Linux-Networking Digest #229, Volume #11 Fri, 21 May 99 15:13:59 EDT
Contents:
Re: how to log traffic on a linux router (ByteMe)
2 ISP IP Masq works only with 1 ("jay")
Re: Lost my NIC (Vidar Andresen)
Re: 2 ethernet cards? (Vidar Andresen)
Re: What are good 100baseTX cards for RH 5.2 (Vidar Andresen)
Re: PPP Problem: What does my ISP want? (Rand Simberg)
Re: Samba frustrations (ByteMe)
Re: Firewall question (strong ruleset) (ByteMe)
realserver+broadcast (Christian Hahn)
Re: New cable modem means I have a lot to learn (ByteMe)
Re: smbmount trouble (Thomas Zimmerman)
IPPORTFW setup ("F.P. Groeneveld")
Re: Subnet Confusion (Paul Michael Tevis)
Re: Two network cards ("Jim Scheffler")
Re: PPP server question??? (Valentin Abramov)
----------------------------------------------------------------------------
From: ByteMe <[EMAIL PROTECTED]>
Subject: Re: how to log traffic on a linux router
Date: Fri, 21 May 1999 00:11:45 -0700
==============9996A090D508F224E99126AC
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
urgrue wrote:
> i need to figure out a way to have my linux router keep track of bytes
> sent/received to three separate networks (all connected to the internet via the
> router). currently i've got ipfwadm doing it, but unfortunately it doesnt quite
> offer the versatility i need.
> basically i need something that can monitor how much traffic goes in and out of
> each separate network. it would also be highly preferable if we could keep
> track of what addresses on the internet they are accessing.
>
> thanks
> [EMAIL PROTECTED]
You will have to move up to a proxy server for that kind of logging (sockd or
fwtk-2.0 )
fwtk-2.0 can be found at tis firewall they are part of network assoc. now and
freely distribute this pkg. but you have to send them an e-mail to request it do a
search once you get there.
they keep it on there ftp.server.com when the e-mail returns ( takes 10 sec. )
there will be the hidden dir where the files are stored ( read th README's on this
) youcan also get info on fwtk-2.0 from redhat.com documentation project HOWTO's
click here
==============9996A090D508F224E99126AC
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<HTML>
urgrue wrote:
<BLOCKQUOTE TYPE=CITE>i need to figure out a way to have my linux router
keep track of bytes
<BR>sent/received to three separate networks (all connected to the internet
via the
<BR>router). currently i've got ipfwadm doing it, but unfortunately it
doesnt quite
<BR>offer the versatility i need.
<BR>basically i need something that can monitor how much traffic goes in
and out of
<BR>each separate network. it would also be highly preferable if we could
keep
<BR>track of what addresses on the internet they are accessing.
<P>thanks
<BR>[EMAIL PROTECTED]</BLOCKQUOTE>
You will have to move up to a proxy server for that kind of logging
(sockd or fwtk-2.0 )
<P>fwtk-2.0 can be found at <A HREF="http://www.tic.com">tis firewall</A>
they are part of network assoc. now and freely distribute this pkg. but
you have to send them an e-mail to request it do a search once you get
there.
<P>they keep it on there <A HREF="ftp.tislabs.com">ftp.server.com</A>
when the e-mail returns ( takes 10 sec. ) there will be the hidden dir
where the files are stored ( read th README's on this ) youcan also get
info on fwtk-2.0 from redhat.com documentation project HOWTO's <A
HREF="http://www.redhat.com/mirrors/LDP/HOWTO/Firewall-HWOTO.html">
click here</A></HTML>
==============9996A090D508F224E99126AC==
------------------------------
From: "jay" <[EMAIL PROTECTED]>
Subject: 2 ISP IP Masq works only with 1
Date: 21 May 1999 17:32:21 GMT
IP Masq with ISP wt.net quit working correctly several months ago. The
winboxes can ftp and read news but Netscape/IE3 fails. Netscape works on
the linux masq box. I gave up after trying to fix it after trying reinstall
Rh5.1, different configurations, etc.
