Linux-Networking Digest #66, Volume #11 Fri, 7 May 99 07:13:39 EDT
Contents:
server reboot, client can't umount w/o reboot - help! (Barry)
Re: no pingies in very simple network ([EMAIL PROTECTED])
Re: ip-masq/ppp addressing ("d. martin")
Re: Routing NTweb traffic to Apache on Linux w/private IP ("d. martin")
Re: ipchains broken in Debian Potato? (Paul Rusty Russell)
ethernet card not detected, ioport conflict? (Winrider)
remote-syslog entries from JetDirect (Oliver Nittka)
Re: IPChains in RedHat 6.0 ("d. martin")
Re: PPP - PAP problem ([EMAIL PROTECTED])
Re: PPP - PAP problem ([EMAIL PROTECTED])
Re: Routing and router redundancy (Radovan Brako)
Re: Routing non-routable address (M. Buchenrieder)
Re: Ipchains and lots of interfaces (Paul Rusty Russell)
interface between pentium and DEC machines ([EMAIL PROTECTED])
Re: Debian Firewall Questions ("d. martin")
Re: Help: NFS/mount params ineffective ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Barry <[EMAIL PROTECTED]>
Subject: server reboot, client can't umount w/o reboot - help!
Date: Fri, 07 May 1999 08:21:11 GMT
Hi folks,
I have a problem here: My Win95 server rebooted and now I can't umount
(or remount) the Samba shares on the Linux client without rebooting :-(
I had the same problem with NFS but that sorted itself out when the
server was restarted, although if anyone knows of a solution there (in
case the server doesn't become available again) that would be
apreciated!
How can I kill the mount (connection)?
smbumount reports "Could not open /mnt/mordor-d: Input/Output error"
Help - my uptime is at stake !
Barry
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: no pingies in very simple network
Date: Fri, 07 May 1999 07:04:04 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Luca Filipozzi) wrote:
> In article <7gremp$6r4$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> >
> >
> > I'm having trouble with what must be a bloody trivial problem. I've got two
> > machines, one desktop, one laptop, a hub, two ehternet cards, and can not
get
> > the two machine talking to each other in Linux.
> >
> > I've tried everything, to no avail,it works when one of the
> > machines is running Windows(which really irks me).
> >
> > Just some examples of what I've tried:
> >
> > using route add default eth0
> > checking that gated is not running
> > making each machine it's own gateway (!)
> >
> > To keep it simple, I'm using the two basic commands to get things up and
> > running:
> >
> > ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up (resp. 192.168.0.2 on
> > the other machine)
> > and
> > route add -net 192.168.0.0 netmask 255.255.255.0 eth0 (same on both
> > machines of course)
> >
> > ifconfig -a shows:
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
> > UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
> > RX packets:39748 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:39748 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0
> >
> > eth0 Link encap:Ethernet HWaddr 00:10:5A:DD:02:99
> > inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0
> > Interrupt:10 Base address:0x300
> >
> > and route shows:
> >
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 192.168.0.0 * 255.255.255.0 U 0 0 1
> > eth0
> > localhost * 255.0.0.0 U 0 0 5
> > lo
> >
> > But it don't work! I'd appreciate any help!
> >
> > Regards,
> > Dennis
> >
> > -----------== Posted via Deja News, The Discussion Network ==----------
> > http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
> >
>
> FIRST (ensure kernel likes Ethernet card)
>
> Your routing table and ifconfig statements look good. Try rebooting and
> using dmesg to see if the kernel complained about your Ethernet card at
> all.
>
> NEXT (attempt to isolate problem by packet sniffing)
>
> Try using running "tcpdump -i eth0 -n ip proto 1" while you are pinging
> the other machine to see if icmp echo request packets are even making it
> out of the local machine's interface.
>
> If you see echo requests, then the local machine is ok but the remote one
> is broken.
>
> If you don't see echo requests, then it's the local machine that's
> broken.
>
> Do the same for the other machine. At least this way we can hopefully
> isolate the problem.
>
> NEXT (ensure that the firewall rules don't block icmp packets)
>
> Check to ensure that you don't have firewall filters blocking traffic.
> You can use the following to list the rules
> "ipfwadm -I -l -n" to check the Incoming rules
> "ipfwadm -O -l -n" to check the Outgoing rules
> "ipfwadm -F -l -n" to check the Forwarding rules
> I don't know the syntax for ipchains, sorry.
