Linux-Networking Digest #954, Volume #10 Sat, 24 Apr 99 10:13:35 EDT
Contents:
Re: IP Masquerading Problem ([EMAIL PROTECTED])
Re: ipchains configuration for DMZ (M)
Re: Help -- Two ethernet card network (Vidar Andresen)
Re: Bandwidth Watcher/Monitor Help/Info Needed (Pekka Savola)
Re: D-Link de-528ct driver complie error (Vidar Andresen)
Re: 3C515 (Vidar Andresen)
cabel modem web site, can't it find now (Marc Britten)
Re: Network unreachable, cable modem, 2 NICs (Chip Transisto)
Re: ipchains configuration (Pekka Savola)
Re: 3 com 3c905b TX network card problems... ("ryan")
Re: Help! Vicious IP triangle! ([EMAIL PROTECTED])
Newbie Question on pppd (Kristof Berger)
Re: Linux - My honest opinion (Jim Henderson)
2 pcmcia ethernet cards with redhat. How? (Arthur Jovellas)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: IP Masquerading Problem
Date: Sat, 24 Apr 1999 11:56:08 GMT
Your thread is interesting. I have a question myself. We have a case here
of at least one threatening e-mail message that shows our IP as the point of
origin -- that is our servers that support over 100 machines. We are quite
sure that none of our staff sent these so we are trying to figure out how
messages could have been sent through hotmail in such a way that it looked
like it was sent from our system. Is there any software that can masqerade
as an existing IP? What if the machine owning the IP is down?
Technoteacher
In article <01be8d08$df96a840$[EMAIL PROTECTED]>,
"Anthony Borla" <[EMAIL PROTECTED]> wrote:
> Have you ever had a case of "now you see it, now you don't" ? Here's mine.
>
> I have had IP Masquerading working successfully for several days now; I run
> RedHat 5.2, kernel version 2.0.36-0.7. By running successfully I mean that
> all clients on the LAN, all Windows 95 and Windows NT machines, could, via
> the Linux box:
> * Ping remote sites
> * Use mail and news services
> * Access remote web sites
>
> After about four or five days, IP Masquerading no longer worked, I was able
> to access the Internet from the Linux box, but no longer from any of the
> clients. I can guarantee that:
> * No errors occurred on boot up
> * No further configuration changes were made, either to the Linux box or
> any of the clients
>
> To troubleshoot, I went back to the IP Masqueading and PPP HOWTOs, and
> proceeded to check my configuration against these documents. I could not
> see a problem in my configuration; it tallied with the abovementioned
> documentation.
>
> So, my first question is: Can ISP policy have a bearing on how IP
> Masquerading performs ?
>
> My second question: Could someone please look over the following
> configuration information, and perhaps point something that I may have
> missed, or give some helpful suggestion ?
>
> * This implements IP Masquerading. I got this straight from the relevant
> HOWTO.
> Contents of /etc/rc.d/rc.local ============================================
> #!/bin/bash
> # Set up IP Masquerading
> # Install devices. Must be done this way (kerneld cannot load them)
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> /sbin/modprobe ip_masq_raudio
> /sbin/modprobe ip_masq_irc
>
> # Set up Firewall
> # Following needed only if you have bootp
> ipfwadm -F -a deny
> ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
>
> # Define your Default Policy
> ipfwadm -F -p masquerade
>
> # Set ip_forward value
> echo "1" > /proc/sys/net/ipv4/ip_forward
> ===========================================================================
>
> * Initiates the PPP session. Does no more than call the default script and
> configuration file
> Contents of /root/pppstart.sh =============================================
> #!/bin/bash
> # Log in to ISP on device ppp0
> /etc/sysconfig/network-scripts/ifup-ppp daemon
> /etc/sysconfig/network-scripts/ifcfg-ppp0 &
> ===========================================================================
>
> * Log entries showing successful (I think) commencement of a PPP session.
> Contents of /var/log/messages =============================================
> Apr 22 14:54:34 linux001 chat[1415]: Entering PPP Session.^M
> Apr 22 14:54:34 linux001 chat[1415]: IP address is 139.134.221.16^M
> Apr 22 14:54:34 linux001 chat[1415]: MTU is 1524.^M
> Apr 22 14:54:39 linux001 chat[1415]: alarm
> Apr 22 14:54:39 linux001 chat[1415]: send (^M)
> Apr 22 14:54:39 linux001 chat[1415]: send (^M)
> Apr 22 14:54:39 linux001 pppd[1410]: Serial connection established.
