Linux-Networking Digest #455, Volume #11 Tue, 8 Jun 99 19:13:42 EDT
Contents:
Re: Fully redundant servers ("Jeremy L. Buchmann")
Problems using email through a Linux Firewall using ipfwadm, ipportfw ("Dan")
Re: SPAP; Fresh debug logs from buggy pppd (Clifford Kite)
Re: I HATE SAMBA and NT!!!! ([EMAIL PROTECTED])
routing (Yuri Mikhailov)
Re: IP Masquerading Problem (Paul Miles)
GNOME & ppp (Peter Gavin)
Re: Samba: Client for Novel and Microsoft Networks? ("Sherman")
Network Configuration (Ibrahim Haddad)
Re: Im searching for a script for passwd/smbpasswd ([EMAIL PROTECTED])
NSLOOKUP, NAMED, and LOCALHOST ("Mark Swope")
how to setup a pci sound card ? ("percy")
Re: Connecting a 680 to a Linux box (Mike Patterson)
----------------------------------------------------------------------------
From: "Jeremy L. Buchmann" <[EMAIL PROTECTED]>
Subject: Re: Fully redundant servers
Date: 8 Jun 1999 22:15:41 GMT
Chris Waymire <[EMAIL PROTECTED]> wrote:
: Anyone have any good suggestions on how to make a 100% redundant backup
: server that requires no administrative interaction. I currently have a
: primary server that runs primary dns, smtp, web hosting and pop. I also have
: a secondary server that runs backup dns, smtp and web hosting but not pop. I
: am looking for a way to set something up so that the 2 servers will keep
: their mail spool and home directories in sync (perhaps rsync)
I have seen a couple projects on Freshmeat that do this sort of thing.
They generally use FTP. You could have cron run this every day, or
whenver you need. Search for something like a file synchronizer
(www.freshmeat.net)
: and the
: secondary server will act as a backup for ALL services without anyone have
: to copy any files, stop/start any services or have any interaction. Any and
: all comments/suggestions would be greatly appreciated. Thank You.
While you're at Freshmeat, look for failoverd, which is supposed to detect
server failure by looking at network response.
===================================================================
Jeremy Buchmann "Those who trade freedom for safety deserve
[EMAIL PROTECTED] neither freedom nor safety." -- Ben Franklin
===================================================================
------------------------------
From: "Dan" <[EMAIL PROTECTED]>
Subject: Problems using email through a Linux Firewall using ipfwadm, ipportfw
Date: Tue, 8 Jun 1999 17:02:43 -0500
I currently am using Linux as a firewall ip filtering along with ip port
forwarding The version of the kernel is 2.0.36. I have my email server and
web server sitting behind the firewall on private IP's. The rules I have in
place are as follow for the email (IP and names have been changed to protect
the innocent)
# Flush all commands
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f
# Forward email to email server
/sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D
188.168.23.10 25
# Forward email connections to outside email servers
/sbin/ipfwadm -F -a accept -b -P tcp -S 188.168.23.10 25 -D 0.0.0.0/0
1024:65535
# Forward Web connections to the Web Server
/sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D
188.168.23.215 80
# Forward Web connections to outside Web Server
/sbin/ipfwadm -F -a accept -b -P tcp -S 188.168.23.* 80 -D 0.0.0.0/0
1024:65535
# Forward DNS traffic
/sbin/ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 188.168.23.0/24
# Flus all Port Forwarding commands
/sbin/ipportfw -C
# Forward all traffic for port 80 to Web Server (Web Traffic)
/sbin/ipportfw -A -t250.249.20.215/80 -R 188.168.23.215/80
# Forward all traffic for port 25 to email server
/sbin/ipportfw -A -t250.249.20.215/25 -R 188.168.23.10/25
All users on the internal network can browse the internet fine and email
inernally works fine. Everyone can send and recieve. Our email server is a
Linux machine as well. We have a website which sits on the internal private
ip network. It is accesable by the outside world as well.
My problem is with email.
Problem 1.
All the following are registered to the same IP (Public IP of the
firewall)
Our website is registered to public IP (www.ourwebsite.com)
The following name is registered to the public IP (smtp.ourwebsite.com)
Our email (smtp.domainname.com) which currently works (our email server)
I can send email internally to [EMAIL PROTECTED] and it works fine I
recieve the email sent.
When I try to send it via an outside ISP It gets rejected with the
following reason.
