Linux-Networking Digest #488, Volume #11 Thu, 10 Jun 99 22:13:50 EDT
Contents:
Re: IP Masquerade - can't get it to work for me ("James A. Robertson")
Re: ipchains and MS Netmeeting ("Robert Cicconetti")
Re: linux RH 6.0 +Earthlink dialup troubles (Tom Herman)
Re: Dns Problem ("Jan Johansson")
Re: Linux as gateway between Microsoft and Unix ("Ian")
Time corrupted using Samba (Thomann KH)
Re: where the heck ARE the linux drivers @? (Bob)
Re: Time corrupted using Samba (Thomann KH)
Linux firewall & load-balancing NAT & NT-IIS (Chris Goebel)
Re: Linux as gateway between Microsoft and Unix ("Andrey Smirnov")
/dev/ttyp# & /dev/pts permissions ("Dardo D. Kleiner")
----------------------------------------------------------------------------
From: "James A. Robertson" <[EMAIL PROTECTED]>
Subject: Re: IP Masquerade - can't get it to work for me
Date: Thu, 10 Jun 1999 13:38:30 GMT
More info I should have included:
-- If I boot the Linux box into win98, I can see the (now win98) box as a
local network object
-- On boot (and on restart of the network) I get this message:
Enabling IPv4 packet forwarding.
SIOCADDRT: Invalid argument
The error message goes away if I edit the second (3c509) ethernet card out
of the config files. My guess has been that I don't have much experience
with this level of networking.
Thanks
"James A. Robertson" wrote:
> This ought to be simple based on my reading of the HowTo pages, but I
> haven't been able to get IP masquerade to work. Here's my setup:
>
> RedHat Linux 5.2, kernel version 2.0.36
> One ethernet card (Intel EtherPro 100) configured as eth0 connected to a
> cable modem with a static IP
> Second ethernet card (3c509, eth1) configured to IP address 192.168.1.1
>
> Other machine running winNT 4.0, static IP of 192.168.1.101, Linux box
> is his gateway.
>
> After following the directions on the HowTo page I managed to make my
> machine completely inaccessible - obviously I'm not following them
> correctly. Would someone be so kind as to give me a simple step by step
> set of instructions ?
>
> Thanks a lot,
------------------------------
From: "Robert Cicconetti" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.security
Subject: Re: ipchains and MS Netmeeting
Date: Thu, 10 Jun 1999 20:33:35 -0400
The only way I have been able to find is using an application called
"PhonePatch" from www.equival.com. 30 day trial available. I never
finished configuring, as the person I'm setting up the firewall for decided
Netmeeting wasn't worth $50 (cost of PhonePatch).
--
Robert Cicconetti
Chris Petzny <[EMAIL PROTECTED]> wrote in message
news:7jo7v5$7tv$[EMAIL PROTECTED]...
> Hi,
>
> for a while now we have been running IP masquerading on our Linux box
to
> get the office access to the internet. All controlled through ipchains.
We'd
> like to communicate with MS Netmeeting, however, although others can see
our
> video and audio, we can't receive theirs. I was wondering if there is a
> certain port I need to free up, or if there's a kernel module that needs
to
> be loaded ( a la CUSeeMe).
>
> Current kernel: 2.2.0 running on RedHat 5.0 I can send the ipchains -L
> output if anybody needs it...
>
> Hope you can help,
> Chris.
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Tom Herman)
Crossposted-To:
comp.os.linux.help,linux.redhat.misc,earthlink.tech-support.other_dialup_software,earthlink.Unix-Hangout
Subject: Re: linux RH 6.0 +Earthlink dialup troubles
Date: 11 Jun 1999 00:32:47 GMT
No you don't need CHAP.
