Linux-Networking Digest #33, Volume #11 Tue, 4 May 99 01:13:49 EDT
Contents:
Using tcpdump to monitor loopback ports (Gregory C. Larkin)
Re: UID for at command missing (Bob McLaren)
Re: Valid IP addresses for home network (Jeff Lasman)
acl lists not working in Squid anymore (David LeDeaux)
Re: Valid IP addresses for home network (Monte Milanuk)
Re: Cant set Hostname ("Mikey")
Virus Warining - Just came in ("Mikey")
Re: Cannot connect with PPP to BSDI (Clifford Kite)
RDIST to a windows machine... ([EMAIL PROTECTED])
Slightly Off-Topic: Ethernet vs. Token Ring (Monte Milanuk)
[EMAIL PROTECTED] ("Here I. Am")
Re: FLOPPY (Peter Caffin)
Re: PPP over Ethernet (Pete Zaitcev)
Re: ifconfig errors... (Sandeep Singh)
NFS mount trouble: RPC not registered? ([EMAIL PROTECTED])
Re: Problems with PPP & PAP (Bill Unruh)
Re: Problems with Netscape insisting on a network connection (Brodo)
Netscape "Looking for..." (Stagga)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Gregory C. Larkin)
Subject: Using tcpdump to monitor loopback ports
Date: Mon, 03 May 1999 22:53:32 GMT
Reply-To: [EMAIL PROTECTED]
Hi,
I am trying to set up tcpdump to monitor ports that have been
forwarded from an SSH server. I am using SSH to encrypt connections
made by the CVS source code management tools, running in client/server
mode.
The CVS server is set up to listen on port 2401 (via inetd). When the
session is encrypted with SSH, though, the connection on port 2401
comes from the SSH server running on the same machine, instead of a
host out on the Internet.
I have tried to use tcpdump to monitor the loopback interface like
this:
tcpdump -i lo -l dst port 2401
but that doesn't work. I have tested it with a simple "telnet
localhost 2401" and there is no output.
If I run it this way:
tcpdump -i lo -l
I will get output. The only problem is that it isn't filtered based
on the destination port. I will get unwanted messages if I have other
SSH port forwardings set up. Is there any way to make tcpdump limit
its output based on the host or port, when listening to the loopback
interface?
I have tried using the "host" keyword on the tcpdump command line,
too, and that also seems to yield no output when monitoring the
loopback interface.
Thanks for any tips,
Greg
Greg Larkin
Entropy Software
[EMAIL PROTECTED]
http://www.entropy.com/
------------------------------
From: Bob McLaren <[EMAIL PROTECTED]>
Subject: Re: UID for at command missing
Date: Mon, 03 May 1999 23:01:53 GMT
I have an empty /etc/at.deny
I'm pretty sure that's the configuration I want.
For anyone out there, this is the exact error message I'm getting. "Cannot get
uid for daemon: No such file or directory"
"Jayasuthan [VorHacker]" wrote:
> Bob McLaren <[EMAIL PROTECTED]> wrote:
>
> Check you /etc/at.deny and /etc/at.allow <--
>
> : I tried to use "at" today and my server stated that the UID could not be
> : found. What UID is it looking for?
>
> : --
> : Bob McLaren
> : Network Administration
> : Financial Statement Services, Inc.
> : HTTP://WWW.FSSI-CA.COM
>
> --
> ----------
> Jayasuthan
> [Internal Linux System]
> http://eplx01/suthan/
> smtp%"[EMAIL PROTECTED]"
> [External]
> http://still.working.on
> smtp%"[EMAIL PROTECTED]"
--
Bob McLaren
Network Administration
Financial Statement Services, Inc.
HTTP://WWW.FSSI-CA.COM
------------------------------
Date: Mon, 03 May 1999 13:04:13 -0700
From: Jeff Lasman <[EMAIL PROTECTED]>
Subject: Re: Valid IP addresses for home network
[EMAIL PROTECTED] wrote:
> I have one question before I dig in and start configuring my home network.
> What is considered a safe IP address for a private home network, w/ one
> machine intermittently connecting to the internet to download news and mail?
> I intend to use all the goodies eventually, i.e. ip masquerading, etc for the
> other machines, but I need a valid IP address( I figured a Class C would be a
> good place to start, but one of the online documents got me wondering) to
> start configuration, preferably one that won't cause conflicts w/ the outside
> world.
