Linux-Networking Digest #890, Volume #10 Sat, 17 Apr 99 02:13:42 EDT
Contents:
Re: IP masquerading (Richard Steiner)
Re: CHAP dialup... how?? ("K.A. Steensma")
Re: Configuring Linux As Gateway to Internet: Help ("pcheco")
USENET sucking! ([EMAIL PROTECTED])
Re: H.323 Conferencing Reflector ("Paul E. Jones")
Re: Email with Earthlink, Sendmail, exmh, mh, Linux libc5 (brian moore)
Re: Help: NFS permission denied ("K.A. Steensma")
Re: Routing problems ? ("Curt")
Re: "Direct CD?" (Jim Zubb)
Re: Help: The Incredible Disappearing Samba Server ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Richard Steiner)
Crossposted-To: comp.os.os2.networking.tcp-ip,comp.os.os2.networking.misc
Subject: Re: IP masquerading
Reply-To: [EMAIL PROTECTED]
Date: Fri, 16 Apr 1999 23:55:04 -0500
Here in comp.os.os2.networking.tcp-ip, [EMAIL PROTECTED] spake unto us, saying:
>In <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Richard Steiner)
>writes:
>>I could send you my own set of rules in a few days -- right now I have
>>the monitor on my second IntelliStation (still doing some initial OS
>>installation stuff), and I won't have time to get it back to the 486
>>until sometime Friday or Saturday.
>
>I'm very grateful if you send your files.
>I think I missed something.
Here's my current IP Masq setup. I have a file called rc.firewall in
/etc/rc.d that I run from /etc/rc.d/rc.local at boot time, and it sets
up the IP masqerading rules and loads a couple of modules. I suspect
that it could be a lot better, but it works.
echo "Rich: Setting up the firewall"
#
# flush all settings
#
/sbin/ipfwadm -F -f
#
# set default rule to deny
#
/sbin/ipfwadm -F -p deny
#
# allow any machine with address 192.168.1.x to masquerade.
#
/sbin/ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0
#
# Rich note: This rule may prevent others from spoofing me
#
# ipfwadm -I -a deny -S 192.168.1.0/24 -D 0/0 -W eth1
#
# load modules for specialized software requirements
#
echo "Rich: Loading IP masq-specific modules"
/sbin/depmod -a
echo "Rich: Enable non-PASV ftp"
/sbin/modprobe ip_masq_ftp.o
echo "Rich: Enable Quake"
/sbin/modprobe ip_masq_quake.o
echo "Rich: Enable RealAudio"
/sbin/modprobe ip_masq_raudio.o
#
# beep to signal that the boot is completed
#
echo "Rich: Done"
/usr/local/bin/ring
--
-Rich Steiner >>>---> [EMAIL PROTECTED] >>>---> Bloomington, MN
OS/2 + Linux (Slackware+RedHat+SuSE) + FreeBSD + Solaris + BeOS +
WinNT4 + Win95 + PC/GEOS + MacOS + Executor = PC Hobbyist Heaven!
The first time, it's love. The second time, it's $25...
------------------------------
From: "K.A. Steensma" <[EMAIL PROTECTED]>
Subject: Re: CHAP dialup... how??
Date: Sat, 17 Apr 1999 02:11:06 GMT
Don't go back !!! Try this instead. KAS
ftp://sunsite.unc.edu/pub/Linux/system/network/serial/ppp/pppsetup-2.11.tar.gz
Paul Corrigan wrote:
> Hi,
> As a total newbie to Linux; (RH 5.2); I am totally confused.
> I have read; and thought I understood; the FAQ's, but am totally unable
> to get my smachine to dial up my ISP, and make a connection!
>
> I'm getting so frustrated that I'll probably go back to windoze if I
> can't get it soon.
>
> I'm sure I'm not the only person to have had this problem.
>
> Can anyone help with detailed instructions?
