone: +44 (1279) 402363 London Rd, Harlow,
Fax: +44 (1279) 402885 Essex CM17 9NA,
United Kingdom.
"This message may contain information proprietary to Northern
Telecom so any unauthorised disclosure, copying or distribution
of its contents is strictly prohibited."
------------------------------
Crossposted-To: comp.os.linux.hardware
From: "J. R." <[EMAIL PROTECTED]>
Subject: Re: Netgear ISA EA201c NIC
Date: Tue, 13 Apr 1999 16:01:16 GMT
Allen wrote:
>
> It still won't boot after taking out the NIC?
That's right.
> I guess at that point,
> best thing to do is to dump the CMOS memory, and remove all cards or drive
> connectors except video card, and start re-booting from there, adding parts
> one at a time, 'till you find out which one won't allow you to continue.
Well, I'm afraid I can't leave out the I/O card, either, as it contains
both
the floppy and the HD controllers. ;-)
But seriously, this is the first time this old ('92 vintage) Gateway '486
did something like this, despite of many hardware reconfigs in the
meantime.
I still need to do more testing along the lines you suggested, but I'm
afraid
the problem might be in the motherboard, as I have already tried a
different
I/O card to no avail. I have two IDE HDs and both show gibberish when
doing
the dir on them in the DOS partition. The Linux partition is also giving
up on boot. The BIOS looks good though.
>From the fact that this happened after I put in thet new NIC, may indicate
that
either the NIC was somehow bad and shorted something on the MoBo, or the
great
force that had to be used to seat the card in the edge connector broke
some
traces in the MoBo. For that's one thing I always hated about this
ISA-bus
PC: the excessive force required to press those cards in the edge
connectors.
PCI slots are just so much smoother when inserting a card in them!
Anyway, thanks for the empathy,
Joe
------------------------------
From: "Mike Ellis" <[EMAIL PROTECTED]>
Subject: Re: Help. Unable to browse HTTPS from IP Masq'ed workstations -- more info
Date: Tue, 13 Apr 1999 13:01:33 -0700
BACKGROUND
In my previous post, I described a problem accessing
HTTPS sites from ip_masq'd workstations. After receiving
David's suggestion to check port 443 permissions
I made some tests with tcpdump to attempt to see
if that was indeed the problem.
RESULTS
Using tcpdump shows that traffic on port 443 is flowing
in both directions. Seems to confirm that ipfw is
properly passing and routing packets on this port.
I'm not familiar enough with tcpdump to draw further
conclusions. Hopefully someone in the newsgroup will be
able to glean more than I have or suggest further diagnosis.
Also note that not all HTTPS sites are inaccessible. Makes
me suspect that there is something else going on. Netscape's
definition of SSL mentions an optional authentication
phase, but offers no further info.
I really need to allow folks behind the firewall to access
these sites, esp cheaptickets.com. Any help greatly
appreciated.
NAMES IN TCPDUMP OUTPUT
austin -- RH 5.2, connected to ISP through ppp0.
connect to lan through eth0
ipfwadm policies:
input accept
output accept
forward accept all, mask S 192.168.1.0/24 D 0.0.0.0/0
toad -- RH 5.2 connected to lan through eth0
IP = 192.168.1.32
dps1.lowfare.cheaptickets.com -- HTTPS server
reachable from austin, not from toad
amazon.com -- HTTPS server
reachable from both machines
DIAGNOSTIC METHOD
Set up terminal sessions on austin and toad. Invoke
tcpdump on both machines to capture packets on HTTPS port.
Use netscape to connect to secure server sites.
TCPDUMP OUTPUT
Below are tcpdump outputs for 3 different https connection events.
In #1, a successful direct connection from austin to
dps1.lowfare.cheaptickets.com is shown.
In #2a and #2b, a failed connection to the same site is shown
as seen by toad and austin. The connection was initiated by
toad.
In #3a and #3b, a good connection from toad to amazon.com's
secure server is shown.
In all cases, tcpdump was monitoring port 443. On austin
it listened to interface ppp0, on toad to eth0.
