Linux-Networking Digest #287, Volume #11 Wed, 26 May 99 01:13:46 EDT
Contents:
Re: ipfw ? ("TURBO1010")
ipchains+ipmasqadm, netscape ("Nick Bhanji")
Re: ipfw ? (Robert Kardell)
Re: Are 2 DNS servers a good idea? ("Andrey Smirnov")
Can't get nfsd to match uids between machines (Scott Simpson)
Networking the Internet ("v4cal")
Re: Dual T1's? (Olivier MACCHIONI)
Win98 box with Modem to a linux Box ("THE FREAKING HAMMER")
Re: dhcp server installation guide (Carles Arjona)
XXX PAMELA ANDERSON VIDEO (FREE) - xxx.htm 602 bytes (1/1) 70434
([EMAIL PROTECTED])
Re: dnsserver binary - what does it do? (Carles Arjona)
Procmail ("Frank Apap")
Red Hat Consultant Needed In Los Angeles (PTD - Justin)
Re: Samba ARRRGGGHHH! (Eric Yousey)
Re: Using sendmail as a full mail server. (Chip Transisto)
Re: FTP & Telnet Slow (Jim Roberts)
dual phone numbers - ISDN ppp - Redhat5.2 ([EMAIL PROTECTED])
Routing policy question ("John Antypas")
----------------------------------------------------------------------------
From: "TURBO1010" <[EMAIL PROTECTED]>
Subject: Re: ipfw ?
Date: Tue, 25 May 1999 20:41:07 -0700
What kernel are you running? You may have to use ipchains.
Eric Trimmer <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I'm trying to use the command "ipfw" but I am getting nowhere.
> The ip_masquerading HOWTO that I have says to issue this command:
>
> ipfw a m all from 10.0.0.1/24 to 0.0.0.0/0
>
> But this is of no use what so ever ! I've tried several different command
> options but I keep getting error messages; either "unknown keyword" or
> "illegal protocal name". I've tried reading the man page for ipfw and the
> "--help" argument for ipfw. But I have gotten absolutly nowhere !
>
> I have a dos machine which I've given the address 10.0.0.1. And it is
> connected to my Linux machine(which is a host on the Internet) via plip.
To
> use IP_Masquerading and give my dos machine access to the Internet.
> What should the command line for ipfw look like ?
>
> -------------------------------------------------------------
> Eric Trimmer email: [EMAIL PROTECTED]
> -------------------------------------------------------------
>
------------------------------
From: "Nick Bhanji" <[EMAIL PROTECTED]>
Subject: ipchains+ipmasqadm, netscape
Date: Tue, 25 May 1999 21:50:03 -0600
Hello,
1.
This is message is more like a need for conformation whether this is only my
problem or there is a bug.
2.
Also, i need help with the following :- how to use ipmasqadm mfw, regarding
the forwarded port to be seen on local network hosts.
Following is the case:
1. Deny all forwarding
2. enable forwarding rule for MASQ
ie.
/sbin/ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
3. portforward http
/usr/sbin/ipmasqadm portfw -a -P tcp -L $INTERNET_CONN 80 -R
$INTERNAL_SERVER 80
4. portforward ftp
/usr/sbin/ipmasqadm portfw -a -P tcp -L $INTERNET_CONN ftp -R
$INTERNAL_SERVER ftp
Now :-
NOTE: I am connection from another isp to my business site.
when i perform ftp://www.xxxxxxx.com/ on netscape 4.5 i get the connection
refused and on the status line i see the following :
contacting 192.168.1.1:xxxx where xxxx is different port number.
when i perform the same on IE 4.0 it works ok.
I tried the same using Fetch 3.0.3 and it works fine.
Regarding question 2.
Can some one lead me to documentation regarding mfw, i have checked man
page- doesnt help
------------------------------
From: Robert Kardell <[EMAIL PROTECTED]>
Subject: Re: ipfw ?
Date: Tue, 25 May 1999 23:15:57 -0500
Try this:
ipfwadm -F -a m -S 10.0.0.1/24 -D 0.0.0.0/0
First you need ipfwadm not ipfw. the "-F" is for forwarding; the "-a" is for
add rule; the "m" is for masquerading; the "-S" is for source ip and the "-D"
is for destination.
Hope this helps.
Bob Kardell
[EMAIL PROTECTED]
Eric Trimmer wrote:
> I'm trying to use the command "ipfw" but I am getting nowhere.
