Linux-Networking Digest #290, Volume #11 Wed, 26 May 99 08:13:40 EDT
Contents:
Re: Linux: ICMP Redirect, IP Source Routing unterdruecken (Gert Doering)
Re: IP Masquerading on 2.2 (Robert Segall)
Re: Have I been Hacked?
Re: passive ftp client (not netscape!!) (Roman)
Re: Linux: ICMP Redirect, IP Source Routing unterdruecken (Gert Doering)
NIS & root password's (Mattias Papesch)
Re: Netware mounting (Roumen Petrov)
getty ("David B. Held")
Re: Setting up a mail server ("Ofir Arkin")
Re: Configuration for high-spec NFS server (Bill Jackson)
nfs 2.0.28 nfs <> 2.2.9 knfsd problem (Christophe Zwecker)
Re: denying access to certain websites (Tilman Kranz)
Re: Changing the mailbox directory ("Curt")
Re: 3c905B card problems (Chris MacKenzie)
Re: Ethernet wiring problem ("Matthew Dare")
IP accounting on subnet (ipchains) ([EMAIL PROTECTED])
Re: PCMCIA and ether card initialization (Tilman Kranz)
Re: Samba ARRRGGGHHH! (Mike)
----------------------------------------------------------------------------
Crossposted-To: comp.os.linux.networking,de.comm.internet.routing
From: [EMAIL PROTECTED] (Gert Doering)
Subject: Re: Linux: ICMP Redirect, IP Source Routing unterdruecken
Date: Wed, 26 May 1999 07:48:51 GMT
[EMAIL PROTECTED] (Detlef Bosau) writes:
>> Im Kernelcode von 2.0 steht, dass er ICMP Redirects optional
>> akzeptiert, wenn kein dynamisches Routingprotokoll laeuft. Leider
>Eiweieiwei. Das einzige Routingprotokoll, dass Unix per se
>je konnte, war doch "Rest In Peace" oder so aehnlich...
<nitpick>
"Unix" kann gar kein Routingprotokoll.
</nitpick>
Der Routed kann per se RIP, der GateD "immer schon" OSPF, RIP, EGP und
BGP...
gert
--
Yield to temptation ... it may not pass your way again! -- Lazarus Long
//www.muc.de/~gert
Gert Doering - Munich, Germany [EMAIL PROTECTED]
fax: +49-89-3243328 [EMAIL PROTECTED]
------------------------------
From: Robert Segall <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux.caldera
Subject: Re: IP Masquerading on 2.2
Date: Wed, 26 May 1999 10:26:21 GMT
"G. Wayne Nichols" wrote:
> You need to turn on more options that just IP forwarding.
> From the /usr/src/linux/.config file, here are my settings:
>
> CONFIG_IP_MASQUERADE=y
> CONFIG_IP_MASQUERADE_ICMP=y
> CONFIG_IP_MASQUERADE_MOD=y
> CONFIG_IP_MASQUERADE_IPAUTOFW=m
> CONFIG_IP_MASQUERADE_IPPORTFW=m
> CONFIG_IP_MASQUERADE_MFW=m
>
> Now that I think of it, I believe you have to answer "Y"
> to the question about "experimental" drivers,
> at the very beginning of the configuration dialogue,
> in order to get the prompts for IP Masquerading.
>
> Then once you have the needed kernel support,
> you have to use "ipchains" instead of "ipfwadm" to set it up.
> I added the following lines to rc.local :
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.0.0/24 -j MASQ
>
> Donald E. Stidwell <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Has anyone managed to get IP Masquerading working on OpenLinux 2.2? I'm
> > having a devil of a time with it. Have had it setup successfully in SuSE
> > 6.0 and RedHat 5.2, but not making any progress in getting it to work
> > with OL 2.2
> >
> > I have recompiled the kernel to use IP forwarding, but when I make
> > modules, none of the ip_masq modules are made.
> >
> > As mentioned, I've had this working perfectly in 2 other distros, but
> > I'm about to tear my hair out on COL 2.2. Any help would be appreciated.
