Linux-Networking Digest #947, Volume #10 Fri, 23 Apr 99 07:13:48 EDT
Contents:
What Would Be A Very Capable... (K Lee)
Re: What Would Be A Very Capable... ("Ian Lunam")
Re: GET REDHAT 6.1 FiNAL! (Frankie)
NAM Setup ("marcelle farag")
Re: Proxy client for linux. (Michael Shuldman)
Why won't RedHat see my network card? ("Carl Kramer (RobotFan)")
Linux PPP-2.3.7 vs Microsoft RRAS ("Pic")
Re: Hacker 'SATANIC SERVER' on my LAN ("Curt")
Multilinking? Possible? uder linux ("Philip")
Re: Setting up Linux as a Novell File Server (Alexei Kakhno)
Re: Waiting for Red Hat 6.0 ([EMAIL PROTECTED])
Re: Setting up Linux as a Novell File Server (Pat Thoyts)
Re: NT faster than Linux? (Jamie)
Re: Help sending COOKIES/Apache (David Jack Olrik)
Re: Help sending COOKIES/Apache (David Jack Olrik)
Re: Remote Call in (Pat Thoyts)
Re: Modem Not Dialing (Randy Sandberg)
Re: Playing BATTLE.NET and Age of Empires behind IP Masquerade (Dave Melton)
Re: chmod on directory ("Junky")
Re: HELP tr0:open failed error ("Junky")
Linux client on a M$ proxy server ("Robert Horlings")
Help on RTL 8139 (Simon Su)
Re: Ethernet firewall (Michal Suszycki)
----------------------------------------------------------------------------
From: K Lee <[EMAIL PROTECTED]>
Subject: What Would Be A Very Capable...
Date: 23 Apr 1999 03:00:37 GMT
system which is to be used for just routing purposes or to be used as a
gateway for my home network?
I have cable modem and I'd like to setup a network in my house and I
understand that you don't need a top of the line computer to do that. But
what type of processor, how much RAM, how much HD space, and what type of
NICs would make a very nice box for that purpose so that none of the
performance issues are compromised?
The 2 computers which will be in that network are:
PII 300(before celeron) w/3Com 905. I'm using this box right now w/dual
boot, w/2 HDs, one w/Windows98 and the other has Linux on it, but plan to
take one HD out to put into the new box.
And I plan to get a Celeron box with a Linux compatible NIC, perhaps the
same one as the one I have now.
Thank you very much in advance.
Steve
------------------------------
From: "Ian Lunam" <[EMAIL PROTECTED]>
Subject: Re: What Would Be A Very Capable...
Date: Fri, 23 Apr 1999 15:24:31 +1200
Personally, I'd say anything from a 486DX4/100 w/16M upwards.
I was running a P60 w/16M for the job and it hummed. Now I'm running a P150
w/32 and it sits there with it's thumb up it's arse. Linux is very light on
hardware.
Ian
K Lee wrote in message <7fonol$h28$[EMAIL PROTECTED]>...
>system which is to be used for just routing purposes or to be used as a
>gateway for my home network?
>
>I have cable modem and I'd like to setup a network in my house and I
>understand that you don't need a top of the line computer to do that. But
>what type of processor, how much RAM, how much HD space, and what type of
>NICs would make a very nice box for that purpose so that none of the
>performance issues are compromised?
>
>The 2 computers which will be in that network are:
>
>PII 300(before celeron) w/3Com 905. I'm using this box right now w/dual
>boot, w/2 HDs, one w/Windows98 and the other has Linux on it, but plan to
>take one HD out to put into the new box.
>
>And I plan to get a Celeron box with a Linux compatible NIC, perhaps the
>same one as the one I have now.
>
>Thank you very much in advance.
>
>Steve
------------------------------
From: Frankie <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,linux.redhat.install
Subject: Re: GET REDHAT 6.1 FiNAL!
Date: Fri, 23 Apr 1999 08:47:27 +0200
It's probably about a RedHead....
Xarj wrote:
>
> http://teen.sexhound.net/xxxpic/ 100% FREE WEBSITE WITH 200 PICS OF HOT SEXY
> TEENS UPDATED WEEKLY! PLEASE COME AND HAVE A LOOK IF YOU LIKE TRUE TEEN
> PICTURES... IT'S ALL IN YOUR INTEREST! http://teen.sexhound.net/xxxpic/
------------------------------
From: "marcelle farag" <[EMAIL PROTECTED]>
Subject: NAM Setup
Date: Mon, 19 Apr 1999 15:25:09 -0700
For those linux users out in the bay area, I need help setting up NAM. I
followed the instruction in http://itweb.rsn.hp.com/atas/securehp.html with
no luck. Any volunteers out there....
