Linux-Networking Digest #531, Volume #11 Mon, 14 Jun 99 18:13:41 EDT
Contents:
ppp problems......... ("Mark Whitehead")
qmail & cyrus imap ("Wemmer Alexander " <[EMAIL PROTECTED]>)
Re: Restricted telnet access (Duncan Simpson)
Re: PPP Scripting... Help? (Ian Briggs)
Re: PPP Scripting... Help? (Jeff Clark)
Re: Sockets threadsafe? (Duncan Simpson)
Re: I need to add a lot of users at once. (Duncan Simpson)
ftp through IP Masquerading with a winnt 4.0 as client ("roger jaeck")
rexecd problems (Mike Roest)
irc severs ("Norberto Magni")
Re: DHCPD and DNS (Leslie Hazelton)
Re: KPPP Works, IFUP Doesn't (Mohd H Misnan)
Re: DNS Boggle ([EMAIL PROTECTED])
netatalk and zones (Preston F. Crow)
Re: Problem initializing modem. (M. Buchenrieder)
how to use libpcap (cai yibo)
Re: Any Mail Application for commercial use (Duncan Simpson)
Re: VPN through IP Masq (Duncan Simpson)
Re: Windows clients, Samba server and generic postscript printer. (Duncan Simpson)
Re: Network Design problem (Duncan Simpson)
Re: Need help convincing my company Linux TCP/IP stack is safe. (Duncan Simpson)
Re: Sendmail relaying from other IP networks (Duncan Simpson)
Re: ipchains and snmp traffic, dont work? (Duncan Simpson)
Re: functionality from LInux (Duncan Simpson)
----------------------------------------------------------------------------
From: "Mark Whitehead" <[EMAIL PROTECTED]>
Subject: ppp problems.........
Date: Mon, 14 Jun 1999 09:51:04 +0100
I am having a problem connecting to the internet using kppp. I have a Linux
box which is on a small network and has an IP address of 192.168.200.1 on
network interface eth0, no problems there. I have used kppp to configure my
dialup to demon using the following script having entered my own hostname,
password and IP address:
# KDE Config File
Name=
[Account0]
TotalBytes=0
ExDNSDisabled=1
AutoName=0
ScriptArguments=ogin:,your_nodename,word:,your_password,ocol:,ppp\\,idle=0,E
LLO,
AccountingEnabled=0
Phonenumber=08452120666
TotalCosts=
IPAddr=xxx.xxx.xxx.xxx
Domain=
Name=Demon Green
VolumeAccountingEnabled=0
pppdArguments=-detach,asyncmap 0,
Password=
Command=
ScriptCommands=Expect,Send,Expect,Send,Expect,Send,Expect,
Authentication=0
DNS=158.152.1.58,158.152.1.43,
SubnetMask=255.255.255.0
AccountingFile=
DefaultRoute=1
Username=
Gateway=158.152.1.222
StorePassword=1
DisconnectCommand=
[Modem]
BusyWait=0
NoDialToneResp=NO DIALTONE
InitDelay=1
ConnectResponse=CONNECT
Enter=CR/LF
FlowControl=CRTSCTS
InitString=ATZ
HangupString=+++ATH
InitResponse=OK
Timeout=60
DialString=ATDT
UseCDLine=0
Device=/dev/modem
NoCarrierResponse=NO CARRIER
BusyResponse=BUSY
Lockfile=/var/lock/LCK..modem
Speed=115200
[General]
QuitOnDisconnect=0
ShowLogWindow=1
DisconnectOnXServerExit=1
DefaultAccount=Demon Green
iconifyOnConnect=1
AutomaticRedial=0
NumberOfAccounts=1
ShowClock=1
DockIntoPanel=0
pppdTimeout=30
Kppp dials up, enters my username, password and then tries to start ppp and
I get the following error in the log file:
Jun 12 16:27:20 homer pppd[881]: pppd 2.3.5 started by root, uid 0
Jun 12 16:27:20 homer pppd[881]: Using interface ppp0
Jun 12 16:27:20 homer pppd[881]: Connect: ppp0 <--> /dev/cua0
Jun 12 16:27:50 homer pppd[881]: Terminating on signal 15.