Now: I tried a student ISP account at uh.edu. IP Masq works as it should.
Without rebooting either box wt.net still does not work correctly. Dialing
and connecting with first one then the other gives the same results: with
ISP wt.net ip masq fails to work correctly and with ISP uh.edu ip masq
works correctly.
The uh.edu account is "free" but often busy so it is not an alterative.
Any ideas?
Is something wrong with my configurations or do I need a new ISP?
------------------------------
From: [EMAIL PROTECTED] (Vidar Andresen)
Subject: Re: Lost my NIC
Date: Fri, 21 May 1999 02:15:03 +0200
In article <[EMAIL PROTECTED]>,
Chad Cunningham <[EMAIL PROTECTED]> wrote:
>My NIC has stopped working... Had it going for several months now, then
>the other day I booted into windows to resize some partitions. Went back
>to linux and the NIC isn't working now... When I try to activate eth0
>(via dhcp), I get the error
>
>insmod: /lib/modules/2.2.5-15/net/3c509.o: init_module: Device or
>resource busy
cat /proc/interrupts
cat /proc/ioports
Anything else taking the place the nic is supposed to take?
(/etc/conf.modules Are the values correct?)
>dhcpcd[558]: ioctl SIOCGIFHWADDR (ifConfig): No such device
>
>I just upgraded to redhat 6.0 to try and fix the problem, before
>upgrading, the error I got was something like
>
>dhcpcd[558]: ioctl SIOCGIFHWADDR (ifConfig): Operation not supported by
>device
>
>All I did was boot into windows :(
Cold boot? Warm boot? PnP set to off on the card? The irq on it set
to isa-only in bios? (Bios set to 'boot wit pnp-os' to 'on'? set it
to 'off'.)
What could have happened is windows setting up your machine to the
values it wants. (wich is not the values you want..) And then a warm
boot will leave you with it.
But you might had a lot of reboots.
Does it work with static ip?
Mvh Vidar Andresen
------------------------------
From: [EMAIL PROTECTED] (Vidar Andresen)
Subject: Re: 2 ethernet cards?
Date: Fri, 21 May 1999 01:28:04 +0200
In article <[EMAIL PROTECTED]>,
Dale Einarson <[EMAIL PROTECTED]> wrote:
>Hello all,
> I have 2 ethernet cards. one PCI one ISA. one via. I can't get eth1 to
>work...
I guess the drivers for your nic's are _not_ compiled into the kernel.
That mean you have to load it as modules. The method using lilo and
probing for two nic's demand drivers into the kernel. So:
>/etc/lilo.conf
>===============================================
>boot = /dev/hda
>timeout = 50
>prompt
> vga = normal
> append = append="ether=0,0,eth0 ether=0,0,eth1"
The last line above is confusing. Take it away.
> read-only
>map=/boot/map
>install=/boot/boot.b
>image = /boot/vmlinuz-2.2.5-15
> label = linux
> append = "ether=0,0,eth0 ether=0,0,eth1"
The line above could work with drivers into the kernel. If you dont
have it, take it away.
> initrd = /boot/initrd-2.2.5-15.img
> root = /dev/hda5
(and rerun lilo after it is done.)
(_If_ drivers is in the kernel, try to get the values on the isa-nic, both
irq and io, and let the '"ether=0,0,eth0' be '"ether=5,0x280,eth0' _if_
that is the values on the nic. The pci-nic i think dont need
irq-value, so a 'ether=0,0x300,eth1' or anything like it, with the
values on the nic, could work.)
> If I don't have any ethX "options" in conf.modules (as seem below)
>eth0 is found. Yet if I try to specify irq io or anything. eth0 doesn't
>load either!
Could be lilo doing the job for you.
> If I swap the eth0 to have "ne" and eth1 with "via-rhine" it will
>still load "via-rhine" on eth0 (with eth1 not found?).
Could be lilo doing the job for you.
>I know from the bios that the "ne" card is on irq 5, but as I wrote,
>I can't get it to work.