> >
> > Don
I sort of wonder - I've done all that but no luck. The modules are created,
but cannot be loaded at all due to undefined symbols (seems ip_masq.o is not
created at all). The ipchains family cannot run - wrong kernel. Looked at the
source for that and it's trying to read /proc/net/ip_forwards, which of
course does not exist.
--
Robert Segall
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Have I been Hacked?
Date: 26 May 1999 05:03:40 -0600
It looks to me like they are trying to hack your NFS server. Unless you
are running the latest and greatest, it is possible that they have
gotten into your system. If you do not need NFS, I recommend you take
all symlinks to: (You will have to do this as root.)
/etc/rc.d/init.d/nfs
out of
/etc/rc.d/rc3.d and /etc/rc.d/rc5.d
and running the command:
/etc/rc.d/init.d/nfs stop
This should turn off mountd, which is what the hackers appear to be
hitting.
--
Patrick Heckenlively
[EMAIL PROTECTED]
On Wed, 26 May 1999 16:42:24 +1000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>Are you sure you're not having a cronjob running?? The su entries are
>both at the same time if I'mcorrect.
>I'm certainly not a guru so I hope I'm not to far of
>
>Good luck
>
>John
>
>
>David Peavey wrote:
>>
>> I have RH5.2 loaded as an IP-Masquerade and firewall for my
>> computers at home. This morning I found the following
>> in /var/log/messages
>>
>> May 23 04:41:43 c49590-a portmap[1670]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 04:41:48 c49590-a portmap[1671]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 06:29:08 c49590-a portmap[1676]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 06:29:12 c49590-a portmap[1677]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 08:24:29 c49590-a portmap[1682]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 08:25:07 c49590-a portmap[1683]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 08:36:20 c49590-a portmap[1684]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 08:36:30 c49590-a portmap[1685]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 08:36:40 c49590-a portmap[1686]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 08:37:16 c49590-a portmap[1687]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 08:37:26 c49590-a portmap[1688]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 08:37:36 c49590-a portmap[1689]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 08:42:04 c49590-a portmap[1690]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 08:42:09 c49590-a portmap[1691]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 08:43:43 c49590-a portmap[1692]: connect from
>> 144.254.210.12 to getport(ypserv): request from unauthorized host
>> May 23 08:48:19 c49590-a portmap[1693]: connect from 128.5.1.90
>> to callit(pcnfsd): request from unauthorized host
>> May 23 09:09:04 c49590-a portmap[1696]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 09:16:09 c49590-a portmap[1697]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 09:19:24 c49590-a portmap[1698]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 09:21:45 c49590-a portmap[1699]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 09:23:28 c49590-a portmap[1700]: connect from
>> 144.254.210.12 to getport(ypserv): request from unauthorized host
>> May 23 09:24:27 c49590-a portmap[1701]: connect from
>> 144.254.210.12 to getport(ypserv): request from unauthorized host
>> May 23 09:26:53 c49590-a portmap[1702]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 09:27:03 c49590-a portmap[1703]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 09:27:13 c49590-a portmap[1704]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 10:29:32 c49590-a portmap[1707]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 10:29:37 c49590-a portmap[1708]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 11:22:02 c49590-a portmap[1711]: connect from
>> 144.254.210.12 to getport(mountd): request from unauthorized host
>> May 23 12:25:29 c49590-a portmap[1714]: connect from
>> 144.254.210.12 to getport(ypserv): request from unauthorized host
>> May 23 12:43:06 c49590-a portmap[1715]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 14:29:58 c49590-a portmap[1720]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 14:30:02 c49590-a portmap[1721]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 14:58:50 c49590-a identd[1722]: from: 130.207.7.21 (
>> santanni.cc.gatech.edu ) for: 63225, 21
