Linux-Networking Digest #877, Volume #10 Fri, 16 Apr 99 01:13:46 EDT
Contents:
Re: Fooling my ISP ("Larry Brasfield")
Re: Firewall and Redhat 5.2 (Larry Benoit)
Freenet and ppp (mongoose)
Re: Network not set up correctly (Phil Hunt)
Re: Server setup problem, don't quite know were to start, please help. ("Eugene")
Re: diald: connect doesn't (Steve Farris)
Re: diald: connect doesn't (Steve Farris)
Re: Need help with PPP... (Bill Unruh)
Re: NT faster than Linux? (Richard Corfield)
Re: Problem connecting to the Samba Server!! ("Sanjiv Bawa")
Re: Apache Virtual Hosting and cgi (Glenn K.)
Help: NFS permission denied (Darrin Rothe)
Re: Using ipchains to block ICQ. ([EMAIL PROTECTED])
Re: NT faster than Linux? (Steven Sykes)
Re: automating the connection process (Clifford Kite)
----------------------------------------------------------------------------
From: "Larry Brasfield" <[EMAIL PROTECTED]>
Subject: Re: Fooling my ISP
Date: Thu, 15 Apr 1999 23:31:32 GMT
K.A. Steensma <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> I have tried to fool my ISP into thinking that I am 'using' my
> connection. I set up a cron job to ping my ISP's nameserver. But they
> can detect this and shut me down for inactivity. Then I tried to ping a
> site away from my IPS. This doesn't work either.
The echo command packets get turned around
at the lowest layer in the protocol stack. Since
other network management activity occurs there
as well, (such as ARP), that should be ignored
as "activity", the activity detection is probably
one or two (OSI) layers up from where ping is
handled. It never sees your pings at all.
> Would anyone have an idea how to keep my ISP from shutting me down?
You could do massive FTP's to /dev/null. You
might want to consider being a good citizen
first, however. The reason for timeouts is to
avoid the complications of a traffic based fee
structure. By faking activity, you ultimately
cost everybody and are likely to get on your
ISP's bad side, (appropriately I think).
--
--Larry Brasfield
Above opinions may be mine alone.
(Humans may reply at unundered [EMAIL PROTECTED] )
------------------------------
From: Larry Benoit <[EMAIL PROTECTED]>
Subject: Re: Firewall and Redhat 5.2
Date: Thu, 15 Apr 1999 23:38:01 -0400
This should help:
http://rlz.ne.mediaone.net/linux/faq/index3.html
Chris McGarry wrote:
> I am new to Linux but have set up a 486 dx2 66 with 32megs with two
> nics. One nic connected to ADSL (static ip on internet), the other my
> lan. I set up the Linux box with IP Masquerading by enabling ip
> forwarding and two commands "ipfwadm -F -p deny" and "ipfwadm -F -a m -S
> 192.168.57.2/32 -D 0.0.0.0/0" Everything is working great but I believe
> I need to setup some sort of firewall. Is this true? I would like (of
> coarse) to make my lan as secure as possible. Can someone point me in
> the right direction?
> Thank you for your time,
> Chris
------------------------------
From: mongoose <[EMAIL PROTECTED]>
Subject: Freenet and ppp
Date: Thu, 15 Apr 1999 21:45:35 +0100
Has anyone connected to Freenet.co.uk with PPP? Im failing miserably and
would appreciate any help. I have no problem with Windoze(sigh!) and my
(external) modem seems to hook up ok but then the protocol negotiations
seem to fail . I have set resolv.conf as per Freenet specification
(although they do not specify domain name - only nameserver addresses) I
am running Slackware with a 2.2.2 kernel and ppd is at 2.3.5 .Any ideas?