> Apr 22 14:54:40 linux001 pppd[1410]: Using interface ppp0
> Apr 22 14:54:40 linux001 pppd[1410]: Connect: ppp0 <--> /dev/cua1
> Apr 22 14:54:43 linux001 pppd[1410]: local IP address 139.134.221.16
> Apr 22 14:54:43 linux001 pppd[1410]: remote IP address 139.134.19.19
> ===========================================================================
>
> * Route table; gateway entries seem ok
> Output from route command =================================================
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 139.134.19.19 * 255.255.255.255 UH 0 0 0
> ppp0
> localnet.domain * 255.255.255.0 U 0 0 34
> eth0
> 127.0.0.0 * 255.0.0.0 U 0 0 23 lo
> default 139.134.19.19 0.0.0.0 UG 0 0 0
> ppp0
> ===========================================================================
>
> * IP Configuration
> Output from ifconfig command ==============================================
> eth0 Link encap:Ethernet HWaddr 00:40:05:E1:D1:5D
> inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1391 errors:0 dropped:0 overruns:0 frame:0
> TX packets:574 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0
> Interrupt:12 Base address:0x280
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:139.134.221.16 P-t-P:139.134.19.19 Mask:255.255.0.0
> UP POINTOPOINT RUNNING MTU:1524 Metric:1
> RX packets:7 errors:0 dropped:0 overruns:0 frame:0
> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0
> Memory:1b8c038-1b8cc04
> ===========================================================================
>
> Any help would be greatly appreciated.
>
> Anthony Borla.
>
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: M <[EMAIL PROTECTED]>
Subject: Re: ipchains configuration for DMZ
Date: Sat, 24 Apr 1999 20:23:37 +0800
I'll set up a DMZ. Is it possible to do as follows?
with 16 offical ip as 101.202.303.240 to ...255.
I'll break it into two subnet as follows.
[ Internet ]
|
[ router ]
| 101.202.303.254 to router
|
|
| 102.202.303.253 to firewall nic
|
[ firewall ]--- 192.168.1.254 to firewall for internal LAN.
|
| 101.202.303.251 to firewall for DMZ
|
|
[ WWW, DNS... ] 101.202.303.241 to 101.202.303.251
So, IPs for subnet between router and firewall would be
network ip = 101.202.303.252
ip on firewall = . . .253
ip on router = . . .254
broadcast ip = . . .255
netmask = 255.255.255.252
And, IPs for DMZ would be
network ip = 101.202.303.240
ip on DNS = . . .241
ip on WWW = . . .242
broadcast = . . .251
netmask = 255.255.255.244
I would allow Internet everyone access dns,www,etc for http only and disallow
for anything such as telnet,ftp,etc.
And I would allow everyone from internal lan to access internet for
everything.
Well, please comment if my network setup is correct?
Also, please suggest rules for ipchains?
Mark........... mark @ chevalier.net
Pekka Savola wrote:
> Setting ipchains rulesets would probably go something like this:
> (first accept from the allowed ones, then deny/reject the rest)
>
> ipchains -A input -j ACCEPT -d 192.168.1.56/32
> ipchains -A input -j DENY -d 192.168.1.0/24
>
> ipchains -A output -j ACCEPT -s192.168.1.56/32
> ipchains -A output -j DENY -s192.168.1.0/24
>
> Pekka Savola pekkas at netcore dot fi
------------------------------
From: [EMAIL PROTECTED] (Vidar Andresen)
Subject: Re: Help -- Two ethernet card network
Date: Sat, 24 Apr 1999 08:36:27 +0200
In article <M75U2.29$qu5.10505@WReNphoon4>, [EMAIL PROTECTED] (Kevin Davis) wrote:
>Hi
>
>I am fairly new to Linux, but I do have the both of the cards working. I
>have a 1.PCI NE2000, and 2. Smc Ether Ultra ISA. In ifconfig, both cards
>are shown and the resources correct, but when I attempt to ping a maching on
>the internal network (192.168.0.2 etc..), and I get no response. Any Ideas?
Can you ping the SMC card itself?
route add -net 192.168.0.0 eth1
maybee?
cat /proc/interrupts
cat /proc/ioports
Any activity on the card?
>THe SMC is a Combo card using BNC thin coax for the internal and the NE2000
>PCI with RJ45 for the Cable modem.
Smc Ether Ultra ISA. (16 or 32?, are both ISA?) anyway i have some
'Smc EtherCard Elite16 Ultra', ISA, and they have a setup-utility wich
let me choose wich interface to use. You might need that as long as
you have a combo-card. http://www.smc.com
Mvh Vidar Andresen
------------------------------
From: [EMAIL PROTECTED] (Pekka Savola)
Subject: Re: Bandwidth Watcher/Monitor Help/Info Needed
Date: Sat, 24 Apr 1999 08:00:09 GMT
>My question is how or where do I find a program, perferably RPM based,
>to monitor my bandwidth usage at my eithernet card.
