Linux-Networking Digest #983, Volume #10 Thu, 29 Apr 99 01:13:37 EDT
Contents:
Re: TCP/IP config headaches (root)
Postfix and Red Hat (Peat Bakke)
Re: IP Masquerade (Wisquatuk)
Re: Set up DNS to resolve hostname to hostname:port? ([EMAIL PROTECTED])
Re: Set up DNS to resolve hostname to hostname:port? ([EMAIL PROTECTED])
Squid Proxy ("Mikey")
Re: Set up DNS to resolve hostname to hostname:port? ([EMAIL PROTECTED])
Re: How to install IP filtering router ("firewall") in existing class C network???
(Tomas Willis)
Re: Squid Proxy ("Ian Lunam")
Re: Linux Uptimes (Richard Steiner)
Re: Epson Stylus Color II printer and Samba 2.0.3 and NT Workstation 4.0 (SP4) == NO
GO :~< ("Bleh")
Ethernet interface shutting down ("Scotty Perkins")
Re: Squid Proxy (Thomas Zimmerman)
Re: Awsome live video sex @ www.xxxsizzle.com! ("Junky")
Re: Epson Stylus Color II printer and Samba 2.0.3 and NT Workstation 4.0 (SP4) == NO
GO :~< ("Tiamat")
----------------------------------------------------------------------------
From: root <[EMAIL PROTECTED]>
Subject: Re: TCP/IP config headaches
Date: Wed, 28 Apr 1999 21:46:02 -0400
> Ok tried addin the static route to my net using :
route add -net 206.228.139.32 netmask 255.255.255.224 eth0
and I still cannot ping my other boxes. So here is some more info:
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
157.238.8.1 0.0.0.0 255.255.255.255 UH 1500 0 0
ppp0
206.228.139.32 0.0.0.0 255.255.255.224 U 1500 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0
lo
0.0.0.0 157.238.8.1 0.0.0.0 UG 1500 0 0
ppp0
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:39 errors:0 dropped:0 overruns:0 frame:0
TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
eth0 Link encap:Ethernet HWaddr 00:20:C5:00:4E:EC
inet addr:206.228.139.34 Bcast:206.228.139.63
Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:4 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
Interrupt:5 Base address:0x300
ppp0 Link encap:Point-to-Point Protocol
inet addr:157.238.9.79 P-t-P:157.238.8.1 Mask:255.255.0.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:211 errors:1 dropped:1 overruns:0 frame:0
TX packets:165 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
Memory:ad7038-ad7c04
So as far as I can tell, my card is up and running just fine, but nothing
is going to it!
- Eric
------------------------------
From: Peat Bakke <[EMAIL PROTECTED]>
Subject: Postfix and Red Hat
Date: 28 Apr 1999 18:47:40 -0700
Hello,
I installed postfix-19990317-pl02.i386.rpm on my Red Hat 5.1 machine, and
I can't get it to deliver mail. I'm having a hard time figuring out why, and
it's become a pretty critical issue in the past week.
The most important functions I need are POP3 and IMAP access.
However, fetchmail gives me "socket error while fetching from aeon" when
I try to connect, no matter what I do. I suspect it has something to do
with inetd -- however, I've tried almost everything I know of in
/etc/inetd.conf ..
I have very little experience configuring MTAs, so I've read all the help
files and FAQs I can find. Still nothing works. :/
Any suggestions?
Thanks!
--
Peat Bakke - [EMAIL PROTECTED]
http://www.europa.com/~pb/
Powered by Linux since '95
------------------------------
From: Wisquatuk <[EMAIL PROTECTED]>
Subject: Re: IP Masquerade
Date: 29 Apr 1999 02:25:08 GMT
[EMAIL PROTECTED] wrote:
> What does this software do exactly? Maybe there is a site where I
> could get more information. Does it allow a person to pose a
> particular IP of their own choosing?
No. The name 'IP masquerading' is suggestive in this respect, but
choosing some random IP would be difficult at best, since return
packets would be sent to whichever IP address you specified, which
would likely be somewhere else on the net, so you'd never receive
them.
What this really does is, if you have a local network and wish to
connect it to the Internet without using a proxy server (where you
connect to the main server, which then connects out to the net), IP
masquerading acts almost like a 'transparent proxy' -- not to be
confused with the kernel option by the same name! (This term is used
purely illustratively.) If you try to make a connection to the
outside world, the server intercepts the connection and acts like a
very fast and simple proxy, but without the formalities. And so
rather than appearing as (say) 192.168.1.2 to the outside world (which
might be your address on the local network), you would appear as
123.123.123.123 which might be the address of the masquerading server.
