Linux-Networking Digest #859, Volume #10 Wed, 14 Apr 99 20:13:53 EDT
Contents:
Re: Using Linux instead of NT Server in home environment.... (Bill Anderson)
Re: Routing and Forwarding with SuSE 5.2 ("Alex Slaets")
Domain name ("Stavros C. Kassinos")
Re: how to use IP-adres in firewall script (Luca Filipozzi)
1 machine running Proxy and web server - How to? ("Cliff Etzel")
Re: Setting up for multiple ISPs ("Curt")
Al gore ("ryan")
FTP server for Mac files? ([EMAIL PROTECTED])
Re: emulate an http server (Fabian Wein)
Re: DNS - for yu (yugoslav) top-level-domain (Sabri Berisha)
Re: diald: connect doesn't ("John Edwards")
problem with WIN95 names in marsnwe (Arndt Kritzner)
Re: Assigning IPs to serial ports ("John Edwards")
----------------------------------------------------------------------------
From: Bill Anderson <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: Using Linux instead of NT Server in home environment....
Date: Wed, 14 Apr 1999 18:30:40 +0000
Stuart Fox wrote:
>
> >> Also, time for a few facts
> >>
> >> 1. NO operating system is bug free
> >> 2. Both Linux camps and MS spend considerable time locating and fixing
> bugs
> >> 3. A properly configured NT box will not Blue Screen, and will be as
> stable
> >> as a well configured Linux box.
> >
> >Hmmm. Not sure this is really the case, NT does Blue screen sometime
> >without explanation. One thing I do know for sure is that Linux is a
> hell
> >of a lot easier to get working again if it fails to boot. Scramble an NT
> >installation to much and its reinstall time. A key Linux quality is the
> >ability to recover a system if sometthing goes wrong. This can be very
> >difficult with NT.
> >
>
> I have some twenty or thirty NT servers under my direct or indirect
> influence, and they do not blue screen.
^^^^^^^^^^^^^^^^^^^^^^^
> The occasions when they do, it is
^^^^^^^^^^^^
> usually because a third party driver is poorly written (e.g. some of the
> Compaq NIC drivers). In my experience, most NT blue screens are caused by
> hardware or hardware related faults (or letting some asshole who doesn't
> know what they're doing at your machine). Recovering an NT box isn't that
> hard, especially given there's such a wide ranging knowledge base available.
> I have never seen a NT box blue screen without a good reason.
>
> Stu
Either they do or they do not. Which is it?
--
Bill Anderson Linux Administrator
MCS-Boise (ARC) [EMAIL PROTECTED]
My opinions are just that; _my_ opinions.
------------------------------
From: "Alex Slaets" <[EMAIL PROTECTED]>
Subject: Re: Routing and Forwarding with SuSE 5.2
Date: Wed, 14 Apr 1999 21:07:36 +0200
This is a multi-part message in MIME format.