>> May 23 14:58:51 c49590-a identd[1722]: Returned: 63225 , 21 :
>> NO-USER
>> May 23 14:58:52 c49590-a identd[1723]: from: 130.207.7.21 (
>> santanni.cc.gatech.edu ) for: 63225, 21
>> May 23 14:58:52 c49590-a identd[1723]: Returned: 63225 , 21 :
>> NO-USER
>> May 23 15:12:09 c49590-a identd[1726]: from: 193.63.255.4 (
>> swallow.doc.ic.ac.uk ) for: 63228, 21
>> May 23 15:12:09 c49590-a identd[1726]: Returned: 63228 , 21 :
>> NO-USER
>> May 23 16:43:25 c49590-a portmap[1729]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 16:43:29 c49590-a portmap[1730]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 18:30:32 c49590-a portmap[1735]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 18:30:37 c49590-a portmap[1736]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 20:43:45 c49590-a portmap[1741]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 20:43:50 c49590-a portmap[1742]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 23 22:31:01 c49590-a portmap[1747]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 23 22:31:06 c49590-a portmap[1748]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 24 00:44:01 c49590-a portmap[1753]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 24 00:44:05 c49590-a portmap[1754]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 24 02:31:24 c49590-a portmap[1759]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 24 02:31:28 c49590-a portmap[1760]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 24 04:02:03 c49590-a PAM_pwdb[1791]: (su) session opened for
>> user nobody by (uid=99)
>> May 24 04:04:19 c49590-a PAM_pwdb[1791]: (su) session closed for
>> user nobody
>>
>> YIKES! LOOK at last two lines ABOVE!
>>
>> By the way, I did have ftp, telnet, and gopher commented
>> out in my inetd.conf file. (This was an attempt to keep
>> the hackers from doing those to my machine). OK - I'm
>> still a rookie but this sounds pretty scary. Nobody on
>> my network at home was using their computers. Nobody I
>> know was trying to contact my network or firewall. All
>> the activity was unexpected.
>>
>> So I went into inetd.conf and commented out every single
>> service and rebooted. The following showed
>> up tonight.
>>
>> ...
>>
>> May 25 01:56:27 c49590-a kernel: IPX Portions Copyright (c) 1995
>> Caldera, Inc.
>> May 25 01:56:27 c49590-a kernel: Appletalk 0.17 for Linux
>> NET3.035
>> May 25 01:56:27 c49590-a kernel: ne.c:v1.10 9/23/94 Donald Becker
>> ([EMAIL PROTECTED])
>> May 25 01:56:27 c49590-a kernel: NE*000 ethercard probe at 0x280:
>> 00 40 05 e4 f9 b7
>> May 25 01:56:27 c49590-a kernel: eth0: NE2000 found at 0x280,
>> using IRQ 5.
>> May 25 01:56:27 c49590-a kernel: NE*000 ethercard probe at 0x300:
>> 00 40 05 e4 fa 04
>> May 25 01:56:27 c49590-a kernel: eth1: NE2000 found at 0x300,
>> using IRQ 10.
>> May 25 01:56:30 c49590-a inetd[317]: #exec/tcp: unknown service
>> May 25 01:56:30 c49590-a inetd[317]: #dtalk/tcp: unknown service
>> May 25 02:28:05 c49590-a portmap[362]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 25 02:28:08 c49590-a portmap[363]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 25 02:47:45 c49590-a portmap[364]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 25 02:47:49 c49590-a portmap[365]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 25 04:02:04 c49590-a PAM_pwdb[396]: (su) session opened for
>> user nobody by (uid=99)
>> May 25 04:03:42 c49590-a PAM_pwdb[396]: (su) session closed for
>> user nobody
>>
>> There it is again! ^^^^
>>
>> May 25 06:28:29 c49590-a portmap[441]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 25 06:28:33 c49590-a portmap[442]: connect from 24.1.234.200
>> to callit(mountd): request from unauthorized host
>> May 25 06:48:01 c49590-a portmap[443]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>> May 25 06:48:05 c49590-a portmap[444]: connect from 24.1.69.165
>> to callit(mountd): request from unauthorized host
>>
>> This is me vvv
>>
>> May 25 10:04:20 c49590-a PAM_pwdb[352]: (login) session opened
>> for user root by (uid=0)
>> May 25 10:04:20 c49590-a login[352]: ROOT LOGIN ON tty1
>> May 25 10:04:20 c49590-a PAM_pwdb[352]: (login) session closed
>> for user root
>> May 25 10:05:15 c49590-a PAM_pwdb[353]: (login) session opened
>> for user root by (uid=0)
>> May 25 10:05:15 c49590-a login[353]: ROOT LOGIN ON tty2
>> May 25 10:05:15 c49590-a PAM_pwdb[353]: (login) session closed
>> for user root
>>
>> Any Clues?
