Linux-Networking Digest #172, Volume #11 Sun, 16 May 99 05:13:49 EDT
Contents:
Re: Linux as a server ("Max")
Re: SECURITY ISSUES: Single user restriction at lilo boot: ([EMAIL PROTECTED])
Re: Masquarading X sessions? ("Andrey Smirnov")
ip multicast problem (ioctl SIOCGETRPF) in kernel 2.2.8 (Kaifu Wu)
Re: ppp configuration: "serial link is not 8 bit clean" (Howard Mann)
Re: Route and network broadcasts ("Andrey Smirnov")
POPPASSD ("Jeff Houston")
How to setup something similar to Network Neighborhood? (Chip Wiegand)
ftp and PASV probs (Mark)
Re: can't send email through qmail (Kelvin Leung)
Re: ppp configuration: "serial link is not 8 bit clean" (Bill Unruh)
Re: PPP: where, how? Please Help! ([EMAIL PROTECTED])
Re: TN3270E on Linux? (Pascal Fleer)
PPP QUery on ISP Termination ("jas.")
Re: PPP: where, how? Please Help! ([EMAIL PROTECTED])
Re: Masquerading security ([EMAIL PROTECTED])
telnet fails with all network ports in use msg ("Subhash Ghorpade")
Re: PPP: where, how? Please Help! (.)
----------------------------------------------------------------------------
From: "Max" <[EMAIL PROTECTED]>
Crossposted-To:
z-netz.netzwerke.lan,z-netz.netzwerke.allgemein,z-netz.netzwerke.peer-to-peer,alt.os.linux,linux.samba
Subject: Re: Linux as a server
Date: Mon, 10 May 1999 14:47:41 +0100
Hi,
Aus dem Wort "Familie" schliesse ich das Sie deutsch sprechen, hoffentlich
stimmt das ...
Was meinen Sie mit Internet Server ???
a) Ein Web-Server ??
Dann sollten Sie den apche web server installieren. Er ist auf den Linux CDs
von S.u.S.E im Bereich Network zu finden. Die Standartkonfiguration sollte
reichen, da sie hier einfach die Webseiten in das Verzeichnis /usr/local/www
kopieren m�ssen. Auch f�r cgi-scripte sind schon Verzeichnisse eingerichtet.
b)Ein Internet Gateway (Ihr LAN geht �ber diesen Computer ins WWW)
Dann sollten Sie entweder masquerading, mit ipfwadm (Hilfe: man ipfwadm)
installieren, oder einen Proxy Server wie z.B. Squid, der ebenfalls auf den
CDs enthalten ist installieren.
Ich hoffe es hat geholfen...
Max Treiber
[EMAIL PROTECTED]
Familie Brandhoff / Schrader <[EMAIL PROTECTED]> schrieb
in im Newsbeitrag: [EMAIL PROTECTED]
> Hi!
>
> I got one P90 with S.u.s.e. Linux with kernel 2.0.36 and one P133 with
> both Win NT4 and Win95 on it.
>
> The P90 has a 3COM 3c509 network card, the P133 has a no name ISA PnP
> NE2000 comp. 10 Mbit LAN adapter.
>
> Now, I would like to use the Linux PC as an internet server for may
> little LAN. But I simply cannot manage it. Can you help?
>
> Oh, and if you would be so kind and would send me a copy of your answer
> as an email?
> Thanks!
>
> Dirk
>
------------------------------
Crossposted-To: comp.os.linux.security,comp.os.linux.setup,comp.os.linux.misc
Subject: Re: SECURITY ISSUES: Single user restriction at lilo boot:
From: [EMAIL PROTECTED]
Date: Sun, 16 May 1999 05:06:46 GMT
According to <[EMAIL PROTECTED]>:
> I know that booting from floppy as single user and mounting the root
> disk can be used to rescue a system with a forgotten root password. I'm
> also aware that this is a part of any unix system.
The only way to get arround this problem is to enable the CMOS
password on the machine so that the machine will not boot w/o the
password. Just about all BIOSs these days seem to support the
feature. Yes, it will really suck when Joe User power cycles the
machine (or course we know Linux never crashes...) and you need to
send someone out to key in the password.
Be aware that it is not completely secure because (1) nvram can
usually be cleared by setting a jumper on the motherboard and (2) the
disk with the password can always be removed and mounted somewhere
else.