=======_NextPart_000_0032_01BE86BA.D24AA960
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I want to set up a Firewall for a private LAN. But i still have some =
dificulties with the setup of the Ethernet Cards. The Firewall is a =
machine with two Netcards. The first one, ETH0 (IP: 134.133.125.251) is =
connected to the Internet. ETH1 (IP: 134.133.122.1) is connected to the =
LAN with the IP's 134.133.122.xxx . The Gateway entered for ETH0 is =
134.133.125.254. The Subnet Mask is 255.255.255.0 for both nets.=20
=20
=
eth0 eth1 ------Workstation=20
Internet------Gateway------- Firewall-------|=20
=
------Workstaion=20
134.133.125.254=20
My questions:=20
- Is a Firewall automaticaly a Gateway,too?=20
- Do I have to enter a Gateway address for ETH0.=20
- If yes, is the Gateway of ETH1 the IP of ETH0 and where to enter the =
Gateway for ETH1?=20
- What should I enter in the routing table ( route.conf?)?=20
- What is the Gateway address for the Workstations in the LAN?=20
1) read the ip-masquerade mini faq
-> have a system with ip forwarding enabled
-> set up ip-forwarding=20
=20
=======_NextPart_000_0032_01BE86BA.D24AA960
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2014.210" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<P>I want to set up a Firewall for a private LAN. But i still have =
some=20
dificulties with the setup of the Ethernet Cards. The Firewall is a =
machine=20
with two Netcards. The first one, ETH0 (IP: 134.133.125.251) is =
connected to=20
the Internet. ETH1 (IP: 134.133.122.1) is connected to the LAN =
with the=20
IP's 134.133.122.xxx . The Gateway entered for ETH0 is =
134.133.125.254.=20
The Subnet Mask is 255.255.255.0 for both nets. <BR> =20
=
<P> &nbs=
p;  =
; =
&=
nbsp; &n=
bsp; =20
<FONT=20
=
size=3D-1>eth0</FONT> &nbs=
p; =20
<FONT=20
=
size=3D-1>eth1 </FONT>&nbs=
p; =20
------Workstation <BR>Internet------Gateway------- Firewall-------|=20
=
<BR> &nb=
sp; &nbs=
p;  =
; =
&=
nbsp; &n=
bsp; &nb=
sp; &nbs=
p;  =
; =20
------Workstaion=20
=
<BR> &nb=
sp; &nbs=
p; =20
134.133.125.254=20
<P>My questions:=20
<P>- Is a Firewall automaticaly a Gateway,too?=20
<P>- Do I have to enter a Gateway address for ETH0. <BR>- If yes, is =
the=20
Gateway of ETH1 the IP of ETH0 and where to enter the Gateway for =
ETH1?=20
<P>- What should I enter in the routing table ( route.conf?)?=20
<P>- What is the Gateway address for the Workstations in the LAN?=20
<P><FONT size=3D2>1) read the ip-masquerade mini faq</FONT>
<P><FONT size=3D2>-> have a system with ip forwarding =
enabled</FONT>
<P><FONT size=3D2>-> set up ip-forwarding </FONT>
<P><FONT size=3D2> </FONT>
<P> </P></BLOCKQUOTE></BODY></HTML>
=======_NextPart_000_0032_01BE86BA.D24AA960==
------------------------------
From: "Stavros C. Kassinos" <[EMAIL PROTECTED]>
Subject: Domain name
Date: Wed, 14 Apr 1999 10:14:35 -0700
What is the best way to register a domain name for home-based office
LAN. The LAN constists of Linux boxes with one having a permanenent IP
assigned for DSL service ny my ISP. My ISP is asking for a non-trivial
price to do the domain name registration and the primary/secondary DNS
setup required by Internic.
Question: I know I could do the registration myslef directly with
Internic and save myslf some money. The probelm of course is the DNS
setup. Could I use my server Linux box as the DNS server that I will
give in my application? Or is that a catch 22? Needing to be registered
before you can do that?
Thanks in advance for any pointers....
--
==============================================================
Stavros C. Kassinos | [EMAIL PROTECTED] |
| Office: (650)-723-0546 |
Center for Turbulence Research | Fax: (650)-723-4548 |
Stanford University | www.stanford.edu/~kassinos |
==============================================================
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: how to use IP-adres in firewall script
Date: Wed, 14 Apr 1999 11:56:48 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
>
>
> >In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> >says...
> >> I want to run a firewallscript from commandline.
> >>
> >> IPADDR=`/sbin/ifconfig ipp p0 | /bin/grep 'inet addr' | /usr/bin/cut
> >> -f >2 -d: | /usr/bin/cut -f 1 -d' '`
> >>
> >> ipchains -A input -p udp -j DENY -d $IPADDR 137:139 gives an error.
> >>
> >> How can i generate my ip-addres?
> >> What is the right syntax?
> >>
> >>
> >don't you need to export IPADDR to the environment.
> >
> >setenv IPADDR yadayada for csh or tcsh
> >export IPADDR=yadayada for sh, ksh, or bash
>
> Can you please be more specific.