Thanks
Marcelle Farag
553.7980
------------------------------
From: [EMAIL PROTECTED] (Michael Shuldman)
Subject: Re: Proxy client for linux.
Date: 23 Apr 1999 07:15:04 GMT
Raymond Doetjes ([EMAIL PROTECTED]) wrote:
> Everybody is full about the SOCKS5 proxy implementations but I think
> they suck. Since you need adjusted client software to connect to
> resources. Thats why I would never ever run a proxy server!
All you have to do to make all (sans set[ug]id) dynamically linked
programs use the socks library that comes with the socks implementation
Dante is to set a environment variable.
(Dante also has some experimental support for the msproxy protocol
as the previous poster asked about.)
--
_ //
\X/ -- Michael Shuldman <[EMAIL PROTECTED]>
------------------------------
From: "Carl Kramer (RobotFan)" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,comp.os.linux.misc
Subject: Why won't RedHat see my network card?
Date: Wed, 21 Apr 1999 10:09:19 -0400
I recently tried to re-install 5.1 on a machine that had been connected
to a network without any problems. During the reinstallation, when
prompted for a driver, I selected my card from the list and selected the
'autoprobe' option. I was greeted with the error message "I can't find
the device anywhere on your system!". I opened the case and inspected
the card. Nothing seemed to be wrong, but I replaced the card anyway
and tried again. Same problem. I tried different slots on the mother
board. No dice. I tried using different cards all together (3com,
D-LINK, NE-2000). None worked. I tried specifying the IO and IRQ
parameters. Nuh-uh. Checked the CMOS for any irregularities. Didn't
help.
"Error
I can't find the device anywhere on your system!"
Is all that I get for my trouble. I downloaded the image for 5.2 boot
and supplemental. Tried to install from FTP, but still no go.
I wiped the hard drive completely clean (with the help of Partition
Magic), started over again and still no soap.
Meanwhile, when I swap out the hard drive with one that has windows 95
installed on it. Windows finds and installs the drivers for the card
without any problem.
I am utterly stumped.
Why won't RedHat see my network card?
Any help would be most appreciated.
Thanks.
------------------------------
From: "Pic" <[EMAIL PROTECTED]>
Subject: Linux PPP-2.3.7 vs Microsoft RRAS
Date: Wed, 21 Apr 1999 11:18:00 -0400
Hi,
I thougt I'd let you know the results of a test I performed
a while ago.
First I connected two NT 4.0 server (Sp4) boxes together with a Null
modem serial cable between their COM2 ports. Installed RRAS (Routing
and Remote Access Service) on both and used demand dialing to establish
a PPP link between them. I enabled compression and set both serial ports
to 57.6 Kbps. I then proceeded to transfer the following files between them
using the command line FTP:
squid-1.1.22-src.tar.gz (500 kb) I got 5.6 kb/s
messages.txt (1.2 mb) I got 30 kb/s
xv.exe (1.1 mb) I got 11.5 kb/s
winfix.zip (1.5 mb) I got 5.6 kb/s
Using the same machines ( 2 x K6's 2/266 with 64 mb/mem) I switched
to the Linux's partitions (linux 2.2.6) and installed pppd 2.3.7 and
loaded the bsd_comp and ppp_deflate modules and established a PPP
connection (still at 56.7 kbps) and did the same test:
squid-1.1.22-src.tar.gz (500 kb) I got 5.3 kb/s
messages.txt (1.2 mb) I got 40 kb/s
xv.exe (1.1 mb) I got 13 kb/s
winfix.zip (1.5 mb) I got 5.3 kb/s
We can see by the results that the .exe and .txt file realy benefit
from the compression. The 40 kb/s and 13 kb/s results are
almost cut in half if the ppp_deflate module is not loaded.
This test also shows that you don't need High speed serial boards
when you use PPP's compression instead of the modem's compression...!
and also that the Linux PPP folks really did a good job with pppd-2.3.x.
Regards
Pic
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: Hacker 'SATANIC SERVER' on my LAN
Date: Mon, 12 Apr 1999 17:42:24 -0500
I haven't used ipchains yet, however you can limit the connections
to your samba server to your internal network. Add the follwoing line
to your /etc/smb.conf file.
hosts allow = 192.168.0. 127.
star wrote in message <[EMAIL PROTECTED]>...