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED] >
----- Transcript of session follows -----
... while talking to kani.wwa.com.:
>>> RCPT To:<[EMAIL PROTECTED] >
<<< 501 RCPT VERIFY failed relaying denied!
554 <[EMAIL PROTECTED] >... Service unavailable
Problem 2.
If someone wants to use their local ISP to dial into and check there
email on our email server (which is behind the firewall on a private IP
address) a connection cannot be established with the email server. The
following is an example of the that happens when using OutLook 98as the
email program and the incoming and outgoing email servers set to
smtp.domainname.com.
The TCP/IP connection was unexpectedly terminated by the server.
(Account 'myname',POP3 server:'smtp.domainname.com ',Error Number:
0x800cccof)
I can ping smtp.domainname.com and I get recieve packets back (The response
is the public IP address of the firewall which all the rules are set up for)
I believe both problems are related. Can anyone give me some insight into
how the ipfwadm, and ipporfw rules need to be set to resolve this issue
Any help is greatly appreciated.
Thanks Dan
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Crossposted-To: linux.redhat.ppp
Subject: Re: SPAP; Fresh debug logs from buggy pppd
Date: 8 Jun 1999 09:40:31 -0500
This is certainly one of the strangest PPP problems I've encountered.
Just for the record though, if this problem is caused by a PPP
implementation bug then there's little doubt in my mind that it's in
the Shiva implementation.
A summary of the three logs in your post: Similiar but different.
Similar in that in two attempts the Shiva(s?) agreed to pppd's requests
but only after a lengthy debate. Different in that the third attempt
failed. Similar in that the connection was likely unusable in the two
cases that completed negotiations. Different in the progression of
things offered by the Shiva in each case. Different in the case where
the Shiva seems to be getting bad LCP frames after the IP addresses are
agreed to. (The content of the bad frames, returned in the Shiva LCP
ProtRej messages, isn't sufficient for me to understand what they mean.)
All in all, it does faintly resemble what occurs when the device file
UART is misconfigured or the UART is not able to keep up with the modem.
The UART should be a 16550A and "setserial /dev/ttyS?" should show
a 16550A configured. I'm now out of suggestions but there are a few
comments below.
PVS ([EMAIL PROTECTED]) wrote:
: I have included 1 successful PAP connect log, and 2 unsucessful. The
: long one is really weird.
: Yes, I did match the asyncmaps to ease the negotiations.
: So you say, I might as well let the lcp-max-configure and ipcp-max-conf
: remain at their default (10?).
: How do I speed up the PPP negotiations further?
: Lastly, to make a GREAT ISP dialer, does one need to know the PPP
: protocol, or can one leverage the Win95 implementation? I couldn't find
There can easily be a problem with pppd using Linux since the ISPs
support only Microsoft, but most can be solved by examining scripts
and logs. The problem you have here is an uncommon one, or at least
has uncommon symptoms, which makes it much more difficult.
: any API references to PPP in my copy of VC++ (customary bleah).
: If so, perhaps you might refer me to a good book on the subject.
A book is very unlikely to do any good. You can try posting on
comp.protocols.ppp but, based on several months of reading the postings,
unless someone there has direct experience with the same problem it's
doubtful you'll get a definitive answer. Still it might be worth a try.
: Logs and stuff are down below.
Logs and stuff removed, see the original post.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Speak softly and carry a +6 two-handed sword. */
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: I HATE SAMBA and NT!!!!
Date: Tue, 08 Jun 1999 15:21:53 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Tom Bascom) wrote:
> I know how he feels...
>
> I had SAMBA working (after much torture reading books & howtos and so
> forth) but made the mistake of upgrading.
>
> I have a simple 4 PC home network but machines come and go and laptops
> get plugged in from various sources. I want to set up a simple "trust
> me" shared resource network. *None* of the books, howtos and man
pages
> disclose how to do such a simple thing. They all blithely plagarize
each
> other and say 'most users will want "security = user'." and start
> yammering about needing to synchronize UNIX and Windows userids and
> passwords. So I figured that all I needed to do was set "security =
> share"... all I know for sure is that there is more to it than that.
> I've got it working, somehow, at the moment but I doubt that I'll be
able
> to duplicate it easily next time.
>
> I'd sure like to know what the simplest, most reproducible way to do
this
> is.
>
Now it is time to solve the problem.