>
> You can use the following to flush the rules and accept by default
> "ipfwadm -I -f -p accept"
> "ipfwadm -O -f -p accept"
> "ipfwadm -F -f -p accept"
>
> NEXT (post again if the above doesn't help)
>
> Luca
>
> --
> Luca Filipozzi <[EMAIL PROTECTED]>
>
Hi again,
I've switched off PNP for the card, though I don't know if it made a
difference. Kernel message reveals: ay 7 08:42:21 dennis kernel: eth0: 3c509
at 0x300 tag 1, 10baseT port, address 00 10 5a dd 02 99, IRQ 10. May 7
08:42:21 dennis kernel: 3c509.c:1.16 2/3/98 [EMAIL PROTECTED] May
7 08:42:21 dennis kernel: eth0: Setting Rx mode to 1 addresses.
BTW, this is as it was without switching off PNP. Windoze has this card on irq
11 in PNP but who knows how Windoze assigns irq's!
Tried tcpdump on both machines and this machine (desktop) is the culprit in
so far as I get no echo, but echo on the laptap (as expected as laptop can
talk to desktop when desktop is running windows and runs against network at
work.
What now my foul weather friends. Could it still be something with the card?
Thanks for your efforts!
Dennis
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "d. martin" <[EMAIL PROTECTED]>
Subject: Re: ip-masq/ppp addressing
Date: Fri, 7 May 1999 03:52:30 -0500
As long as L1, H1, and C1 all contain the same subnet ip addresses as you
companies and you have ip-masq running - no problem.
John Hickmott wrote in message <[EMAIL PROTECTED]>...
>I have a small home network. L1 runs rh5.2, ip-masq and ppp to connect
>to net. H1 runs HP-UX 10.20 as client to access net via L1. W1 runs
>Win95 as client to access net via L1. I also have company provided
>laptop, C1, running rh5.2/Win98 that I want to be able to connect to hub
>and access net via L1 when I bring it home. In order to avoid
>re-configuring C1 all the time, I figured just set up my home network
>with company IP addressing and depend on ip-masq to keep the addresses
>hidden. Is this unreasonable? I am having mixed results and need
>guidance. I have a lot of questions that I could go into, but the main
>one is: When using ip-masq, shouldn't it be irrelevent what local
>addresses I use? All the docs and HOWTO's only talk about using the
>reserved addresses.
>
>Thank you
>John Hickmott
>[EMAIL PROTECTED]
>
>
------------------------------
From: "d. martin" <[EMAIL PROTECTED]>
Subject: Re: Routing NTweb traffic to Apache on Linux w/private IP
Date: Fri, 7 May 1999 04:18:04 -0500
Options:
Put Proxy server on the NT Box. It will do the address translation and can
forward web requests to appropriate server. A proxy client does not have to
exist on the Apache box. NT proxy does this and it's probably offered on
other shareware or cheap proxies (if they exit?)
Install Apache on the NT Box and use ReverseProxy, ProxyPass options to
route traffic. This will also mask the internal address and it costs
nothing.
Dave Brown wrote in message ...
>I am trying to all requests from my NT box to my Linux Apache web server.
>
>Here's the scenario:
>
>My NT box is dialed into my ISP so I have a temporary IP address that I
>can use for web serving from my NT box. This is just for testing a
>development web site so I don't care that it's not a static IP address. I
>have all of my web based html, servlets, etc.. on my Linux box running
>Apache. I would like to route the calls coming to my NT box to the apache
>server.
>
>I tried going into IIS and forwarding all traffic to my linux box for a
>particular site, but that only works here since it a private network.
>Since the linux box has a 192.168.xxx.xxx IP address the real world
>doesn't know how to route to it.
>
>Any ideas???
>
>Thanks,
>
>Dave Brown
>
>
------------------------------
Subject: Re: ipchains broken in Debian Potato?
From: Paul Rusty Russell <[EMAIL PROTECTED]>
Date: 07 May 1999 08:56:11 +0930
Tomas Halvarsson <[EMAIL PROTECTED]> writes:
> Hello.
>
> Yesterday, I upgraded my machine from Debian Slink to Debian
> Potato. After that, ipchains doesn't work properly. All the rules
> I had set up before (denying, logging, forwarding etc.) just went
> straight down the toilet.