The machine that connects to the Internet MUST have an Internet-routable
IP address; if you'll be dialing in this is usually supplied by your
ISP. If you've got a permanent connection (xDSL, T1, etc.) then you'll
get the information from your ISP.
This computer and all the other computers on your network will also need
a NIC card with non-routable addresses. I generally use something from
<192.168.*.*>; this will allow you to have up to 65,536 devices on your
network <smile>.
Jeff
--
Jeff Lasman <[EMAIL PROTECTED]>
Internet Products Manager
Jatek Corporation
main office: (310) 375-7646 * fax: (310) 375-0892
Internet Products office:
(909) 787-8589 * fax: (909) 782-0205
24-hour Internet Products support:
(909) 787-8589 * fax: (909) 782-0205
------------------------------
From: David LeDeaux <[EMAIL PROTECTED]>
Subject: acl lists not working in Squid anymore
Date: Mon, 03 May 1999 15:12:57 -0500
This past weekend, we configured our router to forward all http requests
to our Squid box. Everything is working beautifully, as far as the
transparent proxying is concerned. There is one small problem
however... it seems that most of the acl lists don't work. We have
quite an extensive list or domains and keywords that are blocked, and
they no longer seem to work.
My only conclusion is that it has something to do with the fact that the
user's machine is now resolving IPs instead of Squid. Is there any
recommended way of doing this? I'd like to try and get this solved
before someone notices, and starts whining about how useless the
transparent proxy is.
Any help is EXTREMELY appreciate,
David LeDeaux
Senior Network Tech
Vertex Communications Corp
(Remove .NOSPAM in email when replying)
------------------------------
From: Monte Milanuk <[EMAIL PROTECTED]>
Subject: Re: Valid IP addresses for home network
Date: Mon, 03 May 1999 21:12:59 -0600
Luca Filipozzi wrote:
>
> In article <7gleet$vdg$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> says...
> > In article <7gl88u$q8k$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] wrote:
> > > In article <[EMAIL PROTECTED]>,
> > > Jeff Lasman <[EMAIL PROTECTED]> wrote:
> > >
> > > > The machine that connects to the Internet MUST have an Internet-routable
> > > > IP address;
> >
> > Ok, perhaps I'm just a little denser than usual on this subject. The machine
> > that connects directly to the Internet will get a dynamic IP address; the
> > others will 'appear' as if they are this machine using ip masquerading (I
> > think), even though I using a dummy local IP address for the local machines
> > in the 192.168.0.xxx range. Am I correct so far?
> Yes.
>
> > If so, then does the
> > machine connected to the Internet need one of these addresses for local use
> > when _not_ connected (say, 192.168.0.2) to properly interact w/ the other
> > machines (laptops and old 486's, 192.168.0.3,4,5...etc). And, I guess it all
> > boils down to this: how does the local IP address, for instance, 192.168.0.2,
> > translate to the IP address given by the ISP when that machine (P2-400) _is_
> > connected to the net?
>
> The machine connected to the Internet should have two Ethernet cards. One
> to connect to the Internet with the DHCP-assigned IP address. The other
> one connected to the hub for your local network with a local IP address.
> This machine with two Ethernet cards is usually called a router or a
> firewall, depending on the function that it performs.
>
> So, it talks to your local network through the "local" Ethernet card and
> it talks to the Internet through the "Internet" Ethernet card:
>
> ISP
> |
> firewall: eth0 DHCP assigned
> firewall: eth1 192.168.1.1 255.255.255.0
> |
> hub
> |||
> ||- local machine A 192.168.1.2 255.255.255.0
> |-- local machine B 192.168.1.3 255.255.255.0
> --- local machine C 192.168.1.4 255.255.255.0
>
> Hope this helps.
> --
> Luca Filipozzi <[EMAIL PROTECTED]>
OK, I'm with you so far... I think. Again, a stupid/redundant
question... the firewall/router/server=>P2/400 will connect to the net
via a dialup modem to the ISP on an intermittent basis, i.e. as
scheduled for mail and news, and as needed for IRC/ftp/web browsing.
Will this mess up the above config, or will things work just fine using
a ppp0 vs. eth0?