>I recently installed Samba.
>When i did 'smbclient -L server', i got a list of shares, servers
>and the workgroupname with its Master.
>In the list under the Master header there it was: SATANIC_SERVER
>Under the Server header there was also a name which didnt belong to
>my LAN.
>What has happened here?
>How is it possible that someone can connect to my LAN through my
>firewall.
>Is Samba an unreliable factor?
>
>At the time of the hack this was my firewall:
>
>IPADDR='/sbin/ifconfig eth0 | /bin/grep -i "inet addr" | /usr/bin/cut
>-f2 -d":" | /usr/bin/cut -f1 -d" "
>'
>LOCALMASK="192.168.0.0/24"
>
># flush all other commands
>ipchains forward -F
>ipchains input -F
>ipchains output -F
>
># default policy: deny all
>ipchains forward -P deny
>ipchains output -P deny
>ipchains input -P deny
>
># first deny spoofers from outside and log them
>ipchains input -l -i eth0 -S 192.168.0.3/32 -j deny
>ipchains input -l -i eth0 -S 192.168.0.0/24 -j deny
>ipchains input -l -i eth0 -S 127.0.0.1/32 -j deny
>
># deny all other special networks
>ipchains input -l -i eth0 -S 192.168.0.0/16 -j deny
>ipchains input -l -i eth0 -S 172.16.0.0/12 -j deny
>ipchains input -l -i eth0 -S 10.0.0.0/8 -j deny
>
># forward
>ipchains -A forward -j MASQ -s 192.168.0.1/32 -d 0.0.0.0/0
>ipchains -A forward -j MASQ -s 192.168.0.2/32 -d 0.0.0.0/0
>
># Control response to netbios broadcasts. DENY but do not REJECT
>netbios.
># Rejection of netbios packets would result in a continuous stream of
># icmp rejection packets due to excessive netbios broadcasts in this
>segment.
>/sbin/ipchains -A input -p tcp -j DENY -d $IPADDR
>netbios-ns:netbios-ssn
>/sbin/ipchains -A input -p udp -j DENY -d $IPADDR
>netbios-ns:netbios-dgm
>
># REJECT connections to all priviliged ports. In theory the range
>extends to
># port 1024. In practice however, the ssh-client likes to connect from
>ports
># 1001 and up.
>/sbin/ipchains -A input -p tcp -j REJECT -d $IPADDR 0:1023
>/sbin/ipchains -A input -p udp -j REJECT -d $IPADDR 0:1023
>
># REJECT connections to the squid ports of the external interface. We
># don't want others to be able to 'upgrade' our datalimit.
>/sbin/ipchains -A input -p tcp -j REJECT -d $IPADDR 3128
>/sbin/ipchains -A input -p tcp -j REJECT -d $IPADDR 3130
>
># default policy: deny all
>ipchains forward -P deny
>ipchains output -P deny
>ipchains input -P deny
>
>What rule did i forget?
>
>At the time in inetd.conf ftp, telnet and pop3 where uncommented
>
>I cannot find the satanic server in my logs.
>In which logfile should i look for a trace?
>
>thanks for any help
>
------------------------------
From: "Philip" <[EMAIL PROTECTED]>
Subject: Multilinking? Possible? uder linux
Date: Fri, 23 Apr 1999 19:20:18 +1000
Hi
Does any one know how to set-up linux to use multilinking? or MP
(Multilinking PPP) rather then EQL?
Windowz can do it!! im sure linux can?
Thanks,
Philip
------------------------------
From: [EMAIL PROTECTED] (Alexei Kakhno)
Subject: Re: Setting up Linux as a Novell File Server
Date: Fri, 23 Apr 1999 05:13:24 GMT
On Thu, 22 Apr 1999 12:30:35 +0800, "Kalgoorlie Assay Labs"
<[EMAIL PROTECTED]> wrote:
>Is there any know way.. (even a HOWTO will do) to set up a Linux computer to
>be logged onto like a Novell server using novell clients (on say Win 95, 98
>and Dos even) ?
>
>I see Samba can be used to represent a NT server, but a Novell server would
>be much more preferable.
>
>Luke
>
>
I've downloaded new mars_nwe_emulator and installed it.
Works fine more than month.