Of course, this is *not* a solution to your *real* problem...
> This poses a problem because we plan to depoly some PCs with linux in
> our computer labs and have /home nfs mounted. Given the lack of security
> that nfs presents, this posses great problems because a user who has
> gained root access can su to any user in the domain. since most of our
> UNIX systems are setup this way, the /home directory has to be nfs
> mounted.
I think you need to read a little more about NFS configuration,
particularly the section on root exports. ;-) If you configure things
properly on your server and you have applied all your NFS security
patches, you will be reasonably secure.
It is a good idea to enforce strict host security on your lab
machines, but you should by no means depend on it in your security
model. After all, it is a trivial matter for someone to pop a Linux
laptop onto the ethernet segment. ;-)
-p.
------------------------------
From: "Andrey Smirnov" <[EMAIL PROTECTED]>
Subject: Re: Masquarading X sessions?
Date: Sat, 15 May 1999 22:19:41 -0700
I think you need to consider transparent proxy vs masquerading.
Masquerading is good for outgoing traffic, you are describing incoming
traffic from Internet to private network.
Dr. Yuan Liu wrote in message <[EMAIL PROTECTED]>...
>I use a masquarading Linux at my Internet connection. How can I get X
>servers behind the firewall to receive display? I tried setting
>$DISPLAY to the firewall, it won't work. Set it to any internal names
>(or IPs, I use private IPs), the client couldn't recognize it.
>
>Another test I made was with the routing on the other side of the
>firewall. I set a static route to my private IP. But the machine still
>attempts to route packets to default gateway.
>--
>+--- mailto:[EMAIL PROTECTED] ----------- http://www.ChiTech.ca/ ---+
>| Dr. Yuan LIU - Chitech Technologies Inc. |
>+------- (514)281-0494 ------------------ FAX (514)281-0493 ------+
------------------------------
From: [EMAIL PROTECTED] (Kaifu Wu)
Crossposted-To: comp.os.linux.development.system
Subject: ip multicast problem (ioctl SIOCGETRPF) in kernel 2.2.8
Date: 15 May 1999 22:13:05 -0700
I have been trying to setup bunch of linux systems running pimd
(http://netweb.usc.edu/pim/). I have enabled multicast routing
and PIM, and though it compiled fine under all my systems running
2.2.8, it crashed when making a call to ioctl:
21:44:18.807 ioctl SIOCGETRPF k_req_incoming: Invalid argument
and the offending code:
if (ioctl(udp_socket, SIOCGETRPF, (char *) rpfcinfo) < 0){
log(LOG_ERR, errno, "ioctl SIOCGETRPF k_req_incoming");
return(FALSE);
}
with the data structures:
struct rpfctl *rpfcinfo;
struct rpfctl {
struct in_addr source; /* the source for which we want iif and rpfnbr */
struct in_addr rpfneighbor;/* next hop towards the source */
vifi_t iif; /* the incoming interface to reach the next hop */
};
/usr/src/linux/include/linux/mroute.h:
typedef unsigned short vifi_t;
/usr/src/linux/include/linux/in.h:
/* Internet address. */
struct in_addr {
__u32 s_addr;
};
I have yet discuss this with the authors of pimd, but now it looks like
a linux-specific problem. ioctl doesn't seem to like either SIOCGETRPF
or rpfcinfo, but that's all I can tell so far.
Any help would be greatly appreciated,
Kaifu
------------------------------
From: Howard Mann <[EMAIL PROTECTED]>
Subject: Re: ppp configuration: "serial link is not 8 bit clean"
Date: 16 May 1999 05:22:50 GMT
In article <[EMAIL PROTECTED]>,
Dominic Mitchell <[EMAIL PROTECTED]> writes:
> Hi,
>
> I am trying to help two folks who are having problems setting their
> internet connection. I have the last part of the /var/log/messages
> ( they both have the same kind of messages ). They have external
> modems and can communicate with the modem through minicom.
>
> However according to the logs below, I would be tempted to say that
> their kernels does not support ppp according to their logs "serial
> link is not 8 bit clean" and "Problem: all had bit 7 set to 0". Or
> could it just be as simple as they are using the wrong device?
Nope. It's not typically a problem with ppp support in the kernel.
>
> May 10 20:24:47 localhost pppd[2405]: Serial connection established.