Thanks again,
Monte
------------------------------
From: "Mikey" <[EMAIL PROTECTED]>
Subject: Re: Cant set Hostname
Date: Thu, 29 Apr 1999 16:27:00 +1000
I had the same problem. edit /etc/httpd/conf/httpd.conf and look for the
servername option. set this to the hostname & domainname of the computer
with the web server. this should fix the probem. dont set this to anything
else or it will try to find this hostname in your hosts file or on a dns
server
--
~ Mikey
[ The time has come where Bill must go & Linux must come forth ]
- From the book of Mikey, Chapter 1, Verse 1
------------------------------
From: "Mikey" <[EMAIL PROTECTED]>
Subject: Virus Warining - Just came in
Date: Thu, 29 Apr 1999 16:41:06 +1000
If you receive an email titled "It Takes Guts to Say 'Jesus' DO NOT
OPEN
IT.
It will erase everything on your hard drive. This information was
announced
yesterday morning from IBM; AOL states that this is a very dangerous
virus,
much worse than "Melissa", and that there is NO remedy for it at this
time.
some very sick individual has succeeded in using the re-format function
from
Norton Utilities causing it to completely erase all documents on the
hard drive.
It has been designed to work with Netscape Navigator and Microsoft
Internet
Explorer. It destroys MacIntosh and IBM compatible computers.
This is a new, very malicious virus and not many people know about it.
Pass this warning along to EVERYONE in your address book and please
share it
with all your online friends ASAP so that this threat may be stopped.
Please
practice cautionary measures and tell anyone that may have access to
your computer.
Forward this warning to everyone that might access the internet
NOTE - I AM NOT SURE WHETHER IT WILL AFFECT LINUX USERS, BUT SEEING MANY OF
US ARE STILL USING MICROSOFT PROGRAMS, DUAL BOOT, TAKE NOTE (if we are
lucky it will wipe gates' programs from the face of all PC's so linux can
come in)
--
~ Mikey
[ The time has come where Bill must go & Linux must come forth ]
- From the book of Mikey, Chapter 1, Verse 1
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: Cannot connect with PPP to BSDI
Date: 3 May 1999 21:03:50 -0500
Vilmos Soti ([EMAIL PROTECTED]) wrote:
: First, I am running RH51 with PPP-3.5.2 and 2.0.29, 34, 35, 36,
: and Suse 6.0. The modem is a Sportster 28.8 Fax Voice internal.
: I just subscribed to a new ISP and I cannot connect to them through PPP.
: Here is an (edited) excerpt from /var/log/messages:
...
kernel: ppp: frame with bad fcs, excess = 3cd5 <--- Why am I getting
: these?
: kernel: ppp: frame with bad fcs, excess = 5b07
Looks like the incoming ISP frames are getting corrupted. There were
several Acks for pppd's LCP requests but all were bad.
: If I connect to my old provider (via long distance) or to the same new
: provider but a different number (it doesn't write which OS, maybe not
: BSDI) then I can see the starting 7E sequence of the incoming frame. I
: looked up RFC1662 which states the following:
If you use the same equipment from the same location and with the same
OS, software, and scripts then I'm not really sure what's happening.
These kind of errors can be caused by many things: a UART that's too
slow for the modem, a misconfigured UART, a modem with bad internal
AT settings (e.g, crtscts pppd option and no hardware flow control in
the modem), hard disk interrupts on too long, /dev/ttySx line settings
with speed set too low for pppd speed (e.g. terminal line setting at 9600
and pppd at 38400 or at 38400+ with no setserial configured spd_normal,
spd_hi, or spd_vhi set), non-PPP data entering the PPP data stream and
corrupting the PPP negotiations, bad computer-to-modem connections, etc.
The missing FE in the first frame is not likely to be serious in and
of itself, it's the continued FCS errors that seem to be preventing
PPP negotiations.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* A salute to Inspector Baynes, of the Surry Constabulary, the only
police Inspector to ever best Mr. Sherlock Holmes at his own game.
"The Adventure of Wisteria Lodge", by Sir Arthur Conan Doyle. */
------------------------------
From: [EMAIL PROTECTED]
Subject: RDIST to a windows machine...
Date: Mon, 03 May 1999 19:56:20 GMT
Hello,
The school I work for is getting ready to implement Linux/Samba for its
network file/print server. This is going to be quite a big step for us.
We've been using Banyan for a number of years and we're going to have to
"touch" every networked machine on campus when we make the "big switch", to
disable the Banyan client and enable file/print sharing across TCP/IP.
