Linux-Networking Digest #137, Volume #11 Thu, 13 May 99 06:13:47 EDT
Contents:
Global SOCKS Client (Dave)
Q) How to limit telnetd sessions (Brian Hong (=?iso-8859-1?Q?=C8=AB=BF=B5=C1=F8?=))
Re: Did RedHat 5.2 config include ip-masquerate? (Carles Arjona)
Re: BOOTP relay and CIDR (Carles Arjona)
Re: RARP RARP RARP RARP (Carles Arjona)
Re: ppp upgrade & ppp over minicom (James Lee)
3c574 (Brian)
Re: My mute Netgear FA310TX ethernet card (Jeff Howard)
Re: Open PPP connection on demand (bill davidsen)
isdn/suse6.0/teles16.0/planet-interkom (frank engel)
video card special request ("Gunther Huygens")
Re: Usernet 'configuration' ("Prasanth Kumar")
IP forwarding in firewalls and masquerade boxes ("newsvr")
RedHat Linux 6.0 Supports IBM PCI Token Ring? (X. Ning)
wanted: driver for network card dlink de-530ct+ (Bon-Minh Lam)
----------------------------------------------------------------------------
From: Dave <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Global SOCKS Client
Date: Thu, 13 May 1999 04:15:09 GMT
Is there a way to redirect all TCP/IP activity to a SOCKS server
transparently to applications?
OS/2 did this so well - even NBT worked through the SOCKS5 Proxy server.
Anyone know of a way to do this in Linux?
Thanks...
------------------------------
From: Brian Hong (=?iso-8859-1?Q?=C8=AB=BF=B5=C1=F8?=) <[EMAIL PROTECTED]>
Subject: Q) How to limit telnetd sessions
Date: Thu, 13 May 1999 13:37:40 +0900
Dear linux expert:
Thank you for your reading my article.
I have a linux muchine accessed by 10 persons.
Supposing one person uses just one telnet session, the linux box
doesn't need to serve too many telnet sessions for them, I think...
Could you advice me how to limit the number of telnet session in
my linux box?
Regards,
Brian
--
Brian Hong (ȫ����) Inet, Inc. (=PSINet Korea)
Ph) +82-2-531-7923 Email) [EMAIL PROTECTED] , [EMAIL PROTECTED]
Fx) +82-2-555-8127 Home) http://members.iworld.net/wits
================================================================
* Service price
http://www.iworld.net/Services/iLink/#Svc_Fee
http://www.iworld.net/Services/iWeb/#Svc_Fee
http://www.InetPhone.net/fee.html
================================================================
------------------------------
From: Carles Arjona <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: Did RedHat 5.2 config include ip-masquerate?
Date: Wed, 12 May 1999 20:29:55 +0200
Mark Lo <[EMAIL PROTECTED]> wrote:
>
> I tried to make ip-masquerate with ipfwadm under Redhat 5.2. However, I
> couldn't make it work. I wonder it may not include in Kernel. Could
> anyone tell me if ip-masquerate included in Kernel by Redhat 5.2
Yes it is, so you don't need to re-compile:
[root@localhost /]# cat /proc/net/ip_masquerade
Prc FromIP FPrt ToIP TPrt Masq Init-seq Delta PDelta Expires
(free=4096,4096,4096)
Some specific applications are also supported by modules:
[root@localhost /]# /sbin/modprobe -l ip_masq*
/lib/modules/preferred/ipv4/ip_masq_vdolive.o
/lib/modules/preferred/ipv4/ip_masq_raudio.o
/lib/modules/preferred/ipv4/ip_masq_quake.o
/lib/modules/preferred/ipv4/ip_masq_irc.o
/lib/modules/preferred/ipv4/ip_masq_ftp.o
/lib/modules/preferred/ipv4/ip_masq_cuseeme.o
[root@localhost /]# cat /proc/net/ip_masq_app
prot port n_attach name
UDP 7648 0 cuseeme
TCP 21 0 ftp
I'm using this script to start and stop masquerading on a working RH 5.2
Linux gateway (pre compiled 2.0.36-0.7 kernel):
---- Cut here ---------
#!/bin/sh
# masquerading This shell script takes care of starting and stopping
# IP masquerading.
# by Carles Arjona
LOCALNET=192.168.1.0
NETMASK=255.255.255.0
case "$1" in
start)
echo "Starting IP Masquerading "