> May 10 20:24:57 localhost pppd[2405]: Using interface ppp0
> May 10 20:24:57 localhost pppd[2405]: Connect: ppp0 <--> /dev/modem
> May 10 20:25:28 localhost pppd[2405]: LCP: timeout sending Config-Requests
> May 10 20:25:28 localhost pppd[2405]: Connection terminated.
> May 10 20:25:28 localhost pppd[2405]: Receive serial link is not 8-bit clean:
> May 10 20:25:28 localhost pppd[2405]: Problem: all had bit 7 set to 0
>
There are many possibilities here:
Peruse : http://www.linuxHQ.com/HOWTO/PPP-HOWTO-18.html#ss18.3
Cheers,
--
Howard Mann
http://www.newbielinux.com
(a LINUX website for newbies)
Smart Linuxers search at: http://www.deja.com/home_ps.shtml
------------------------------
From: "Andrey Smirnov" <[EMAIL PROTECTED]>
Subject: Re: Route and network broadcasts
Date: Sat, 15 May 1999 22:16:31 -0700
I would suggest changing IP addresses to the private range: 192.168.x.x
------------------------------
From: "Jeff Houston" <[EMAIL PROTECTED]>
Subject: POPPASSD
Date: Mon, 10 May 1999 08:48:39 -0400
I can't seem to compile poppassd.c on Linux RedHat 5.2. I'm using gcc -c
poppassd.c... Here are the errors.
[root@athena test]# gcc -c poppassd.c
poppassd.c: In function `chkPass':
poppassd.c:308: warning: passing arg 1 of `strcmp' makes pointer from
integer wt
poppassd.c: In function `setPass':
poppassd.c:353: warning: passing arg 2 of `strcpy' makes pointer from
integer wt
poppassd.c: In function `UpdatePasswordFile':
poppassd.c:381: warning: assignment makes pointer from integer without a
cast
Thanks in advance...
Jeff
--
============================
============================
Jeff Houston
Universal Payment Processing
1515 Broad St.
Bloomfield, NJ 07003
V 973-338-4900
F 973-338-1902
------------------------------
From: Chip Wiegand <[EMAIL PROTECTED]>
Subject: How to setup something similar to Network Neighborhood?
Date: Sat, 15 May 1999 22:36:35 -0700
I have a two pc lan, soon to 3 or 4, and would like to know if its
possible to have something like winblows Network Neighborhood? Seems
that would make accessing the various pc's much easier.
chip
------------------------------
From: Mark <[EMAIL PROTECTED]>
Subject: ftp and PASV probs
Date: Sun, 16 May 1999 05:44:36 GMT
trying to set up the ftp daemon to accept passive connections.
(need server - server xfers)
Keeps failing and giving a PASV error, possible port hijack.. blabla.
if I ftp in and just type in passive, it accepts it.
?
any help?
------------------------------
From: Kelvin Leung <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.misc
Subject: Re: can't send email through qmail
Date: Sun, 16 May 1999 06:45:08 GMT
Hi Curt,
I found that it doesn't work with your suggestion. I have to put the
destination domain into rcpthosts in order to get it to work. For instance,
if I send to [EMAIL PROTECTED], I have to put microsoft.com in rcpthosts to
make it work.... Is it weird?
Kelvin
Curt wrote:
> add MYDOMAIN to /var/qmail/control/rcpthosts
> and /var/qmail/control/locals
> and /var/qmail/control/defaultdomain
>
> Kelvin Leung <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Hello,
> >
> > I have a qmail setup in my RH 5.1 system. It is connected to internet
> > through cable modem. I have PC clients connected to this server which
> > use Netscape as email client. But the PC client cannot send email
> > outside the local network. Any email going outside of this local network
> > will get the following error message:
> >
> > The mail server responded:
> > sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> > Please check the message recipients and try again.
> >
> > And I have execute the qmail-showctl, with the following setting shown:
> >
> > ============================================================
> > [root@MYHOSTNAME qmail-1.03]# qmail-showctl
> > qmail home directory: /var/qmail.
> > user-ext delimiter: -.
> > paternalism (in decimal): 2.
> > silent concurrency limit: 120.
> > subdirectory split: 23.
> > user ids: 80, 81, 82, 0, 83, 84, 85, 86.
> > group ids: 80, 81.