Have you used any kind of setup-util on the card? (is it pnp? disable
it on the nic.)
Assuming the ne-card is the isa-card (otherwise another driver should
be used) to be set to and hold irq 5. Is irq 5 set to 'isa only' or
'legacy' in bios? I guess that will stop any pci-card for grabbing
the irq. Is there a 'boot with pnp-os' set to 'on' in bios? Disable it.
Is anything else on irq 5?
cat /proc/interrupts
cat /proc/ioport
(cat /proc/ioports?)
>PS: "alias parport_lowlevel parport_pc" what is that? the power
>manager?
Dont know, dont use. Paralell-port-something.
(will it take your irq 5?)
Try to disable it if it prevents the nic form loading.
>SYSTEM STATS
>------------------------------------------------
>Red Hat Linux release 6.0 (Hedwig)
>Kernel 2.2.5-15 on an i686
>
>/etc/conf.modules
>===============================================
>alias scsi_hostadapter aic7xxx
>alias parport_lowlevel parport_pc
>alias sound es1371
Try to disable all three above. If it helps, enable one at a time to
se what caused the trouble.
>alias eth0 via-rhine
>alias eth1 ne
(and as i dont have any ne-card, this is general trouble-shooting, go
for the doc's.)
Mvh Vidar Andresen
------------------------------
From: [EMAIL PROTECTED] (Vidar Andresen)
Crossposted-To: comp.os.linux,comp.os.linux.redhat
Subject: Re: What are good 100baseTX cards for RH 5.2
Date: Thu, 20 May 1999 20:21:30 +0200
In article <[EMAIL PROTECTED]>,
Vlad Petersen <[EMAIL PROTECTED]> wrote:
[...]
>Intel makes (or used to make) some 10/100 ISA cards. I am not near the
>Linux system which uses this card and don't remember its exact name but
>it was some kind of EtherExpress line. I don't know whether it's as fast
>as PCI 100baseT cards but I was able to network that system with others
>which used 3Com PCI-based 100baseT cards and that was sufficient enough
>for me.
The Ethernet-HOWTO:
2.6. Programmed I/O vs. Shared Memory vs. DMA
[...]
The ISA bus can do 5.3MB/sec (42Mb/sec), which sounds like more
than enough for 10Mbps ethernet. In the case of the 100Mbps
cards, you clearly need a faster bus to take advantage of the
network bandwidth.
I guess that mean that the isa-bus is enough for 10Mbps nic's, no real
need for 10Mbps pci-cards. But as long as the isa-bus is not able to
handle full load on a 100Mbps network. The isa-bus will be a
bottleneck. If used as a solution to connect isa-only machines to a
100Mbps net. It will work. With the above limitations.
Mvh Vidar Andresen
------------------------------
From: [EMAIL PROTECTED] (Rand Simberg)
Subject: Re: PPP Problem: What does my ISP want?
Date: Fri, 21 May 1999 17:11:26 GMT
On Fri, 21 May 1999 08:33:40 -0500, in a place far, far away, Clifford
Kite <[EMAIL PROTECTED]> made the phosphor on my monitor glow in
such a way as to indicate that:
>
>You can determine with certainty whether the IRQ is the problem by using
> '' ATZ as the first chat expect/send and OK ATDT13108960011
>as
>the second. Note the time difference between the time when the ATZ is
>sent and the time the OK appears. A difference of more than 1 or 2
>seconds
>means the IRQ of the device file is misconfigured (19 seconds is common
>for a misconfigured IRQ).
Well, I tried an ATZ, and it did give me an 18-second delay. This is
driving me nuts, because according to the web site for my Best Data
Products modem, the dip switches are configured for COM3 IRQ7, and
when I run setserial for ttyS2, it tells me that the modem is IRQ7.
So there's no conflict between the hardware and the device file,
unless the modem documentation is wrong. I had it set on IRQ5, but
that caused a hardware conflict with something else on the machine
(probably some other port on the MB). If I go to IRQ4 I get a mouse
conflict, and those are the only options on COM3. Perhaps if I try
something on COM4 instead...