So, to help us in our time-saving efforts, I was wondering if anyone knows of
a software package that runs on Linux that allows sys admins to install
software on remote windows machines (rdist does it from Linux to Linux and I
think SMS does it from Win to Win).
??? Any words of wisdom will be appreciated...
Thanks,
Bob
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Monte Milanuk <[EMAIL PROTECTED]>
Subject: Slightly Off-Topic: Ethernet vs. Token Ring
Date: Mon, 03 May 1999 21:28:14 -0600
I realize that this is a little off-topic here, but hold the
flamethrowers, guys!!
I work for a state public power district, which uses almost exclusively
tokenring networking. The standard PC card for the laptops is a Madge
SmartCard. I asked the local IT admin (great lady; let me download RH
6.0 etc. at night to my laptop) why we use token ring vs ethernet, and
her answer was that token ring was much more reliable, saying that at
her previous job, if the weather had been rainy as it had here for the
past few days, she would have been replacing ethernet connections left
and right. Granted I have basically no experience w/ networking, but I
_am_ a equipment maintenance tech. for the substation distribution
equipment, and this sounds more like a case of bad install than
ethernets fault. How 'bout the input of some networking gurus who work
with this stuff on a daily basis?
Thanks,
Monte Milanuk
------------------------------
From: "Here I. Am" <[EMAIL PROTECTED]>
Subject: [EMAIL PROTECTED]
Date: Sun, 02 May 1999 15:21:54 GMT
It appears that everything is setting up all right now. Ifconfig
shows the correct IP address, dhcpcd-eth0.cache and dhcpcd-eth0.info are
created in /etc/dhcpc and it updates the /etc/resolve.conf with the
correct values for "domain" and "nameserver", and saves the old one as
/etc/resolve.conf.sv.
Now what I can't understand is I appear to have no access to a name
server, although they are correctly listed in resolve.conf. I can ping
IP numbers, but I can't ping any of the corresponding names, such as
www.home.com, etc...
I don't believe that anything is wrong with the card's setup as I am
using it now to post, but I had to "hard code" the IP, mask, broadcast,
etc. into the /etc/rc.d/rc.inet1 file to gain nameserver access.
Any ideas would be greatly appreciated and...
Thanx
--
Here I. Am
"They that give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety."
-- Benjamin Franklin
------------------------------
From: Peter Caffin <[EMAIL PROTECTED]>
Subject: Re: FLOPPY
Date: Fri, 30 Apr 1999 21:32:44 +0800
Eric Trimmer <[EMAIL PROTECTED]> wrote:
> Sorry for butting in; but "msdos" is the filesystem type for DOS(before
> Win-95 was available) and "vfat" is what Win-95 uses. Unless the version of
> Win95 was an upgrade from Win-3.1. Then the filesystem might be FAT-32.
msdos = 8.3 filenames (DOS/Windows 1.0-3.11)
vfat = Win95 style long filename support (also includes fat32 as of late
in the 2.0.3x kernel series).
--: _ _ _ _
_oo__ |_|_ |__ _ | _ |_|_o _ peter at ptcc dot it dot net dot au |
//`'\_ | (/_|(/_| |_(_|| | || | http://it.net.au/~pc |
/ PO Box 869, Hillarys WA 6923, AUSTRALIA |
------------------------------
Crossposted-To: comp.os.linux.development.system,comp.os.linux.development.apps
Subject: Re: PPP over Ethernet
From: [EMAIL PROTECTED] (Pete Zaitcev)
Date: Tue, 04 May 1999 00:09:23 GMT
Frank Sweetser <[EMAIL PROTECTED]> writes:
>Mattias Wildeman <[EMAIL PROTECTED]> writes:
>> Is there anyone out there who is working on a PPP over Ethernet client
>> for Linux?
>??? PPP requires a clear text channel to send data over. no such channel
>exists for ethernet, though you could it over an IP session. what could
>this be for?
How is Ethernet not a clear text? IMHO it is quite clear.
There is an RFC about PPP over Ethernet.
It may be useful if you want to use full-duplex Ethernet over
long haul between routers. So basically it turns Ethernet into
a high speed serial.
--Pete
------------------------------
From: Sandeep Singh <[EMAIL PROTECTED]>
Subject: Re: ifconfig errors...