Really? That seems unlikely... I'm a Debian user myself. ipchains
hasn't seen any large changes, and IIRC they jumped from 1.3.4 to
1.3.8.
Do you have any evidence that it's ipchains's fault? Have you tried
running it manually.
Rusty.
--
Tridge, Raster, DaveM, Cort, maddog... Where will you be 9-11 July 1999?
http://www.linux.org.au/projects/calu
------------------------------
From: Winrider <[EMAIL PROTECTED]>
Subject: ethernet card not detected, ioport conflict?
Date: Thu, 06 May 1999 23:05:15 +0100
Reply-To: "[EMAIL PROTECTED];Winrider"@ix.netcom.com
During startup, dmesg did not report my ethernet card (LinkSys
EtherPCI LAN II) and when I check /proc/ioport
I see
...
3000-3007 IDE DMA
3008-300f IDE DMA
<end>
I read the doc saying that we should keep those port clear.
How do I get rid of those IDE DMA?
Some more info: in the dmesg, i see IDE device starting up
ide :i82371 PIIX (triton) on PCI bus 0 function 57
ide0:BM-DMA at 0300-0307
ide1:DM-DMA at 0308-030f
Arnold
I
------------------------------
From: Oliver Nittka <[EMAIL PROTECTED]>
Subject: remote-syslog entries from JetDirect
Date: 7 May 1999 07:01:37 GMT
hi all !
since yesterday, we're using a JetDirect-cartridge to connect one of
out printers to the ethernet.
the card supports a "syslog server" to which the documentation says it
can send its logging entries (we're using the lpd host part on the
printer card)
i just typed in the ip of one of our linux boxes, but nothing's
appearing in the syslog. there's one entry in my syslog.conf which
catches *.*, so i suppose i have to give this partcular host (the
printer card) the right to do a remote syslog entry.
does anybody know how to enable this ?
tia !
-- oly
--
Oliver Nittka | [EMAIL PROTECTED]
ESEM Gruenau GmbH & Co. KG | http://www.esem.com
Riedheimer Str.6 | phone: +49 7544 9583-25
88677 Markdorf / Germany | fax: +49 7544 9583-60
------------------------------
From: "d. martin" <[EMAIL PROTECTED]>
Subject: Re: IPChains in RedHat 6.0
Date: Fri, 7 May 1999 04:23:50 -0500
Your probably still on the old kernel. Red Hat has full instructions for
kernel upgrade on 5.2 on their Web site in the support section. Did you read
these.
Francois Magnan wrote in message ...
>Hi,
>
>I have RedHat 5.2 installed on my 486 router. I would like to use
>ipchains to forward the X windows ports to internal machines so I can
>run X apps on external machines and be able to display on an internal
>machine.
>
>I don't have enough hard-disk space to install a c compiler to
>recompile a new kernel version but I installed the kernel2.2.5-15 rpm
>and edited /etc/lilo.conf to make lilo boot the new kernel.
>
>When I try to run ipchains I get an error message:
>ipchains: Incompatible with this kernel
>
>What did I do wrong?
>Thank you,
>Francois Magnan
>
>--
>______________________________________________________
>Francois Magnan
>Departement de Mathematique & Statistiques
>Universite de Montreal
>email: [EMAIL PROTECTED] (MIME, NeXTMail Ok!)
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: PPP - PAP problem
Date: Fri, 07 May 1999 06:07:01 GMT
Thanks to Clifford Kite & Bill Unruh for your response.
Here are my updated files.
Sorry about that garbled /var/log/ppp.