# Uncomment the services you need.
/sbin/modprobe ip_masq_ftp
#/sbin/modprobe ip_masq_raudio
#/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_cuseeme
#/sbin/modprobe ip_masq_vdolive
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S $LOCALNET/$NETMASK -D 0.0.0.0/0
;;
stop)
echo "Stoping IP Masquerading "
/sbin/ipfwadm -F -d m -S $LOCALNET/$NETMASK -D 0.0.0.0/0
# or even /sbin/ipfwadm -F -f
for a in $( /sbin/modprobe -l ip_masq_* )
# It was:
# for a in /lib/modules/`uname -r`/ipv4/ip_masq_*
# but this didn't work on RedHat 5.2.
do
/sbin/modprobe -r `basename $a`
done
;;
*)
echo "Usage: masquerading {start|stop}"
exit 1
esac
exit 0
---- Cut here ---------
Since i have a dial-up connection, i added this line:
/usr/local/sbin/masquerading start
to my /etc/ppp/ip-up.local script, and this one:
/usr/local/sbin/masquerading stop
to my /etc/ppp/ip-down.local script.
Also make sure that IP forwarding is enabled. If
grep FORWARD /etc/sysconfig/network
reports "FORWARD_IPV4=false" then change it to "FORWARD_IPV4=true" and
restart the network devices:
/etc/rc.d/init.d/network restart
More info at:
http://www.tor.shaw.wave.ca/~ambrose/
http://www.xos.nl/linux/ipfwadm/paper/
Regards.
PS.: You might add a singnature to your postings saying that .REMOVE
must be deleted. Most people don't like looking for something extrange
into your e-mail address in order to help you.
Carles Arjona [EMAIL PROTECTED]
-
Please, just remove the second NOSPAM for replies from newsgroups.
(Yes, NOSPAM is my real username)
[Don't send me e-mail copies of usenet postings, please]
------------------------------
From: Carles Arjona <[EMAIL PROTECTED]>
Subject: Re: BOOTP relay and CIDR
Date: Sun, 09 May 1999 19:17:19 +0200
Taisto Qvist wrote:
>
> Anyone who's got the answer for my question about
> forwarding bootp/dhcp requests ?
>
> >>Taisto Qvist wrote:
> >>
> >> How can i make my linuxrouter (redhat 5.2 with kernel 2.0.36)
> >> relay BOOTP/DHCP requests?
From the dhcp-2.0b1pl6-2.i386.rpm package of RedHat 5.2:
man dhcrelay:
"NAME
dhcrelay - Dynamic Host Configuration Protocol Relay Agent
DESCRIPTION
The Internet Software Consortium DHCP Relay Agent, dhcrelay, provides
a means for relaying DHCP and BOOTP requests from a subnet to which no
DHCP server is directly to one or more DHCP servers on other subnets."
PS.: I didn't test it.
Regards.
Carles Arjona [EMAIL PROTECTED]
-
Please, just remove the second NOSPAM for replies from newsgroups.
(Yes, NOSPAM is my real username)
[Don't send me e-mail copies of usenet postings, please]
------------------------------
From: Carles Arjona <[EMAIL PROTECTED]>
Subject: Re: RARP RARP RARP RARP
Date: Mon, 10 May 1999 23:12:49 +0200
Greg Weeks wrote:
>
> In article <[EMAIL PROTECTED]>,
>
> > All I want to do is add RARP support to my RedHat 5.2 System so I can
> > boot my sun :-)
>
> It's not a module. Recompile the kernel.
On a RedHat 5.2 Linux box (pre-compiled 2.0.36-0.7 kernel with its
^^^^^^^^^^^^
modules, from the kernel-2.0.36-0.7.i386.rpm package):
[root@localhost /]# /sbin/rarp -a
This kernel does not support RARP.
[root@localhost /]# /sbin/modprobe -l rarp*
/lib/modules/preferred/ipv4/rarp.o
[root@localhost /]# /sbin/modprobe rarp
[root@localhost /]# /sbin/lsmod | grep rarp
rarp 1 0
[root@localhost /]# /sbin/rarp -a
RARP disabled until entries added to cache.
So maybe the rarp.o module is the one which provides the RARP support to
the pre-compiled kernel of RedHat 5.2 :-) (and you don't need
recompiling at all).
Regards.
Carles Arjona [EMAIL PROTECTED]
-
Please, just remove the second NOSPAM for replies from newsgroups.