Jun 12 16:27:51 homer pppd[881]: Hangup (SIGHUP)
Jun 12 16:27:51 homer pppd[881]: Modem hangup
Jun 12 16:27:51 homer pppd[881]: Connection terminated.
Jun 12 16:27:52 homer pppd[881]: Exit.
The hostname of the system on my small internal network is
homer.domain.co.uk (192.168.200.1)
The hostname and ip are obviously different for the ppp0 interface
myname.demon.co.uk
(158.152.xxx.xxx). Is this where the problem may be?
Any help would be great.
TIA
Mark.
------------------------------
From: "Wemmer Alexander <[EMAIL PROTECTED]>" <[EMAIL PROTECTED]>
Subject: qmail & cyrus imap
Date: Sun, 13 Jun 1999 16:47:43 +0200
Hi!
Has anyone an idea what i have to do, if i want to make qmail
to cooperate with the cyrus imap server???
I think i have to make qmail to handover incoming mail to
<deliver>, but it doesn't work right... :-(
Hoping for help...
bye.
--
WEMMER Alexander
Telematik Student at the Technical University of Graz, Austria
E-Mail: [EMAIL PROTECTED]
Homepage: http://www.sbox.tu-graz.ac.at/home/m/metal
(http://www.explosiv.at)
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Crossposted-To: comp.os.linux.misc
Subject: Re: Restricted telnet access
Date: 10 Jun 1999 11:09:27 GMT
In <ivy73.530$[EMAIL PROTECTED]> "Network Administrator" <[EMAIL PROTECTED]>
writes:
>> One thing, your /etc/passwd file could be vulnerable for password
>> cracking if you don't implement shadow passwords.
>> It's built-in in the 5.2. YOu only have to enable it but there are
>warnings
>> of course.
>Thanks for the suggestion.
>We do use shadow passwords. The problem has been people creating
>mailing lists using the usernames from /etc/passwd.
This problem can be solved bu giving people a special shell that
chroot()s them to a special area with the normal stuff mostly
read-only or absent and wahtever distilation of the password file you
want. Users along the lines of flezz (purely hypothetical) can be
left out of the list...giving crackers a list of the admin users is not
a good move.
You could edit sendmail.cf so that usernames, other than a few, are
not usable as such---instead people must use aliases which resolve to
those user names, so a list of users is useless as a mailing list (you
probably want the bat book if you decide to do this).
If you do this be sure to plug things like .forward and .procmailrc
files. Procmail needs patching to do this the way I did things.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Ian Briggs)
Crossposted-To:
alt.os.linux.dial-up,alt.uu.comp.os.linux.questions,comp.os.linux.help,comp.os.linux.setup
Subject: Re: PPP Scripting... Help?
Date: Mon, 14 Jun 1999 19:35:13 GMT
Troy C. Newman wrote:
:I finally got my modem working and am currently trying to configure my
:dial-up connection... I've played a little with the commands and have
:dialed the isp but then nothing...
Have you found Bill Unruh's "How to hook up PPP", an easy guide to writing
PPP scripts, at http://axion.physics.ubc.ca/ppp-linux.html ?
Good luck.
Ian
------------------------------
From: Jeff Clark <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.help,comp.os.linux.setup
Subject: Re: PPP Scripting... Help?
Date: Mon, 14 Jun 1999 14:14:03 -0500
Troy C. Newman wrote:
> I finally got my modem working and am currently trying to configure my
> dial-up connection... I've played a little with the commands and have
> dialed the isp but then nothing... is there a way to find out what the
> script should say/do to establish and maintain the connection or is it a
> matter of trial and error for different isp's.
>
> any help would be greatly appreciated...tcn.