> I am just a newbie, sorry
>
>
>
>
In a shell script, you can do the following assign to a variable (IPADDR)
and use it anywhere in the script as $IPADDR. This works in a shell
script because it has its own environment (inherited from the login shell
from which it was called, but definitely its own). When the shell
completes and you are returned to your login shell (the prompt), IPADDR
will no longer be valid.
Similarly, if at the command prompt you simply type IPADDR=something,
IPADDR will not be valid after you press enter because a simple
assignment does not add IPADDR to the environment. If you want IPADDR to
remain valid in the login shell, you must "export" it to the environment.
How you export depends on which login shell you use.
setenv is used with csh or tcsh
export is used with sh, ksh, or bash
You need to buy a good book on shell programming and using shells. I'm
sure O'Reilly has a good selection.
#!/bin/sh
IPADD
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: "Cliff Etzel" <[EMAIL PROTECTED]>
Subject: 1 machine running Proxy and web server - How to?
Date: Wed, 14 Apr 1999 09:43:11 -0700
I am looking for information or a how to on the following:
I have an ADSL connection running 24x7
Under Redhat 5.2, I want to run both a web server at a static IP address,
and also have connectivity to the net for my workstation (via proxy)
I have been told the best way to do this is using 2 NIC cards, one with the
static IP address to the outside world, and the other for my LAN.
I have tried Squid, tinyproxy and simpleproxy to get this to work correctly,
with no luck. The best I have gotten so far has been a VERY slow connection
using Tinyproxy connected to a hub and using the same NIC card as what is
serving on the net.
I have also compiled the 2.2.5 kernel with both of the NIC cards in the
kernel itself with no luck either.
By itself, the server can access the net no problem, but I would like a
little more security for my workstation as the machine is on 24x7 and is
serving pages all the time.
The 2 NIC cards are an ne2000 clone (PCI) and a 3COM 3x9xx (PCI).
The 3com is attached to a Cisco 675 ADSL router
Is there a way of doing this? I have been relegated so far to having to use
NT server and Wingate proxy Server because of the problems I have been
having with this.
TIA for any responses - if needed please reply privately to save bandwidth.
--
Cliff Etzel
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: Setting up for multiple ISPs
Date: Wed, 14 Apr 1999 11:41:37 -0500
With RH just add another interface via 'network configurator', ppp0, ppp1,
ppp2....
Activate the one you want to use, either via 'network configurator' or ifup
pppN.
Philip Nelson wrote in message ...
>I have a need to set up the ability to connect to multiple ISPs,
>
>I've got the first one working (all the various config files set up
correctly - resolv.conf, chap-secrets / pap-secrets, options).
>
>But can I put the second ISPs details into the same configuration files and
still get it to work for both ?
>
>Example config files would be great.
>
>TIA
>
>
>Philip Nelson
>([EMAIL PROTECTED])
>
>Using OS/2 Warp and PMINews
>
>
------------------------------
From: "ryan" <[EMAIL PROTECTED]>
Subject: Al gore
Date: Wed, 14 Apr 1999 17:48:50 -0700
Just a note, anyone here that vp al gore declared his web site open source?
funny huh
=o)
ryan
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.misc
Subject: FTP server for Mac files?
Date: Wed, 14 Apr 1999 17:29:31 GMT
Hey, I am setting up an FTP server that is going serve Macintosh files. I
know that Macintosh has a special thing in the file system which allows one
to save the extra icon info. If I were to set up a Linux server for Macintosh
files, is there any way to make sure that the icon info doesn't get lost?
Is this dependent on the particular FTP server that is being used or the file
system where the file is being stored?
- Steve
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Fabian Wein <[EMAIL PROTECTED]>
Subject: Re: emulate an http server
Date: Wed, 14 Apr 1999 18:50:40 +0100
> For doing an experiment I want to emulate an http server manually.
> Does anyone knows who I can redirect port 80 (or any port) to
> the console?