(Yes, NOSPAM is my real username)
[Don't send me e-mail copies of usenet postings, please]
------------------------------
From: James Lee <[EMAIL PROTECTED]>
Subject: Re: ppp upgrade & ppp over minicom
Date: 13 May 1999 00:46:52 -0500
Clifford Kite <kite@NoSpam.%�inetport.com> wrote:
: #! /bin/sh
: exec /usr/sbin/chat -v \
: TIMEOUT 3 \
: ABORT 'NO DIALTONE' \
: ABORT 'NO CARRIER' \
: ABORT BUSY \
: ABORT 'NO ANSWER' \
: ABORT RINGING \
: '' ATZ \
: 'OK-+++\c-OK' ATH0 \
: TIMEOUT 30 \
: OK ATW2L1 \
: OK ATDT$TELEPHONE \
: CONNECT '\c' \
: name:--name: $ACCOUNT \
: word:--word: $PASSWORD \
: '>' 'terminal download' \
: '>' 'ppp default'
: -------------------------------------------------------------------------
well, it seems that this script works a little better than the
original ones when the \r and what nots were removed. Is this reason
enough that the sample scripts should be changed, since I have seen
you cleaning up the scripts for a couple of other people as well?
However, it seems that xisp and kppp still connects more often than
pppd/chat directly. I'm not sure why. Might be the way these two tools
set up the chat script, although I see no reason why this should be so.
: The modified chat script above may help you connect. It's essentially
: the one you posted that has been cleaned up a little, the expect prompts
: changed, and a new line added - I think that the new prompts and extra
: line will work for you.
Actually, my main problem is the connection between atdt and connect,
not so much the ppp negotiation. Anyway, now that the connection seems
to be easier, the rest isn't so much of a problem (occasionally, but
not so bad as to be a real nuisance). But, of course, my line is
still very bad.
Thanks.
------------------------------
From: Brian <[EMAIL PROTECTED]>
Subject: 3c574
Date: Wed, 12 May 1999 23:03:37 -0600
I am trying to get a 3c574 to work but with no luck. Is there someone
that can help. I get that it has failed durinf boot up when it is
trying to delay starting eth0
------------------------------
From: Jeff Howard <[EMAIL PROTECTED]>
Subject: Re: My mute Netgear FA310TX ethernet card
Date: Mon, 10 May 1999 15:30:33 -0500
Funny, that
I have that card in both of my home PCs. Both of which run kernels from the 2.2
series (2.2.7 and 2.2.6) As long as it's compiled in the kernel it works
perfectly. Haven't tried the modular approach tho...
Jeff
bryan wrote:
> its especially problematic in the 2.2 kernel series.
>
> worked FLAWLESSLY in 2.0 but NASTY AND MEAN <g> in the 2.2 series.
>
> I have to deinstall mine since my nameserver keeps going offline due
> to that damned card ;-( ;-(
>
> Frank Miles <[EMAIL PROTECTED]> wrote:
> : In article <[EMAIL PROTECTED]>, Mark M. Ito <[EMAIL PROTECTED]> wrote:
> : >Folks,
> : >
> : >Can't get my new ethernet card to talk. It's a Netgear, auto-sensing
> : >10/100 Mbps fast ethernet PCI adapter, model FA310TX. Up to now I've
> : >been using a 3c509 on a 10baseT line without a problem. I heard that I
> : >should use the tulip.o driver in my /etc/conf.modules and it seems to
> : >initialize OK, but no ping. A colleague has used this card with this
> : >driver with success (he rebuilds his kernel, I'm trying the modular
> : >approach). Some more details:
>
> : [snipped details]
>
> : You may want to look at DejaNews. This card has been a frequent source
> : of difficulties. I, for one, ended up swapping it out for a different
> : manufacturer's card in one machine, even though it worked flawlessly
> : in another machine.
>
> : -frank
>
> : --
>
> --
> Bryan
------------------------------
From: [EMAIL PROTECTED] (bill davidsen)
Subject: Re: Open PPP connection on demand
Date: 13 May 1999 03:44:48 GMT
In article <[EMAIL PROTECTED]>,
root <[EMAIL PROTECTED]> wrote:
| I have a very small cute little network here , two workstations and one
| Redhat 5.2 server. I use the server to connect both workstations
| to the internet. I've just set it up and it's working fine,
| although at this moment I manually make the connection to the
| internet. What I would like is to configure it so that
| the internet connection opens automatically when I
| want to send or receive email or browse the net.
| How can I do this ? Can I do that with squid ?
| Or is there a simpler way ?