>
> My ISP (YNN.com) uses CHAP authentication, but their tech 'support' was
> unable to help.
>
> TIA
>
> Paul
------------------------------
From: "pcheco" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.help,comp.os.linux.setup,comp.protocols.ppp
Subject: Re: Configuring Linux As Gateway to Internet: Help
Date: Wed, 14 Apr 1999 04:26:11 -0700
Scott Stone wrote in message <[EMAIL PROTECTED]>...
>pcheco wrote:
>>
>> Jim Harper wrote in message <[EMAIL PROTECTED]>...
>> >pcheco wrote:
>> >>
>> >> Jim Harper wrote in message <[EMAIL PROTECTED]>...
>> >> >pcheco wrote:
>> >> >
>> >> >> I am configuring my Linux 2.0.35 (RedHat pkg) as a gateway to the
>> >> Internet
>> >> >> for NT Workstations (NT 4.0 build 1381, pack 3). So far, I have not
>> been
>> >> >> able to succeed. In brief, the NT workstation knows to use the
Linux
>> >> system
>> >> >> for DNS services, but a ping (ftp or telnet) to an Internet address
>> fails
>> >> >> with a Request Time Out error.
>> >> >
>> >> >Do you have masquerading set up?
>> >>
>> >> No. I turned that feature off on my kernell as well as firewalling.
I'm
>> >> trying to configure a plain and simple gateway (IP Forwarder between
>> >> interfaces ppp0 and eth0). I am aware of the risks (I think I am), but
I
>> >> have to get something simple to work first.
>> >
>> >Do the NT boxes have real routable IP's? If not, then why not use IP
>> >Masquerading? It takes all of about five minutes to set up.
>> >
>> My understanding of IP Masquerading is limited. It's exciting to hear
that
>> it takes so little time to set up, but I rather move into that at a later
>> stage. Right now, I need to know that my NT boxes can see the Internet
via
>> the Linux box and they are not.
>>
>> >If they do have real Inet addresses, are they on a different subnet? If
so,
>>
>> No, they don't have real Inet addresses (it's a B network with
non-Internet
>> addresses: 172.16.2.1 .2 and .3).
>>
>
>If they don't have real inet addresses, you *must* use IP masquerading.
>That's what IP masq is for :).
>
>--
>--------------------------
>Scott M. Stone <[EMAIL PROTECTED]>
>UNIX Systems/Network Admin (Consultant)
>Taos Mountain Software
>
Thanks for clarifying this!
I made a mistake in overlooking the fact that a private network IP
address such as the one for my NT box, 192.168.1.2, can NEVER have a
TCP/IP connection to a valid Internet address (such as
www.netscape.com) via a Linux box that is connected to the Internet and
implements gatewaying w/o masquerading. It was naive of me not to
realize this sooner!
I understand now why Jim Harper kept talking about IP Masquerading as
a solution to my problem. Thanks again for clarifying that.
THE PROBLEM: I am still not able to see the Internet after following
the HOWTO on ipmask. (Read further for details regarding my setup).
HELP: I am looking for any hints/suggestions. In particular, any
suggestions on debugging tools. I have reasons to believe that the
packets make it to the Linux box, but are not routed from there, but I
can't be certain of this. /var/log/messages and /var/log/ppp.log (my
pppd log file) tell me nothing. Can any one suggest a way to trace the
packets to the Linux system?
Here is what I've done:
1. I compiled my kernel as per the instructions in
[http://24.0.127.204/howto/masquerade] and that's the
kernel I am now using.
2. For simplicity, I changed my IP numbers to those in the HOWTO (class
C network 192.168.1.0, with Linux gateway at 192.168.1.1).