Here's my /usr/bin/linkup.sh script:
#!/bin/sh
#
# linkup.sh - Start a PPP session, with any other necessary actions.
# See also /etc/ppp/options & /etc/ppp/scripts/ppp-on-dialer
#
DIALER_SCRIPT="/etc/ppp/scripts/ppp-on-dialer"
pppdir="/var/run"
sts=0
echo "Starting link->Internet Sprint"
# Start the SYSLOGD/Klogd daemons. These must come first.
if [ -f ${pppdir}/ppp0.pid ]; then
echo " Link already up"
exit $sts
fi
#
# Install Modules
#
/sbin/insmod bsd_comp
#
# Connect!!!
#
/usr/sbin/pppd connect "/usr/sbin/chat -f $DIALER_SCRIPT" \
/dev/ttyS2 115200
exit $sts
Here's my /etc/ppp/options script:
## /etc/ppp/options -- config file for pppd
#
# Hardware control and asyncmap 0 go together.
# Software control and XON/XOFF in the asyncmap go together.
#
# Async character map - 32-bit hex; each bit
# is a character that needs to be escaped for
# pppd to receive it. 0x00000001 represents
# "<\>x00", and 0x80000000 represents "<\>x1f".
#
# Initial Setting: The modem is set to use hardware flow control
# (crtscts) and the link between the local machine
# and the remote one is 8-bit-clean (asyncmap 0).
#
# 2nd Setting: The modem uses xonxoff instead of crtscts.
# You also need to add the XON and XOFF characters to the
# asyncmap option, as follows:
#
# The number following asyncmap is a 32-bit hexadecimal number.
# Each bit represents a character between 0x00 (^@) and 0x1f (^_)
# which must be "escaped", or sent as a two-byte sequence to avoid
# getting swallowed or munged in transmission.
# asyncmap 000a0000 escapes characters 0x13 (^S) and 0x11 (^Q),
# the XON/XOFF characters.
#
#asyncmap 000a0000
asyncmap 0
#
# Use software flow control (i.e. xonxoff) to
# control the flow of data on the serial port.
# Use hardware flow control (i.e. RTS/CTS) to
# control the flow of data on the serial port.
#
crtscts
#
# Add a default route to the system routing
# tables, using the peer as the gateway, when
# IPCP negotiation is successfully completed.
# This entry is removed when the PPP connection
# is broken.
#
defaultroute
#
# Set the MRU (Maximum Receive Unit) value to <n>
# for negotiation. pppd will ask the peer to send
# packets of no more than <n> bytes. The minimum
# MRU value is 128. The default MRU valus is 1500.
# A value of 296 is recommended for slow links.
# (40 bytes for TCP/IP header + 256 bytes of data).
#
#mru 552
#
# Disables the default behavior when no local IP
# address is specified, which is to determine (if
# possible) the local IP address from the hostname.
# With this option, the peer will have to supply
# the local IP address during IPCP negotiation
# (unless it is specified explicitly on the command
# line or in an options file).
#
noipdefault
#
# Old Stuff
#
lock
#usehostname
#
# My Stuff
#
bsdcomp 15
lcp-max-configure 40
lcp-echo-interval 15
lcp-echo-failure 20
#
# Stuff that http://axion.physics.ubc.ca/ppp-linux.html
# says I need
#
debug
modem
Here's my chat script, /etc/ppp/scripts/ppp-on-dialer
#
# /etc/ppp/scripts/ppp-on-dialer
# See /usr/bin/linkup.sh & /etc/ppp/options
#
#These lines indicate conditions for chat quitting
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
ABORT "ERROR"
ABORT "NO ANSWER"
ABORT "BUSY"
"" ATZ
# 'OK-\d\d+++\d\d\c-OK' ATH0
# The A-B-C form of the expect sequence means that it is to expect A,
# if A does not arrive, send B and then expect C.
# So this line means-- expect OK, if it does not arrive, wait two
# seconds,(each \d is a one second wait) send +++
# wait for two more seconds and then do not send a carriage return.
# Finally again wait for OK again. If it arrives, send ATH0
# The +++ is in case your modem has not hung up. You may want to know if your
# modem is not hanging up, if so, remove this whole line.
# OK 'AT&F\\Q3\\V1&D3M1#CC1'
# These are various controls sent to my particular modem. CHANGE FOR YOURS!
#The &F , &D3 and M1 seem to be quite generic for setting the modem
# with factory defaults, allowing the DTR line to reset the modem
#(Used when pppd shuts itself down), and M1 allows the speaker on while the
#call is being established, but off after the remote system has answered.