Alexei, Best regards, Russia
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.development.system
Subject: Re: Waiting for Red Hat 6.0
Date: Fri, 23 Apr 1999 09:22:06 GMT
First, why are you using such an old and out dated and *beta* kernel,
when a much nicer and newer one, 2.2.6, exists? Also, I found there
is a step there is not mentioned in the readme for the kernel, and
only very briefly touched on in modules.txt, that can make a big
difference. First, is the problem that the
On Sat, 17 Apr 1999 22:35:23 +0200, "folkert meeuw"
<[EMAIL PROTECTED]> wrote:
>Hi Dear Frindly Readers,
>now, since I'm waiting for Red Hat 6.0, i 've got a Problem with Red Hat 4.2
>A month ago I updated to the Kernel Source 2.1.43.
>After, I wrote a shell script to automate the compilation of new Kernel and
>delegate the job to crond on every night at 01:00 and 03:00 and 05:00,
>'cause the compilation breaks with an error sometimes (a 486-Intel/Compaq
>PC)
>Always the system has the same Problem, when I activate ppp-functionality
>in a monolithic Kernel with menuconfig there is a library error with the
>net-modules, when I type make dep clean zImage and when I reboot the system didn't
>find
>the net-Modules.
>But I want to route with my Linux-PC in a TCP/IP Network so I need
>this functinality. And when I start a ppp Session to my Provider and
>'ve been connect and type route to see who the Linux routed there
>is no routing functional�ty to see, evenso I tested with ping from
>one other PC in the Network but there is nothing going out.
>Have had someone of you here make experience with it ?
>
>MfG Folkert Meeuw
------------------------------
From: Pat Thoyts <[EMAIL PROTECTED]>
Subject: Re: Setting up Linux as a Novell File Server
Date: 23 Apr 1999 10:22:54 +0100
"D. Brown" <[EMAIL PROTECTED]> writes:
> Kalgoorlie Assay Labs wrote:
>
> > Is there any know way.. (even a HOWTO will do) to set up a Linux computer to
> > be logged onto like a Novell server using novell clients (on say Win 95, 98
> > and Dos even) ?
> >
> > I see Samba can be used to represent a NT server, but a Novell server would
> > be much more preferable.
> >
> > Luke
>
> Caldera actually makes software for Linux that makes it look like a NW 4.x
> server. The 3 user version is free, you pay for all the licenses after that.
The mars_nwe program makes a fine Netware box out of your Linux server
for free. You should be aware that it is a Netware 3 type of server
and doesn't do NDS.
To set it up there is a howto. You basically need to get IPX working
and install the server. RedHat has come with mars_nwe installed and
ready to go for the last few releases. I've been using this to serve
files to OpenDOS and windows clients for about 3 years and it's been
fine the whole time.
Pat Thoyts.
------------------------------
From: Jamie <[EMAIL PROTECTED]>
Crossposted-To: linux.samba,uk.comp.os.linux
Subject: Re: NT faster than Linux?
Date: Fri, 23 Apr 1999 10:28:30 +0100
Reply-To: [EMAIL PROTECTED]
> Just a bit more fuel for the fire
http://www.cnn.com/TECH/computing/9904/21/ntpaper.ent.idg/
And notice this is CNN posting the story ...
------------------------------
From: David Jack Olrik <[EMAIL PROTECTED]>
Subject: Re: Help sending COOKIES/Apache
Date: Wed, 21 Apr 1999 16:22:15 +0200
Larry wrote:
>
> I would like to make my server send a cookie.
> The problem is that I don't know
> where should I make the call to the CGI script.
Simply send this line *before* you send the content type:
"Set-Cookie: <name>=<value>; expires=<date>; domain=<domain where cookie
valid>; path=<subset of url(domain) where cookie is valid>\n"
--
i-data is a leading vendor of printing connectivity solutions, e-forms
software, and networking products.
More information is available at www.i-data.com
Disclaimer: I speak for myself, not my employer.
------------------------------
From: David Jack Olrik <[EMAIL PROTECTED]>
Subject: Re: Help sending COOKIES/Apache
Date: Wed, 21 Apr 1999 16:24:50 +0200
Larry wrote:
>
> I would like to make my server send a cookie.
> The problem is that I don't know
> where should I make the call to the CGI script.
> (I don't want to use <meta-equiv=...> in the head tag of the HTML page.)
> Thanks !
For more info on cookies check out this URL
http://home.netscape.com/newsref/std/cookie_spec.html
--
i-data is a leading vendor of printing connectivity solutions, e-forms
software, and networking products.
More information is available at www.i-data.com
Disclaimer: I speak for myself, not my employer.