> >
> > badmailfrom: (Default.) Any MAIL FROM is allowed.
> >
> > bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
> >
> > bouncehost: (Default.) Bounce host name is MYHOSTNAME.MYDOMAIN.
> >
> > concurrencylocal: (Default.) Local concurrency is 10.
> >
> > concurrencyremote: (Default.) Remote concurrency is 20.
> >
> > databytes: (Default.) SMTP DATA limit is 0 bytes.
> >
> > defaultdomain: Default domain name is MYDOMAIN.
> >
> > defaulthost: (Default.) Default host name is MYHOSTNAME.MYDOMAIN.
> >
> > doublebouncehost: (Default.) 2B recipient host: MYHOSTNAME.MYDOMAIN.
> >
> > doublebounceto: (Default.) 2B recipient user: postmaster.
> >
> > envnoathost: (Default.) Presumed domain name is MYHOSTNAME.MYDOMAIN.
> >
> > helohost: (Default.) SMTP client HELO host name is MYHOSTNAME.MYDOMAIN.
> > idhost: (Default.) Message-ID host name is MYHOSTNAME.MYDOMAIN.
> >
> > localiphost: (Default.) Local IP address becomes MYHOSTNAME.MYDOMAIN.
> >
> > locals:
> > Messages for localhost are delivered locally.
> > Messages for MYHOSTNAME.MYDOMAIN are delivered locally.
> >
> > me: My name is MYHOSTNAME.MYDOMAIN.
> >
> > percenthack: (Default.) The percent hack is not allowed.q
> >
> > plusdomain: Plus domain name is home.com.
> >
> > qmqpservers: (Default.) No QMQP servers.
> >
> > queuelifetime: (Default.) Message lifetime in the queue is 604800
> > seconds.
> >
> > rcpthosts:
> > SMTP clients may send messages to recipients at localhost.
> > SMTP clients may send messages to recipients at MYHOSTNAME.MYDOMAIN.
> > SMTP clients may send messages to recipients at k166.MYDOMAIN.
> > SMTP clients may send messages to recipients at k166.localdomain.
> > SMTP clients may send messages to recipients at pm7300.MYDOMAIN.
> > SMTP clients may send messages to recipients at pm7300.localdomain.
> > SMTP clients may send messages to recipients at k166.
> > SMTP clients may send messages to recipients at pm7300.
> > SMTP clients may send messages to recipients at wonderland.dns.org.
> >
> > morercpthosts: (Default.) No effect.
> >
> > morercpthosts.cdb: (Default.) No effect.
> >
> > smtpgreeting: (Default.) SMTP greeting: 220 MYHOSTNAME.MYDOMAIN.
> >
> > smtproutes: (Default.) No artificial SMTP routes.
> >
> > timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
> >
> > timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
> >
> > timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
> >
> > virtualdomains: (Default.) No virtual domains.
> > [root@MYHOSTNAME qmail-1.03]#
> >
> > ===========================================================
> >
> > Please help... thanks.
> >
> > Kelvin
> >
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: ppp configuration: "serial link is not 8 bit clean"
Date: 16 May 1999 06:00:36 GMT
In <[EMAIL PROTECTED]> Dominic Mitchell <[EMAIL PROTECTED]> writes:
>However according to the logs below, I would be tempted to say that
>their kernels does not support ppp according to their logs "serial
>link is not 8 bit clean" and "Problem: all had bit 7 set to 0". Or
>could it just be as simple as they are using the wrong device?
ppp works fine. It is just tht the other end is sending ascii when your
end is expecting to negotiate ppp.
Look at
axion.physics.ubc.ca/ppp-linux.html
for step by step instructions for getting ppp up and running.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.setup
Subject: Re: PPP: where, how? Please Help!
Date: Sun, 16 May 1999 02:55:10 -0400
==============924FFBC4F358951ECFB7639F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I used modemtool to make the link from /dev/modem to cua0, where the modem is actually
located. I can get the modem to dial, but the connection is not completed as there is
no ppp0 interface. HOW DO I CREATE THIS INTERFACE? (Only killing X will close
minicom after dialing, BTW.)
After reading earlier posts here, I saw requests for the output from /var/log/messages
to debug this process; I have provided this information. Could someone tell me how
to intrepret this output.