All data would get sent back to 123.123.123.123, which would then
easily think, 'Oh, this data is a part of the connection that
192.168.1.2 made to the outside world. I'll send it back to
192.168.1.2 then.'
> The reason I ask is that we had a problem here where threatening
> messages were sent by someone, possibly from outside our sytem, in
> such a way that they looked like they came from our system.
I lack the expertise to comment on the likelihood of the person being
outside the system, but IP masquerading would not do it, unless your
system is specifically set to masquerade, and someone figures out how
to do it. Difficult at best.
--
- Wisq
=====BEGIN GEEK CODE BLOCK=====
Version: 3.12
GCS/CC/M d-(--) a--- C++(+++)>$ UL++++>$ P+++ L+++ E>++ W-(+>++) N+++
!o>++ K- w--- O- M- !V PS++(+++) PE- Y+ PGP+++@ t+@ 5 X+++@ R+ tv b+
DI+@ D+ G>+++ e- h!(++) !r z
======END GEEK CODE BLOCK======
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Set up DNS to resolve hostname to hostname:port?
Date: Wed, 28 Apr 1999 22:23:21 GMT
In article <7g5jp7$qo3$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> The big issue is whether or not you have any public [routable] IP addresses
> available from your service provider. I assume you have at least one, since
> presumably your LAN is hooked up to the internet. Check out `natd` [man
> natd], and that will give you an idea of how [N]etwork [A]ddress
> [T]ranslation works.
Currently I have only the one public IP address, which is set up on the Linux
machine that serves as gateway for the rest of the LAN. I'm looking into
getting more IP addresses, but currently have just the one.
> Sorry. DMZ means what it does in the real world -- "De-Militarized Zone". It
> means sticking machines outside your gateway [firewall]. If you have extra
> public IP addresses, this is a possible solution, otherwise not.
Gotcha. I've inquired about getting additional IP addresses, so we'll see
what happens. Thanks for your help!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Set up DNS to resolve hostname to hostname:port?
Date: Wed, 28 Apr 1999 22:28:53 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (VanderBilt) wrote:
> I've setup a (Novell GroupWise) mail system inside my private network and have
> struggled with about the same questions: How do I redirect port 25 (the ISP is
> sending the mail to that port of my linux box of course) to port 25 on IP
> number 192.168.0.5, my internal mailserver. The answer was relatively simple
> (when I found it of course): Use "redir". This little piece of software allows
> you to redirect ports straight into your private network.
Actually I'm using redir already, but since I already have an http server
running on port 80 of the Linux machine, I have to redirect other ports to
port 80 of the machines on the LAN. So, currently, for example, port 7070 on
the Linux machine redirects (using redir) to port 80 on 192.168.1.80. But I
want to redirect a whole hostname to port 7070. Seems it can't be done...
> When you have a kernel 2.0.33 (not sure here) or higher the NAT capacities are
> built in out of the box of any distribution. All you have to do is configure
> it. I'm using ipfwadm and (recently) redir for that. If you want, I can mail
> you the specifics, but I've found this solution looking on dejanews,
> powersearching for like "linux port redirect".
Thanks for the help. I've got ipfwadm and ipautofw and redir and most of the
port forwarding and redirection tools all set up, but it appears that what I
want to do is impossible. The closest thing to working so far is a proxy at
the Apache level, so maybe I should pursue that.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Mikey" <[EMAIL PROTECTED]>
Subject: Squid Proxy
Date: Thu, 29 Apr 1999 11:58:55 +1000
Hello,
Is it possible for me to have a network of 3 computers connecting to the
internet via a squid proxy. and if so, how do i set it up? I have 2 red Hat
linux 5 boxes, one which will have the connection to the internet, & a 95
box. My ISP has dynamic IP's. Any help would be greatly appreciated.
T.I.A
--
~ Mikey
[ The time has come where Bill must go & Linux must come forth ]
- From the book of Mikey, Chapter 1, Verse 1
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Set up DNS to resolve hostname to hostname:port?
Date: Wed, 28 Apr 1999 22:34:29 GMT
In article <7g81ol$d9$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Currently I have only the one public IP address, which is set up on the Linux
> machine that serves as gateway for the rest of the LAN. I'm looking into
> getting more IP addresses, but currently have just the one.
Well, one IP address will work fine if you only have one web server in your
LAN... just NAT port 80 on the LAN box to port 80 on the gateway. Another
poster has already pointed out that newer versions of Linux come with natd
built-in, so it would seem to be just a matter of configuration.
Good luck!
-Bill Clark
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Tomas Willis)
Subject: Re: How to install IP filtering router ("firewall") in existing class C
network???
Date: 29 Apr 1999 02:34:48 GMT
Reply-To: [EMAIL PROTECTED]
In article <MkOV2.6332$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>
>Tomas Willis <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>: I am trying to install a IP filtering "firewall" router in an existing
>: network.