You can build the kernel with IP accounting enabled, and make your
ipfwadm or ipchains firewall log the packets and bytes.
The downside is that every time you reboot the counters are cleared.
So, you need to 'backup' them now and then.
Pekka Savola pekkas at netcore dot fi
---
Across the nations the stories spread like spiderweb laid upon spiderweb,
and men and women planned the future, believing they knew truth. They
planned, and the Pattern absorbed their plans, weaving toward the future
foretold. -- Robert Jordan: The Path of Daggers
------------------------------
From: [EMAIL PROTECTED] (Vidar Andresen)
Subject: Re: D-Link de-528ct driver complie error
Date: Sat, 24 Apr 1999 06:52:29 +0200
In article <[EMAIL PROTECTED]>,
"Kanji Hirani" <[EMAIL PROTECTED]> wrote:
>Dear people,
>
>I have D-Link DE-528ct card which has RTL8029 chip and I have a driver
>rtl8028.c, but I can't remember the syntax to compile this driver so that I
>can use it. Please help!!.
First: Http://cesdis.gsfc.nasa.gov/linux/drivers/index.html
PCI NE2000 driver (local page) Note: This driver supports the
RTL8029. Do not use the 'rtl8029.c' driver which just a
improperly renamed copy of an old 'ne.c' driver.
With a link to: http://cesdis.gsfc.nasa.gov/linux/drivers/ne2k-pci.html
and http://rsphy1.anu.edu.au/~gpg109/ne2000.html
_PCI_?
Mvh Vidar Andresen
------------------------------
From: [EMAIL PROTECTED] (Vidar Andresen)
Subject: Re: 3C515
Date: Sat, 24 Apr 1999 07:08:55 +0200
In article <7flhcd$3tj$[EMAIL PROTECTED]>, "hhh" <[EMAIL PROTECTED]> wrote:
>hello,
> i am a new linux user and want to add a 3Com 3C515-TX board to a system. i
>can't figure out where to begin.
http://cesdis.gsfc.nasa.gov/linux/drivers/3c515.html
Maybe..
Mvh Vidar Andresen
------------------------------
From: [EMAIL PROTECTED] (Marc Britten)
Subject: cabel modem web site, can't it find now
Date: Sat, 24 Apr 1999 04:10:27 -0400
There was an awesome website about setting up your cabel
modem(specifically TCI at home) with linux, IP masq. and fire walling.
I found this threw a different really nice site that had links to all
kinds of info on cabel modems.
I seem to have lost the bookmarks to either of these sites.
Do these ring any bells what so ever?
if so, I could use a reminder. Thanks
Marc Britten
------------------------------
From: [EMAIL PROTECTED] (Chip Transisto)
Subject: Re: Network unreachable, cable modem, 2 NICs
Date: Sat, 24 Apr 1999 12:40:27 GMT
Reply-To: Chip Transisto
In smb.conf, make sure your "WORKGROUP=" is set to the same worgroup
as your windows machines or you won't be able to see the linux
machine.
If your isp gave you 192.168.1.1 as your internet address, there is a
problem. Ask them to give you the address of their nameserver.
Put the ip of you linux box as the "gateway" of the windows boxes.
On Sat, 24 Apr 1999 02:16:37 GMT, [EMAIL PROTECTED] wrote:
>Hello!
>
>I'll get right to the case (almost):
>
>
><Internet> < 2 NICs in this < 4 Computers
> BOX > running WIN98 >
>
>"the Internet" <==> "My linuxBox" <==> "My LAN"
>
>XX.XX.XX.XX "My.static.IP 192.168.1.2 -
> given.to.me.by.my. 192.168.1.6
> ISP / 192.168.1.1"
>
>
>Problem:
>
>My LinuxBox can't find either the DNS-server (The Internet in general), nor my
>LAN. That kinda like was my point when I threw up this LinuxBox. I wanna make
>my LAN access the Internet.
>
>There are NO problems with the NICs:
> 3Com 3c900 PCI
> Microdyne ne2000+3 ISA
>
>Linuxbox: IP-Forwarding and some other stuff enabled (not firewall)!
>Changed most of the configuration files I thought of, and have found in this
>newsgroup. I've read the Cablemodem howto's, so don't give me that! I've
>also read ip-firewalling/masquarading -Ethernet HOWTO- Ether-3 howto, and
>just you mention another HOWTO, and I bet'ya I've read it!