I found the solution: netcast
Fabian
------------------------------
From: Sabri Berisha <[EMAIL PROTECTED]>
Crossposted-To:
nl.burgerrechten,nl.internet.algemeen,nl.internet.misbruik,nl.internet.providers,nl.internet.www.ontwerp,nl.juridisch,nl.politiek,nlnet.misc,soc.culture.yugoslavia
Subject: Re: DNS - for yu (yugoslav) top-level-domain
Date: Wed, 14 Apr 1999 22:51:33 +0000
Johan Wevers wrote:
>
> Sabri Berisha <[EMAIL PROTECTED]> wrote:
>
> >If Srbija wants to show their side of the story, they should not deport
> >all of the western journalists.
>
> I think they don't trust them any more.
Why? They even close down their own radiostations (like B92,
http://www.xs4all.nl)
> >> I'm sure the UCK terrorists would love it, they have us already fight the
> >> war they started and are dependent on the fact that the western media are
> >> demonizing the Serbs.
>
> >Terrorists?
>
> Yes, terrorists. Attacking civilians is the act of terrorists. The UCK is
> not any better than the Serbian police.
I've never heard of stories about Serbian women being raped by UCK
people. If they do so, I will be the first one to see them brought to
trial.
> >Srbija rapes women, kills and burns down entire vilages
>
> I don't claim that the Serbs have any right to do that, but I DO say that
> they are not worse than their opponents.
So you want to say that the UCK burns down villages?
> >and you (!) as an outsider have the guts to defend them?
>
> I defend their right to tell their side of the story, just as the Albanians
> and all other parties in this conflict. Freedom of speech, you know.
Why does Janmaat (dutch Nazi-like figure) keeps shouting that?
> Something which both Milisevic and the UCK don't like because it might
> convince people that the situation is not so black-white as the media in
> most countries (both Serbia and its opponents) suggests.
Srbija is performing massmurder and deportation. One question: do you
*really* believe there were no kamps in Kosova (and WW-2)?
> >Go sit in the corner!
>
> I have better things to do.
Like defending warcriminals
> BTW, can you tell me what country has .cx as domain?
.cx is from Christmas Island. They offer a domain-service for an
acceptable fee and do not require legal documents (like the dutch
domain-registry). See also http://www.nic.cx . My computer is physically
located in Groningen, The Netherlands, where I have a 10 Mbit/s
connection (project of the university of Groningen).
--
Sabri Berisha
EOF
------------------------------
From: "John Edwards" <[EMAIL PROTECTED]>
Subject: Re: diald: connect doesn't
Date: Wed, 14 Apr 1999 19:52:14 -0400
Whoops! make that 127.0.0.2 for local.
John Edwards wrote in message <[EMAIL PROTECTED]>...
>Check your IP addresses in your diald.conf file. They should be
>127.0.0.3 for local and 127.0.0.3 for remote.
>
>Steve Farris wrote:
>>
>> I am trying to set up a 486 as IP-masquarade / firewall for a small home
>> network. Being as this is my first linux box, I expect to make mistakes
>> and have to sort my way through faqs and manuals to get things working.
>>
>> I have done alright up to now. I have run out of ideas for getting diald
>> to work, so I turn to the newsgroups. I hope this post isn't too long,
but
>> I want to provide what I hope is the important piece of information that
I
>> am doing wrong.
>>
>> I have set up pppd to dial my isp (which gives my a dynamic ip address).
I
>> have ip-masquarade working, and have been able to establish a simple
>> firewall. So the only piece of the puzzle is to get diald working. I
>> downloaded the distribution along with the latest patch, ran the patch,
did
>> my make file, make, make install. When I start diald, I can see it start
>> slip (through the /var/log/message file). I see a sl0 device in my
>> ifconfig.
>>
>> However, if I try to do anything which requires a connection, nothing
>> happens. Ping will just sit there, or sometimes give me a host unknown.
I
>> tried running pppd after diald was running, and managed to connect but
>> nothing worked since the default route is now through slip which goes
>> nowhere.
>>
>> I am running Caldera 1.2 (kernel 2.0.33, pppd 2.2.0, slip 0.8.4). Slip
is
>> loaded using kernld (does this matter?)