>: There is an existing router that hooks up to our provider
>: and I want to do something like this:
>:
>: router +==== firewall ==== rest.of.lan
>: |
>: +===exposed.to.internet (ftp,etc)
>:
>: I have a class C network to play with, and am trying to figure out how
>: to configure
>: the firewall interfaces so that both the external firewall IP and
>: internal firewall IP
>: can be in this same class C, along with the existing router, the hosts
>: outside the firewall (e.g. ftp, www) and the machines behind the
>: firewall.
>:
>: If I take a naive approach and just assign the 2 NICs in the firewall
>: with addresses on the class C, then the routing tables (netstat -nr)
>: show 2 routes to the same network, which must be wrong.
>:
>: Do I need to subnet so I can have sane routing behavior throught the
>: firewall or can
>: static routing tables handle things?
>
> Probably your easiest option is to put the FTP,etc servers behind the
>firewall, and allow packets destined there through. Otherwise, you will
>have to subnet, which will very likely cause some amount of the Great
>Renumbering by Hand that you want to avoid.
Thanks for the helpful thoughts, and let me expand a bit...
I have ISDN from the ISP to a Cisco router with an address in our class C net
(1.2.3.0) that is 1.2.3.126. For now, let's simplify the network and drop the
ftp/www/dns server so it looks like this:
<ISP gateway> [123.456.789.1]
.
.
.
(isdn)
.
.
cisco [1.2.3.126] <=== what I'm trying not to
touch
.
.
[1.2.3.x] linux ip filtering "firewall" [1.2.3.y] <=== what I'm trying to
config
(NIC #0) (NIC #1)
.
.
a machine behind the "firewall" [1.2.3.a]
b machine behind the "firewall" [1.2.3.b]
c machine behind the "firewall" [1.2.3.c]
Is there anyway to avoid subnetting by clever configuration of the
network interfaces on the linux "firewall"? My understanding of the esoteria
of routing is less than profound at this point, but I think I am stuck either
subnetting the existing class C or doing an IP masq on the "firewall".
Any more helpful ideas? TIA 1e6
------------------------------
From: "Ian Lunam" <[EMAIL PROTECTED]>
Subject: Re: Squid Proxy
Date: Thu, 29 Apr 1999 14:39:03 +1200
I use Diald. Does everything you need, including dial on demand.
http://www.loonie.net/~eschenk/diald.html
Ian
Mikey wrote in message <7g8eca$j2$[EMAIL PROTECTED]>...
>Hello,
>
>Is it possible for me to have a network of 3 computers connecting to the
>internet via a squid proxy. and if so, how do i set it up? I have 2 red Hat
>linux 5 boxes, one which will have the connection to the internet, & a 95
>box. My ISP has dynamic IP's. Any help would be greatly appreciated.
>
>T.I.A
>--
>~ Mikey
>
>[ The time has come where Bill must go & Linux must come forth ]
> - From the book of Mikey, Chapter 1, Verse 1
>
>
------------------------------
From: [EMAIL PROTECTED] (Richard Steiner)
Subject: Re: Linux Uptimes
Reply-To: [EMAIL PROTECTED]
Date: Wed, 28 Apr 1999 22:12:10 -0500
Here in comp.os.linux.networking, [EMAIL PROTECTED] (Willis Sarka III)
spake unto us, saying:
>I am writing a proposal to my work about the benefits of using Linux.
>I would like to site some uptime examples. Does anyone out there have
>some good uptimes of a year or more? Any famous examples or anecdotes?
My little 486 firewall box was up for 63 days before I decided to boot
it into DOS to do some stuff and boot back to Linux. That isn't such a
huge thing, but I was surprised it had been that long. :-)
--
-Rich Steiner >>>---> [EMAIL PROTECTED] >>>---> Bloomington, MN
OS/2 + Linux (Slackware+RedHat+SuSE) + FreeBSD + Solaris + BeOS +
WinNT4 + Win95 + PC/GEOS + MacOS + Executor = PC Hobbyist Heaven!
Particle man... Particle man...
------------------------------
From: "Bleh" <[EMAIL PROTECTED]>
Subject: Re: Epson Stylus Color II printer and Samba 2.0.3 and NT Workstation 4.0
(SP4) == NO GO :~<
Crossposted-To:
comp.protocols.smb,linux.samba,linux.redhat.misc,comp.os.linux.misc,comp.os.linux.hardware,alt.linux,alt.os.linux
Date: Thu, 29 Apr 1999 02:28:04 GMT
> On th NT side, use the Apple Laserwriter driver and all should work fine.
Which Apple LaserWriter driver should I use? Windows NT 4.0 has 18
different drivers!
