Linux-Networking Digest #420, Volume #11 Sat, 5 Jun 99 14:13:30 EDT
Contents:
Re: Linux: ICMP Redirect, IP Source Routing unterdruecken (Gert Doering)
Re: Viewing IpChains (Malware)
Re: ISDN Dial on demand and setting own MSN number (Malware)
Question:BUG?SPEC?/Directed Broadcast on kernel 2.0.36 (Mikito Hirota)
what is best (stable) pcmica ethernet/faxmodem? (Carl Karsten)
Re: Question:BUG?SPEC?/Directed Broadcast on kernel 2.0.36 (Frank Sweetser)
Re: Setting up an ISP. (Robert Erickson)
Re: How I can use HSP-Modem with Linux? ("Donald E. Stidwell")
ISP Linux page (Robert Erickson)
Re: HP4000N ("Manuel T. Ruiz")
Re: Ethernet load logging (Wayne Parrott)
Re: Cuantas tarjetas de red puedo instalar en Linux? ("Manuel T. Ruiz")
Delay when accepting telnet/ftp connections ("Craig McElroy")
Re: SPAP; pppd fails to establish connection (Clifford Kite)
Re: Q: PPP with a cryptography key (Clifford Kite)
IP Forwarding (Umberto Javarone)
----------------------------------------------------------------------------
Crossposted-To: de.comm.internet.routing
From: [EMAIL PROTECTED] (Gert Doering)
Subject: Re: Linux: ICMP Redirect, IP Source Routing unterdruecken
Date: Sat, 5 Jun 1999 16:32:47 GMT
[EMAIL PROTECTED] (Detlef Bosau) writes:
>Das ist eine sehr gute Frage.
>Rein von der Theorie her, und das ist jetzt die _reine_ Theorie,
>unterscheidet er sich schon rein dadurch von dem connect, dass
>ich zwei Layer komplett entfallen lasse. Das heisst auch, dass
>ich die Funktionen dieser beiden Layer, naemlich Pakete sortieren,
>anfordern, quittieren, Wegewahl durchfuehren, umfragmentieren,
>ggf. voellig umenkapsulieren und was ich jetzt alles noch
>uebersehen habe, voellig entfallen lasse.
>Das alles sind Aktivitaeten, die derzeit paketweise laufen.
Alle diese Funktionen brauchst Du in einem zellenbasierten Netzwerk auch,
wenn Du jemals eine End-zu-End-Datentransparenz herstellen willst.
Du sortierst halt Zellen, quittierst, routest/routest um (bei Ausfall
einer Leitung), usw.
Und, was hast Du gewonnen?
>Wenn ich einen PVC in einem switched network habe, arbeite
>ich mit einem zu Beginn der Verbindung festgelegten Source Route Pfad.
Und was machst Du, wenn eine Leitung auf diesem Pfad ausfaellt?
>> Kann auch sein, das ich Tomaten auf den Augen habe, aber das die
>> Pakete dann einfach irgendwie an die Gegenstelle beamen ohne das da
>> jemand forwarded erscheint mir recht schwierig ;-)
>Forwarding heisst weiterleiten. Und das heisst, ich kriege einen Brief,
>schaue auf den Empfaenger und leite den weiter.
Was genau das ist, was ein ATM-Switch tut. Er schaut auf die ATM-
"Zieladresse", sucht sich die passende Leitung, setzt eine (fuer den
naechsten Switch gueltige) ATM-Zieladresse ein, und forwarded die Zelle.
[..]
>Beim Cellswitching habe ich den DLCI 10. Und da schaue ich in
>die Tabelle, da habe ich die 10: neuer DLCI ist 7, Ausgangsport
>ist 8.
Was ziemlich dem Mechanismus des Route-Caches einer Cisco entspricht
(da stehen auch ggf. MAC-Adressen der Next-Hop-Router drin, usw.)
>Bei Frame Relay (das unterscheidet sich im Switching Mechanismus
>selber ueberhaupt nicht, nur die Parameter sehen etwas anders aus)
>habe ich, nur mal so als Orientierung, teilweise "nur" DLCIs von
>0 bis 1023. Also 1024 Tabelleneintraege fuer maximal 1024 Channels.
>Das reicht fuer viele Faelle absolut aus.
... solange ich mich in kleinen Netzen bewege. Auf einem grossen
Backbone-Router habe ich so viele parallele virtuelle Verbindungen
("Flows"), dass diese Tabelle sofort voll ist. Ergo: Dein System skaliert
nicht, damit ist es gestorben.