If you don't mind doing things the easy way, write an option file for
ppd using the 'demand' and 'idle' options, and just start pppd using
that. No GUI, no trying to get some tool to write a useful options file
for you, just create one from scratch using vi or whatever, and it will
work.
--
bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
One common problem is mistyping an email address and creating another
valid, though unintended, recipient. Always check the recipient's
address carefully when sending personal information, such as credit
card numbers, death threats or offers of sexual services.
------------------------------
Date: Thu, 13 May 1999 09:51:52 +0200
From: frank engel <[EMAIL PROTECTED]>
Subject: isdn/suse6.0/teles16.0/planet-interkom
hey folks,
can anybody help me ?
for a few days now I'm trying to get an internet-connection with the
configuration
named in the headline
1. with yast (no success)
2. with KISDN (also no success)
loading the HISAX module is OK,
kernel compiled and so on
my /var/log/messages-file says the following (isdn-cause e0010):
May 12 18:30:43 rechner ipppd[590]: Modem hangup
May 12 18:30:43 rechner ipppd[590]: Connection terminated.
May 12 18:30:43 rechner ipppd[590]: taking down PHASE_DEAD link 0,
linkunit: 0
May 12 18:30:43 rechner ipppd[590]: closing fd 19 from unit 0
May 12 18:30:43 rechner ipppd[590]: link 0 closed , linkunit: 0
May 12 18:30:43 rechner ipppd[590]: reinit_unit: 0
May 12 18:30:43 rechner ipppd[590]: Connect[0]: /dev/ippp0, fd: 19
May 12 18:30:43 rechner isdnlog: May 12 18:30:43 tei 65 calling +49
/191700, Germany with +49
89/55510116, M�nchen HANGUP ( 0:00:01 I=209.0 b O=160.0 b) Normal call
clearing (User)
May 12 18:30:50 rechner kernel: OPEN: 1.1.1.1 -> 195.182.96.29 UDP,
port: 1039 -> 53
May 12 18:30:50 rechner kernel: ippp0: dialing 1 010900191700...
May 12 18:30:50 rechner isdnlog: May 12 18:30:50 * tei 65 calling ? with
+49 89/55510116, M�nchen CPN
+498955510116
May 12 18:30:50 rechner isdnlog: May 12 18:30:50 * tei 65 calling +49
/191700, Germany with +49
89/55510116, M�nchen RING (Data)
May 12 18:30:52 rechner isdnlog: May 12 18:30:52 tei 65 calling +49
/191700, Germany with +49
89/55510116, M�nchen Time:Wed May 12 18:24:00 1999
May 12 18:30:52 rechner isdnlog: May 12 18:30:52 tei 65 calling +49
/191700, Germany with +49
89/55510116, M�nchen CONNECT (Data)
May 12 18:30:52 rechner kernel: isdn_net: ippp0 connected
May 12 18:30:52 rechner kernel: isdn_net: chargetime of ippp0 now 44974
May 12 18:30:52 rechner ipppd[590]: Local number: 08955510116, Remote
number: 010900191700, Type:
outgoing
May 12 18:30:52 rechner ipppd[590]: PHASE_WAIT -> PHASE_ESTABLISHED,
ifunit: 0, linkunit: 0, fd: 19
May 12 18:30:53 rechner isdnlog: May 12 18:30:53 tei 65 calling +49
/191700, Germany with +49
89/55510116, M�nchen Normal call clearing (User)
May 12 18:30:53 rechner kernel: isdn: HiSax,ch0 cause: E0010
this is my comment :-) ---> WHY ????????
May 12 18:30:53 rechner kernel: ippp0: remote hangup (0)
May 12 18:30:53 rechner kernel: ippp0: Chargesum is 0
May 12 18:30:53 rechner kernel: idx=0 drv=0 ch=0
May 12 18:30:53 rechner isdnlog: May 12 18:30:53 tei 65 calling +49
/191700, Germany with +49
89/55510116, M�nchen HANGUP ( 0:00:01 I=209.0 b O=160.0 b) Normal call
clearing (User)
May 12 18:30:53 rechner ipppd[590]: Modem hangup
May 12 18:30:53 rechner ipppd[590]: Connection terminated.