# \Q3, \V1, and #CC1 are almost certainly peculiar to my particular
# modem.
# Note that a backslash must be doubled to get through. This sequence
# should also always be enclosed in single quotes
# because of the special characters like &.\,#.
OK ATDT<yourlocalaccessnumber>
CONNECT ""
ogin:--ogin: ELN/<yourppplogin>
# Again the A-B-C, except the middle B to be sent if ogin: is not
# received is nothing except a carriage return
assword: <yourpassword>
# Note: do not use the < > characters above
HTH
Tom
--
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Trevor Smithson) writes:
> Hi everyone,
>
> I've been trying for the last couple of days to get my new RedHat
> installation (6.0) to dial in to Earthlink. So far, no success.
> Everything is ok with Windows + Earthlink, so I'm sure the problem
> is a setting somewhere that I just haven't found. I'm a linux newbie
> so please cut me a little slack!
>
> So far I've just tried to use the linuxconf utility to set everything
> up. I have the domain name and primary and secondary DNS
> servers defined. I changed the default modem init string to the
> same one that Win 95 uses. I have hardware flow control
> activated, line speed set to 57,600, no PPP options, and the
> modem port is set to /dev/modem.
>
> The modem dials out ok and makes a connection, or at least it
> attempts to make a connection. I think the most likely source
> of the problem is in the chat setup I have, which is:
>
> expect: login:
>
> send: username
>
> expect: Password:
>
> send: password
>
> I can step through the login process in Windows where I manually
> input my username and password, and everything works fine.
> DUN indicates that is is using CHAP as an auth. protocol.
> Do I need to setup linux to do this?
>
> I'm kind of at a loss as to what to do next. I'd be glad to dig out
> any logs or scipts that anybody thinks should be checked.
>
> Thanks,
>
> Trevor Smithson
>
>
>
>
--
There is nothing wrong with abstinence, in moderation.
_______ O
_..------ ~. 0
.~ ; o
' _ _ .--. | .
(`(_)(_)--|-| ,. ||;
~- _.' .'
(_.-. `--' :
_; __.-/-' `~--~
`~~~ / |__|
__/.--~;_||
.--| \`.__,--' Internet: [EMAIL PROTECTED]
Ooooo / --|____-._/ _
( \/ / \ ~~\ ( `\
`\ \/ \,/ \/ . `\
`\__) \__/| |
ooooO'
------------------------------
From: "Jan Johansson" <[EMAIL PROTECTED]>
Subject: Re: Dns Problem
Date: Thu, 10 Jun 1999 15:42:36 +0200
bv wrote in message <7joerk$1sr3c$[EMAIL PROTECTED]>...
>I have two computers. One with linux and one with win98. The dns is not
>working. If i type in linux: ping 195.195.195.195 it works correct, but if
i
>type ping MB (195.195.195.195) it says: unknow host. The same with pinging
>my linux box under win98.
>How can i fix this?
Have you actually CONFIGURED a DNS? if not, just add the names / IP's of all
machines in the /etc/hosts on linux and the same wherever w98 has its host
file, and then you have a "poor mans DNS"
------------------------------
From: "Ian" <[EMAIL PROTECTED]>
Subject: Re: Linux as gateway between Microsoft and Unix
Date: Fri, 11 Jun 1999 13:23:24 +1200
Why not just install samba on the other unix machines?
It's not Linux specific.
Ian
Jacques Bourdeau wrote in message <[EMAIL PROTECTED]>...
Hi,
I wish to access files on a Windows disk from various Unix computers
Unixware, SCO, Solaris ) transparently.
As smbclient is not fully transparent, I've install a Linux box
slackware 3.6 ). I've use smbmount and mount share from Windows NT.
Now, I wish to re-dsitribute these files with NFS. I've do
it but we have a strange probleme :
The linux box can access any files / folder on the Windows share, but
the NFS re-share only the first level in the directory structure.
Ex : NT share a folder as Data. This share include a subfolder,
public, itself containing files.
I can mount Data from Linux in a directory ( net ) and access files in
public subfolder. When a Unix box mount the directory ( net ) with
NFS, he will see the subfolder public, can change in this directory
but can not do LS and PWD say he can not find in wich directory we
are.
All security on the NTFS partition are every one full control and
itself, Linux can access them. So the problem is surely not on Windows NT.