------------------------------
From: Pat Thoyts <[EMAIL PROTECTED]>
Subject: Re: Remote Call in
Date: 23 Apr 1999 10:28:41 +0100
"v4cal" <[EMAIL PROTECTED]> writes:
> i want to call into linux from a windows computer and have linux answer the
> phone
>
> and have full access to linux
>
> and get on the net
>
> haw can i do the
Read the HOWTO documents (follow links at www.uk.linux.org or
wherever) on setting up a PPP server and the Serial-HOWTO for general
stuff on answering the phone.
Though in short, plug the modem into the phone, fire up minicom and
enter ATS0=1 to get the modem to answer.
Or use mgetty.
Read some manuals.
Pat.
------------------------------
From: Randy Sandberg <[EMAIL PROTECTED]>
Subject: Re: Modem Not Dialing
Date: Thu, 22 Apr 1999 22:41:33 -0700
Brian wrote:
>
> I have red hat 5.1 installed on a dual boot machine. NT occupies all of
> the first drive and occupies the MBR. Linux occupies all of the second
> drive, as I boot it off of a floppy. I defined a ppp interface under
> the networking tool in X. When I activate the interface it's status
> shows active, but the modem does not dial nor connect to my isp.
> I have checked the following:
> symbolic link to ttyS0 from modem exists. Also tried link to ttySO
>
> dmesg shows IRQ4 on 03f8-03ff and 02f8-02ff as IRQ3
>
> cat /proc/ioports shows both of the serial ports.
>
> cat /proc/interrupts does not show the serial ports. Even after i ran
> the following command setserial /dev/ttyS0 port 3f8 irq 4
>
> The modem works under NT and I have had the modem working under linux
> on the same box, but that was when the root partition sat on the first
> drive.
>
> The modem is a USR internal sportster fax/modem 28.8-33.6
>
> Thanks in advance
> Brian
I just built a new kernel (i.e., 2.2.6) last night and had the same
problem. I too checked the same things you did and pretty much got the
same results. Then it hit me that I forgot to compile ppp into my new
kernel. Oh well, I'm still just a newbie :-)
--
Randy Sandberg [EMAIL PROTECTED]
I have a problem with a revolution in that if you have a
revolution, then afterwards you become the establishment.
We should not try to dominate. --Linus Torvalds
------------------------------
From: [EMAIL PROTECTED] (Dave Melton)
Subject: Re: Playing BATTLE.NET and Age of Empires behind IP Masquerade
Date: Fri, 23 Apr 1999 05:54:20 GMT
I've got it generally working. I'm running RH5.2, and I don't have
ipautofw either. I've got everything turned on for IP forwarding,
using
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
My son can connect and play, but he's still complaining that he gets
disconnected (at battle.net) fairly frequently. From his
communication with other people on battle.net, it sounds like he's
getting dropped more often than most.
We've got a 384k symmetrical DSL connection, which is working fine.
No other major traffic on the house LAN or the 'net connection while
he's having problems. Linux router machine is a P133 with 64M RAM,
that's doing nothing else. Not sure what's causing the
problem....anyone have any ideas?
- Dave Melton
On Sat, 17 Apr 1999 02:56:36 GMT, Nick Farley <[EMAIL PROTECTED]>
wrote:
>--------------A0C7033862C798192B0D5C1E
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>Did you ever fingure it out? I have the same problem but with diablo.
>It seems like there is a solution at:
>http://users.nais.com/~nevo/masq/games.html the only problem is that I
>can't find the ipautofw program on my linux box. I'm running Mandrake
>Linux 5.3 (Red Hat 5.2). I've been trying to figure this out for about
>a month. Please help if you can.
------------------------------
From: "Junky" <[EMAIL PROTECTED]>
Subject: Re: chmod on directory
Date: Fri, 16 Apr 1999 16:07:42 +1000
>Yes. It means [that group with execute permission turned off] will no
>longer be able to CD into that directory. IIRC. You should still be
>able to do an "ls" from another directory. I may have that mixed around
>with the "read" permission.
>--
>Mist.
you are right. turning off the xec permission on a directory stops you from
cd'ing to it, but you are still able to read & write files in the floder (if
you have the permissions that is)
------------------------------
From: "Junky" <[EMAIL PROTECTED]>
Subject: Re: HELP tr0:open failed error
Date: Fri, 16 Apr 1999 16:12:43 +1000
Brett Wrote:
> I have set up Slackware Linux (3.0.6) successfully on an IBM PS/2
>box with microchannel adapter. I installed the network applications and
>configured the network including changing the eth0 to tr0.