>
>My LAN:
> Consists of 4 WIN98 based PC's, whom all find eachother. No problem
> there... But They can't see the linuxbox.
>
> My 3com is going to the ISP, and the Microdyne goes onto the LAN.
> Is there any need to configure the 3com in order to make it recieve
> TP-connections, or is it enough just using
> ifconfig <param 0> .. <param N> ?
>
>
>Please help me! I cannot live without my Internet! :-)
>
>...and please do respond quickly as I have a lot of time to fix this
>situation, this weekend.
>
>
>-----------== Posted via Deja News, The Discussion Network ==----------
>http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Pekka Savola)
Subject: Re: ipchains configuration
Date: Sat, 24 Apr 1999 12:00:18 GMT
>So, supossing 192.168.1.1 was called www.company.com, and 192.168.1.52 was
>a computer called waller. I basically want waller.company.com onto the
>internet.
It is possible with ipchains (http://www.rustcorp.com/linux/ipchains/)
and ipmasqadm portfw module (http://juanjox.linuxhq.com).
There are several Howto's and man pages about creating firewalls, and
portfw setup is quite straightforward.
You must realize however that waller.company.com must point to the
same internet IP in DNS as www.company.com, and that connections from
waller.company.com seem to originate from www.company.com. This
cannot be avoided because you don't have multiple IP addresses.
Also, you can't 'share' a port with two different hosts, i.e. if
www.company.com answers to all http requests, waller can't answer to
any of them.
Pekka Savola pekkas at netcore dot fi
---
Across the nations the stories spread like spiderweb laid upon spiderweb,
and men and women planned the future, believing they knew truth. They
planned, and the Pattern absorbed their plans, weaving toward the future
foretold. -- Robert Jordan: The Path of Daggers
------------------------------
From: "ryan" <[EMAIL PROTECTED]>
Subject: Re: 3 com 3c905b TX network card problems...
Date: Tue, 13 Apr 1999 12:05:41 -0700
i am running 2 linux machine both have 3c905b tx's. they work great. I am
running them at 100. i have sucsessfully run them under the 2.0.36 kernel
and the new 2.2 kernels. I am retively new to linux. but if you have any
more questions i will try to help.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Help! Vicious IP triangle!
Date: Sat, 24 Apr 1999 12:06:06 GMT
Well then . . . here the header is again.
Here is some more information I am providing because of questions I have
already gotten about this. No, the hotmail account in question was not mine.
No, we don't have a system manager and there were no server user logs being
made at that time (now we have the software installed).
We are still doing our own investigation here and we have yet to have adequate
answers. I am looking forward to hearing some of yours.
Thanks very much ahead.
Technoteacher
>>From [EMAIL PROTECTED] Wed Tan 27 14:39:25 1999
>Received: from hotmail.com (law-f9O.hotmail.com [209.185.131.153])
>by oak.cats.ohlou.edu (8.9.1/8.9.1) with SMTP id BAA04768
>for <[EMAIL PROTECTED]>; Tue, 26 Jan 1999 01:18:19 -0500(EST)
>Received: (qmail 24601 invoked by uid 0); 26 Jan 1999 06:17:50 -0000
>Message-ID: <[EMAIL PROTECTED]>
>Received: from 194.170.175.2 by www.hotmail.com with HTTP;
>Mon, 25 Jan 1999 22:17:50 PST
>X-Originating-IP:[194.170.175.2]
>From: "Dick Leach" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: What spam???
>Date: Mon, 25 Jan 1999 22:17:50 PST
>Mime-Version: 1.0
>Content-Type: textlplain
In article <[EMAIL PROTECTED]>,
"Gene Heskett" <[EMAIL PROTECTED]> wrote:
> Reply to: <[EMAIL PROTECTED]>
>
> Gene Heskett sends Greetings to technoteacher ;
>
> > I was hoping that I would be able to find some helpful, knowledgable
> > people on this list to help me with a serious problem. Please
> > forgive the long message.
>
> > Student A at a USA university supposedly got one or more threatening
> > messages that look like they are coming from our system here in the
> > Middle East because of the supposed originating IP. I am also
> > hearing from the university police that it may be that someone
> > posing as student A may have sent threatening messages to third
> > parties also using our system IP. Because I did not get along with
> > Student A in the past, the university is actually charging me with
> > this, even though they only have our IP and do not have any
> > confirming server use records from our server to implicate me. Since
> > I did not do this, I am trying to find out how this could have
> > happened. Unfortunately, we have a new internet server that until
> > very recently did not even have software that kept a log of
> > individual internet site users. Now we have upgraded the firewall
> > and such.