>
>--
>John Today is only the tomorrow
> you worried about yesterday.
>
>[EMAIL PROTECTED]
------------------------------
From: Roman <[EMAIL PROTECTED]>
Subject: Re: passive ftp client (not netscape!!)
Date: Wed, 26 May 1999 13:05:04 +0200
[EMAIL PROTECTED] wrote:
>
> hi
>
> does anyone know of a passive ftp client (other than netscape)
> that can talk to a passive ftp provider proxy server..., and
> has session / lost download recovery.... wget! doesn't seem to
> support passive ftp... atleast the version i have, which came
> with RH5.2...
wget --passive-ftp
(version 1.5.3)
------------------------------
Crossposted-To: de.comm.internet.routing
From: [EMAIL PROTECTED] (Gert Doering)
Subject: Re: Linux: ICMP Redirect, IP Source Routing unterdruecken
Date: Wed, 26 May 1999 07:50:34 GMT
Bernd Eckenfels <[EMAIL PROTECTED]> writes:
>In comp.os.linux.networking Detlef Bosau <[EMAIL PROTECTED]> wrote:
>> Wenn ein Design Stuss ist, und icmp redirects sind Stuss, zwar
>> aus der Historie erklaerbar, da hat man ja alles moegliche in den
>> DoD Salat gemengt, aber es ist und bleibt Stuss, kann man es nun
>> langsam ja mal verabschieden.
>Hmm... ich finde sie praktisch. Spart eine Menge Arbeit. NT lebt davon.
Ich hab' sie auf allen Routern abgeschaltet. Sobald naemlich mal *richtig
viele* ICMP redirects durchlaufen (weil ein /16 in vielen kleinen
Subnetzen auf unterschiedliche Router redirected wird) laufen ueber kurz
oder lang die Routingtabellen der entsprechenden Systeme voll, und man
steht vor Problemen. Bei aktuellen Unixen sollte das kein Thema mehr
sein, aber mit SunOS4 hatten wir da massive Probleme, und ich erwarte
von NT hier keine deutlich hoehere Stabilitaet...
gert
--
Yield to temptation ... it may not pass your way again! -- Lazarus Long
//www.muc.de/~gert
Gert Doering - Munich, Germany [EMAIL PROTECTED]
fax: +49-89-3243328 [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Mattias Papesch)
Subject: NIS & root password's
Date: Wed, 26 May 1999 12:07:32 +0200
Hi,
I'm trying to set up NIS for four computers. So far, it works fine for
regular users. Now I'd like to have a single (NIS) root password for all
computers and four local root-passwords.
I'm using SuSE6.1, Kernel 2.2.5, glibc.
Can anybody tell me how I have to set up the
-passwd files
-shadow files
-nsswitch.conf
Is there anything else I have to adjust?
TIA,
Matthias
------------------------------
From: Roumen Petrov <[EMAIL PROTECTED]>
Subject: Re: Netware mounting
Date: Wed, 26 May 1999 09:20:03 GMT
In article <[EMAIL PROTECTED]>,
Neo <[EMAIL PROTECTED]> wrote:
> How would i go about mounting Netware volumes through my LAN using Red
> HAt LInux 5.2?
> thanks
ncpfs-2.2.0.lsm:
Begin3
Title: ncpfs
Version: 2.2.0
Entered-date: May 1, 1998
Description: With ncpfs you can mount volumes of your netware
server under Linux. You can also print to netware
print queues and spool netware print queues to the
Linux printing system.