Two Logs follow from the same connection attempt. My system is
configured to route them to different files....
pppd[741]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1f569597>
<pcomp> <accomp>]
last message repeated 5 times
pppd[741]: rcvd [LCP code=0xc id=0x1 00 00 00 00 00]
pppd[741]: sent [LCP CodeRej id=0x2 0c 01 00 09 00 00 00 00 00]
pppd[741]: rcvd [LCP ConfReq id=0x2 <mru 1500> <asyncmap 0xa0000>
<magic 0x6f6292> <pcomp> <accomp>]
pppd[741]: sent [LCP ConfAck id=0x2 <mru 1500> <asyncmap 0xa0000>
<magic 0x6f6292> <pcomp> <accomp>]
pppd[741]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1f569597>
<pcomp> <accomp>]
pppd[741]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1f569597>
<pcomp> <accomp>]
pppd[741]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f
01>]
pppd[741]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15>
<bsd v1 15>]
pppd[741]: rcvd [LCP code=0xd id=0x2 00 6f 62 92 ff ff ff ff]
pppd[741]: sent [LCP CodeRej id=0x3 0d 02 00 0c 00 6f 62 92 ff ff ff
ff]
pppd[741]: rcvd [IPCP ConfReq id=0x1]
pppd[741]: sent [IPCP ConfNak id=0x1 <addr 0.0.0.0>]
pppd[741]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
pppd[741]: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
pppd[741]: rcvd [CCP ConfReq id=0x1 < 12 06 00 00 00 01>]
pppd[741]: sent [CCP ConfRej id=0x1 < 12 06 00 00 00 01>]
pppd[741]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15>
<bsd v1 15>]
pppd[741]: sent [CCP ConfReq id=0x2]
pppd[741]: rcvd [IPCP ConfReq id=0x2]
pppd[741]: sent [IPCP ConfAck id=0x2]
pppd[741]: rcvd [IPCP ConfNak id=0x2 <addr 212.1.145.191>]
pppd[741]: sent [IPCP ConfReq id=0x3 <addr 212.1.145.191>]
pppd[741]: rcvd [CCP ConfReq id=0x2 < 11 05 00 01 04>]
pppd[741]: sent [CCP ConfRej id=0x2 < 11 05 00 01 04>]
pppd[741]: rcvd [CCP ConfAck id=0x2]
pppd[741]: rcvd [IPCP ConfAck id=0x3 <addr 212.1.145.191>]
pppd[741]: sent [IPCP TermReq id=0x4 "Could not determine remote IP
address"]
pppd[741]: rcvd [CCP ConfReq id=0x3 < 11 05 00 01 03>]
pppd[741]: sent [CCP ConfRej id=0x3 < 11 05 00 01 03>]
pppd[741]: rcvd [IPCP TermAck id=0x4]
pppd[741]: sent [LCP TermReq id=0x4 "No network protocols running"]
pppd[741]: rcvd [CCP TermReq id=0x1]
pppd[741]: sent [LCP TermReq id=0x5 "No network protocols running"]
pppd[741]: pppd 2.3.5 started by myid, uid 0
chat[742]: timeout set to 60 seconds
chat[742]: abort on (ERROR)
chat[742]: abort on (BUSY)
chat[742]: abort on (NO CARRIER)
chat[742]: abort on (NO DIALTONE)
chat[742]: send (AT&FH0^M)
chat[742]: expect (OK)
chat[742]: AT&FH0^M^M
chat[742]: OK -- got it
chat[742]: send (atdt08456621100^M)
chat[742]: timeout set to 75 seconds
chat[742]: expect (CONNECT)
chat[742]: ^M
chat[742]: atdt08456621100^M^M
chat[742]: CONNECT -- got it
chat[742]: send (^M)
chat[742]: expect (ogin:)
chat[742]: 57600^M
chat[742]: ^M
chat[742]: ^M
chat[742]: Aptis CVX-1800.^M
chat[742]: ^M
chat[742]: Access is restricted to authorized users only.^M
chat[742]: ^M
chat[742]: login: -- got it
chat[742]: send (thisuserid^M)
chat[742]: expect (assword:)
chat[742]: thisuserid^M
chat[742]: password: -- got it
chat[742]: send (thispassword^M)
pppd[741]: Serial connection established.
pppd[741]: Using interface ppp0
pppd[741]: Connect: ppp0 <--> /dev/ttyS1
pppd[741]: Connection terminated.
pppd[741]: Exit.