>
Under most linux kernels microchannel buses are not supported. maybe if you
were able to get some driver that would help
~ Mikey
------------------------------
From: "Robert Horlings" <[EMAIL PROTECTED]>
Subject: Linux client on a M$ proxy server
Date: 21 Apr 1999 15:13:30 GMT
Hi,
A few days ago I've installed Linux, and I finally got the network to work.
But I want ot access the internet by our M$ proxy server. I filled in the IP
address and Port # in Netscape, but then the statusbalk blinks. It gives the
following messages very fast:
'Connecting to 10.0.0.2'
'Connected to 10.0.0.2. Waiting for reply'
(At least I thought these messages)
But he keeps saying this. I had the same problem in W98, but then I said to
Netsape that I had a direct connection to the internet. This was arranged by
the M$ proxy client. I was wondering if such a program exists for Linux!
I hope anyone can help me
Robo
(I'm NOT looking for a proxy server!!!!)
--
E-mail: [EMAIL PROTECTED]
Ut desint vires, tamen est laudanda voluntas
------------------------------
From: Simon Su <[EMAIL PROTECTED]>
Subject: Help on RTL 8139
Date: Wed, 21 Apr 1999 10:03:56 -0500
Hello,
I have a RTL 8139 Fast Ethernet Adapter Card, NT drive list told me,
and RedHat 5.2 in my PIII box. I recompiled the kernel to include the
driver for RTL 8139. Everything, including the network, works fine
during the first few
moment of machine startup. I can do all the normal network stuff to
anywhere. However, after a while, maybe about 15
minutes, I keep getting an error message on my screen.
eth0: Transmit timeout, status 0d 2000
sometimes I get
eth0: Transmit timeout, status 0d 0000 message.
I also have NT on my machine and everything works great and no complain
from NT. Anybody have any idea what the error message means?
Any advise is greatly appreciated.
Thanks
Simon
------------------------------
From: Michal Suszycki <[EMAIL PROTECTED]>
Subject: Re: Ethernet firewall
Date: Fri, 23 Apr 1999 11:27:00 +0200
Reply-To: Michal Suszycki <[EMAIL PROTECTED]>
On Thu, 22 Apr 1999, mist wrote:
> Michal Suszycki <[EMAIL PROTECTED]> scribed to us that -
> >
> >
> >Hello!
> >
> >Sorry if it was on some previous posting.
> >I've tried to find some information about 'ethernet firewall' but without
> >any sucess.
> >
> >Problem is simple:
> >
> >There is a linux box with two ethernet cards which acts as a router.
> >You can filter packets using ipfwadm (or ipchains) but it is done on IP
> >level.
> >How can you filter packets on ethernet level?
> >For example you may want linux router to drop packets which have specific
> >ethernet source address.
> >
> Presumably for a hardware-level firewall you would have to look at a
> special piece of hardware. At a guess. There is no such thing as
> "packets" at a physical level, really, is there?
Maybe I didn't write so clearly. Correct me if I'm wrong.
I'm just very surprised that I can't block something on the linux router
using ethernet source address as criteria.
Why this feature is not implemented in linux ? (or maybe it is, I try
to find out ;)
Is this really necessary to use special piece of hardware?
> Why would you want to drop a specific card's packets? Surely the
> address of the card would be essentially irrelvant to where the packets
> are coming from. That's the whole point. Filter on MAC address, and as
> soon as the source card is switched, then your firewall is ineffective.
> --
> Mist.
>
I think it could be very useful.
You may want to prevent people to connect their new computers to your
network without your knowledge. For example: linux acts as a router for
one of your company building. Router is also a DHCP server. Some people in
the building are doing stupid things, ie. they connect their new win95
boxes without enabling DHCP and they set existing IP address so you've got
conflicts. How can you know who is doing this? You can only have his/her
ethernet address. But it would be nice to block this ethernet address on
the router so this person couldn't use his machine (I don't want to talk
about spoofing - it's not my point). He or she has to go to you and now
you know what you wanted.
Wouldn't be nice to have ability to set rules on your router:
"ignore everything on your eth0 except things that came from card's
addresses listed in /proc/net/something"?
Nobody will install new workstation or server in your builiding without
your knowledge. You know exactly who is using what in your network.
It is my current problem and I want to solve it.
Is it impossible to write this feature in the linux kernel?
Or maybe it is done but I don't know about it?
Any suggestions?
-- Mike
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