Keywords: filesystem ncp novell netware printing
Author: [EMAIL PROTECTED] (Volker Lendecke)
Maintained-by: [EMAIL PROTECTED] (Volker Lendecke),
[EMAIL PROTECTED] (Petr Vandrovec)
Primary-site: ftp.gwdg.de:/pub/linux/misc/ncpfs
Alternate-site: sunsite.unc.edu:/pub/Linux/system/Filesystems/ncpfs
platan.vc.cvut.cz:/pub/linux/ncpfs
~190k ncpfs-2.2.0.tgz
~ 1k ncpfs-2.2.0.lsm
Copying-policy: GPL
End
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "David B. Held" <[EMAIL PROTECTED]>
Subject: getty
Date: Wed, 26 May 1999 02:58:42 -0500
Hi,
I've set up a little Linux Redhat 4.2 server with getty release 2.0.7h,
as installed by the setup program. When I log into my server over a LAN
using a standard Windows telnet program, it takes forever to get a login
prompt. What's the deal? Is there something I can set to speed up
login times? Any comments would be appreciated. Also, it would be
helpful if you cc'ed responses to [EMAIL PROTECTED] Thanks.
Dave
--
David Held, Chief Programmer "As far as the laws of mathematics refer
Business Computing Solutions to reality, they are not certain; and
email: [EMAIL PROTECTED] as far as they are certain, they do not
web: www.uswest.net/~dheld refer to reality." - Albert Einstein
------------------------------
From: "Ofir Arkin" <[EMAIL PROTECTED]>
Subject: Re: Setting up a mail server
Date: Wed, 26 May 1999 11:35:47 +0200
If you want to use Sendmail you can get help on the sendmail web site.
www.sendmail.org
Compiling Sendmail - www.sendmail.org/compiling.html
Configuring Information Sendmail - www.sendmail.org/m4/readme.html
Ofir Arkin
WebMaster : www.linuxpowered.com
------------------------------
From: Bill Jackson <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.hardware
Subject: Re: Configuration for high-spec NFS server
Date: Wed, 26 May 1999 04:41:26 -0400
the sun enterprise 450 will provide you with better performance, but it is a
question of how much performance you will actually need...the pc/linux solution
may be 'good enough' for you, and should be much cheaper...
Ron wrote:
> Don't know about how many clients you're talking, but maybe you should take
> a look at AFS, which is supposed to give a better performance...
> Nick Williams <[EMAIL PROTECTED]> wrote in message
> news:7i76b7$7ej$[EMAIL PROTECTED]...
> > Hi there,
> >
> > I'm involved in specifying a new server for a research group,
> > which requires a high performance NFS server. Under
> > consideration are a Sun Enterprise 450 with a StorEdge A1000
> > external RAID box running Solaris, or a PC-based Linux solution,
> > as detailed below.
> >
> > I'm interested in the likely NFS throughputs that could be
> > expected from this configuration, as well as any helpful
> > comments as to the general suitability of the design.
> >
> > Server configuration:
> >
> > * Dual/Quad Intel Pentium III Xeon (512K LII) at 500MHz
> > * 1GB ECC EDO RAM
> > * Mylex eXtremeRAID 1100 64bit PCI RAID Controller (64MB cache)
> > * 6 x 36.4GB Seagate Barracuda LVD Ultra-2 SCSI disks (3 per
> > channel on the RAID controller - in RAID 5 array)
> > * 3Com 3C985 Gigabit Ethernet NIC
> >
> > Network configuration:
> >
> > * 3Com Switch 3300 10/100 (48 ports total) with Gigabit modules
> >
> > Client configuration:
> >
> > * Mixed Sun hardware, from SparcStation 4 to Ultra 60
> > * Miscellaneous PC Linux boxes (Pentium II)
> >
> > System load:
> >
> > * 15-20 simultaneous users
> > * Typically multi-gigabyte datasets stored as UNIX files
> > * 50/50 read/write load
> >
> > --
> >
> > [ Nick Williams Office - 01865-(2)79252 ]
> > [ Computing Officer Mobile - 07775-637124 ]
> > [ New College, Oxford http://www.new.ox.ac.uk/~nick/ ]
------------------------------
From: [EMAIL PROTECTED] (Christophe Zwecker)
Subject: nfs 2.0.28 nfs <> 2.2.9 knfsd problem
Date: 26 May 1999 12:17:08 +0200
Hi,
I cant mount nfs from my 2.0.xx box anymore, server is 2.2.9
knfsd-1.3.2, I get on the client side, with the old nfs:
mount clntudp_create: RPC: Program not registered - are thy
incompatible ?