Real-World-Zahlen von einem mittelgrossen ISP an einem traffic-armen
Samstag:
> sh ip cache flow
...
IP Flow Switching Cache, 4456448 bytes
1374 active, 64162 inactive, 249938702 added
[..]
>da ja keine Fehler auftreten wuerden. Nun, "keine" ist relativ.
>"Keine" heisst bei der DTAG im Service Level "Fehlerrate <= 10^-9"
10^-9 ist eine fuer IP-Anwendungen voellig ausreichende Fehlerrate: auf
eine gegebene TCP-Verbindung kommt im Durschnitt genau *gar kein*
verlorenes Paket.
>und das ist bei 2.4 GBit/s Backbone Leitungen schon ganz bemerkbar.
Das sind so viele *verschiedene* Verbindungen, dass hier und da mal ein
einsames kaputtes Paket ueberhaupt nicht ins Gewicht faellt.
Mit vereinzelten Paketverlusten MUSS TCP zurechtkommen (Router-Crash,
um nur mal einen nicht zu leugnenden Grund zu nennen), warum also an
anderer Stelle mehr Aufwand treiben als noetig? Das fuehrt auf Dein
eigenes Argument vom SLA - soviel Aufwand wie noetig, und *nicht mehr*.
[..]
>auch _NUR_ da. D.h. unser lieber Carrier wird sich noch ganz
>gewaltig umschauen, wenn da jemand z.B. IPX macht, wo die Pruefsumme
>ueblicherweise nicht gepflegt wird. Oder auch nur UDP, wo die Retransmission
>nicht so penetrant laeuft wie bei TCP, sondern die Clients in der
>Regel etwas verhaltener reagieren. Das verbluefft die Leute
>immer wieder, wenn dann eine simple Routerkonfiguration von 2 kByte
>nicht per tftp ausgeliefert werden kann.
Das ist doch alles Kaese. Rechne Dir mal Deine Zahlen von oben in
prozentuale Paketverluste um. Das ist derartig minimal, dass es von
Deinem Katastrophenszenario ziemlich weit weg ist - oder anders
formuliert: auch auf einem normalen LAN kann es Paketverluste geben
(z.B. excessive collisions an einem Switchport), Anwendungen, die damit
nicht zurecht kommen, gehoeren auf den Sondermuell.
[..]
>IP-Implementierungen (ich kann nicht sagen, ob aller, darum
>sage ich mancher, weil ich mich da auf die beschraenken muss,
>die ich vom Sniffer kenne) im Fehlerfall schlicht desastroes ist,
>um das zurueckhaltend auszudruecken. Manche Stacks reissen da ganz
>einfach den Kredit auf bis der Arzt kommt und donnern die
>eh schon ueberlastete und fehlerbehaftete Leitung mit Retransmissions
>dicht bis nichts mehr geht.
RTRFC. Da gibt's genaue Dokumente drueber, wie das sein *muss*, und
welche Implementationen in welcher Form dagegen verstossen. Mit Verlaub,
Du erzaehlst Unsinn.
gert
--
Yield to temptation ... it may not pass your way again! -- Lazarus Long
//www.muc.de/~gert
Gert Doering - Munich, Germany [EMAIL PROTECTED]
fax: +49-89-3243328 [EMAIL PROTECTED]
------------------------------
From: Malware <[EMAIL PROTECTED]>
Subject: Re: Viewing IpChains
Date: Sat, 05 Jun 1999 18:48:42 +0200
Hi Dzerdecki,
you wrote:
> How do you view all your IpChains?
You should have done an "man ipchains" and may have found out that
"ipchains -n -L" does what you want.
Malware
------------------------------
From: Malware <[EMAIL PROTECTED]>
Subject: Re: ISDN Dial on demand and setting own MSN number
Date: Sat, 05 Jun 1999 18:47:28 +0200
Hi Henning,
you wrote:
> Is ist possible to set my own (MSN) number to a different value,
> depending upon which computer the packet that caused the outdial came
> from?
>
> The reason for that is that i would like to have the the telephone
> charges split, so that it is easy to see how much everybody has to
> pay.
It's an FAQ on de.alt.comm.isdn4linux. There are solutions available
that work much better than this brain-dead one.