If anyone can help me, please send me your tips at
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Thanks in advance
Jacques Bourdeau
------------------------------
From: Thomann KH <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.smb,linux.samba,comp.os.linux.setup
Subject: Time corrupted using Samba
Date: Thu, 10 Jun 1999 15:48:57 +0200
Hello everybody,
I use Suse Linux 6.1 combined with an NT 4.0-Server.
I can print and mount the directory of the NTserver.
When I use smbclient to show the dirs on Linux coming from NT, dates and
times seem to be correct.
But when I mount the dir with smbmount dates and times are corrupted.
I was told to use the Dos DATE/TIME settings, so I added
dos filetimes = True
in smb.conf, but there was no change in behaviour.
I know that this worked on Samba 1.9X, but since we updated to Samba
2.0.3-13, this problem occured.
I hope there is someone out who can help me, because I found nothing
about this in
the net, and I tried !!
Any help would be greatly appreceated!
--
=====================================
I Karl-Heinz Thomann I
I Feingeraetebau Tritschler GmbH I
I Schoenaustrasse 10-12 I
I D - 79725 Laufenburg I
I T: 07763 9388 0 I
I F: 07763 9388 49 I
=====================================
------------------------------
From: [EMAIL PROTECTED] (Bob)
Crossposted-To: alt.os.linux,comp.os.linux.help,linux.help
Subject: Re: where the heck ARE the linux drivers @?
Date: Thu, 10 Jun 1999 13:11:48 GMT
"bv" <[EMAIL PROTECTED]> wrote:
>Try the newest kernel...
been there done that! - currently running 2.2.9
________________________________________________
Definition of Windows 95:
A 32 bit upgrade to 16 bit extensions for an 8 bit operating system
designed to run on a 4 bit processor by a 2 bit company that
doesn't like 1 bit of competition.
>Bob heeft geschreven in bericht <[EMAIL PROTECTED]>...
>>tried 'em!
>>
>>tried SEVERAL that i thought were generic....
>>
>>________________________________________________
>>Definition of Windows 95:
>>
>>A 32 bit upgrade to 16 bit extensions for an 8 bit operating system
>>designed to run on a 4 bit processor by a 2 bit company that
>>doesn't like 1 bit of competition.
>>
>>
>>"Dave" <[EMAIL PROTECTED]> wrote:
>>
>>>how about generic NE drivers? or NE2000?
>>>
>>>
>>>Bob <[EMAIL PROTECTED]> wrote in message
>>>news:[EMAIL PROTECTED]...
>>>> i've checked linuxdrivers.net - it sends me to linuxberg, where there
>>>> are NO drivers to be found...
>>>>
>>>> i've searched everywhere else i can think of...
>>>>
>>>> where's the best repository for linux drivers?
>>>>
>>>> (i need ati1500 nic drivers) - the howto specifically says, that linux
>>>> IS compatible with my card, I just can't find any way to get the 2 to
>>>> talk! - (tried the 1700 drivers which come with my mandrake 6 dist -
>>>> no good)
>>>>
>>>> tia - Bob
>>>> bg@@interaccess.com
>>>> ________________________________________________
>>>> Definition of Windows 95:
>>>>
>>>> A 32 bit upgrade to 16 bit extensions for an 8 bit operating system
>>>> designed to run on a 4 bit processor by a 2 bit company that
>>>> doesn't like 1 bit of competition.
>>>>
>>>
>>
>
------------------------------
From: Thomann KH <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.smb
Subject: Re: Time corrupted using Samba
Date: Thu, 10 Jun 1999 15:53:03 +0200
Horst Epp wrote:
> Thomann KH <[EMAIL PROTECTED]> wrote in <[EMAIL PROTECTED]>:
>
> >Hello everybody,
> >
> I use Suse Linux 6.1 combined with an NT 4.0-Server.
> I can print and mount the directory of the NTserver.
> The problem is that all file and directory dates seen from Linux on the
> NT-server are
> completly nonsense, and alle files I write from Linux to the server get
> a date that is nonsense
> seen from NT too.
> ...
>
> Die Zeitzonen in Linux und NT stimmen wahrscheinlich nicht ueberein
> bzw. sind unsinnig gesetzt.
Das Komische ist, dass Datum/Zeit stimmen, wenn man mit smbclient in den
NT-Server schaut.