================================
Apple Color LaserWriter 12/600
Apple LaserWriter 12/640 PS
Apple LaserWriter 16/600 PS
Apple LaserWriter II NT v47.0
Apple LaserWriter II NTX v47.0
Apple LaserWriter II NTX v51.8
Apple LaserWriter II NTX-J v50.5
Apple LaserWriter IIf v2010.113
Apple LaserWriter IIg v2010.113
Apple LaserWriter Plus v38.0
Apple LaserWriter Plus v42.2
Apple LaserWriter Pro 600
Apple LaserWriter Pro 630
Apple LaserWriter Pro 810
Apple LaserWriter Select 360
Apple LaserWriter v23.0
Apple Personal LaserWriter NTR v2010.129
LaserWriter Personal NT v51.8
=============================
------------------------------
From: "Scotty Perkins" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Ethernet interface shutting down
Date: Tue, 27 Apr 1999 22:54:04 -0700
OK, here is my configuration:
I have many older IBM (branded) PCs, some P90s, some P133s. I want to make
them into Samba/Netatalk file and print servers, but I have not been able to
do this because the NICs in them tend to stop communicating with the world
after a period of time. I can't ping the box nor can I ping out, but there
still is connectivity indicated on the NIC.
I have tried to disable all APM entries in the CMOS, but I still have this
issue. The box shows no visible signs of having gone into power save mode of
any sort, i.e. hard drive spinning back up or mouse/keyboard delays.
Here is the relevant info:
IBM P90, P133
Intel EtherExpress 16TP/100+ NICs
Red Hat 5.1
Samba (1.9.18p10 RPM) and Netatalk (1.4bx-asun RPM)
Any ideas? I can also try another NIC, but I'm hoping it's something simple
I'm overlooking so I won't have to. Thanks in advance.
scotty
------------------------------
From: Thomas Zimmerman <[EMAIL PROTECTED]>
Subject: Re: Squid Proxy
Date: Wed, 28 Apr 1999 21:41:01 -0700
Reply-To: [EMAIL PROTECTED]
Mikey wrote:
> Is it possible for me to have a network of 3 computers connecting to the
> internet via a squid proxy. and if so, how do i set it up? I have 2 red Hat
Short answer: yes.
> linux 5 boxes, one which will have the connection to the internet, & a 95
> box. My ISP has dynamic IP's. Any help would be greatly appreciated.
>
Long[er] answer: All that I had to do was download the newest stable
version of Squid (2.2STABLE1 at the time) and do a make; (I did look at
the Makefile, and reset the default install path) and make install.
cd'ed into the squid dir and ran RunCache (I think there was a setup
option were I had to run the squid binary to setup the cache dir, but
can't pull it out of the brain at the moment [hint: RTFM].) After some
slight proding, I set up a squid_redirect[er] to filter out some of the
more annoying banner adds.
Your milage may vary.
Qubes
------------------------------
From: "Junky" <[EMAIL PROTECTED]>
Subject: Re: Awsome live video sex @ www.xxxsizzle.com!
Date: Thu, 29 Apr 1999 10:39:14 +1000
[EMAIL PROTECTED] wrote in message ...
>
>An unregistered copy of Newsgroup AutoPoster 95 was used to post this
article!
>---
>This has got to be the best adult website I've seen. www.xxxsizzle.com
kicks ass! Don't take my word for it, cum see yourself.
>
I DON'T WANT TO BE RUDE BUT GET FUCKED. PEOPLE LIKE YOU SHOULD NOT BE
SENDING SHIT LIKE THAT TO A LINUX NETWORKING NEWSGROUP. GO TO ONE OF YOUR
PORNO GROUPS INSTEAD - WE DONT NEED THIS TRASH!!!
------------------------------
From: "Tiamat" <[EMAIL PROTECTED]>
Crossposted-To:
comp.protocols.smb,linux.samba,linux.redhat.misc,comp.os.linux.misc,comp.os.linux.hardware,alt.linux,alt.os.linux
Subject: Re: Epson Stylus Color II printer and Samba 2.0.3 and NT Workstation 4.0
(SP4) == NO GO :~<
Date: Thu, 29 Apr 1999 06:42:00 +0200
Bleh <[EMAIL PROTECTED]> a �crit dans le message :
01be91e7$e5ca35e0$[EMAIL PROTECTED]
> > On th NT side, use the Apple Laserwriter driver and all should work
fine.
>
> Which Apple LaserWriter driver should I use? Windows NT 4.0 has 18
> different drivers!
>
> Apple LaserWriter 12/640 PS
> Apple LaserWriter 16/600 PS
Try one of these 2 ones, it should work :)
CYA
Tiamat
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