Thanks in advance,
Garry
------------------------------
From: [EMAIL PROTECTED] (Phil Hunt)
Crossposted-To: uk.comp.os.linux,redhat.general
Subject: Re: Network not set up correctly
Date: Thu, 15 Apr 99 22:18:02 GMT
Reply-To: [EMAIL PROTECTED]
In article <7f5df5$i0u$[EMAIL PROTECTED]>
[EMAIL PROTECTED] "Richard Letts" writes:
> In uk.comp.os.linux Phil Hunt <[EMAIL PROTECTED]> wrote:
> > When I try to ping or telnet to localhost or 127.0.0.1, I get an error
> > message saying ``sendto: network is unreachable''. How do I fix this,
> > as I feel my machine ought to be able to talk to itself.
> >
> > I have tried the network configurator in control-panel, under the
> > ``Interfaces'' window it gives a list of interfaces, being l0 and ppp0.
> > l0 has the IP 127.0.0.1, and it say it is inactive, but when I
> > press [Activate], nothing happens (when I press [Activate] for ppp0 that
> > works OK.)
> >
> > Any ideas?
>
> Have a look in the routing table: post the output of netstat -rn
It says:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt lface
I get the impression it should display a table below the 2nd line,
but these is nothing there.
> Check you've not configured firewalling to block it
I've not configured firewalling at all.
--
Phil [EMAIL PROTECTED]
------------------------------
From: "Eugene" <[EMAIL PROTECTED]>
Subject: Re: Server setup problem, don't quite know were to start, please help.
Date: Fri, 16 Apr 1999 04:16:34 GMT
I don't think it's possible.
you can do it the other way around though
--
"Ein Volk, ein Reich, ein Fuhrer" - Adolf Hitler
"One World, one Web, one Program" - Microsoft's slogan
Jim C. <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi,
> I have a Win98 machine and a Slackware (2.0.30) Linux machine. They
> are connected by ethernet and have samba up and working. What I would
> like to do is let the linux machine piggy back off of my win98 machines
> dial-up internet connection, and then use the Linux machine as a web
> server. Any help would be greatly appriciated, or even an idea were to
> start.
> Thanks in advance,
> Jim.
>
------------------------------
From: [EMAIL PROTECTED] (Steve Farris)
Subject: Re: diald: connect doesn't
Reply-To: [EMAIL PROTECTED]
Date: Fri, 16 Apr 1999 04:20:13 GMT
Thanks for the warning. But it didn't work anyway....
[EMAIL PROTECTED] (Mike Jagdis) wrote:
>In article <[EMAIL PROTECTED]>, John Edwards wrote:
>>Check your IP addresses in your diald.conf file. They should be
>>127.0.0.3 for local and 127.0.0.3 for remote.
>
>WARNING: This no longer works with 2.2.x kernels. Now 127 addresses
>can *only* be sent on interfaces marked as loopback - which basically
>means lo since the loopback flag is not changable. I have not found
>this change documented anywhere :-(.
>
> Mike
========================================================================
Steve Farris [[EMAIL PROTECTED]] "...my life is more than a vision
The sweetest part is acting after making a decision" -Emily Saliers
========================================================================
------------------------------
From: [EMAIL PROTECTED] (Steve Farris)
Subject: Re: diald: connect doesn't
Reply-To: [EMAIL PROTECTED]
Date: Fri, 16 Apr 1999 04:20:13 GMT
On Wed, 14 Apr 1999 19:52:14 -0400, you wrote:
>Whoops! make that 127.0.0.2 for local.
>
>John Edwards wrote in message <[EMAIL PROTECTED]>...
>>Check your IP addresses in your diald.conf file. They should be
>>127.0.0.3 for local and 127.0.0.3 for remote.
>>
Well, tried that and the results are the same. Only now the log says it is
calling 127.0.0.3.
Somehow, connect doesn't seem to be working, although same settings work
from pppd. I'm stumped.
==========
Steve Farris, [EMAIL PROTECTED]
"Computers are really reliable things that do everything you want
them to do and nothing else." --Linus Torvalds
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Need help with PPP...
Date: 15 Apr 1999 22:18:54 GMT
In <n1hQ2.6400$[EMAIL PROTECTED]> "Jerry Wen" <[EMAIL PROTECTED]>
writes:
>I need assistance setting up PPP. I have accomplished this before, but I
>broke it after I installed kernel 2.2.5. I don't know where I went wrong; I
Why did you install the new kernel?
Anyway you have to upgrade a bunch of stuff, including ppp if you
upgrade the kernel.