I can still mount the dirs from old nfs servers.
Do i need to downgrade to nfs oder is there a workaround ?
thx for any hints
bye
--
Christophe Zwecker mail: [EMAIL PROTECTED]
Hamburg, Germany fon: +49 179 3994867
UNIX is user-friendly. It's just not ignorant-friendly and
idiot-friendly.Build a system even a fool can use,and only
a fool will want to use it.
------------------------------
From: Tilman Kranz <[EMAIL PROTECTED]>
Subject: Re: denying access to certain websites
Date: 26 May 1999 10:50:29 GMT
Olaf Walkowiak <[EMAIL PROTECTED]> wrote:
> Hello,
> John Thompson <[EMAIL PROTECTED]> writes:
> Or use Squid (a proxy) and it's redirector feature. I have done a
> redirector to block access to certain sites, it could be easyly
> modified to block URLs containing special patterns (even regexps).
nice work :) but ...
let�s say I block "http://.*sex.*". Now I will not be able
to call up www.travellersexperience.org" (hypothetical). Now
this is certainly not disasterous, but once the kids found out,
how the thing works, they know what to look out for, trying
to bypass the regexp. So you will have to block more
regexps, and in notime you will have blocked off half the web.
Even worse, once the people offering the websites find out,
they alter their domains to read completely off-topic.
Therefore, I�m not sure if the concept holds longer than for a short
time. In a school context I would prefer the allow-only over the
deny-only method. It�s rude, but the web is, too.
Greetings, Tilman.
------------------------------
Reply-To: "Curt" <[EMAIL PROTECTED]>
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: Changing the mailbox directory
Date: Wed, 26 May 1999 05:35:29 -0500
Take a look at the INSTALL.maildir that came with qmail.
<[EMAIL PROTECTED]> wrote in message
news:7ifdhl$nci$[EMAIL PROTECTED]...
> I was was wondering if someone can help me find out how to solve this
> relatively simple problem. I am using Red Hat 5.2 with Linux running
> the latest version of Qmail with Washington University's IMAPd. Anyway,
> my mail has been downloading to ~/ (ie if my name is steveeq1, the mail
> downloads to /home/steveeq1). Anyway, i want to change this directory
> to ~/Mailbox. Where the heck is the setting for this? Should I use
> procmail instead? I don't want ANY folder or ANY messages in my home
> directory. just in the home/Mailbox directory.
>
> Any advice?
>
> - Steve
>
>
> --== Sent via Deja.com http://www.deja.com/ ==--
> ---Share what you know. Learn what you don't.---
------------------------------
From: Chris MacKenzie <[EMAIL PROTECTED]>
Subject: Re: 3c905B card problems
Date: Tue, 25 May 1999 07:54:15 +0000
[EMAIL PROTECTED] wrote:
>
> I have been to Donald Becker's web site,
> downloaded the latest 3c59x.c file (which includes
> fixes for the 3c905B card). I rebuilt the kernel
> (version 2.0.36) and now at boot the 3c905B card
> is recognized but the kernel panics when it cannot
> mount the root device
>
> PARTITION CHECK:
> VFS: CANNOT OPEN ROOT DEVICE 08:01
> KERNEL PANIC: VFS: UNABLE TO MOUNT ROOT FS ON 08:01
Obvious question - you did remeber to put zImage into /boot, edit
lilo.conf
and re-run lilo ?
> I have checked with rdev the kernel is looking for
> /dev/sda1 (which is correct).