> #siocdelrt
>
> /var/log/messages
> localhost kernel:registered device ppp0
> localhost pppd [1897]:pppd 2.3.5 started by root, uid 0
> localhost pppd [1897]:tcgetattr:Input/output error (5)
>
> I don't know if this is relevant: After uninstalling and reinstalling sendmail
> 8.8.7-20 it is still showing errors:
> /var/log/sendmail.st problems - checksum, size, time. The dependencies do
> not show errors:
> fetchmail-4.5.8-2
> mutt-0.93.2-2
> nmh-0.27-1
> exmh-2.0.2-4
>
> Jared
>
>
==============924FFBC4F358951ECFB7639F
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
I used modemtool to make the link from /dev/modem to cua0, where the modem
is actually located. I can get the modem to dial, but the connection
is not completed as <b>there is no ppp0 interface.</b>
<b>HOW DO I CREATE THIS INTERFACE?</b> (Only killing X will
close minicom after dialing, BTW.)
<p>After reading earlier posts here, I saw requests for the output from
/var/log/messages to debug this process; I have provided this information.
Could someone tell me how to intrepret this output.
<blockquote TYPE=CITE>#siocdelrt
<p>/var/log/messages
<br>localhost kernel:registered device ppp0
<br>localhost pppd [1897]:pppd 2.3.5 started by root, uid 0
<br>localhost pppd [1897]:tcgetattr:Input/output error (5)
<p>I don't know if this is relevant: After uninstalling and
reinstalling sendmail
<br>8.8.7-20 it is still showing errors:
<br>/var/log/sendmail.st problems
- checksum, size, time. The dependencies do
<br>not show errors:
<br>fetchmail-4.5.8-2
<br>mutt-0.93.2-2
<br>nmh-0.27-1
<br>exmh-2.0.2-4
<p>Jared
<br>
<br> </blockquote>
</html>
==============924FFBC4F358951ECFB7639F==
------------------------------
From: Pascal Fleer <[EMAIL PROTECTED]>
Subject: Re: TN3270E on Linux?
Date: Sun, 16 May 1999 09:07:10 +0200
Reply-To: [EMAIL PROTECTED]
Hi Jeff,
The only working solution at present time is to use lpr. The IBM Mainframe sends
printouts to the lpr daemon on my linux box. Works pretty well.
The x3270 package does not support the TN3270E protocol and therefore can not be
used for printing. May be, with the commitment of IBM to linux, we will see a
Personal Communications for Linux in the future ?
Pascal
Jeff Hall wrote:
> Hi,
>
> I am a newbie to Linux. I am running Redhat Linux 6.0. Does anyone know if
> there are any TN3270E emulators available for Linux besides the X3270.rpm
> that comes with the Redhat Distribution. Specifically, I looking for an
> emulator that can establish print sessions to an IBM mainframe.
>
> Thanks,
>
> [EMAIL PROTECTED]
-
------------------------------
From: "jas." <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.ppp
Subject: PPP QUery on ISP Termination
Date: Sun, 16 May 1999 14:38:00 +0800
Reply-To: [EMAIL PROTECTED]
Gentlefolk,
My ISP requires I delay reconnecting to them for 5 minutes after I get
terminated.
This would be ok, however I have a small network setup whereby I use IP
Masquerading and the built-in PPP "DEMAND" option to auto dial when
required by any node.
Does anyone have any idea how to configure up RedHat PPP to wait five
minutes before redialling even if a node requests a reconnect?
BTW - the "HOLDOFF" option refers to how long to hold off redialling
after an unsuccessful attempt. If I redial within 5 minutes it is
considered a successful connection as I do actually get logged on but
then the ISP sends a terminate-request and we hang up.
I've tried putting sleep 300 in my ip-down scripts and such but it seems
to be ignored.
cheers jas.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.setup
Subject: Re: PPP: where, how? Please Help!
Date: Sun, 16 May 1999 03:24:58 -0400
This is a multi-part message in MIME format.