------------------------------
From: Richard Corfield <[EMAIL PROTECTED]>
Crossposted-To: linux.samba,uk.comp.os.linux
Subject: Re: NT faster than Linux?
Date: 16 Apr 1999 00:16:25 +0100
In article <[EMAIL PROTECTED]>,
Carl Windsor <[EMAIL PROTECTED]> wrote:
>David Damerell wrote:
>
>> No doubt this will hit the trade press some time next week. People should
>> write in, but calmly; a page of rabid froth will do us no favours
>
>True, but why not get in there before they do. [...]
I'd hope that the press follows things like Slashdot and LWN. You see
enough quotes from them. In this case by the time the benchmark goes
to press hopefuly the press will have seen both sides of the story.
- Richard.
--
_/_/_/ _/_/_/ _/_/_/ Richard Corfield <[EMAIL PROTECTED]>
_/ _/ _/ _/ Web Page: http://www.littondale.freeserve.co.uk
_/_/ _/ _/ Dance (Ballroom, RnR), Hiking, SJA, Linux, ... [ENfP]
_/ _/ _/_/ _/_/_/ PGP2.6 Key ID: 0x0FB084B1 PGP5 Key ID: 0xFA139DA7
------------------------------
From: "Sanjiv Bawa" <[EMAIL PROTECTED]>
Subject: Re: Problem connecting to the Samba Server!!
Date: Thu, 15 Apr 1999 23:27:53 -0500
I have the same problem. Arghhh !!!
I went through the docs and did the whole smb.conf and smbpasswd thing and
it still does not work. Please let me know if you get this to work.
Please email to [EMAIL PROTECTED]
Thanks
joseph lang <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> SS wrote:
>
> > Hi All,
> >
> > I have both win98(client) and Linux(Samba Server) Machine on my network.
> > While I can find the Linux machine from my win98 machine in
> > network-nightborhood, but I can't get into it because when I click the
linux
> > icon, I was asked to input a password. after input the password, the
error
> > message"invalid password, try again" come out.
> > I don't know why... Please help ^_^
> >
> > P.S. I can login linux machine by telnet and ftp from my win98 machine
>
> Assuming you typed the correct password (watch your case) You may be
stumbling
> over "plain text password" the default for windoze is encrypt passwords
and
> the default for samba is plain text passwords
> look in the samba docs for the registry entry needed for plain text or
> configure samba for encrypted passwords.
>
>
>
------------------------------
From: Don'[EMAIL PROTECTED] (Glenn K.)
Subject: Re: Apache Virtual Hosting and cgi
Date: Fri, 16 Apr 1999 04:08:41 GMT
On Wed, 07 Apr 1999 02:24:15 GMT, "Owen Parry"
<[EMAIL PROTECTED]> wrote:
>Is there a way to restrict a cgi script to a virtual host?
yes, specify different script paths the virtual domain options. Here
is an example of domains "apple.com" and "orange.com". see
below for what should be in the "httpd.conf" file:
=========== CUT FROM HTTPD.CONF FILE ===================
<VirtualHost www.apple.com>
DocumentRoot /www/www.apple.com
ServerName www.apple.com
ErrorLog /var/log/www.apple.com/logs/error_log
TransferLog /var/www.apple.com/logs/access_log
ScriptAlias /cgi-bin/ /var/apple/cgi-bin/
</VirtualHost>
<VirtualHost www.orange.com>
DocumentRoot /www/www.orange.com
ServerName www.orange.com
ErrorLog /var/log/www.orange.com/logs/error_log
TransferLog /var/www.orange.com/logs/access_log
ScriptAlias /cgi-bin/ /var/orange/cgi-bin/
</VirtualHost>
=========== CUT FROM HTTPD.CONF FILE ===================
This way, a html file for www.apple.com will only run CGI files if
they are in the "/var/apple/cgi-bin" directory. Likewise, a html file
in the "www.orange.com" domain will only run if it is in the
"/var/orange/cgi-bin".
------------------------------
From: Darrin Rothe <[EMAIL PROTECTED]>
Subject: Help: NFS permission denied
Date: Thu, 15 Apr 1999 21:31:50 -0700
I am having trouble with not being able to write to NFS mounted
filesystems. On the server side, the volume is listed as rw in
/etc/exports. I also set the no_root_squash so that I may have root
access to the NFS volume.