************************************************************************
simberg.interglobal.org * 310 372-7963 (CA) 307 739-1296 (Jackson Hole)
interglobal space lines * 307 733-1391 (Fax) http://www.interglobal.org
"Extraordinary launch vehicles require extraordinary markets..."
Replace first . with @ and throw out the "@trash." to email me.
Here's my email address for autospammers: [EMAIL PROTECTED]
------------------------------
From: ByteMe <[EMAIL PROTECTED]>
Subject: Re: Samba frustrations
Date: Fri, 21 May 1999 00:23:27 -0700
Pavel Grinfeld wrote:
> Hi,
>
> I think I'm a pretty experienced Linux user but I seem to be completely
> missing this Samba thing.
> I followed the instructions for installation and setup but I have no
> clue how to even test it.
>
> For instance, under 95 I go to Tools->Map Network Drives
> Then what? What do I enter for the path?
>
> Then I go Add Printer->Network Printer
> Then what? What's the Path.
> If I do Browse, I get Network Neighborhood... Entire network but nothing
> under there.
>
> Can any one please give me a jump start? (The main thing I'm interested
> in is sharing linux hardware with windows.)
>
> My setup is this.
> A linux box with 2 interfaces. eth1 is the local network. The IP address
> is 146.125.4.98
> The box is (very successfully) running IP Masquerading. In has an lp:
> printer configured. That woks fine, too.
>
> The windows box is connected with a cross-over cable directly to eth1.
> Like I said, all basic stuff is working. I can use the web (ip masq),
> ftp, telnet, etc the linux box.
>
> Many thanks in advance!
>
> Pavel
A follow up to my last post Watch out how you setup your forwarding
policies , if you don't do it right after you get samba working YOU WILL
BE HACKED BY SOME ONE ON THE NET !!!
------------------------------
From: ByteMe <[EMAIL PROTECTED]>
Subject: Re: Firewall question (strong ruleset)
Date: Fri, 21 May 1999 00:26:58 -0700
Francois Magnan wrote:
> On 05/18/99, "David Means" wrote:
> >
> >Is this rule at the end of a list of rules, most of
> which accept packets
> >that
> >come in from outside from*particular* privileged ports ?
> If so, then the
> >way to read this is: "if it hasn't matched something
> already, and claims to
> >be coming from a privileged port, ditch it."
> >
>
> Hi,
>
> Yes, I understand clearly what the rules mean. By the way, the
> firewall rules in question come from the standard:
>
> http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/ipmasq-
> HOWTO-1.71-6.html
>
> I just don't understand why I should drop those packets claiming to be
> originating from a privileged port on the remote machine. Is this to
> limit the ports available for the local users so that they cannot use
> any external service? I trust my local users so I don't need to limit
> the internal access to the internet. Is there a way a hacker could
> profit from the acceptance of all those packets (from the exterior).
>
> Thank you,
> Francois Magnan
>
> --
> ______________________________________________________
> Francois Magnan
> Departement de Mathematique & Statistiques
> Universite de Montreal
> email: [EMAIL PROTECTED] (MIME, NeXTMail Ok!)
All any body needs is a trusted host name and that port and they are in
your machine !!!
that's why you need to drop it.
------------------------------
From: Christian Hahn <[EMAIL PROTECTED]>
Subject: realserver+broadcast
Date: Fri, 21 May 1999 20:10:55 +0200
Hi,
does anyone know how to setup a G2 RealServer with broadcast ability?
I installed the server and it works fine serving static ReamVideo files,
but i don't know how to link a dynamic video signal (i have a working
bttv compatible video card) with the server.
Please help,
Christian
--
Christian Hahn --- [EMAIL PROTECTED]
ICQ: 34545212
http://www.medianetz.de/ch
------------------------------
From: ByteMe <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware,comp.os.linux.misc
Subject: Re: New cable modem means I have a lot to learn
Date: Fri, 21 May 1999 00:48:46 -0700
Steve Snyder wrote:
> The good news: after years of dithering my cable TV provider is providing
> Internet access. The bad news: I need to quickly get up to speed on
> everything needed to provide Internet access to my whole LAN via the cable
> modem.