Probably the easiest way to do this is to get EZPPP from
http://www.serv.net/~cameron/ezppp. This has a "debug" mode for connnecting
which will pop up a window showing you exactly what text is being exchanged
over the link before you actually get the PPP session established. That
will make it easy to see what you have to provide in the script, except that
you won't have to write a chat script: EZPPP also let's you define the
equivalent of the "chat" stuff in a simple dialog window. EzPPP also makes
it easy to allow non-root users to connect and disconnect PPP sessions.
I downloaded EzPPP yesterday and got it working in just a few minutes. Try
it.
--
[EMAIL PROTECTED]
SDRC/Metaphase
"Too soon old, too late smart"
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: Sockets threadsafe?
Date: 10 Jun 1999 11:59:34 GMT
In <7jmca5$rft$[EMAIL PROTECTED]> Kurtz <[EMAIL PROTECTED]> writes:
>Are sockets threadsafe? If I have two different threads attempting to
>read and write to a socket at the same time, will I get non-
>deterministic behavior?
>If so, does anyone know if this is platform dependent or part of the
>Socket spec (to be threadsafe)?
This rather depends. Attempting to read the socket with two or more
processes gives non-determistic results as to which process reads
which piece of the input. Muiltiple processes writing to a socket is
safe if the pieces are small enough. writing a certain limit, I think
~4K, is atomic and larger writes are not (so something might get
sequeezed in between bits of the larger write).
One thread reading and the other writing is of course
safe. Concurrency control is a lot of fun, espsicellay when using
badly designed libraries like MPI.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: I need to add a lot of users at once.
Date: 10 Jun 1999 17:30:41 GMT
In <[EMAIL PROTECTED]> Vincent Ridderikhoff <[EMAIL PROTECTED]> writes:
>I know that would be the sollutions, but sins passwd doesn't support
>parameters but needs input from STDIN so I can't pass the password. If you
>know of a way to pass the correct password in shell script or in perl script ,
>please tell me , because I can seem to find it...
Yup, no problem. Generate a 2 character salt (using some random number
source), feed that and the password to crypt and put that result in
the appropiate field in the appropiate file (/etc/shadow if you are using
shadow password and /etc/passwd otherwise).
passwd tries to make sure it is talking to the user after the prompts
for security reasons. You can use ptys to get around this problem but
why bother: calling crypt(3) yourself is a lot simpler. The rest of the
detials are avialable rom the crypt man page.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: "roger jaeck" <[EMAIL PROTECTED]>
Subject: ftp through IP Masquerading with a winnt 4.0 as client
Date: Mon, 14 Jun 1999 21:56:46 +0200
Hello,
I have SUSE linux 6.0 kernel 2.0.36 installed. After installing I checked
the ".config" file and I saw all necessary options a set for the kernel.
ip_masqu... and so on. So all kernel options are installed.
I use a winnt 4.0 as client to get acces to the internet.
I checked my masquarding with my winnt with the ping command:
In the command line of the winnt, I entered for example: C:\ ping
www.oldboys.com and I received all inforamtion:
Answer from 208.135.113.71: Bytes=32 Time=351ms TTL=241
...
another example: telnet server.oldboys.com
It worked too
surfing through the works fine too.
So I know my masquerading works fine.
BUT when I would use my masquerading with winnt 4.0 with a ftp-command, I
loose the connection immediately. The confusing thing for me is that I can
use the ftp-command from my linux machine.
May anybody help me?
thanks a lot
roger
------------------------------
From: Mike Roest <[EMAIL PROTECTED]>
Subject: rexecd problems
Date: Mon, 14 Jun 1999 13:50:55 -0600
I've got RH 6.0 on a box everything runs fine except that rexecd doesn't
work properly. When I try to rexec to the machine the rexec jsut
hangs. If I do a process list on the box the rexec daemon is running
but nothing is happening. Any Ideas???
BTW. Running rexecd through inetd
Mike
------------------------------
From: "Norberto Magni" <[EMAIL PROTECTED]>
Subject: irc severs
Date: Mon, 14 Jun 1999 11:02:34 +0200
Is there anyone who know how to sertup an irc server ?