Edgar Caranto
My pap-secrets
edgarc * secret *
My chatscript file:
TIMEOUT 60
ABORT ERROR
ABORT BUSY
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
"" "AT"
OK "atdt9,6381952"
TIMEOUT 30
CONNECT '\d\c'
My options file:
lock
defaultroute
noipdefault
modem
/dev/ttyS1
115200
crtscts
debug
passive
asyncmap 0
name edgar
Here is a more sanitized /var/log/ppp May 7 13:20:31 edgarc pppd[486]: pppd
2.2.0 started by root, uid 0 May 7 13:20:32 edgarc chat[487]: timeout set to
60 seconds May 7 13:20:32 edgarc chat[487]: abort on (ERROR) May 7 13:20:32
edgarc chat[487]: abort on (BUSY) May 7 13:20:32 edgarc chat[487]: abort on
(NO CARRIER) May 7 13:20:32 edgarc chat[487]: abort on (NO DIALTONE) May 7
13:20:32 edgarc chat[487]: send (AT^M) May 7 13:20:32 edgarc chat[487]:
expect (OK) May 7 13:20:32 edgarc chat[487]: AT^M^M May 7 13:20:32 edgarc
chat[487]: OK -- got it May 7 13:20:32 edgarc chat[487]: send
(atdt9,6381952^M) May 7 13:20:32 edgarc chat[487]: timeout set to 30 seconds
May 7 13:20:32 edgarc chat[487]: expect (CONNECT) May 7 13:20:32 edgarc
chat[487]: ^M May 7 13:20:52 edgarc chat[487]: atdt9,6381952^M^M May 7
13:20:52 edgarc chat[487]: CONNECT -- got it May 7 13:20:52 edgarc
chat[487]: send (\d) May 7 13:20:53 edgarc pppd[486]: Serial connection
established. May 7 13:20:54 edgarc pppd[486]: Using interface ppp0 May 7
13:20:54 edgarc pppd[486]: Connect: ppp0 <--> /dev/ttyS1 May 7 13:20:54
edgarc pppd[486]: sent [LCP ConfReq id=0x1 <mru 1500> <asyncmap 0x0> <magic
0x51ca7080> <pcomp> <accomp>] May 7 13:20:55 edgarc pppd[486]: rcvd [LCP
ConfReq id=0x29 <asyncmap 0xa0000> <auth pap> <magic 0x98bddeae> <pcomp>
<accomp>] May 7 13:20:55 edgarc pppd[486]: sent [LCP ConfRej id=0x29 <auth
pap>] May 7 13:20:55 edgarc pppd[486]: rcvd [LCP ConfReq id=0x2a <asyncmap
0xa0000> <auth pap> <magic 0x98bddeae> <pcomp> <accomp>] May 7 13:20:55
edgarc pppd[486]: sent [LCP ConfRej id=0x2a <auth pap>] May 7 13:20:55
edgarc pppd[486]: rcvd [LCP ConfReq id=0x2b <asyncmap 0xa0000> <auth pap>
<magic 0x98bddeae> <pcomp> <accomp>] May 7 13:20:55 edgarc pppd[486]: sent
[LCP ConfRej id=0x2b <auth pap>] May 7 13:20:55 edgarc pppd[486]: rcvd [LCP
ConfReq id=0x2c <asyncmap 0xa0000> <auth pap> <magic 0x98bddeae> <pcomp>
<accomp>] May 7 13:20:55 edgarc pppd[486]: sent [LCP ConfRej id=0x2c <auth
pap>] May 7 13:20:56 edgarc pppd[486]: rcvd [LCP ConfReq id=0x2d <asyncmap
0xa0000> <auth pap> <magic 0x98bddeae> <pcomp> <accomp>] May 7 13:20:56
edgarc pppd[486]: sent [LCP ConfRej id=0x2d <auth pap>] May 7 13:20:56
edgarc pppd[486]: Modem hangup May 7 13:20:56 edgarc pppd[486]: Connection
terminated. May 7 13:20:56 edgarc pppd[486]: Exit.
> Thanks,
> Edgar P. Caranto
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: PPP - PAP problem
Date: Fri, 07 May 1999 06:12:07 GMT
Thanks to Clifford Kite & Bill Unruh for your response.
Here are my updated files.
Sorry about that garbled /var/log/ppp.