3. The NT 4.0 systems w/o Inet addresses know the 192.168.1.1 (Linux
gateway with ipmasq on) to be their default gateway and they HAVE
ACCESS to that system. ipconfig produces:
Windows NT IP Configuration
Ethernet adapter El90x4:
IP Address. . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.1.1
4. After running pppd, ifconfig produces this output from the Linux
system:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0
TX packets:18 errors:0 dropped:0 overruns:0
eth0 Link encap:Ethernet HWaddr 00:50:04:21:83:B1
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2590 errors:1 dropped:0 overruns:0
TX packets:1538 errors:0 dropped:0 overruns:0
Interrupt:11 Base address:0xec80
ppp0 Link encap:Point-to-Point Protocol
inet addr:209.179.13.245 P-t-P:209.178.1.88 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:552 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0
TX packets:8 errors:0 dropped:0 overruns:0
route -n produces this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
209.178.1.88 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 5 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 1 lo
0.0.0.0 209.178.1.88 0.0.0.0 UG 0 0 0 ppp0
5. The following modules were loaded manually and I saw no errors in
/var/log/messages:
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
6. I manually ran the commands for setting up ipfwadm:
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.2/32 -D 0.0.0.0/0
After this I confirm that my commands were accepted by running
ipfwadm -F -l -n and getting:
IP firewall forward rules, default policy: deny
type prot source destination ports
acc/m all 192.168.1.2 0.0.0.0 n/a
7. After this, I try to telnet to 166.84.1.67 from the NT box 192.168.1.2,
but this fails. The same command succeeds from the Linux box, 192.168.1.1
Any help will be appreciated.
------------------------------
From: [EMAIL PROTECTED]
Subject: USENET sucking!
Date: Sat, 17 Apr 1999 05:08:11 GMT
Hi,
Can anybody suggest softwares and mechanisms to do news sucking from
free USENET (public) servers, onto a machine through a proxy-server!
The proxy-server is Windows based, but my other machines are Linux
powered. A silly ruling by our SysAds forbids me to replace our Proxy
server with Linux-Squid or something.
Are there any Linux (X) based newsreaders, that can read from locally
spooled news, which is sucked thru the proxy server???
so in Q are 3 pieces of s/w :
1.) how can i suck news (for local reading) thru a proxy server?
2.) how can i route that news to some Linux News server
3.) if that can be done, then i can use any Linux news reader to read
locally, else, is there any Linux news reader that can read news thru
a proxy server?
TIA
banibrata.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Paul E. Jones" <[EMAIL PROTECTED]>
Subject: Re: H.323 Conferencing Reflector
Date: Fri, 16 Apr 1999 20:12:52 -0400
Eric Livingston <[EMAIL PROTECTED]> wrote in message
news:7el5l8$1i9$[EMAIL PROTECTED]...
> Does anyone know if there is an effort underway anywhere to create an open
> source conferencing server that supports the H323 protocol? The only
product
> I'm currently aware of, commercial or not, is White Pine's
> MeetingPoint/ClassPoint stuff, which is winblows only. Also, it's pretty
> expensive stuff for somebody just trying to conference with some friends,
> etc...
Eric,
You should check out http://www.openh323.org/. I think you'll find what you
are looking for there. They have an active mailing list with a number of
people working on an open source H.323 stack. There has been interest
expressed by many to develop just about every type of H.323 endpoint.
Paul
------------------------------
From: [EMAIL PROTECTED] (brian moore)
Crossposted-To: comp.mail.sendmail,comp.mail.mh,comp.os.linux.setup,comp.os.linux.misc
Subject: Re: Email with Earthlink, Sendmail, exmh, mh, Linux libc5
Date: 17 Apr 1999 02:16:19 GMT
On 17 Apr 1999 01:33:49 GMT,
Keven R. Pittsinger <[EMAIL PROTECTED]> wrote:
>
> No, I need to rig sendmail.cf so that gulf.net and AOL truly consider me
> as part of Earthlink. Freddie.jamstar.com is my home machine. I've asked
> this several times. Trust me, you're *NOT* helping.