>
> The default Redhat 5.2 kernel (2.0.36) boots and
> finds the root device with no problem; however it
> cannot identify the 3c905B card. Any thoughts?
> I'm stumpted.
You may want to upgrade to the latest kernel (v2.2.9) it includes many
bug fixes and
I've had a noticeable speed increase in networking.
--
Rgds,
Chris MacKenzie
[EMAIL PROTECTED]
Windows 95/NT - 32 bit extensions and a graphical shell
for a 16 bit patch to an 8 bit operating
system originally coded for a 4 bit
microprocessor, written by a 2 bit company
that can't stand 1 bit of competition.
------------------------------
From: "Matthew Dare" <[EMAIL PROTECTED]>
Subject: Re: Ethernet wiring problem
Date: Wed, 26 May 1999 21:04:13 +1000
> JS> currently runs straight from the hub to each PC with no problem.
> JS> When
> JS> I tried to wire up a wall jack straight to the hub (no patch panel)
> JS>
> JS> and then run a patch cord from the wall to the PC it didn't work.
> JS> I
>
> Check your cables!
It's not just checking your cables. I did this for a friend a while back
and when you connect directly from the back of a wall plate to a hub you
have to reconfigure the wires. I found it easiest to follow the color codes
on the wall plate and re-crimp the connector at the hub. I can't seem to
find the correct scheme at the moment, it's written down here somewhere ;).
If you still need help, email me and I will try to find the correct wiring
for you.
Matthew Dare
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: IP accounting on subnet (ipchains)
Date: Wed, 26 May 1999 10:55:25 GMT
Hi,
I'm trying to figure out how to enable IP accounting on a Linux machine
(running kernel 2.2.5) for network traffic to and from other hosts on
the same subnet.
So far no luck, because the ipchains rules don't see the traffic for
the other hosts on the subnet, even though the interface is set to
promisc mode. The ifconfig counters do see the extra traffic.
Is it possible to setup a configuration like this? I remember doing
this in the past with ipfwadm.
Greetings,
Marco
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: Tilman Kranz <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.portable
Subject: Re: PCMCIA and ether card initialization
Date: 26 May 1999 11:14:51 GMT
Hi,
In comp.os.linux.networking Tim Underwood <[EMAIL PROTECTED]> wrote:
> I have installed RH 6 on a Compaq 1375, and finally got the Linksys PCMCIA
> ether card to generally work, but still have some problems.
[...]
> Why isn't it initializing properly?
It generally is a good idea to first go through all the messages
at system initialization/startup and find out, what stage of initializing
the device your system is reaching. The you can append the rest of the steps
necessary e.g. to /etc/rc.d/rc.local
Greetings, Tilman.
------------------------------
From: Mike <[EMAIL PROTECTED]>
Subject: Re: Samba ARRRGGGHHH!
Date: Wed, 26 May 1999 01:44:43 +0000
Mark Olbert wrote:
>
> Okay, I'm THOROUGHLY confused now about Samba. This is under RedHat
> 5.2.
>
> I'm trying to set up a publicly-accessible directory on my Linux
> server so that my Windows NT systems can see it over my TCP/IP
> network.
>
> (a) I've created a Linux user with the same name and password as my
> main account on my Windows NT system.
>
> (b) I've created a directory called /home/public on my Linux system,
> and given everybody on the system the ability to do anything they want
> to it.
>
> (c) I've configured the smb.conf to access this directory by simply
> uncommenting the supplied example of a publicly-accessible directory
> and defining path = /home/public
>
> (d) Under Windows NT I can SEE the bloody Linux server, but when I try
> to open it, I get an "Incorrect user name" dialog box that prompts me
> for a username and password... to which I supply the user name and
> password I defined in step (a) above.
>
> And the cheeky thing comes back and tells me I can't access the Linux
> box!
>
> So what am I doing wrong????
>
> - Mark
Mark, you need to set an option in your smbconf file, encrypt passwd =
yes, and set your linux box to to a server. (you also might want to
consider going to the samba site and downloading the newest version of
samba along with some stuff in the nt directory, especially the program
"pwdump"".
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