I'm configuring a 486 :-) as "Internet emulators" for a school. This will be
used for a training course.
Thanks
------------------------------
From: Leslie Hazelton <[EMAIL PROTECTED]>
Date: Mon, 14 Jun 1999 21:13:39 GMT
Subject: Re: DHCPD and DNS
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 6/14/99, 12:11:18 PM, "Carl D. Blake" <[EMAIL PROTECTED]> wrote=
=20
regarding Re: DHCPD and DNS:
_____snip ______
> dynamically. I just want to be able to access each of the machines=20
via
> their hostname. I can tell from the dhcpd.leases file that the dhcpd =
server
> has assigned an IP address to a host and that its hostname is (e.g.)=20
EREBOR.
> But I can't ping EREBOR from the linux machine using the name EREBOR=20
or
> EREBOR.my.domain. =20
___snip_______
In my local lan (Linux and 2 Win95 systems) each system can pin the=20
other using names and not ip addresses. The DHCPD assigns addresses=20
to the 2 Win95 systems and s set of perl scripts keeps the bind8 DNS=20
in sync with those name/address sets.
The DNS has both forward and reverse master zones defined for the=20
local private lan and the perl scripts are available in a package=20
named "dhcp-dns.0.50.tar.gz". An example of the DNS zone=20
configuration is given in the dhcp-dns README file and looks like=20
this:
zone "high-g.prv" {
type master;
file "local.db";
allow-update {192.168.1.10;};
};
=20
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.db";
allow-update {192.168.1.10;}; =20
=20
I don't remember the url for the dhcp-dns package, but do remember I=20
found it doing a search on www.dogpile.com.
Good luck.
Les
------------------------------
From: [EMAIL PROTECTED] (Mohd H Misnan)
Crossposted-To: comp.os.linux.help,comp.os.linux.setup
Subject: Re: KPPP Works, IFUP Doesn't
Date: 14 Jun 1999 09:57:47 GMT
On Mon, 14 Jun 1999 00:08:14 -0700, Devlyn wrote:
>Mohd H Misnan wrote:
>> Have you try using linuxconf to configure your PPP connection? It is quite easy
>> to configure PPP using linuxconf and you can then run 'ifup ppp0' either as a
>> user or as root.
>>
>Yep. That's how I configured it and how I am trying to run the
>connection. I used the same info I gave the KPPP config program. I can
>get it to authenticate with a script but, not with PAP. PAP
>authentication is necessary for multilinking the two ISDN channels. I
>can only get it to do that with KPPP. So, KPPP is feeding PPPD
>something different to bring up the connection.
I just did this and its work w/o problem. You need to delete all the
characters inside chat script (expect/send sequence), otherwise the pppd will
try to use chat script instead of PAP to negotiate.
--
|Mohd Hamid Misnan | [EMAIL PROTECTED] / [EMAIL PROTECTED] |
|iMac/233RevB/MacOS 8.6 | [EMAIL PROTECTED] |
|AMDK6-2/300/Linux2.2.9 | http://www.geocities.com/SiliconValley/3319/ |
"'Scuse me! Excuse me! Yes, excuse me!" -- Wakkorotti
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DNS Boggle
Date: 14 Jun 1999 14:51:58 -0500
Reply-To: "J.L.M." <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>,
Andy <[EMAIL PROTECTED]> wrote:
>Ok, well...
>I tried nslookup 208.15.109.1 my primary nameserver. It still hanged. I
>can ping my name servers just fine tho. Then I added nameserver 198.6.1.1 to
>my /etc/resolv.conf and everything worked fine. (Ping, nslookup, and netscape)
>
>Now I'm really confused...
Hmm. That should have made things clear.
Until you had your /etc/resolv.conf setup,
nothing which used resolver libraries could lookup
hostnames. nothing that needs gethostbyname(3)
can do so without dns server(s) to resolve, if your
host.conf is setup to look on the network for names.