>
> My simple LAN consists of a server running RedHat v5.2 (updated to kernel
> v2.2.x and glibc v2.1) and 10 clients (running Win95, Win98 and OS/2) all
> running on the same subnet. Name resolution is done via an identical hosts
> file on each system. The server does not provide Internet access to the
> clients.
>
> I do not intend to run any additional local services (mail, Web, news, etc.)
> at this time. I just want my LANs server to pass packets between the client
> machines and the cable modem.
>
> With the imminent arrival of my cable modem I quickly need info on:
>
> 0. My ISP will provide a dynamically-allocated IP address. Does that mean I
> need to configure my server for DHCP? All the client system will continue
> to have static addresses.
>
> 1. Supporting a 2nd NIC in my server. Having Linux recognize both NICs is
> a no-brainer, but how do I configure it to communicate only with the cable
> modem? (The 1st NIC will remain connected to the hub, of course.)
>
> 2. IP Masquerading?
>
> 3. Firewall? Up to now I haven't had to think much about security, since
> the LAN doesn't have direct Internet access. Now that we'll be constantly
> connected, I'm wondering if I need a firewall. I have an older machine that
> I could use solely as a firewall if needed.
>
> Any information, or pointers to info, on these topics would be gratefully
> received.
>
> Thank you.
>
> ***** Steve Snyder *****
Be extremely concerned about security when connected via a cable modem.
do not run telnetd if you don't need it.
set up a dedicated firewal/GW and or Proxy machine and use ip_masq.
strip the machine down to as few services as posible to start ( it's called
bastion host )
no ftp, http ,telnet, tty , finger , netstat, whois or ping services.
( crond even has a hole )
some important files to pay attention too are /etc/hosts.deny, hosts.allow,
hosts
take complete control over these files and others , such as chmod , su , chgrp,
chown , login ,
passwd , etc.
if you strip the services (and know how to maintain the box manualy ) you can
take control of the /bin , /etc dir's so that no one else can see or execute
them ( the machine will still run just fine ) to do this ( chmod -R
o-rwx,g-rwx /bin /etc ) check your documentation befor you do this for the
correct syntax for your machine & MAKE A BACKUP first on these directories
somewhere else on the hard drive , if you screw it up you'll be locked
completely out of the machine ( hense the security aspect of doing this ) and
you will probably have to rebuild you system.
do some reading befor you go nuts on your machine , But I promise you , you
will be hacked through the cable modem if you don't pay attention to security
!!!
------------------------------
From: Thomas Zimmerman <[EMAIL PROTECTED]>
Subject: Re: smbmount trouble
Date: Thu, 20 May 1999 21:00:05 -0700
Reply-To: [EMAIL PROTECTED]
Vincent wrote:
>
[snip]
> Piii-1: This is the computer name shown in NT's Network Properties
[snip]
I would try "smbclient -L piii-1" to see a list of shares availible. (if
that doesn't work try some variations like: Piii-1, etc.) To mount a
share, try (as root):
#smbmount //[host name]/[name of share] -c 'mount /path/to/mount/point'
note: the mount point must already exist.
Good luck,
Qubes
------------------------------
From: "F.P. Groeneveld" <[EMAIL PROTECTED]>
Subject: IPPORTFW setup
Date: 21 May 1999 07:29:42 GMT
Hey there, folks.
I'm trying to figure out how to do my ipportfw setup. Can someone help me
with this example?
I'm connected through ISDN to the internet. Let's say the local address of
the ISDN card is 99.99.99.99
I have a local network in the 192.168.0.* range, with a PC on 192.168.0.5
I want to forward all UDP packets from the outside world, arriving over
ISDN, and addressed to 99.99.99.99 port 5009, to the PC, at port 5009.
I want to forward all packets to the outside world, to a port 5009 of a
random machine, and set the source address to my ISDN addy (99.99.99.99),
with port# 5009.