> The ip_masquerading HOWTO that I have says to issue this command:
>
> ipfw a m all from 10.0.0.1/24 to 0.0.0.0/0
>
> But this is of no use what so ever ! I've tried several different command
> options but I keep getting error messages; either "unknown keyword" or
> "illegal protocal name". I've tried reading the man page for ipfw and the
> "--help" argument for ipfw. But I have gotten absolutly nowhere !
>
> I have a dos machine which I've given the address 10.0.0.1. And it is
> connected to my Linux machine(which is a host on the Internet) via plip. To
> use IP_Masquerading and give my dos machine access to the Internet.
> What should the command line for ipfw look like ?
>
> -------------------------------------------------------------
> Eric Trimmer email: [EMAIL PROTECTED]
> -------------------------------------------------------------
------------------------------
From: "Andrey Smirnov" <[EMAIL PROTECTED]>
Subject: Re: Are 2 DNS servers a good idea?
Date: Tue, 25 May 1999 21:03:51 -0700
Hello!
Even if you have inside server serving clients outside and inside everything
should be working if set it up correctly!
You need at least one file for your domain and two files for reverse lookup.
Let's say I have two networks - one is on Inernet, another is local.
net1- 192.1.1.0 net2- 192.168.1.0
Let's say my domain is named somedom.com
So I need to have file somedom.com
@ IN SOA somedom.com. hostmaster.somedom.com. (
19990511403 ; serial, todays date +
serial
10800 ; refresh, seconds
7200 ; retry, seconds
10800 ; expire, seconds
86400 ) ; minimum TTL, seconds
NS somedom.com.
NS second.somewhere.com.
MX 10 somedom.com. ; Primary Mail Exchange
localhost A 127.0.0.1
somedom.com. A 192.1.1.1
ftp CNAME somedom.com.
www CNAME somedom.com.
; Workstations on private part of somedom.com
ws0 A 192.168.1.10
ws1 A 192.168.1.11
ws2 A 192.168.1.12
Also I will need two reverse lookup files: 192.1.1 and 192.168.1
And in this scenario I will be able to do nslookup from ws0 and see inside
machines as well as outside ones.
Good luck!
tchite wrote in message <[EMAIL PROTECTED]>...
>Hi,
>
>I've put up a DNS server that works great with packets
>that are coming in from the outside thru a NAT router.
>The DNS server itself is on a non-routable IP, but is
>still reachable from the outside, the packets that it
>creates just go back out thru the NAT machine to
>whomever needs the information.
>
>The machine INSIDE my network also use the DNS
>server to find things OUTSIDE my network and that
>work great.
>
>There's just one little hitch. If I want an internal client
>to find an INTERNAL resourse, my DNS server tells
>them the EXTERNAL IP address and of course then
>the clients can't find that resource.
>
>(the packets fly out the NAT router, hit the external NIC
>and never return)
>
>I've put HOSTS files on all the client machine inside
>the network that sort of works but it's all a kludge.
>
>I've heard of others that solve this problem by putting
>up 2 DNS servers: 1 for external clients and 1 for
>internal clients. This seems like it would work, but
>it seems like double the work.
>
>What's the slickiest, savviest, way to get a DNS server
>to handle internal and external clients? Or maybe I
>should just redo my entire network?
>
>Thanks for any thoughts!
>
------------------------------
From: Scott Simpson <[EMAIL PROTECTED]>
Subject: Can't get nfsd to match uids between machines
Date: Tue, 25 May 1999 20:54:41 -0700
I have two machines. One is an NFS server (kubla,Caldera 2.2), the other
an NFS client (khan,RedHat 5.2). Both are using the same NIS maps. I
can't get the client to create a file in a user's home directory. I get
"Permission denied". I turned on debugging for nsfd on the server and
got
May 25 20:40:46 kubla nfsd[1098]: create [1 99/5/25 20:44:21
khan.intergame.com 500.501+501,502,500]
May 25 20:40:46 kubla nfsd[1098]: ^Ifh:/usr/people/simpsons n:t m:100644
u/g:-1/-1 size:-1 atime:0xffffffff mtime:0xffffffff
May 25 20:40:46 kubla nfsd[1098]: fh_find: psi=72000801... found
'/usr/people/simpsons', fd=-1
May 25 20:40:46 kubla nfsd[1098]: auth_path(/usr/people/simpsons/t):
mount point /usr/people, (all_squash insecure rw)
May 25 20:40:46 kubla nfsd[1098]: ^Ifullpath='/usr/people/simpsons/t'
May 25 20:40:46 kubla nfsd[1098]: ^Icreate failed -- errno returned=13.
May 25 20:40:46 kubla nfsd[1098]: result: 13
The client and server agree the uid is 500 and the gid is 501 (and
500and 502). But when it tries to create the file, you can see it fails.