The first try "nslookup 208.15.109.1" was the wrong thing
to test.
You needed to do "nslookup - 208.15.109.1" and it would have
worked.
Why didn't you put 208.15.109.1 in resolv.conf?
--
James
http://ssdd.conservatory.com
------------------------------
From: [EMAIL PROTECTED] (Preston F. Crow)
Subject: netatalk and zones
Date: 14 Jun 1999 19:36:49 GMT
I'm having trouble getting netatalk to allow our iMac to print to the
printer attached to my Linux system. I'm pretty sure that I have
everything almost right, but I suspect that there's a zone problem.
My network is simple: The iMac (MacOS 8.5.1) and my Linux system are
both connected to the same hub, as is a router.
I'm pretty sure I have the latest versions of everything on the Linux
side (netatalk-asun-1.4bsomething-or-other, all compiled from sources).
>From the iMac, nothing shows up in the chooser, but I can mount
filesystems from my Linux system if I give it the IP number . Under
the Appletalk control panel, it says that no zones are available. My
conclusion is that I've set up netatalk correctly, except that I'm not
establishing an Appletalk zone, so the iMac doesn't know to look to
Linux for networked printers. Most of the HOWTO documentation seems
to be geared towards setups where an Appletalk network already exists,
unfortunately.
Any clues as to what I should do?
--PC
--
Only be careful, and watch yourselves closely so that you do not forget the
things your eyes have seen or let them slip from your heart as long as you
live. Teach them to your children and to their children after them.
Remember the day you stood before the Lord your God... --Deut 4:9-10a
------------------------------
Crossposted-To:
alt.os.linux.dial-up,alt.uu.comp.os.linux.questions,comp.os.linux.help,comp.os.linux.setup
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: Problem initializing modem.
Date: Mon, 14 Jun 1999 16:33:26 GMT
"Troy C. Newman" <[EMAIL PROTECTED]> writes:
>I currently am running a usr 56k sportster (ISA not winmodem)... The jumpers
>are set a PnP and windows puts it @ com3 irq5...
^^^^^^^^
[...]
Linux isn't a PNP OS. You'll need the isapnptools.tar.gz package
(or the appropriate rpm), then use "pnpdump" to create the file
/etc/isapnp.conf and edit that file to your needs.
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
------------------------------
From: cai yibo <[EMAIL PROTECTED]>
Subject: how to use libpcap
Date: Mon, 14 Jun 1999 16:40:07 +0800
who can tell me how to use libpcap to write a "snoop"?
where can I find useful documents about how to use libpcap?
are there any famous programs which use libpcap?
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Crossposted-To:
comp.os.linux.development.apps,comp.os.linux.development.system,comp.os.linux.misc
Subject: Re: Any Mail Application for commercial use
Date: 9 Jun 1999 21:08:07 GMT
In <[EMAIL PROTECTED]> Eddy <[EMAIL PROTECTED]> writes:
>Besides Zmail and Sendmail, is there any mail application suitable for
>commercial use ? As Sendmail seems too complicated for commercial and
>the user interface is not so user-friendly.
There are others like qmail and postfix. If you want an ISP strength
mail transport agent then sendmail is the usual choice. Easier
configuration is avaialable as sendmail pro (sendmail+GUI
configuration tool) from sendmail inc, whose techincal support should
be good (if need be Eric himself is avialable). There are lots of
consultants out there who will install and configure sendmail for you.
Both these options will cost you money, of course.
Things you read and write mail with are a sepereate question. Popular
choices include pine and elm. There are varuious GUI ones too--I like
exmh but it is not for everyone.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: VPN through IP Masq
Date: 8 Jun 1999 11:09:42 GMT
In <z2363.8142$[EMAIL PROTECTED]> "MikeH" <[EMAIL PROTECTED]> writes:
>Hi,
> I'm trying to access a VPN server from a client that is
> behind a box running IP Masq. The IP Masq machine
> is connected to the ISP with a cable modem.