Date: Mon, 03 May 1999 17:13:54 -0400
I confess; I did not read all the docs. Can you tell me what I am missing?
Everything works just fine; I can telnet, ftp, http etc. But I still have
these
errors...
Sandeep
Clifford Kite wrote:
> Sandeep Singh ([EMAIL PROTECTED]) wrote:
>
> : I am also getting a LOT of errors as shown by ifconfig. Although the
> : networking set-up
> : seems to be working fine (as far as I can see). Can anybody tell me what
> : is going on
> : here? This is for a 3Com 905 card on RedHat 5.2 with kernel 2.2.5.
>
> I'd guess you didn't read linux/Documentation/Changes to find out what
> programs need upgrading.
>
> --
> Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
> /* Those who can't write, write manuals. */
------------------------------
From: [EMAIL PROTECTED]
Subject: NFS mount trouble: RPC not registered?
Date: Mon, 03 May 1999 14:46:47 -0500
I am trying to get a two node home LAN to mount directories and I'm
stuck. I've checked all the HOWTOs - but I can seem to find this one.
I have two nodes (upstairs - server, and downstairs). They can ping one
another, rlogin, export displays etc., but the NFS mounting is hosed.
It won't mount during bootup and when I do it manually
[root@naughton /etc]# mount downstairs:/net
mount: RPC: Program not registered
If I had an intelligent opinion about what this is you'd hear it. All I
have is - what does this mean?
If any one out there needs a little info, I hope this is relevant:
Upstairs /etc/fstab:
downstairs:/net /mnt/net nfs hard,intr,rsize=1024,wsize=1024
0 0
Downstairs /etc/exports:
/net upstairs(rw)
/net is on the downstairs node and I want to mount it on the upstairs
one.
If anyone can help or point me in the right direction, I'd appreciate
it.
TIA
Dan
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: es.comp.os.linux,linux.redhat.ppp,comp.os.linux.setup
Subject: Re: Problems with PPP & PAP
Date: 4 May 1999 04:54:40 GMT
In <7gkrtt$kv7$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Gernot Fink) writes:
>you need a option for pap: user myusername
>you need a option for chap: name myusername
Actually, user myusername works fine for both. And name is a priviledged
option so you must put it into the options file (or run as root).
Since the user option works, why use name?
------------------------------
From: Brodo <[EMAIL PROTECTED]>
Crossposted-To: aus.computers.linux,linux.redhat
Subject: Re: Problems with Netscape insisting on a network connection
Date: Tue, 04 May 1999 11:03:33 +1000
diald is demand dialling. I would guess what is happening is diald is forcing
netscape into a 'process wait queue' until the link is up, that way netscape,
et. al. don't realise it takes 20s for it's packet to get through...
Get rid of diald.
Dave
Phill Edwards wrote:
> With both Netscape 4.51 and 4.07 I find that if I have entries in the mail
> server or news server fields in Edit->Preferences a dial-up gets initiated
> by diald when starting Netscape. Then Netscape freezes up until the dial-up
> has been initiated. If the modem is turned off it stays frozen and the only
> way to close Netscape is to kill it.
>
> I have of course made sure that the start and home pages are not "external"
> so that's not the problem.
>
> I've tried installing bind and dns cacheing but that just initiates a
> dial-up as soon as named starts in the init scripts which is even worse.
>
> Someone has suggested that I make my SMTP server be localhost rather than my
> ISP's SMTP server. Could this be the problem? What will I do about setting
> the news server?
>
> Surely there's an easy way to stop this? Is it a general problem that people
> have had with Netscape or is it just me?
> TIA,
> -- Phill --
------------------------------
From: [EMAIL PROTECTED] (Stagga)
Subject: Netscape "Looking for..."
Date: Mon, 03 May 1999 21:34:57 GMT
Reply-To: [EMAIL PROTECTED]
I finally got my PPP connection established for sure, I'm able to ping
many different ips and get realistic responses. Now my problem lies
withing Netscape. When I try to access any url I get the old "Looking
for yadda yadda..." Let's say I'm trying to visit www.bluesnews.com,
it would say "Looking for bluesnews.com..." and thats it, and the
strange thing is when I try to ping "bluesnews.com" in Linux I get no
response. Is it possible that my connection is only recognizing IPs
and not domain names? If so, how do I go about fixing it? I have my
DNS name servers set up.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