I know I should be able to do the first with ipportfw, am I correct that
it would read:
ipportfw -u -A 99.99.99.99 5009 -R 192.168.0.5 5009
How I am supposed to do the second part I don't know - I run ip
masquerading for normal networking stuff, but in this case I don't want
the source address to switch to one op the masquerading addresses. So how
do I do this?
Cheers,
Derk
P.S. I am running linux kernel 2.2.5
------------------------------
From: [EMAIL PROTECTED] (Paul Michael Tevis)
Subject: Re: Subnet Confusion
Date: 21 May 1999 18:15:40 GMT
To clarify my question, here's what the Solaris man page says about route:
A metric of 0 implies that the route does not refer to a
gateway, but rather to one of the machine's interfaces. Des-
tinations matching such a route are sent out on the inter-
face identified by the gateway address. For interfaces using
the ARP protocol, a metric of 0 is used to specify all des-
tinations are local, meaning that a host should ARP for all
addresses by adding a default route containing a metric of
0.
This seems to be substantially different from what Linux does (and the
person telling me how to do this says that this method works in Solaris).
Anybody have any clue how to do the equivalent thing in Linux?
Thanks again,
--Paul
------------------------------
From: "Jim Scheffler" <[EMAIL PROTECTED]>
Subject: Re: Two network cards
Date: Fri, 21 May 1999 14:15:00 -0400
With only my intranet NIC installed I can ping machines. When I try to
install my internet NIC (connected to a cable modem) I can't ping either
intra or internet. I also couldn't get my NIC set up for the cable modem
when I tried for just the internet (I have looked over the howto once or a
dozen times ;-)
Tim Kelley <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Jim Scheffler wrote:
> >
> > I have @Home cable modem service that I would like to share over my
> > intranet. The problem that I am running into is that I have a two sided
> > network (intra and internet) and I can only get one NIC to work. I am
> > running Mandrake (5.2 w/KDE) Somebody told me that there is an RPM that
I
> > need to load to use dual NIC's. Any help would be appreciated.
>
>
> There shouldn't be anything else you need ... you can use ifconfig to
> configure eth1 (the second card) or use linuxconf. You will have to do
> "ifup eth1" afterwards. Just enable ip forwarding and that should be
> it.
>
>
> What exactly are the troubles you're having?
------------------------------
Subject: Re: PPP server question???
From: [EMAIL PROTECTED] (Valentin Abramov)
Date: 21 May 1999 16:53:48 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
Take a look to http://www.tartu.customs.ee/linux/index.shtml
There is page with links, look there URL to Kalevi Hautaniemi's page, as I
remember, there is just page about "how to set up ppp server". Hope, it helps.
Regards,
Valja
>
>Hello Ivan,
>
>I am also want to setup a PPP Server in Linux for test our project in
>University.
>But, I am a dummy in setting this.
>Would you please to teach me what do I need in setting this ?
>And I wish you can give me all the files that will be use in Linux.
>Such the /etc/ppp/options , etc........
>
>Would you please to send them to me to Email : [EMAIL PROTECTED] ????
>
>Best regards,
>Eric
>
>
>Ivan Liu wrote:
>
>> Hi,
>> I build up a PPP server (IP:172.18.22.19) on RatHat5.2+pppd+mgetty,
>> but after I dial-up and login from W95 client (IP assign by ppp
>> server:172.18.22.176),
>> I found W95 gateway always 172.18.22.176!! netmask always 255.255.0.0!!
>> How can I setup W95 client gateway to 172.18.22.254(ppp server's
>> gateway)???
>> Now I can only ping machines in subnet 172.18.22.*.....
>> /etc/ppp/options files contains:
>> asyncmap 0
>> lock
>> debug
>> netmask 255.255.255.0
>> ms-dns 172.18.22.11
>> passive
>> crtscts
>> proxyarp
>> modem
>> /etc/ppp/options.ttyS1 file contains:
>> :172.18.22.176
>> Thanks for help....
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