Well, you've made it slightly difficult, considering that your login
name on your home machine differs from that in your address. (The usual
trick that I do is to make them match, so I'm 'bem' on every machine and
the only trick is the domain.)
At any rate, what you want to use is the 'genericstable' feature of
sendmail. This lets you rewrite the envelope to match what it 'should'
be from a table.
>From the handy-dandy sendmail.org web page:
enericstable This feature will cause certain addresses
originating locally (i.e. that are unqualified) or
a domain listed in $=G to be looked up in a map and
turned into another ("generic") form, which can
change both the domain name and the user name. This
is similar to the userdb functionality. The same
types of addresses as for masquerading are looked
up, i.e. only header sender addresses unless the
allmasquerade and/or masquerade_envelope features
are given. Qualified addresses must have the domain
part in the list of names given by the macros
GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see
below).
The argument of FEATURE(`genericstable') may be the
map definition; the default map definition is:
hash -o /etc/genericstable
The key for this table is either the full address or
the unqualified username (the former is tried
first); the value is the new user address. If the
new user address does not include a domain, it will
be qualified in the standard manner, i.e. using $j
or the masquerade name. Note that the address being
looked up must be fully qualified. For local mail,
it is necessary to use FEATURE(`always_add_domain')
for the addresses to be qualified.
To enable this in the sendmail on stock RH5.2, uncomment the line in
/etc/sendmail.cf that defines the table, uncomment out the rulesets for
it (look for "generics" and you'll see them) and create the proper hash
file (use 'makemap' instead of 'hash' above).
--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster
------------------------------
From: "K.A. Steensma" <[EMAIL PROTECTED]>
Subject: Re: Help: NFS permission denied
Date: Sat, 17 Apr 1999 02:17:22 GMT
I (recently) had a machine that gave similar problems and I found that if I
put the IP address in the '/etc/exports' file (instead of the host + domain
name), that everything worked. Try it - maybe you have the same thing.
KAS
Darrin Rothe wrote:
> I am having trouble with not being able to write to NFS mounted
> filesystems. On the server side, the volume is listed as rw in
> /etc/exports. I also set the no_root_squash so that I may have root
> access to the NFS volume.
>
> On the client side, I mount the volume, but I have no write access from
> either my user account or from root. I have verified that the user
> accounts uid and gid are identical. Both server and client are
> relatively default installations of RH 5.2. This is very frustrating.
> I have tried many things and none have worked.
>
> Also, would anayone have any tips for reducing the number of times I
> have to type in my freaking password. I have two Linux machines on a
> closed network. Identical accounts on both. I am so sick of:
>
> #1 - having to type xhost + in order to run an x program from one
> machine on the other, as well as from root on the same machine.
>
> #2 - typing in username and password when telnetting to other machine.
> You may suggest using rlogin - you save the username, but then the
> DISPLAY environment variable is not properly set. This is a ridiculous
> situation.
>
> #3 - having to login telnet as a user, then su'ing. I am familiar with
> the resoning, and this is a valid concern on a public network, but
> again, quite sickening and unecessary on a closed one.
>
> If anyone can provide some pointers I would be appreciative. In fact,
> tonight, while troubleshooting this NFS situation, I must have typed my
> password at least 100 times. My username, at least 30.
>
> Thanks,
> Darrin Rothe
> [EMAIL PROTECTED]
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: Routing problems ?
Date: Fri, 16 Apr 1999 21:33:45 -0500
I found that if you suspect a MTU discovery problem, just reduce the size of
the
packets you use until it works. This was a problem with a SUN firewall we
use
to have, I found that a MTU of 1410 allowed me to reach all sites we tried.
This
was set on the outside interface of the firewall.
Radovan Brako wrote in message <7f7or4$967$[EMAIL PROTECTED]>...
> Looks like a problem with MTU Discovery. How is L1 connected to
> the Internet ? Directly from the L1 Linux machine, or from a
> router attached to the L1 local net ? Is any firewalling
> configured on the Linux machine (or on the router, whichever
> applicable) ?