My /etc/hosts.allow and hosts.deny files are empty and my /etc/exports
looks like
/usr/people
(rw,no_root_squash,anonuid=99,anongid=99,map_static=/etc/nfs/uid.map)
/usr/apps
(rw,no_root_squash,anonuid=99,anongid=99,map_static=/etc/nfs/uid.map)
I put the following in /etc/nfs/uid.map
uid 500 500
gid 501 501
gid 502 502
gid 500 500
Any ideas? I think I've done everything correctly. I tried to find where
the above logging was happening in the source code but I couldn't find
it.
------------------------------
From: "v4cal" <[EMAIL PROTECTED]>
Subject: Networking the Internet
Date: Tue, 25 May 1999 09:08:53 -0700
I want to know haw to have my linux system to be the internet server on my
local network
i would like a step by step help on haw to get all my window systems to get
on the net threw linux
i would also like to know haw to do it also threw a dail up connection if
that can be done
norbert
------------------------------
From: Olivier MACCHIONI <[EMAIL PROTECTED]>
Subject: Re: Dual T1's?
Date: Tue, 25 May 1999 12:32:21 -0400
> We have a 24/7 Internet business and our ISP has a tendancy to go down once
> every month or two. We would like to purchase a second T1 as a backup. Can
> anybody give me any information or point me to some, about doing this?
Good luck... that takes *lots* of help from your ISP (routing problems
of course...):
Say a packet is coming from the internet to your domain on x.x.x.x (IP@
registered for T1 #1), and that T1 #1 is down... the sender has no way
to know that there is a T1 #2 available to go to the same destination if
it's not on you ISP's routing informations. And more ISPs are reluctant
to open their customer's access to competitors this way... maybe try to
work with another ISP or ask for a backup line (like ISDN) to your
current ISP, most of them offer that kind of services (I know MCI does).
------------------------------
From: "THE FREAKING HAMMER" <[EMAIL PROTECTED]>
Subject: Win98 box with Modem to a linux Box
Date: Tue, 25 May 1999 16:54:01 GMT
I have a win98 box that has a cable modem hooked up to it. I also have
sygate hook on the win98 box. When i use another box that has win98 on it,
it works fine with dhcp.
But now when i want to hook up a linux box as a client and use dhcp it
doesn't work. I have also tried to just assign an ip address like
192.168.0.9 to the linux box in hopes of it working, it hasen't. Thanks in
advance for any help you could give,
Wolfgang Pelow
------------------------------
From: Carles Arjona <[EMAIL PROTECTED]>
Subject: Re: dhcp server installation guide
Date: Sun, 23 May 1999 20:44:35 +0200
Marinus Jongmans wrote:
>
> does anybody know where I can find an detailed instruction for setting up an
> dhcp server on linux S.U.S.E. 6.1
http://www.useless.co.za/phil/linux/dhcp.htm
(you might ignore the downloading/unpacking/compiling stuff if the .rpm
binary package from SUSE is already installed on your Linux box).
Regards.
Carles Arjona [EMAIL PROTECTED]
-
Please, just remove the second NOSPAM for replies from newsgroups.
(Yes, NOSPAM is my real username)
[Don't send me e-mail copies of usenet postings, please]
------------------------------
From: [EMAIL PROTECTED]
Subject: XXX PAMELA ANDERSON VIDEO (FREE) - xxx.htm 602 bytes (1/1) 70434
Date: 25 May 1999 23:14:54 -0600
begin 644 xxx.htm
M/&AT;6P^#0H-"CQH96%D/@T*/'1I=&QE/GAX>"!6:61E;SPO=&ET;&4^#0H\
M8F%S92!H<F5F/2)086TE,C F86UP.R4R,%1O;6UY)W,E,C!&4D5%)3(P6%A8
M)3(P5FED96\A(2$B/@T*/"]H96%D/@T*#0H\8F]D>2!B9V-O;&]R/2(C,# P
M,# P(B!T97AT/2(C1D8P,$9&(CX-"@T*/' @86QI9VX](F-E;G1E<B(^/&9O
M;G0@8V]L;W(](B-&1C P1D8B/B9N8G-P.SPO9F]N=#X\+W ^#0H-"CQP(&%L
M:6=N/2)C96YT97(B/CQF;VYT(&-O;&]R/2(C1D8P,$9&(CXF;F)S<#L\+V9O
M;G0^/"]P/@T*#0H\:#(@86QI9VX](F-E;G1E<B(^/&9O;G0@8V]L;W(](B-&
M1C P1D8B/D92144@4$%-("9A;7 [(%1/34U9)U,@2$%21$-/4D4@6%A8(%9)
M1$5/(#PO9F]N=#X\+V@R/@T*#0H\:#(@86QI9VX](F-E;G1E<B(^/&$@:')E
M9CTB:'1T<#HO+W=W=RYB86)Y;&]N+7@N8V]M+V-G:2UB:6XO8VQI8VL_:60]
M:F-R82(^/&9O;G0-"F-O;&]R/2(C1D8P,$9&(CY#3$E#2R!(15)%/"]F;VYT
M/CPO83X\+V@R/@T*#0H\:#(@86QI9VX](F-E;G1E<B(^/&9O;G0@8V]L;W(]
M(B-&1C P1D8B/BA!9'5L=',@;VYL>2DF;F)S<#L@/"]F;VYT/CPO:#(^#0H\
1+V)O9'D^#0H\+VAT;6P^#0H@
end
:]ftb?OPMU
------------------------------
From: Carles Arjona <[EMAIL PROTECTED]>
Subject: Re: dnsserver binary - what does it do?