Malware
------------------------------
From: Mikito Hirota <[EMAIL PROTECTED]>
Subject: Question:BUG?SPEC?/Directed Broadcast on kernel 2.0.36
Date: Sat, 05 Jun 1999 00:15:33 +0900
Hi folks,
Since I couldn't pass firewall of my intranet, I'd like to post again.
Hi.
I have a question about directed broadcast (RFC1122-3.3.6).
When I wrote sample program and tried to send directed broadcast
message using UDP,
MAC address for destination was set to default router's, so other
hosts which are
on local net couldn't receive broadcast.
Then I tried to run the same program on other operating systems (NT,
Sun),
but their behavior were different.
They handled the address as BROADCAST ADDRESS, so they set destination
MAC address
to BROADCAST (0xFFFFFFFFFFFF).
I investigated why there is a difference by looking up RFC documents and
found some specification sheets (Sorry, but I do't know if it is
obsolete).
According to RFC894(A Standard for the Transmission of IP Datagrams
over Ethernet Networks),
it says any broadcast packet's destination MAC address should be set to
FF-FF-FF-FF-FF-FF.
Should ip_chk_addr() in /net/ipv4/devinet.c return IS_BROADCAST for
this type of
destination IP-address? (ip_get_mask() should return actual netmask but
not class standard netmask).
Does anybody know about this?
FYI:Configuration of my environment is as follows.
A: Linux-1
{
Kernel:
2.0.36 (comes with RedHat 5.2)
NIC:
3Com 3C905 (for 1st Try)
NIC: Intel EtherExpress Pro 100 (for 2nd Try)
Host IP address:
10.1.1.10 (netmask 255.255.255.0)
Address used for Direct Broadcast:
10.255.255.255
Result:
A packet was sent to default router but was not broadcasted to local
net.
}
B: Linux-2
{
Kernel:
2.0.36 (comes with RedHat 5.2)
NIC: 3Com 3C905
Host IP address:
10.1.1.10 (netmask 255.255.255.0)
Address used for Direct Broadcast:
10.1.1.255
Result:
A packet was sent as broadcast packet.
}
C: Sun
{
OS:
SunOS 5.6
Host IP address:
10.1.1.11 (netmask 255.255.255.0)
Address used for Direct Broadcast:
10.255.255.255
Result:
Broadcast packet(Dest-Mac-address=0xFFFFFFFFFFFF) was sent to local
network.
}
Thanks
------------------------------
From: Carl Karsten <[EMAIL PROTECTED]>
Crossposted-To: de.alt.comm.mgetty
Subject: what is best (stable) pcmica ethernet/faxmodem?
Date: Sat, 05 Jun 1999 09:28:59 -0500
I want to build a fax server and Samba printer server on a 486 laptop
that only has one pcmcia slot. So what combo card will give me the
least headache?
^Carl
------------------------------
From: Frank Sweetser <[EMAIL PROTECTED]>
Subject: Re: Question:BUG?SPEC?/Directed Broadcast on kernel 2.0.36
Date: 05 Jun 1999 12:51:48 -0400
Malware <[EMAIL PROTECTED]> writes:
> SunOS seems to ignore the netmask and calculates the directed broadcast
> classfull. This sheme should be dead since years.
IIRC, only solaris 2.6 and newer support CIDR.
--
Frank Sweetser rasmusin at wpi.edu fsweetser at blee.net | PGP key available
paramount.ind.wpi.edu RedHat 5.2 kernel 2.2.5 i586 | at public servers
This has been planned for some time. I guess we'll just have to find
someone with an exceptionally round tuit.
-- Larry Wall in <[EMAIL PROTECTED]>
------------------------------
From: Robert Erickson <[EMAIL PROTECTED]>
Subject: Re: Setting up an ISP.
Date: Sat, 05 Jun 1999 12:35:49 -0500
Try
http://www.anime.net/linuxisp/
Cheers,
Robert
Ian wrote:
>
> The ISP HowTo?
>
> Ian
>
> Chuck Snively wrote in message <[EMAIL PROTECTED]>...
> >Hi All,
> >
> >Can someone tell me where I can obtain info about setting up an ISP?
> >
> >Hardware, software, etc.
> >
> >Thanks.
> >
> >Chuck
> >
------------------------------
From: "Donald E. Stidwell" <[EMAIL PROTECTED]>
Subject: Re: How I can use HSP-Modem with Linux?