May 12 18:30:53 rechner ipppd[590]: taking down PHASE_DEAD link 0,
linkunit: 0
May 12 18:30:53 rechner ipppd[590]: closing fd 19 from unit 0
May 12 18:30:53 rechner ipppd[590]: link 0 closed , linkunit: 0
May 12 18:30:53 rechner ipppd[590]: reinit_unit: 0
May 12 18:30:53 rechner ipppd[590]: Connect[0]: /dev/ippp0, fd: 19
IS ANYBODY OUT THERE
(guess what: theres's pink floyd playing in the radio...)
...who's able to help me ?
thanx a lot,
DEF
------------------------------
From: "Gunther Huygens" <[EMAIL PROTECTED]>
Subject: video card special request
Date: Sat, 1 May 1999 10:46:04 +0200
Which of the existing videocard
is able to have PC2TV and:
1) provides images for monitor and PC on the same time
2) Provides possibility to have different windows/outputs on monitor and TV
at the same time
give all the products you know that perform 1)
give all the products you know that perform 2)
Preferably not too expensive. (Linux supported => X )
(I know am asking too much but already have spent hours surfing and haven't
find something that can
help me with this)
I probably will be 0/c cele to 100FSB
What is the difference between Quantum EX en CR?
which HDD good to o/c Quantum, Seagate, IBM ?
Greetings from Flanders
Gunther
------------------------------
From: "Prasanth Kumar" <[EMAIL PROTECTED]>
Subject: Re: Usernet 'configuration'
Date: Thu, 13 May 1999 03:58:57 GMT
Did you try using the "netcfg" gui interface to configure the dialup?
Steve Hall <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi there,
>
> I've (finally) got my PPP connection to my ISP working (RH5.2) -
> hurrah! Unfortunately i have to type this huge command in to start the
> connection every time :
>
> /usr/sbin/pppd /dev/modem 115200 debug user bk875 connect
> "/usr/sbin/chat -v '' AT OK ATD5551234 CONNECT '\d\c'"
>
> I'd like to use the 'quick-n-easy' Usernet app to turn ppp on/off but
> using this does not seem to generate quite the right options for pppd.
> What files control the options passed to pppd & chat via Usernet. I'd
> have thought /etc/ppp/options,
> /etc/sysconfig/network-scripts/ifcfg-ppp0 and chat-ppp0 were the ones
> but this doesn't quite ring true.
>
> Forgive this probably rather stupid question but i'm still learning!
> Alternatively if anyone knows a better way to start/stop PPP (on
> demand/startup) please point me in that direction!
>
> Many thanks
>
> Steve H
>
>
------------------------------
From: "newsvr" <[EMAIL PROTECTED]>
Subject: IP forwarding in firewalls and masquerade boxes
Date: Mon, 10 May 1999 14:23:51 -0700
The Firewall HOWTO and some other sources that I've looked at emphasize that
you should turn IP forwarding off in firewalls and (I believe) IP
masquerading boxes as well. In principle I understand that you should turn
off all the services possible to secure a box. My question is, what
vulnerabilities does IP forwarding expose?
For instance suppose you have an IP masquerading box with two nics -- one
talking to a 192.168.x.y private network, and one with a public IP address.
I can see how maybe a cracker could come send some packets to the public
side of the masq box that appeared to come from an 192.168.x.y address...
but I can't see how that would do a cracker any good. And if I am guessing
right and this is how a cracker would exploit IP forwarding, then is there a
way to stipulate that packets from a 192.168.x.y address should be rejected
by the publicly accessible NIC?
Thanks in advance
Don
------------------------------
From: [EMAIL PROTECTED] (X. Ning)
Subject: RedHat Linux 6.0 Supports IBM PCI Token Ring?
Date: 12 May 1999 21:57:23 -0400
Hello Everyone:
I am really a new-comer into the Linux world. I bought RedHat Linux 5.2
two weeks ago. However, I can not make it work with my IBM PCI Token Ring
adapter and S3 Trido3D (4M) video card. Could anyone please tell me if the
coming RedHat Linux 6.0 will support the token ring and video card?
Thank you very much.
Frank
Please cc to [EMAIL PROTECTED]
--
XiaoGuang NING
------------------------------
From: [EMAIL PROTECTED] (Bon-Minh Lam)
Subject: wanted: driver for network card dlink de-530ct+
Date: Thu, 13 May 1999 11:16:54 +0200
Hi, could someone point me to a site where I can download the required
driver?
Any hints appreciated.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