Date: Sun, 23 May 1999 19:39:24 +0200
Ken O. Burtch <[EMAIL PROTECTED]> wrote:
>
> I've noticed Red Hat distributions have an executable called "dnsserver"
> in addition to "named" and "routed".
I guess you're talking about the /usr/bin/dnsserver from squid. On a
RH-5.2 box:
[root@localhost /]# rpm -qf $(which dnsserver)
squid-1.1.22-2
> There's no man path for dnsserver
> and no help when I run it. Does anybody know what this program does and
> how it relates to named, if at all?
cd /usr/doc/squid*/
grep dnsserver *
Regards.
Carles Arjona [EMAIL PROTECTED]
-
Please, just remove the second NOSPAM for replies from newsgroups.
(Yes, NOSPAM is my real username)
[Don't send me e-mail copies of usenet postings, please]
------------------------------
From: "Frank Apap" <[EMAIL PROTECTED]>
Subject: Procmail
Date: Wed, 26 May 1999 04:42:36 GMT
Can someone give me some pointers on what i have to do so that procmail
checks my incoming mail, looks at subject, and then sends a response based
on different subjects?
What files do i need to edit and an example of how they need to be editted
would be nice.
Thanks.
------------------------------
From: PTD - Justin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.system,comp.os.linux.setup
Subject: Red Hat Consultant Needed In Los Angeles
Date: Wed, 26 May 1999 01:45:58 GMT
In short, I need an on-call linux guru in the Los Angeles area.
For example, right now I need to move a web server from it's temporary
location in my home office to it's permanent location in an office in
Hollywood. I could fuddle with the IP settings under linuxconf and
probably get it, but I'd be much more at ease simply finding someone to
do it for me, to make sure it worked correctly. (I had a guy from USC
set it up initially, but he has since gone home for the summer.)
Also, my partner has an intraoffice network running Red Hat which needs
examining. It would appear that the proxy server is having difficulty
with requests to the outside world.
If you'd be interested in learning more, please drop me a line at
[EMAIL PROTECTED]
Thanks,
Justin
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: Eric Yousey <[EMAIL PROTECTED]>
Subject: Re: Samba ARRRGGGHHH!
Date: Wed, 26 May 1999 00:35:48 -0400
Go here, it will help you out a lot. I will atleast get you up and
going quickly.
I would also suggest using swat. It will do a lot for you and make
management a lot easier.
This is only a basic setup here, but it will get you going.
http://www.sfu.ca/~yzhang/linux/samba/toc.html
Good luck and hope it helps.
--
Eric Yousey
mailto:[EMAIL PROTECTED]
ICQ: 6850552
AOL Instant Messenger: EYousey
http://members.aol.com/eyousey/index.htm
=========================================================
Team Leader of The Demon Sperm of Wright State University
Our attempt to win some money in the RC5 cracking effort
http://rc5stats.distributed.net/rc5-64/tmsummary.php3?team=3727
===============================================================
"Windows 98 is a buggy browser on top of a 32-bit extension and
a graphical shell for a 16-bit patch to an 8-bit operating
system originally coded for a 4-bit microprocessor, written by a
2-bit company that can't stand 1 bit of competition."
--unknown
------------------------------
From: [EMAIL PROTECTED] (Chip Transisto)
Subject: Re: Using sendmail as a full mail server.
Date: Wed, 26 May 1999 02:24:52 GMT
Reply-To: Chip Transisto
It probably works now. The address would be username@[ipaddress].
Don't forget the [] or it won't work. If someone on the internet
sends mail to username@ipaddress, it won't go anywhere. If they send
it to username@[ipaddress], it will come through.