> Does anyone specifically whether or not it is possible to
> run VPN and PPTP through IP Masq?
>Thanks in advance,
>Mike H.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: Windows clients, Samba server and generic postscript printer.
Date: 9 Jun 1999 12:51:24 GMT
In <Gi373.429$[EMAIL PROTECTED]> "Dmitry Novikov" <[EMAIL PROTECTED]>
writes:
>Hello Everybody!
>I am trying to create some kind of faxserver on my Linux box, and idea is to
>create a 'virtual' postscript printer
>with redirection of incoming postscript data to a fax software, with using
>Ghostscript as converter PS -> G3 FAX.
>Is there any way to create such a 'virtual' printer, which will be seeing
>from Windows clients (95/98/NT) as
>some kind of generic (or not generic) printer?
>Or may be using postscript as 'common language' is a bad idea?
>Or, may be, there are other not-email-based ways to send faxes from Windows
>clients?
>Thanks for any help
Look into hylafax (free from SGI). You can set up an email to FAX
gateway taht goes via hylafax or use the supplied windows client. The
server might require extereme pushing to run on windows, so why bother :-)
Ducnan (-:
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: Network Design problem
Date: 8 Jun 1999 11:33:33 GMT
In <[EMAIL PROTECTED]> Aaron Helleman <[EMAIL PROTECTED]> writes:
>I'm in the unique position to help redesign a high school's network.
>I'm keen on implementing Linux as the primary OS for the school - but I
>need to work through a few different ideas I'm having on the
>implementation details.
>I'm looking for some feedback on the performance of these options - or
>others that can fit the following needs:
>My pics for the Apps so far:
>----------------------------
>1) StarDivision's StarOffice 5.1
>2) C and C++ already installed - but a GUI?
I personally like xemacs. Look at xwpe, which is built on emacs, gcc,
gdb, etc.
>3) WINE to emulate windows? or dual boot? (some help here please.... the
>teachers may insist on Win95 so we can run some yet to be purchased
>educational software - this is one of those make or break issues i
>guess)
Purchase a monster critrix server and use a linux ICA client. This will
do stuff wine can not cope with. Sell it to the teachers, management, etc
as central administration and therefore reduced TCO.
>4) Netscape with sendmail? how to time limit mailings?
Hmmm... no software I know for anything I know supports this
directly. You could hack up a local mailer than had the time limits
built in and get snedmail to use that.
>5) tar, cron jobs
>Now for the real sticky questions:
>Should I install RH 6 and Staroffice on ALL the client machines and just
>use the central fileserver for the students to save their work on?
Probably the better choice, unless star office needs more power.
>I have a feeling that most people will say buy the RAM, and put the
>effort into putting the software on all the machines.
>Any advice on quick ways of installing the same stuff to every machine?
>remember - these machines dont have floppies or CDroms!!
How about a read only NFS mount mounted by everybody? You could also use
something like rdist instead if the network traffic is a problem.
Take a look at my solaris box:
/dev/dsk/c0t3d0s0 224410 181083 43103 81% /.cache
kilderkin:/export/root/feynman
1571818 608790 959099 39% /
kilderkin:/export/exec/Solaris_2.6_sparc.all/usr
1142296 1123768 16248 99% /usr
swap 108572 196 108376 0% /tmp
kilderkin:/export/local
1571816 608792 959096 39% /export/local
kilderkin:/opt 1142296 1123768 16248 99% /opt
ecsfilesrv1:/export/ecs/pdc/users/dps96r
8879104 8658140 220964 98% /home/dps96r
>Pulling the HD's is one option I guess.... ?
Local HDs make great boot device, /tmp and swap space. Doing all these
over the network is a good way to staurate your network. See /tmp on
my solaris box above.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: Need help convincing my company Linux TCP/IP stack is safe.