Nu wenn man mit smbmount das dir mountet, kommt nur Bloedsinn als Datum/Zeit.
Gruss,
--
=====================================
I Karl-Heinz Thomann I
I Feingeraetebau Tritschler GmbH I
I Schoenaustrasse 10-12 I
I D - 79725 Laufenburg I
I T: 07763 9388 0 I
I F: 07763 9388 49 I
=====================================
------------------------------
From: Chris Goebel <[EMAIL PROTECTED]>
Crossposted-To: comp.security.firewalls
Subject: Linux firewall & load-balancing NAT & NT-IIS
Date: Thu, 10 Jun 1999 09:47:24 -0400
I have a linux firewall and an NT web server. I would like to add an additional
NT web server to provide load-distribution and to provide some fault-tolerance.
Does anybody provide a linux based firewall solution that can support this?
Will I have to purchase a commercial firewall to get this extra level of functionality?
-Chris
------------------------------
From: "Andrey Smirnov" <[EMAIL PROTECTED]>
Subject: Re: Linux as gateway between Microsoft and Unix
Date: Thu, 10 Jun 1999 18:46:24 -0700
Hello!
May be it will be easier to setup NFS server software on your NT box?!
Good luck!
Jacques Bourdeau <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
Hi,
I wish to access files on a Windows disk from various Unix computers
Unixware, SCO, Solaris ) transparently.
As smbclient is not fully transparent, I've install a Linux box
slackware 3.6 ). I've use smbmount and mount share from Windows NT.
Now, I wish to re-dsitribute these files with NFS. I've do
it but we have a strange probleme :
The linux box can access any files / folder on the Windows share, but
the NFS re-share only the first level in the directory structure.
Ex : NT share a folder as Data. This share include a subfolder,
public, itself containing files.
I can mount Data from Linux in a directory ( net ) and access files in
public subfolder. When a Unix box mount the directory ( net ) with
NFS, he will see the subfolder public, can change in this directory
but can not do LS and PWD say he can not find in wich directory we
are.
All security on the NTFS partition are every one full control and
itself, Linux can access them. So the problem is surely not on Windows NT.
If anyone can help me, please send me your tips at
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Thanks in advance
Jacques Bourdeau
------------------------------
From: "Dardo D. Kleiner" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.x
Subject: /dev/ttyp# & /dev/pts permissions
Date: Thu, 10 Jun 1999 10:01:09 -0400
Recently there was a post to the linux-security list indicating a problem
with permissions on the /dev/pts filesystem. It had something to do with
incorrect permissions on the /dev/pts directory, and the fact that the
entries were being created as "world-writeable", such that another logged in
user could potentially flood a tty with garbage (i.e. cat /dev/urandom >
/dev/pts/0). This was very intriguing, so I went and looked into what
permissions were being used on my box. First I discovered that I had not
correctly updated the dev RPM, do I didn't even have the /dev/pts
filesystem. My stuff still works because I use wterm-6.2.6, which
apparently doesn't support the new UNIX98 pty system. This leads to my
first question. Since wterm still uses the /dev/ttyp# devices, why are
_all_ 256 of my /dev/ttyp "world-writeable" AND "world-readable"? If I
change it (i.e.. chmod 600 /dev/ttyp0), the when I wterm as a normal user it
skips this tty and will use /dev/ttyp1 (ie. it uses the first available full
access (666) tty)...Thus, it would appear that my term is wide-open to
anyone else on my box (fortunately, I am the only one, but I want to know
what the heck is going on here). When I telnet to a FreeBSD box at work,
the /dev/ttyp# entries are correctly mode 600, so perhaps its a compile
option or configuration setting somewhere?
I have now updated my dev files, and I am trying to move towards using only
/dev/pts enabled servers, but wterm is such a cool term that I don't want to
get rid of it just yet. The latest rxvt release (www.rxvt.org) _does_
support the /dev/pts stuff, _and_ has transparency and next-scroll, but no
side menu or transparent scroll gutter (yeah, yeah, I'm a sucker for bells
and whistles). If anyone can point me in the direction of information about
tty's and permissions, I would be most appreciative, as I haven't been able
to find much of anything on this topic, and it seems to be a very important
issue to understand.
Thanks for reading all of this!!
- Dardo
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