On Tue, 25 May 1999 23:03:41 GMT, "Frank Apap" <[EMAIL PROTECTED]>
wrote:
>Ok I have spent a week getting sendmail and fetchmail setup so they work
>good locally...(users can send each other mail). Now i wanna make it so
>outside users can send emails... My linux box doesnt have a real host name
>(its not registered) so the addresses are gonna be like username@ipaddress
>right?
>
>Well anyway my question is what are the steps I should take to convert from
>sendmail working locally to real mailserver?
>
------------------------------
From: [EMAIL PROTECTED] (Jim Roberts)
Subject: Re: FTP & Telnet Slow
Date: Wed, 26 May 1999 04:27:30 GMT
In article <7ifm5o$a6u$[EMAIL PROTECTED]>,
"Dan Blaner" <[EMAIL PROTECTED]> writes:
> When trying to FTP to my linux box, I get an immediate connection message,
> but it takes another two minutes before I get a login prompt. When I try to
> telnet to it, it takes about five minutes. Any ideas? This happens even if
> I FTP to localhost.
>
> I'm using a 3Com 3C509 and RedHat 5.0.
>
> Thanks.
>
>
Looks like a name lookup problem. Your /etc/hosts file should contain
lines to resolve ip to host name for the boxs on your local net and
for localhost.
Check the man pages for hosts and resolve.conf.
Jim
------------------------------
From: [EMAIL PROTECTED]
Subject: dual phone numbers - ISDN ppp - Redhat5.2
Date: Wed, 26 May 1999 01:38:40 GMT
Greetings,
I've been trying to get both channels to bind on a ppp internet
connection under RedHat v5.2. Now, I can connect but only with one
channel. My ISDN modem is a 3Com Impact IQ and if I plug it into my
Windoze 98 machine, alls I have to do is enter the phone number in
dial-up networking or when I connect to an NT Server at my office, I use
the two different SPID numbers at the host separated with an ampersand
which looks something like: 555-1234 & 555-5678.
I have read somewhere that you should be able to type in the two numbers
separated by ampersand the
same way under Linux. I've been setting up my ppp interfaces with the
Network Configurator in control-panel. To connect, I can either type
"ifup ppp1" or just activate the interface in the Network Configurator.
I have tried other characters besides the ampersand to separate the
phone numbers, using or not using spaces between the numbers and
separator and a whole bunch of other experiments. It always just
connects with only one channel though.
Does anybody know how to set it up to connect both channels, or is there
a different dial-up type of application I could use to do it?
Sure would appreciate any help you can give me. I hate to ask you this,
but if you do know, could you please reply to me at [EMAIL PROTECTED]? My
internet service provider is having problems with their News Server and
I can only see just a few of the posts so I might miss your reply.
Thanks a million,
Rich Looke
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "John Antypas" <[EMAIL PROTECTED]>
Subject: Routing policy question
Date: Wed, 26 May 1999 04:52:55 GMT
Here's a question for those who've started working with the new routing
policy code in the 2.2.x kernel...
As I read it, this new code allows me to route a packet, not only on it's
destination, but it's source address. If I'm right, I THINK I can do the
following -- please correct me if I'm wrong.
- I've got a cable modem (TCI @Home) and a 56K analog connection
- My analog connection is attached to a portable /24 address space handled
by ISP "A".
- TCI gives me three address on their space.
- For inbound packets, since DNS etc. is handled by my site, and TCI doesn't
allow servers, I need to make sure all INBOUND traffic comes in on ISP "A"
- For all outbound packets -- initiated by me, go to the TCI pipe.
This means that all inbound DNS, ftp, etc. traffic goes on the "A" portable
route and returns on that route
All traffic coming FROM my net originally (FTP, HTTP, etc.) goes OUT TCI via
NAT.
Currently, I can get some of what I want with two gateway boxes and some
careful route statements. With policy routing, can I effectively say
something like this:
- If packet carries source address NOT 199.181.204.* and this packet is NOT
an ack packet from that address range, route packet out 199.181.204.*
gateway (56K link to portable space)
- If packet originally came or started from 199.181.204.* space, route out
TCI pipe via NAT. Inbound traffic will carry TCI destination address
because of NAT so it will come back via TCI
This would allow me to have the following service effect:
- Any traffic I start, goes out TCI without having to worry about
application proxy issues
- Any traffic coming IN to my site that I didn't originate, goes over the
public (non TCI link)
I wish I could get around this -- DSL would solve it, but right now, the
only high-bandwidth link available to me is TCI.
Thanks for the info in advance.
John Antypas
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