==============99F9205BB9A82E7CBC94484F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Scripts are attached:
Thanks,
Jared
==============99F9205BB9A82E7CBC94484F
Content-Type: text/html; charset=us-ascii;
name="ppp-on-dialer.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ppp-on-dialer.html"
#!/bin/sh
#
# This is part 2 of the ppp-on script. It will perform the connection
# protocol for the desired connection.
#
exec chat -v \
TIMEOUT 3 \
ABORT '\nBUSY\r' \
ABORT '\nNO ANSWER\r' \
ABORT '\nRINGING\r\n\r\nRINGING\r' \
'' \rAT \
'OK-+++\c-OK' ATH0 \
TIMEOUT 30 \
OK ATDT$TELEPHONE \
CONNECT '' \
ogin:--ogin: $ACCOUNT \
assword: $PASSWORD
==============99F9205BB9A82E7CBC94484F
Content-Type: text/html; charset=us-ascii;
name="ppp-on.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ppp-on.html"
#!/bin/sh
#
# Script to initiate a ppp connection. This is the first part of the
# pair of scripts. This is not a secure pair of scripts as the codes
# are visible with the 'ps' command. However, it is simple.
#
# These are the parameters. Change as needed.
TELEPHONE=555-5555 # The telephone number for the connection
ACCOUNT=<put [email protected] here> # The account name for logon (as in 'George Burns')
PASSWORD=<put acct passwd here> # The password for this account (and 'Gracie Allen')
LOCAL_IP=0.0.0.0 # Local IP address if known. Dynamic = 0.0.0.0
REMOTE_IP=0.0.0.0 # Remote IP address if desired. Normally 0.0.0.0
NETMASK=255.255.255.0 # The proper netmask if needed
#
# Export them so that they will be available at 'ppp-on-dialer' time.
export TELEPHONE ACCOUNT PASSWORD
#
# This is the location of the script which dials the phone and logs
# in. Please use the absolute file name as the $PATH variable is not
# used on the connect option. (To do so on a 'root' account would be
# a security hole so don't ask.)
#
DIALER_SCRIPT=/etc/ppp/ppp-on-dialer
#
# Initiate the connection
#
# I put most of the common options on this command. Please, don't
# forget the 'lock' option or some programs such as mgetty will not
# work. The asyncmap and escape will permit the PPP link to work with
# a telnet or rlogin connection. You are welcome to make any changes
# as desired. Don't use the 'defaultroute' option if you currently
# have a default route to an ethernet gateway.
#
/sbin/route del default
exec /usr/sbin/pppd lock modem crtscts /dev/ttyS2 115200 \
$LOCAL_IP:$REMOTE_IP \
noipdefault netmask $NETMASK defaultroute connect $DIALER_SCRIPT
==============99F9205BB9A82E7CBC94484F
Content-Type: text/html; charset=us-ascii;
name="ppp-off.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ppp-off.html"
#!/bin/sh
######################################################################
#
# Determine the device to be terminated.
#
if [ "$1" = "" ]; then
DEVICE=ppp0
else
DEVICE=$1
fi
######################################################################
#
# If the ppp0 pid file is present then the program is running. Stop it.
if [ -r /var/run/$DEVICE.pid ]; then
kill -INT `cat /var/run/$DEVICE.pid`
#
# If the kill did not work then there is no process running for this
# pid. It may also mean that the lock file will be left. You may wish
# to delete the lock file at the same time.
if [ ! "$?" = "0" ]; then
rm -f /var/run/$DEVICE.pid
echo "ERROR: Removed stale pid file"
exit 1
fi
#
# Success. Let pppd clean up its own junk.
echo "PPP link to $DEVICE terminated."
/sbin/route add default eth0
exit 0
fi
#
# The ppp process is not running for ppp0
echo "ERROR: PPP link is not active on $DEVICE"
exit 1
==============99F9205BB9A82E7CBC94484F==
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Masquerading security
Date: Sun, 16 May 1999 07:13:29 GMT
> > Shouldn't be possible if you bind the masquerading to a special
> >device,
> > means:
> >
> > If you allow the kernel to only forward packets from the local net
> >(say
> > 192.168.1.0/24 or similar) when they came in on device eth0. Then
> >spoofing
> > the packet to source 192.168.1.* but sending it in thru another
> >device like ppp0 will not forward this packet...
>
> The only problem is that this can not be accomplished that straight
> forward as you wrote it down with ipchains since in forwarding rules
> packets can only be matched by the destination interface but not the
> interface the packet came in on. The most simple solution to avoid
> spoofing of the source address would be (assuming a 2.2 kernel):
>
> echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter
> echo 0 >/proc/sys/net/ipv4/conf/all/accept_source_route
>
> Masquerading then can be enabled troguh the world bound interface like
> following:
>
> ipchains -A forward -j MASQ -s 192.168.1.0/24 -i ppp0
Ahh.. I see through your response the ipchains has that capability to
bind the device. But as far as I can tell you cannot specifically
name a device to bind with ipfwadm only its address (probably one of
the reasons for ipchains but I just now got this box up after a long
break).