1. AUSTIN'S VIEW -- DIRECT CONNECTION
austin.3821 > dps1.lowfare.cheaptickets.com.443: S 3405083092:3405083092(0)
win 512 <mss 256>
dps1.lowfare.cheaptickets.com.443 > austin.3821: S 2386542671:2386542671(0)
ack 3405083093 win 49152 <mss 1460>
austin.3821 > dps1.lowfare.cheaptickets.com.443: . ack 1 win 32512 (DF)
austin.3821 > dps1.lowfare.cheaptickets.com.443: P 1:85(84) ack 1 win 32512
(DF)
dps1.lowfare.cheaptickets.com.443 > austin.3821: P 1:80(79) ack 85 win 49152
austin.3821 > dps1.lowfare.cheaptickets.com.443: . ack 80 win 32512 (DF)
dps1.lowfare.cheaptickets.com.443 > austin.3821: P 80:147(67) ack 85 win
49152
austin.3821 > dps1.lowfare.cheaptickets.com.443: . ack 147 win 32512 (DF)
austin.3821 > dps1.lowfare.cheaptickets.com.443: P 85:91(6) ack 147 win
32512 (DF)
austin.3821 > dps1.lowfare.cheaptickets.com.443: P 91:347(256) ack 147 win
32512 (DF)
2a. TOAD'S VIEW -- FAILED CONNECTION
192.168.1.32.1054 > dps1.lowfare.cheaptickets.com.443: S
2259323080:2259323080(0) win 512 <mss 1460>
dps1.lowfare.cheaptickets.com.443 > 192.168.1.32.1054: S
1131491749:1131491749(0) ack 2259323081 win 49152 <mss 1460> (DF)
192.168.1.32.1054 > dps1.lowfare.cheaptickets.com.443: . ack 1 win 32120
(DF)
192.168.1.32.1054 > dps1.lowfare.cheaptickets.com.443: P 1:40(39) ack 1 win
32120 (DF)
192.168.1.32.1054 > dps1.lowfare.cheaptickets.com.443: P 1:40(39) ack 1 win
32120 (DF)
dps1.lowfare.cheaptickets.com.443 > 192.168.1.32.1054: . ack 40 win 49152
(DF)
2b. AUSTIN"S VIEW -- FAILED CONNECTION
austin.61416 > dps1.lowfare.cheaptickets.com.443: S 2259323080:2259323080(0)
win 512 <mss 1460>
dps1.lowfare.cheaptickets.com.443 > 192.168.1.32.1054: S
1131491749:1131491749(0) ack 2259323081 win 49152 <mss 1460> (DF)
austin.61416 > dps1.lowfare.cheaptickets.com.443: . ack 1131491750 win 32120
(DF)
austin.61416 > dps1.lowfare.cheaptickets.com.443: P 0:39(39) ack 1 win 32120
(DF)
austin.61416 > dps1.lowfare.cheaptickets.com.443: P 0:39(39) ack 1 win 32120
(DF)
dps1.lowfare.cheaptickets.com.443 > 192.168.1.32.1054: . ack 40 win 49152
(DF)
3a. TOAD'S VIEW -- GOOD CONNECTION
192.168.1.32.1556 > amazon.com.443: S 738472094:738472094(0) win 512 <mss
256>
amazon.com.443 > 192.168.1.32.1556: S 1177073207:1177073207(0) ack 738472095
win 32768 <mss 1460> (DF)
192.168.1.32.1556 > amazon.com.443: . ack 1 win 32512 (DF)
192.168.1.32.1556 > amazon.com.443: P 1:40(39) ack 1 win 32512 (DF)
amazon.com.443 > 192.168.1.32.1556: . 257:513(256) ack 40 win 32768 (DF)
192.168.1.32.1556 > amazon.com.443: . ack 1 win 32512 (DF)
3b. AUSTIN'S VIEW -- GOOD CONNECTION
austin.1693 > k.gtld-servers.net.domain: 44561 A? ns2.pnap.NET. (30)
austin.61484 > amazon.com.443: S 738472094:738472094(0) win 512 <mss 256>
austin.61485 > zork.tiac.net.domain: 34176+ (43)
austin.1693 > NS.NASA.GOV.domain: 44562 (42)
amazon.com.443 > 192.168.1.32.1556: S 1177073207:1177073207(0) ack 738472095
win 32768 <mss 1460> (DF)
austin.61484 > amazon.com.443: . ack 1177073208 win 32512 (DF)
---- end ----
David K. Means wrote in message ...
>
>Mike Ellis <[EMAIL PROTECTED]> wrote in message
>news:7est9i$[EMAIL PROTECTED]...
>> [...]
>> Other boxes obtain 192.168.1.X IP's from austin's
>> dhcpd. Austin is running ip_masq as described in
>> the how-to. Austin is also the domain nameserver.
>>
>> PROBLEM:
>> Other boxes are unable to access certain websites,
>> especially HTTPS, but also a few HTTP sites
>> (www.compaq.com is one).
>>
>> Problem is common to both Netscape on Linux and
>> IE4 on Win95. Problem does not occur with Netscape
>> run on directly austin.
>>
> HTTPS uses a separate TCP port from `normal' HTTP. You'll need
>to allow traffic on port 443 (it should be called https in /etc/services)
in
>both directions. If you'd like a little extra security, you can require
>that
>incoming HTTPS packets have the ACK bit set ( -k switch for ipfwadm).
>
> Good luck.
>
>
------------------------------
From: [EMAIL PROTECTED] (Luca De Vitis - De Whiskey's - )
Crossposted-To: alt.os.linux,comp.os.linux.admin,comp.os.linux.help
Subject: Re: Telnet and FTP woes
Date: 13 Apr 1999 07:58:09 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, James Mandy wrote:
>make sure there is nothing in /etc/hosts.allow
>and nothing in /etc/hosts.deny
Make sure you have the right instruction for your inetd in these files
watching the hosts_access (5) and then the hosts_options (5) man pages... but
if you do not understand wath they talk about... try this configuration
/etc/hosts.allow:
#
# This single line tell the inetd to garant any service to your windows box
#
ALL : <the windows client ip-address>
/etc/hosts.deny:
#
# If the connecting client is not your windows box this line deny any client
# from connecting to your linux box
#
ALL : PARANOID : rfc931
This is one of the most secure configuration... drasticaly close... but it
work ;)
Luca
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