>
> In brief: You must not filter out "ICMP Destination Unreachable:
> Fragmentation Required but Don't Fragment Bit Set" packets. Or,
> try configuring the PPP link with MTU equal to 1500 on both sides.
>
> If this is not the solution, ask again ...
>
> RB
>
>In <7f63bk$kna$[EMAIL PROTECTED]> Cor Wood <[EMAIL PROTECTED]> writes:
>
>>I hope some one can give me some clues about my problem.
>
>>We have a network that consist out of 2 subnets. Both subnets are
connected
>>by a ppp link. Both ends of the ppp connection is a Linux box (both
running a
>>2.0.36 kernel. One is a Redhat 5.2 distribution (called L1) , the other
one
>>is a slackware (called L2)). L1 has a permanent Internet connection. L2
>>connect via a dial-up line to L1. Both L1 and L2 are using IP-aliasing.
The
>>subnet containing L2 has also a few win95/98 machines in it. L1 has to
route
>>between the Internet and the subnet containing L2.
>
>>What is the problem ? When we browse with our win95/win98 machines on the
>>WWW, some sides never respond to our browser. When we visit the same side
>>from L2 we do get the page in. L2 and the win95/98 machines are in the
same
>>subnet. If we try an other service on the same side, using a win95/98
>>machine, (we use www.webcrawler.com mostly to test) say telnet
>>www.webcrawler.com, we have a login prompt within seconds. What goes wrong
?
>>I tried to trace the IP packages with tcpdump on L1 as well L2. I traced
on
>>L1 both eth0 and ppp0. On L2 I traced also eth0 and ppp0 (L2 is the
gateway
>>for the win95/98 machines to get out). When looking at the tcpdump output,
I
>>can see that the initial connection between the win95/98 machine and say
>>webcrawler is done correctly( win95 send a few packages , webcrawler
response
>>with acknowledgements etc.). At the moment webcrawler starts sending the
data
>>for the page, it seems they loose their connection. Webcrawler is sending
>>over and over an acknowledgement to the win95/98n machine, but this
>>acknowledgement never arrives there. It does arrive on L1 (eth0), but
never
>>gets routed to L1 (ppp0).
>
>>Even if I make static routes to the win95/98 on L1, we still have the same
>>problem.
>
>>Does this looks familiar to some one ?
>
>>Regards
>
>>Cor Wood
>>--
>>Cor Wood
>>[EMAIL PROTECTED]
>> Wolfhaven Solutions
------------------------------
From: Jim Zubb <[EMAIL PROTECTED]>
Subject: Re: "Direct CD?"
Date: Sat, 17 Apr 1999 02:38:40 +0000
nnnn wrote:
>
> Look at www.goldenhawk.com .
They don't support Linux.
--
Jim Zubb
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: linux.samba
Subject: Re: Help: The Incredible Disappearing Samba Server
Date: Sat, 17 Apr 1999 05:54:36 GMT
In article <[EMAIL PROTECTED]>,
"David R. Christianson" <[EMAIL PROTECTED]> wrote:
> David,
>
> I had the same problem and was able to solve it by making my Samba
> server the master browser, domain master and preferred master etc. then
> setting Browse Master to Never and LM Announce to No in WinXX. I don't
> recall at the moment exactly where in the Windows network configuration
> these settings were, but this did the trick here. The fault on mine when
> checking the log.nmb log was that, even though my Linux box was set for
> a higher OS level, it was continuously forcing browse elections and
> losing them to a Windows box which subsequently executed an LM announce
> that the Samba server couldn't understand. Changing the setting in WinXX
> from 'Auto' to 'No' did the trick.
>
What if you have a network with Win9x and NT4? It seems NT can often see the
Linux box while the Win9x boxes can not. They are getting different browse
lists.
David...
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