Date: Sat, 05 Jun 1999 13:14:05 -0400
Ju wrote:
>
> I just buy new Modem with V.90 support internal. But it's a HSP-Modem that
> Modem-HOWTO told me linux 's not support this type of Modem coz linux's not
> support HSP. Is there anyway to setup linux to work with this type of Modem?
> Thanks
>
> Ju"
HSP = Host Signal Processing = Windows only modem. No joy under Linux.
------------------------------
From: Robert Erickson <[EMAIL PROTECTED]>
Subject: ISP Linux page
Date: Sat, 05 Jun 1999 12:34:52 -0500
Try
http://www.anime.net/linuxisp/
Cheers,
Robert
------------------------------
From: "Manuel T. Ruiz" <[EMAIL PROTECTED]>
Subject: Re: HP4000N
Date: Sat, 05 Jun 1999 19:28:25 +0200
Very simple !!
Assign an IP address to your printer ,and define a remote printer in
your Linux Box.
playmatesparadise wrote:
> How can i connect my Laserjet Hp4000 to linux using the 10BaseT?
------------------------------
From: [EMAIL PROTECTED] (Wayne Parrott)
Subject: Re: Ethernet load logging
Date: 5 Jun 99 17:28:56 GMT
I'd rather not enable SNMP because i've only got about 6 MB of disk space
(i'll be looging onto a different machine), and I'm trying to keep the machine
as secure as I can. Thanks anyway.
Wayne
Cliff Skolnick <[EMAIL PROTECTED]> writes:
>I recommend enabling SNMP on the machine, then using mrtg.
>http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html
>Don't forget to order the CD :)
>Wayne Parrott wrote:
>>
>> Hi,
>> Im looking for a progran that can log the load on an eth device and make a
>> pretty web page with graphs and stuff. Anyone know of a program that can do
>> this?
>> Thanks
>> Wayne
------------------------------
From: "Manuel T. Ruiz" <[EMAIL PROTECTED]>
Subject: Re: Cuantas tarjetas de red puedo instalar en Linux?
Date: Sat, 05 Jun 1999 19:23:41 +0200
Por el numero de tarjetas no vas a tener problemas, lo gordo sera encontrar
interruciones disponibles para las 6.
Un saludo,
roxu wrote:
> Hola a todos.
>
> En el trabajo tenemos 6 segmentos de red. Actualmente estamos encaminandolos
> con un Netware 3.11 y un Linux. Quiero simplificar esto (si es posible) con
> dos linux o con uno solo si puedo instalarle las 6 tarjetas.
>
> Mi pregunta es. Soportar�a Linux 6 tarjetas de red. Hay alguna limitaci�n a
> esto?
>
> Una suposici�n que hago es que si puedo hacer IP alias de forma que tengo
> varios dispositivos l�gicos, no deber�a haber problema en tenerlos f�sicos.
> El pc tiene 3 ranuras libres ISA y otras 3 PCI.
>
> He revisado el Ethernet y el Net-3 Howto, pero no he encontrado ninguna
> limitaci�n en este sentido.
>
> Gracias por adelantado
> --
> Saludos desde Asturias
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: "Craig McElroy" <[EMAIL PROTECTED]>
Subject: Delay when accepting telnet/ftp connections
Date: Sat, 5 Jun 1999 12:33:28 -0500
Here is my configuration:
Red Hat Linux release 6.0
Kernel 2.2.5-15 on an i586
Ethernet Card: 3com Etherlink III 3C509B
>From here on, refered to as Box A.
Also on the LAN are another Linux machine, kernel 2.0.34 with the same
network card (Box B); and a Windows 98 machine with a Linksys 10/100 network
card (Box C). All are connected with a Linksys 10 Base T hub. All on the
same subnet (192.168.0.0)
I recently installed Red Hat 6.0 on Box A and here is the problem I am
experiencing:
I am able to establish network connections between all 3 machines. When I
ping Box A, or connect to the Apache http server on Box A, I get immediate
response. But when I initiate any other connection from Box B or C to Box A
(e.g. telnet, ftp, etc), it connects immediately, but there is about a
minute delay before /etc/issue is displayed and I receive the login prompt.
Btw, if I telnet from Box A to itself (either using lo or eth0, I do not
encounter this problem). I also experience no dificulties connecting from
Box A to Box B.
Any ideas?
Much thanks in advance,
Craig McElroy
[EMAIL PROTECTED]
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Crossposted-To: linux.redhat.ppp
Subject: Re: SPAP; pppd fails to establish connection
Date: 5 Jun 1999 12:41:12 -0500
PVS ([EMAIL PROTECTED]) wrote:
: (Have removed all the earlier threads from within this reply. Too much
: of it.)