>>
>> My diald.log file gives me outputs similar to these: Calling site
>> 192.168.0.12. Disconnected, call duration 1 seconds. IP transmitted 84
>> bytes, received 0 bytes. From my messages file, I see the following
>> activity: Running connect. Connect script failed. Waiting 30 sec
before
>> clear to dial.
>>
>> Following are relevant scripts.
>>
>> My diald.conf file:
>>
>> mode ppp
>> fifo /etc/diald/diald.ctl
>> accounting-log /var/log/diald.log
>> connect /usr/diald/connect
>> device /dev/modem
>> speed 115200
>> modem
>> lock
>> crtscts
>> local 192.168.0.11
>> remote 192.168.0.12
>> dynamic
>> defaultroute
>> include /usr/lib/diald/standard.filter
>> ip-up /etc/ppp/ip-up
>> ip-down /etc/ppp/ip-down
>>
>> I tried using the example connect script that came with the diald
>> distribution (putting in my relevant info where appropriate). When that
>> didn't work, I tried using the chat-script I use for pppd (see below).
The
>> diald manual said to eliminate most of the stuff I had in my options file
>> for ppp, so my options file is blank when trying to use diald.
>>
>> This is my options file for ppp:
>>
>> connect "usr/sbin/chat -v -f /etc/ppp/chat-script"
>> /dev/modem 38400
>> modem
>> crtscts
>> defaultroute
>> noipdefault
>> kdebug 1
>>
>> This is my ppp chat-script:
>>
>> ABORT BUSY
>> "" ATDT9722800
>> CONNECT ""
>> ogin: USERNAME
>> ssword: PASSWORD
>>
>> Using this setup, pppd works fine. It connects when called (although the
>> only way I can figure to close a connection is using kill and the pid # I
>> get from ps. There's got to be a better way...)
>>
>> If anyone has any tips or pointers, I am at a loss. Thanks!
>>
>> ----------
>> Steve Farris, [EMAIL PROTECTED]
>> "Computers are really reliable things that do everything you want
>> them to do and nothing else." --Linus Torvalds
>
>--
>
>-- john edwards
> [EMAIL PROTECTED]
> 301.470.4805
------------------------------
Date: Wed, 14 Apr 1999 19:44:34 +0200
From: Arndt Kritzner <[EMAIL PROTECTED]>
Subject: problem with WIN95 names in marsnwe
I'm using the marsnwe Novell emulation on a linux server for serving
some WIN95 und WIN98 clients in an office.
This works fine, only file- and directorynames with space characters
don't come over to the clients. But these filenames are in use from a
former genuine Novell server. OS/2 namespace is already switched on.
Is there a solution to enable space characters in file names?
Any help is welcome.
Arndt Kritzner
------------------------------
From: "John Edwards" <[EMAIL PROTECTED]>
Subject: Re: Assigning IPs to serial ports
Date: Wed, 14 Apr 1999 19:58:55 -0400
Most if not all of the console ports on network appliances are serial (read
TTY) connections. There are other ports on the device where one connects
modems via RS232 cable and RJ45 or BNC connectors for LAN connectors. What
do you have?
Bill Dunn wrote in message ...
> No. Unless you didn't understand or I didn't specify enough info that
>won't work.
>
> Bill Dunn
>
>
>John Edwards wrote in message <[EMAIL PROTECTED]>...
>>You don't need to. You're just connecting like a regular terminal.
>>
>>Bill Dunn wrote:
>>>
>>> I am wanting to connect a serial cable from a Linux machine (Red
Hat)
>to
>>> the console port on some access servers (Cisco, Livingston, Microcom). I
>>> need to be able to give the Microcom maintenance program an IP address
>and a
>>> port to connect to. Connecting the cable is obviously easy but how do I
>>> assign an IP address or port?
>>>
>>> Bill Dunn
>>
>>--
>>
>>-- john edwards
>> [EMAIL PROTECTED]
>> 301.470.4805
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