First, please post your config file after you have
tested the parameters with testparm
After that add the following statments to you smb.conf
log level = 100
log file = /var/log/samba.log
restart you samba server deamon
If you are familar with this output search for the reason
or post it to my email address.
Don't forget to delete the "log" entries in your smb.conf
file and restart the deamon again because it will produce
many, many lines.
TIP: Maybe you can start with a log level of 3, 4 or 5 to find
the problem.
Hope it helps....
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Yuri Mikhailov <[EMAIL PROTECTED]>
Crossposted-To: comp.unix.admin,comp.networks,comp.unix.solaris
Subject: routing
Date: Wed, 09 Jun 1999 02:59:42 +0300
hi,
Updated collection of routing:
http://www.ndesign.com.ua/~mik/doc/routing/
--
============================================================
Yuri Mikhailov, NDA http://www.ndesign.com.ua
------------------------------
From: [EMAIL PROTECTED] (Paul Miles)
Crossposted-To: uw.linux,comp.os.linux,alt.linux,alt.os.linux
Subject: Re: IP Masquerading Problem
Date: 8 Jun 1999 22:32:19 GMT
I'm sure people can correct me on this, but I think I read somewhere that
Netmeeting uses dynamic port allocation, and I don't think Masquarading
supports this.
I've spent many hours fiddling with Slackware and netmeeting, and
unfortunately failed miserably! :-(
Paul.
------------------------------
From: Peter Gavin <[EMAIL PROTECTED]>
Subject: GNOME & ppp
Date: Tue, 08 Jun 1999 12:47:18 -0400
Hi,
I've set up the latest version of GNOME (as of last week or so) on my
box w/ Kernel 2.2.9, egcs 1.1.2, & glibc 2.1.1. Whenever I start X,
enlightenment starts up , but nothing else (i.e., panel, gmc, etc.)
However, if my PPP connection is up, everything runs fine. I've got a
dummy device up, and I'm running named as a caching nameserver. My
resolv.conf file looks like this:
order hosts,bind
nameserver 127.0.0.1
hosts looks like this:
localhost 127.0.0.1
omega 192.168.0.1
(omega is the name of my computer.)
I'm pretty sure named has nothing to do with it, since if I stop it, and
change resolv.conf to use my ISP's dns servers, it still only works if
PPP is up. Is there something special I need to do?
Peter Gavin
------------------------------
From: "Sherman" <[EMAIL PROTECTED]>
Subject: Re: Samba: Client for Novel and Microsoft Networks?
Date: Tue, 8 Jun 1999 12:15:59 -0500
Andrew Mc.Ghee <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Is it possible to have a win95 box setup with a client for both novel
> network and microsoft networks, and be able to access samba as well as
> novel servers?
Andrew-
No problem at all. I do it all the time. Just go into Control Panel and
Network. On the network properties screen click the Add button and select
client and add the Client for Microsoft Networks. Of course you should make
sure that NetBeui added as a protocol. Click OK, restart and that's it.
Your machine can then access SMB networks and services (such as Samba) as
well as Novell. You just have to configure your Samba server properly and
you shouldn't have any trouble at all.
------------------------------
From: Ibrahim Haddad <[EMAIL PROTECTED]>
Subject: Network Configuration
Date: Tue, 08 Jun 1999 18:45:11 -0400
Hello,
I got a new machine and installed Linux (RedHat) on it.
I don't have X running yet (video card problems) but
i would like to check on how to configure the machine
network settings (IP, Gateway, DNS...) from the terminal
without using the control panel?
Thanks.
(Please reply to my address [EMAIL PROTECTED]).
Regards,
-- Ibrahim Haddad
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: linux.samba
Subject: Re: Im searching for a script for passwd/smbpasswd
Date: Tue, 08 Jun 1999 16:15:48 GMT
There's a script that is used as an expect example, it is called
autopasswd which does what you want as far as:
autopasswd toto test
You could easily modify it to add the smbpasswd command to it.(I did)
The script came as part of my RedHat distribution(probably comes with
them all), I found it at:
/usr/bin/autopasswd
-Ray
In article <[EMAIL PROTECTED]>,
Cyriac REMY <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Is someone know how could I create a new user in passwd file and
> smbpasswd at the same time... I dont want to have a prompt to tape
> 4 times the password...