Date: 9 Jun 1999 12:47:28 GMT
In <[EMAIL PROTECTED]> Stephen Carville <[EMAIL PROTECTED]> writes:
>Christian Hudon wrote:
>>
>> Hi,
>>
>> the company I work for has been experiencing networking problems
>> recently, and they've started to take a look at everything that's
>> connected to their internal network. That includes my Linux box. So I'd
>> need help convincing them that Linux's TCP/IP stack doesn't cause
>> network floods, is well implemented, etc. I know this is a bit silly,
>> but...
>IF Linux was that screwed up, it wouldn't be so popular with ISP's. If you
>are having broadcast storms the first place to look is your NT boxes. I
>have done dozens of trace captures with a GN sniffer and it is the NT boxes
>that generate the broadcast traffic. The damned browser alone can be a
>network butcher but when you add to that a lot of cross-mapping between
>workstations and you have a recipe for disaster. I have seen broadcast
>storms averaging 2000 packets per second lasting up to 10 minutes on
>networks with only abotu 100 NT stations. Beleive me when I tell you that
>can slow a swithed environment to a crawl.
I would add that running tcpdump will reveal which machines are
flooding the network with what packets. This probably points to gratitous
SMB broadcasts by NT. In the unlike case it your linux your you will
know to0 (and *should* be able to fix it).
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: Sendmail relaying from other IP networks
Date: 8 Jun 1999 14:44:08 GMT
In <tlM63.38512$[EMAIL PROTECTED]> "Martin Button" <[EMAIL PROTECTED]>
writes:
>Could someone give me advice on the following:
>We have several connected networks on different IP addresses, but when mail
>is sent from machines with IP addresses not on the same subnet as the
>sendmail host, we get a "551 ... we do not relay" It occurs every time
>non-local email is send (ie. relayed thought the server.)
>How do I get sendmail to trust the other IP networks? Do I need to add a
>sendmail feature?
Edit the list of local IP numbers to include your networks. It is
probably something like /etc/mail/localip or some such (I do not have
a RH box to know, sorry). If they are using the anti-relaying rulesets
I picked up you can put whole subnets in with a single entry.
Relaying for random people is an extemely bad idea. I will let you
guess the nature of the people this attracts and how many thousand
bounces goes to your local postmaster (you?).
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: ipchains and snmp traffic, dont work?
Date: 9 Jun 1999 21:48:01 GMT
In <7jlqve$jo3$[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>Hi!
>Im trying to do a snmpwalk to host outside my ipchains firewall.
>Cant get it to work. Is snmp supported at all by ipchains?
>Im quite new to ipchains but I think I got all the filters right.
Assuming the packets get through, yes. Assuming they do not, no AFAIK.
snmp is unlikely to be running on many machines and even if it the
chances of it being blocked by the first firewall are 99.99%. Read the
RFC and you will understand why it has been called "Security? Not My
Problem" and people are not keen on running it.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Crossposted-To: comp.os.linux.questions
Subject: Re: functionality from LInux
Date: 9 Jun 1999 21:59:34 GMT
In <[EMAIL PROTECTED]> Dan Teodor <[EMAIL PROTECTED]> writes:
>Hello all,
>I have a Windows 95 desktop machine, a windows 95 laptop and a Linux RedHat
>5.2 desktop machine.
<stuff snipped>
>I have looked in all the LInux books for anything on any program called "dhcp"
>or "dhcpd" and cannot find anything, however, I have seen repeated references
>to ISPs using Linux boxes to dynamically assign IP addresses to Windows 95
>machines that are either dialing in or ar plugging into the local network? How
>exactly do they accomplish this? What is the name of the DHCP server for the
>RedHat 5.2 Linux ditribution.
Assuming the CD does not have a package, ratehr than DHCP just not
being installed, the latest source grows at the ISC
(http://www.isc.org) and AFAIK it works on Linux (and most other
unicies). The latest alpha test version claims:
* Linux: Full functionality with Linux 2.0.33 and later kernels.
and the same applies to version 2 (beta). Verions 1 lacks full
functionality with Linux---only system with one NIC work (I do not
think looks like a big problem for you).
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