Edgar Caranto
My pap-secrets
edgarc * secret *
My chatscript file:
TIMEOUT 60
ABORT ERROR
ABORT BUSY
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
"" "AT"
OK "atdt9,6381952"
TIMEOUT 30
CONNECT '\d\c'
My options file:
lock
defaultroute
noipdefault
modem
/dev/ttyS1
115200
crtscts
debug
passive
asyncmap 0
name edgar
Here is a more sanitized /var/log/ppp May 7 13:20:31 edgarc pppd[486]: pppd
2.2.0 started by root, uid 0 May 7 13:20:32 edgarc chat[487]: timeout set to
60 seconds May 7 13:20:32 edgarc chat[487]: abort on (ERROR) May 7 13:20:32
edgarc chat[487]: abort on (BUSY) May 7 13:20:32 edgarc chat[487]: abort on
(NO CARRIER) May 7 13:20:32 edgarc chat[487]: abort on (NO DIALTONE) May 7
13:20:32 edgarc chat[487]: send (AT^M) May 7 13:20:32 edgarc chat[487]:
expect (OK) May 7 13:20:32 edgarc chat[487]: AT^M^M May 7 13:20:32 edgarc
chat[487]: OK -- got it May 7 13:20:32 edgarc chat[487]: send
(atdt9,6381952^M) May 7 13:20:32 edgarc chat[487]: timeout set to 30 seconds
May 7 13:20:32 edgarc chat[487]: expect (CONNECT) May 7 13:20:32 edgarc
chat[487]: ^M May 7 13:20:52 edgarc chat[487]: atdt9,6381952^M^M May 7
13:20:52 edgarc chat[487]: CONNECT -- got it May 7 13:20:52 edgarc
chat[487]: send (\d) May 7 13:20:53 edgarc pppd[486]: Serial connection
established. May 7 13:20:54 edgarc pppd[486]: Using interface ppp0 May 7
13:20:54 edgarc pppd[486]: Connect: ppp0 <--> /dev/ttyS1 May 7 13:20:54
edgarc pppd[486]: sent [LCP ConfReq id=0x1 <mru 1500> <asyncmap 0x0> <magic
0x51ca7080> <pcomp> <accomp>] May 7 13:20:55 edgarc pppd[486]: rcvd [LCP
ConfReq id=0x29 <asyncmap 0xa0000> <auth pap> <magic 0x98bddeae> <pcomp>
<accomp>] May 7 13:20:55 edgarc pppd[486]: sent [LCP ConfRej id=0x29 <auth
pap>] May 7 13:20:55 edgarc pppd[486]: rcvd [LCP ConfReq id=0x2a <asyncmap
0xa0000> <auth pap> <magic 0x98bddeae> <pcomp> <accomp>] May 7 13:20:55
edgarc pppd[486]: sent [LCP ConfRej id=0x2a <auth pap>] May 7 13:20:55
edgarc pppd[486]: rcvd [LCP ConfReq id=0x2b <asyncmap 0xa0000> <auth pap>
<magic 0x98bddeae> <pcomp> <accomp>] May 7 13:20:55 edgarc pppd[486]: sent
[LCP ConfRej id=0x2b <auth pap>] May 7 13:20:55 edgarc pppd[486]: rcvd [LCP
ConfReq id=0x2c <asyncmap 0xa0000> <auth pap> <magic 0x98bddeae> <pcomp>
<accomp>] May 7 13:20:55 edgarc pppd[486]: sent [LCP ConfRej id=0x2c <auth
pap>] May 7 13:20:56 edgarc pppd[486]: rcvd [LCP ConfReq id=0x2d <asyncmap
0xa0000> <auth pap> <magic 0x98bddeae> <pcomp> <accomp>] May 7 13:20:56
edgarc pppd[486]: sent [LCP ConfRej id=0x2d <auth pap>] May 7 13:20:56
edgarc pppd[486]: Modem hangup May 7 13:20:56 edgarc pppd[486]: Connection
terminated. May 7 13:20:56 edgarc pppd[486]: Exit.
> Thanks,
> Edgar P. Caranto
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Radovan Brako)
Subject: Re: Routing and router redundancy
Date: 7 May 1999 12:12:05 +0200
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Mark)
writes:
>I currently have a 10Mbs network and I am considering moving some of the
>systems that generate the heaviest traffic to a 100Mbs segment.
>
>I am considering doing this using Linux and ip forwarding to route packets
>appropriately between the two segments.
>
>i.e.
>eth0 - 10Mbs segment - 192.168.255.0
>eth1 - 100Mbs segment - 192.168.254.0
>
>However, in such a setup the router has to be extremely reliable, if the
>router should fail (hardware failure, naturally) then the two subnetworks
>would become invisible to each other, this is not an acceptable solution.
You should also consider using a 10/100 switching hub (which can
put any port in 10 or in 100 mode) or a switch, staying on the
same /24 net, which, I understand, is the case now. Switches/hubs
are more reliable in the context of your problem. (Unless you have
other reasons for routing, e.g. high traffic or too many hosts.)