: I did succeed in getting a connect with Shiva. I threw planning to the
: winds and tried innumerable options. When I did get a connect, it was
: with the (guess what) the refuse-chap option. Deja vu Cliff. I had
: include noauth in it, since the my pppd seems to be asking the peer for
: an auth. But later it seemed to be working fine even without the noauth
: option (default perhaps).
: Problems still remain though. The PPP connect doesn't happen everytime.
: Sometimes pppd and peer keep saying ConfReq and ConfAck for something as
: inconsequential as asyncmap. They like the times of agreement, I guess.
This is one thing I overlooked in the log. You should try to match the
peer's asyncmap when there's trouble after the initial LCP negotiations
with authentication or IPCP negotiations. That's "asyncmap a0000" in
this case. The reason is that there is a significant number of ISP PPP
implementations with broken Asycronous Control Character Map (ACCM, and
specified by asyncmap in pppd) code. This Shiva has amply demonstrated
that it's really buggy so it's worth a try.
: So I put in big numbers against lcp-max-configure (100) and
: icp-max-configure. That doesn't seem to have changed much. pppd still
: decides to call it quits after sending a few ConfReqs (last message sent
: 10 times--it says).
Usually this only extends the duration of the link negotiations and doesn't
help.
: But typically a few tries and I am connected, the rebellious nature of
: pppd notwithstanding.
: But I disconnect in a few minutes too. Doesn't happen from Win95, so it
: can't be a bad line. Happens when I am connected to my (non-Shiva) ISP
: too. I think I need to send the equivalent of keep-alives, if there is
: anything like that.
: Overall, (my) pppd is like an old jalopy. Dunno when it will give up,
: but keeps going anyhow!
In the absence of hardware problems it shouldn't be this way with any
decent PPP implementation on the other end of the wire. Pppd is well-
regarded by some high-caliber people that do PPP implementation for a
living.
: I will post successful and unsuccessful debuglogs shortly. Its on the
: Linux partition, and Win95 can't see Linux.
: And by the way, how on earth does one learn to read debuglogs like a
: play script? Great help that would be!
Some can do it because they do PPP implementation for a living and
perhaps have even written a book. I can do it because I've had a lot
of practice helping people here get connected to ISPs using Linux -
and I bought a book by a top-notch PPP architect.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* The signal-to-noise ratio is too low in many [news] groups to make
* them good candidates for archiving.
* --- Mike Moraes, Answers to FAQs about Usenet */
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: Q: PPP with a cryptography key
Date: 5 Jun 1999 09:31:53 -0500
Brian D Sutterfield ([EMAIL PROTECTED]) wrote:
: I wish to connect my Linux box into my office dialup server and am curious
: if anyone knows of an existing script to do the following.
: Once connected, the system requests a user id, then replies with a number
: (different each time). This number is entered into a key which produces a
: reply number. After entering this number, the session is a normal
: Login:xxxxxx Password: xxxxxxx Session. Before undertaking this myself, I
: was curious if anyone has done this, which I expect someone has.
You might want to try modifying chat with the patch at
http://www.inetport.com/~kite/
It's the only file there. It's not mine and I haven't used it but there
haven't been any complaints by those that I've passed it on to.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Better is the enemy of good enough. */
------------------------------
From: Umberto Javarone <[EMAIL PROTECTED]>
Subject: IP Forwarding
Date: Sat, 05 Jun 1999 19:38:58 +0200
Hi there,
I am here to ask you a few questions about IP Forwording.
Suppose the following case:
|Router|-----|Linux with 2 NIC and IPForwarding|--------|Host|
Suppose my router is 151.99.125.1 my Firewall 151.99.125.2 and my host
151.99.125.3.
Bow, my firewall route table is correctly configured and can connect to both the
router and the Host.
What about my Host route table? Should i set the Router as default gateway or
should I set the Firewall as default route?
Thanks for the support.
Regards,
Umberto
--
Umberto Javarone
mailto:[EMAIL PROTECTED]
==================================================
JNet Service - Internet solutions
==================================================
To send me encrypted messages, here's my pgp info:
---====PGP Fingerprints
DDDB 8163 8A84 E58D 6C8E EE5C 6509 0AC0 6C75 DE0E
My public key is available upon request, or from:
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6C75DE0E
==================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