On the client side, I mount the volume, but I have no write access from
either my user account or from root. I have verified that the user
accounts uid and gid are identical. Both server and client are
relatively default installations of RH 5.2. This is very frustrating.
I have tried many things and none have worked.
Also, would anayone have any tips for reducing the number of times I
have to type in my freaking password. I have two Linux machines on a
closed network. Identical accounts on both. I am so sick of:
#1 - having to type xhost + in order to run an x program from one
machine on the other, as well as from root on the same machine.
#2 - typing in username and password when telnetting to other machine.
You may suggest using rlogin - you save the username, but then the
DISPLAY environment variable is not properly set. This is a ridiculous
situation.
#3 - having to login telnet as a user, then su'ing. I am familiar with
the resoning, and this is a valid concern on a public network, but
again, quite sickening and unecessary on a closed one.
If anyone can provide some pointers I would be appreciative. In fact,
tonight, while troubleshooting this NFS situation, I must have typed my
password at least 100 times. My username, at least 30.
Thanks,
Darrin Rothe
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Using ipchains to block ICQ.
Date: Thu, 15 Apr 1999 21:27:00 GMT
In article <7ehqpm$[EMAIL PROTECTED]>,
"Jan Johansson" <[EMAIL PROTECTED]> wrote:
> Helping out to transition from msproxy to squid on a local school. The staff
> has expressed a desire to kill all ICQ usage, does anyone have a good rule
> to block out the ICQ servers? the tighter the better?
>
> Tia
>
> /jan
>
>
We have the same problem here, I blocked all ports above 1024 which works
great but passive ftp won't. Now we are kinda stuck want to choke all ports
off to ICQ but leave passive ftp on. I too figured that the server list would
be the only way to do it. If you found another could you let me know, if not
you say that you have a sever list. I would like to get that from you if
possible so we can turn off ICQ. Thanks in advance... Doug......
[EMAIL PROTECTED]
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Steven Sykes <[EMAIL PROTECTED]>
Crossposted-To: linux.samba,uk.comp.os.linux
Subject: Re: NT faster than Linux?
Date: Fri, 16 Apr 1999 13:49:00 +1200
In article <7f56lp$r2f$[EMAIL PROTECTED]>, Taylor
<URL:mailto:[EMAIL PROTECTED]> wrote:
> In article <S2o*[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Laurie Brown <[EMAIL PROTECTED]> wrote:
> > >I received this pointer today. Comments anyone?
> > >http://www.mindcraft.com/whitepapers/nts4rhlinux.html
> >
> > Look at the 'Mindcraft Certification' section. Sponsored by Microsoft.
> > I think the conclusion to be drawn is that Microsoft sponsorship
>
> Look at http://www.mindcraft.com/whitepapers/nts4rhlinux.html
>
> Notice they never bothered to get all the RAM to work. Only 980MB or so,
> so the NT is using over 4X the memory. Fair Test? Doubtful..
I noticed that they didn't point out that NT needs to have all that
extra memory, whereas Linux is much lighter on such requirements.
Cheers,
--
Steven
Webmaster of WACC - Wellington Acorn Computer Club
WACC pages: http://homepages.paradise.net.nz/~pbrowne/WACC/
Phone: (03) 358-5601 or (025) 908-448
My pages: http://homepages.paradise.net.nz/~acorn/
... I haven't lost my mind; it's backed up on tape somewhere!
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: automating the connection process
Date: 15 Apr 1999 16:54:40 -0500
Internet News Groups ([EMAIL PROTECTED]) wrote:
: i've been trying to automate my internet connection process, but it just
: won't work, everything's fine if i connect to internet manually. i think
: the problem is that after the isp varifies my password it sends a menu
: roughly like:
: make a choice:
: ------------------------------------
: 1. info
: 2. make a slip connection
: 3. make a ppp connection
: 4. disconnect
Use the expect/send disconnect '\d3' . The \d provides a second of
delay before sending the 3 to give the menu a little extra time to get
itself ready for something to be entered. Just after the password
expect/send.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* The wealth of a nation is created by the productive labor of its
* citizens. */
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