>How could I implement a secondary (backup) router into such a scheme to allow
>some redundancy and how would I set up and configure such a system.
I don't think there are off-the-shelf solutions for backup router
in Linux (maybe you should ask on the linux-net mailing list), but
you may try your own solution with another box which reconfigures
itself into a router if pings to the "main" router fail...
RB
>Thanks for any suggestions
>Mark Garner
------------------------------
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: Routing non-routable address
Date: Fri, 7 May 1999 07:00:14 GMT
Bob Eckhardt <[EMAIL PROTECTED]> writes:
>Im trying to set up a linux box with to network cards, what I want to do
>is allow linux to go ahead
>and route the 192.168.XX non routable addresses to a routable address
>network on the second interface.
Well, they're called non-routable for a reason.
>If I do network address translation it will work, or use routable
>addresses it works but I don't want that right now.
Why ?
>Is this a limitation with linux or am I missing something.
This is the default behaviour if using non-routable addresses, and it is
completely untrelated to the OS used.
>As it stands
>right now the 192 addresses cant get past the linux box
>without translation. HELP
Well, you can forward them internally, but not externally through a
valid IP address. If you want to connect two private networks, IP
forwarding will work, but as soon as you have to go out into the
real world, you'll need masquerading.
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
------------------------------
Subject: Re: Ipchains and lots of interfaces
From: Paul Rusty Russell <[EMAIL PROTECTED]>
Date: 07 May 1999 10:04:50 +0930
"Jan Johansson" <[EMAIL PROTECTED]> writes:
> A friend runs a machine with 5 ethernet devices (long story as to why)
>
> four of them have 192.168.[1-4].254 as their IP ( eth1 = .1.254 eth2 =
> ..2.254 etc etc) and eth0 is connected via cable to the internet.
>
> Now.. if we just use "-A forward -s 192.168.1.0/0 -d 0/0 -b -j MASQ" (repeat
> for all four internal nets) we get all traffic masqureaded which isnt
> desirable, since we want the machine to work as a "transparent" router for
> the four 192.168 nets.. i know i can fix this by writing 12 (or will it be
> 16?) rules, but is there a magic way to do somehting like this?
Use `-i eth0'.
Rusty.
--
Tridge, Raster, DaveM, Cort, maddog... Where will you be 9-11 July 1999?
http://www.linux.org.au/projects/calu
------------------------------
From: [EMAIL PROTECTED]
Subject: interface between pentium and DEC machines
Date: Fri, 07 May 1999 06:23:12 GMT
Our existing system got Mainframe Computer using VMS operating system. It
provides all On-line information of old style. I am not aware of VMS operating
system & its internal structure. Existing application developed by C++. I am a
Visual Basic (ver 5.0) programmer. I don't know much about protocols, firewall
I want to create a link from my Pentium to Mainframe. In Pentium I got
Windows-95 & Microsoft Visual Basic 5.0 Ent. Verson. Is that any Active-X
control which links both hardware as well as software?
� What are the possibilities of hardware connect (i.e. ports) which supports
both Pentium & Mainframe?
� What are the possibilities of Software Connect (i.e. protocols/ RCP)?
� What are the possibilities of send data formats from local machine (Pemtium)
to Remote machine (Mainframe)?
� If VB Winsock Active Control with TCP or UDP protocols solves the above
problem how the send a user input as packet format from Pentium to Mainframe?
� Which is best protocol for above problem. Is it TCP or UDP?
� Is Winsock supports to create a Packet? If No, how to link TCP program into
VB application?
� What will be the Server side program, which Listen an incoming Client
Request? Can we use VB5.0 application in Mainframe?
� After received the data from Remote machine (Mainframe) how to decode
Packets to show results on my VB application? ******* � Any the possibilities
of above problem solved by another software and Hardware?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "d. martin" <[EMAIL PROTECTED]>
Subject: Re: Debian Firewall Questions
Date: Fri, 7 May 1999 05:26:48 -0500
Some Considerations:
No guards against spoofing internal address
No blocking of any input. Processes destined for local processes will not
use forwarding
No limitation of ports on any chain, allowing any connection between the
outside and internal networks or the server.