>
> actually :
> > adduser toto
> > passwd toto
> New UNIX password: test
> Retype new UNIX password: test
> passwd: all authentication tokens updated successfully
>
> > smbadduser toto:toto
> Adding: toto to /etc/smbpasswd
> ----------------------------------------------------------
> ENTER password for toto
> New SMB password:test
> Retype new SMB password:test
> Password changed for user toto.
>
> Okay but it's too long. Do you know how to create a script or do
> you have a code to do smthing like :
>
> > newadduser toto test
> toto has been created sucessfullly...
> >
>
> At last, do you have smthing to let user change their password under
> Linux for Linux and Samba at the same time ?
>
> > chgpasswd
> old : ######
> new : #########
> new again : #########
> >
>
> Thanks !!!
>
> Cyriac REMY
> [EMAIL PROTECTED]
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Mark Swope" <[EMAIL PROTECTED]>
Subject: NSLOOKUP, NAMED, and LOCALHOST
Date: Tue, 8 Jun 1999 11:20:29 -0500
Hi,
I've been trying to follow the DNS-Howto and set up a caching-only
name server.
1) I can telnet to localhost (127.0.0.1).
2) I have created /etc/named.conf essentially by cutting it out of
the HOWto.
3) I've done the same for /var/named/root.hints.
4) I've created the /var/named/pz/127.0.0 file by cutting from the
Howto and substituting my nameserver name for "ns.linux.bogus."
and my(root) email address for "hostmaster.linux.bogus."
5) I've got "resolve.conf" set with my domain name (home.net) and
told it that one (of three) nameservers should be 127.0.0.1
6) "hosts" lists 127.0.0.1 as localhost
7) "hosts.conf" tells linux to look at hosts, then bind.
I start up PPP and connect to my isp then start named.
When I do nslookup I get the following error message:
Can't find server name for address 127.0.0.1: server failed
then nslookup points to my isp's nameserver.
What with all the periods here and no periods there, I'm confused
about where to look now. This shouldn't be *this* complicated, but
I need someone to tell me where to start looking.
Any help, please?
Kindest regards,
mas
------------------------------
From: "percy" <[EMAIL PROTECTED]>
Subject: how to setup a pci sound card ?
Date: Tue, 8 Jun 1999 23:46:35 +0800
Hello,
I use sndconfig to setup my sound card in redhat 6.0. But it tell me that
no pci sound card found. who know another to do that? my sound card is
trident 4dWave pci autio.
thanks
please e-mail me [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Mike Patterson)
Crossposted-To: comp.os.ms-windows.ce,comp.sys.palmtops
Subject: Re: Connecting a 680 to a Linux box
Date: 8 Jun 1999 17:21:08 GMT
Darrell ([EMAIL PROTECTED]) wrote:
: Mike:
: One piece of information I think I am missing is how you are specifying your
: host name in the telnet, web and e-mail programs. Are you supplying the IP
: address or the domain name? If you are specifying an IP address when using
: telnet but host names on the other services it could be your DNS server
: information is configured incorrectly. I don't know what your level of
: experience is with IP networking, so I hope I am not insulting you with
: information you think of as basic.
Not a problem. I asked for help :)
Anyway, in the telnet program, I have been able to use both IP and name
addresses, while in the web/mail programs, neither works.
Since the symptom still shows up with IP addresses, I believe I can assume
that the DNS isn't the problem.
: Mike Patterson wrote in message <7jhjcv$fc6$[EMAIL PROTECTED]>...
: >The problem: I can connect to the Linux box. I can ping the palmtop.
: > I can use a telnet client to connect to machines both in my
: > intranet, and on the internet. Pocket explorer can't find any
: > pages-- not on my intranet or the internet. The built-in
: > mail client on the palmtop can't find the mail server on the
: > intranet, either.
: >
: >The palmtop: Jornada 680. Al programs are standard, except for the telnet
: > program, which is "cetelnet".
: >
: >The server: A debian 2.1 box using mgetty, pppd, etc.
: > It uses IP Masquerading, which made it difficult to even get to
: > the stage where I'm at now. It has mail/www servers on it which
: > the 680 fails to connect to.
: >
: >Is suspect the problem is related to IP Masquerading, but I'm not sure
: since
: >the telnet client works. Any help would be appreciated.
--
--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
Michael K Patterson, HP Software Engineer
My opinions do not represent those of HP. If they do, it's coincidence.
=============================================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