After digging a little deeper into the HOWTO's I found the advanced
firewall rules but the script created doesn't run quite right for me
(it balks at the way I try to retrieve the dynamic ip). The only other
work around I can think of is to list all possible subnets I could be
assigned to. Place that into the interface field of a deny. With the
source being any local net and the destination being 0.0.0.0/0
Argus
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "Subhash Ghorpade" <[EMAIL PROTECTED]>
Subject: telnet fails with all network ports in use msg
Date: Sun, 16 May 1999 02:20:59 -0500
I recently installed RH6 on a I486 and have most of the network stuff
working correctly. However, I am not able to connect to the Linux box from
another computer.
If I try to telnet, even from the same machine (ie. telnet 0) I get the
messages:
Trying ...
Connected to n.n.n.n
Escape character is '^]'
telnetd: All network ports in use.
Connection closed by foreign host
Similarly, when I try to ftp to the RH6, I get
Connected to n.n.n.n
421 Service not available, remote server has closed connection
Any ideas on whats missing from my setup?
SG
------------------------------
From: . <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: PPP: where, how? Please Help!
Date: 16 May 1999 00:46:38 -0700
Try netcfg (the command in x) or linux-conf (in x using toolbar in xdm). And
select ppp/slip section and choose add.
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>
>--------------924FFBC4F358951ECFB7639F
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>I used modemtool to make the link from /dev/modem to cua0, where the modem is
>actually
>located. I can get the modem to dial, but the connection is not completed as
>there is
>no ppp0 interface. HOW DO I CREATE THIS INTERFACE? (Only killing X will
>close
>minicom after dialing, BTW.)
>
>After reading earlier posts here, I saw requests for the output from
>/var/log/messages
>to debug this process; I have provided this information. Could someone tell me
>how
>to intrepret this output.
>
>> #siocdelrt
>>
>> /var/log/messages
>> localhost kernel:registered device ppp0
>> localhost pppd [1897]:pppd 2.3.5 started by root, uid 0
>> localhost pppd [1897]:tcgetattr:Input/output error (5)
>>
>>I don't know if this is relevant: After uninstalling and reinstalling sendmail
>> 8.8.7-20 it is still showing errors:
>>/var/log/sendmail.st problems - checksum, size, time. The dependencies
>>do
>> not show errors:
>> fetchmail-4.5.8-2
>> mutt-0.93.2-2
>> nmh-0.27-1
>> exmh-2.0.2-4
>>
>> Jared
>>
>>
>
>--------------924FFBC4F358951ECFB7639F
>Content-Type: text/html; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
><!doctype html public "-//w3c//dtd html 4.0 transitional//en">
><html>
>I used modemtool to make the link from /dev/modem to cua0, where the modem
>is actually located. I can get the modem to dial, but the connection
>is not completed as <b>there is no ppp0 interface.</b>
><b>HOW DO I CREATE THIS INTERFACE?</b> (Only killing X will
>close minicom after dialing, BTW.)
><p>After reading earlier posts here, I saw requests for the output from
>/var/log/messages to debug this process; I have provided this
>information.
>Could someone tell me how to intrepret this output.
><blockquote TYPE=CITE>#siocdelrt
><p>/var/log/messages
><br>localhost kernel:registered device ppp0
><br>localhost pppd [1897]:pppd 2.3.5 started by root, uid 0
><br>localhost pppd [1897]:tcgetattr:Input/output error (5)
><p>I don't know if this is relevant: After uninstalling and
>reinstalling sendmail
><br>8.8.7-20 it is still showing errors:
><br>/var/log/sendmail.st problems
>- checksum, size, time. The dependencies do
><br>not show errors:
><br>fetchmail-4.5.8-2
><br>mutt-0.93.2-2
><br>nmh-0.27-1
><br>exmh-2.0.2-4
><p>Jared
><br>
><br> </blockquote>
></html>
>
>--------------924FFBC4F358951ECFB7639F--
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