Just my opinion:
I would reread the ipchains how-to and only open needed ports for all input
and output and protect against spoofing per the how-to. If you don't have
any local services offered over the Internet such as www or smtp I would
block all incoming syn tcp ports and place rejects on idents. Then use the
ipchains -C option to check addresses / port combinations to make sure
correct the correct traffic is being denied and allowed.
Was this the cause of your NetWare problem: Probably not. To make it even
reasonably accessible you would have had to have both IP and Telnetd running
on the NetWare server and a very good hacker.
Fraser Campbell wrote in message ...
>
>I recently set up a firewall for a customer using slink and kernel
>2.2.3. I just want to verify that the setup is secure. I have read
>through the Firewall HOWTO but it hasn't been updated since 1996 and
>doesn't reflect the software I am using now ... so I ask here.
>
>eth0: 1.2.3.4 (external interface)
>eth1: 192.168.1.1 (internal interface)
>
>The server has been running great without reboot for over a month and
>everyone is very happy. The internal LAN consists of Windows (3.1, 95,
>98 and NT), Novell, DOS and Linux machines.
>
>Over the weekend the LAN administrator had some Novell accounts
>disappear from one of the internal servers. He asked if someone could
>have come through the firewall and done it. I find it doubtful but
>thought I should ask people more knowledgeable than myself.
>
>There is no running inetd. netstat -a show this:
>
>Active Internet connections (including servers)
>Proto Recv-Q Send-Q Local Address Foreign Address
>State
>raw 0 0 *:1 *:*
>raw 0 0 *:6 *:*
>Active UNIX domain sockets (including servers)
>unix 1 [ ] STREAM CONNECTED 22313 @00000011
>unix 1 [ ] STREAM CONNECTED 35 @00000002
>unix 1 [ ] STREAM CONNECTED 29 @00000001
>unix 0 [ ACC ] STREAM LISTENING 26 /dev/log
>unix 1 [ ] STREAM CONNECTED 22314 /dev/log
>unix 1 [ ] STREAM CONNECTED 36 /dev/log
>unix 1 [ ] STREAM CONNECTED 30 /dev/log
>
>I am using kernel 2.2.3 (soon to be 2.2.5) and ipchains. My ipchains
>rules are as follows:
>
>ipchains -P forward DENY
>ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
>
>which listing chains give:
>
>Chain input (policy ACCEPT):
>Chain forward (policy DENY):
>target prot opt source destination
>ports
>MASQ all ------ 192.168.1.0/24 anywhere n/a
>Chain output (policy ACCEPT):
>
>How secure is this setup? Is there any way for people on the Internet
>to come through and connect to internal hosts?
>
>Also, I have installed ipac in the hope that I can monitor connection
>attempts from outside our network. Does the slink ipac package work with
>ipchains and kernel 2.2.x?
>
>Thanks for your time and any assistance!
>
>Fraser
>
>P.S. This message was originally posted to debian-isp and debian-user. I
>did not get any useful feedback there so I'll try here now. Please copy
>responses to me by email ... it is difficult for me to access news. I will
>respond to the group(s) if appropriate.
>
>P.P.S. Please don't tell me to upgrade to 2.2.7. I am aware of the
>vulnerabilities in 2.2.3 and will upgrade shortly.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Help: NFS/mount params ineffective
Date: 7 May 1999 08:12:50 GMT
Hi,
[EMAIL PROTECTED] spoke these words of wisdom:
: I've used several different sets of parameters and the results have always
: been the same... I get an RPC timeout after 2 minutes and 3 seconds. Here
: are a couple of examples that I've tried:
[...]
: Now, 'rhost' is shutdown right now. I've been sniffing the wire as I do this
: and here's what happens: I send out a billion arp requests and since none of
: them get answered... it quits. I have the feeling this is an RPC thing. It
: seems no matter what, I can't get RPC to wait longer (than 2min03secs) before
: it times out... nor, can I force it to timeout sooner (as I thought the last
: example above would do).
: Can someone help? I'm sure this can't be that difficult, I'm just overlooking
: something.
like booting 'rhost'? If I understood correctly, you are trying
to mount a filesystem from 'rhost', which is not running, and
thus can't possibly respond to RPC requests, causing a timeout.
Fire up 'rhost' and you should be set, as long as it exports
the right filesystem!
Bye,
Mike
--
<< the above email addr might disappear, reply to: >>
<< Michael.Sievers -(at)- desy.de >>
Black holes are where God divided by zero.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