>
> > The only way, it seems, that I can try to clear myself is to list
> > and briefly explain the different ways this could have happened,
> > that is, how someone could have sent threatening messages through
> > hotmail and in such a way that it looks like the messages originated
> > from our system. I was advised to seek help from newsgroups. I
> > should mention that being overseas I would find it very difficult to
> > get books on the subject, though I could be directed to sites on the
> > internet.
>
> > I really need your help. How did this happen? How can I explain
> > it?
>
> > I have included the e-mail header below. If there are any 'typos'
> > in the e-mail header assume it is due to scanning.
>
> The header didn't get here. It looks like dejanews clipped it to put
> there footer on. Buncha dumbasses.
>
> > Thank you very, very much.
>
> > By the way, I hope that I was right to be this trusting. You people
> > are all very intelligent and talented with computers and I hope that
> > no one will use this information to do get into our system. This is
> > a military unit and the people here would go bonkers if anything
> > happened.
>
> > Technoteacher
>
> > -----------== Posted via Deja News, The Discussion Network
> > ==---------- http://www.dejanews.com/ Search, Read, Discuss,
> > or Start Your Own
>
> Cheers, Gene
> --
> Gene Heskett, CET, UHK |Amiga A2k Zeus040 50 megs fast/2 megs chip
> Ch. Eng. @ WDTV-5 |A2091,GuruRom,1g Seagate,CDROM,Multiface III
> <[EMAIL PROTECTED]> or |Buddha + 4 gig WDC drive, 525 meg tape
> <[EMAIL PROTECTED]>|Stylus Pro, EnPrint, Picasso-II, 17" vga
> RC5-Moo! 22kkeys/sec isn't much, but it all helps
> --
>
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Kristof Berger <[EMAIL PROTECTED]>
Subject: Newbie Question on pppd
Date: Sat, 24 Apr 1999 15:06:19 +0200
Hi!
I got my Linux to connect to my ISP. But after some seconds pppd dies.
Why that?
Any answer would be fine.
Thanx in advance.
Kristof
------------------------------
From: Jim Henderson <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux,comp.os.linux.x
Subject: Re: Linux - My honest opinion
Date: Fri, 23 Apr 1999 09:34:36 -0600
Chris Dahler wrote:
> Someone who makes statements such as the original poster who started this
> thread about how Windows in any form can in any measure be considered
> superior to Linux (or really any shade of Un*x) with a well-designed X
> window manager is simply being foolish and displaying a total lack of
> understanding of computers in general.
I would say that changing that first sentence to read (in part)
"...about how Windows in any form can in any measure be considered
superior..." to "..be considered *technically* superior". Until the
applications base is there and ISVs have taken to Linux development on a
large scale, that is the one area Windows will maintain superiority in.
Windows' dominance in the marketplace isn't about superior technology,
it's about superior product visibility and marketability.
Microsoft's internal documents presented as the "Halloween documents"
presented that OSS software posed a serious threat to their market share
as well as a different competitive model; however, Linux itself has
hurdles to overcome to become a competitive force in the marketplace -
the biggest being a lack of widespread application development from
ISVs. When I can go down to the local computer store and see more for
Linux on the shelves than books that include the software on CD - I'm
talking about boxed, on-the-shelf software here - then Linux will become
a serious competitor at the desktop.
The reality is that the mass consumer market likes to see products in
stores. Free is good, but the average user doesn't understand (possibly
thanks to Microsoft, ironically) how to deal with large file downloads
from the 'net - the letters 'ftp' don't generally mean anything to these
types of users.
This isn't to say that Linux is going to die; I think it will flourish
in the same way that the original computers did - remember that personal
computing started out as a hobbiest venture. I see Linux as a return to
those roots, and this is definitely a *good* thing.
Jim
--
Jim Henderson
Novell Support Connection SysOp - http://support.novell.com/forums
Homepage at http://www.bigfoot.com/~jhenderson (email instructions
located here)
Please note that as an NSC SysOp, I do not provide support for Novell
products on a personal basis - if you need help with a Novell product,
please post a reply in the public newsgroup or visit the Novell support
forums at the URL above.
------------------------------
From: Arthur Jovellas <[EMAIL PROTECTED]>
Subject: 2 pcmcia ethernet cards with redhat. How?
Date: Sat, 24 Apr 1999 09:27:02 -0400
I got the 1 card going after downloading the pcmcia utils. When I plug
in a second card it recognizes it and assignes the appropriate ethernet
address but it gives the second card the same IP as the first. What file
do I edit to add the second IP and what lines do I add? I assume it is
something in /etc/pcmcia/network.opts or something.
Thanks in advance for any replies
Please email Art at [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
