Linux-Networking Digest #544, Volume #11 Tue, 15 Jun 99 18:13:43 EDT
Contents:
Re: host.deny (Thomas Zajic)
need AT2500 drv for linux ("Allan Bech")
Re: How to make lookups start with /etc/hosts? (Bill Unruh)
Re: host.deny ("Mitch Appleby")
Re: host.deny (A Dark Elf)
Re: help setting up ppp (Clifford Kite)
Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft Retest News
(Mark S. Bilk)
Re: Linux Client to Microsoft Network (A Dark Elf)
named only as local and cache ? ("Stefan Triep")
Re: lmhost?? (A Dark Elf)
Re: nslookup help ("David Means")
can't get telnet up; BUT DEBUG mode WORKS!!!! (Bob)
Re: Does anyone know what ports 31789 and 31790 are for? ("Bob Glover")
PPP (Nicholas E Couchman)
Re: NO CARRIER ("George Georgakis")
artisoft AE-2/C confusing W7 jumper (B'ichela)
Linksys LNE100TX (tulip) keeps going on and off ... conflict ?
([EMAIL PROTECTED])
Re: ftp localhost problems... (Thomas Zajic)
Re: Help! Networking & IP Masquerading & PPP, oh my! (Stuart Macdonald)
Re: more diald stuff (root)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Thomas Zajic)
Subject: Re: host.deny
Reply-To: [EMAIL PROTECTED]
Date: Tue, 15 Jun 1999 19:22:08 GMT
On Tue, 15 Jun 1999 13:48:03 -0500, Mitch Appleby wrote:
> Where do I find the format for host.deny? Do I need more than a TCP/IP
> address? Is there a source that gives some examples? I just need to block
> a few individual stations from accessing the net.
>
> Mitch Appleby
man 5 hosts_access
man 5 hosts_options
HTH,
Thomas
--
=--- Thomas Zajic aka ZlatkO ThE GoDFatheR, Vienna/Austria ---=
=-- "It is not easy to cut through a human head with a hacksaw." M.C. --=
=-- Posted with Free Agent 1.11/32 running on Linux 2.0.36/Wine-990226 --=
=--- Spam-proof e-mail: thomas(DOT)zajic(AT)teleweb(DOT)at ---=
------------------------------
From: "Allan Bech" <[EMAIL PROTECTED]>
Subject: need AT2500 drv for linux
Date: Tue, 15 Jun 1999 22:04:04 +0200
Hi
Can somebody help me with Linux drv for Alleid-Telesyn AT2500 NIC
The link on Alleid-Telesyn website is down...
Best Regards
Allan
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: How to make lookups start with /etc/hosts?
Date: 15 Jun 1999 19:39:47 GMT
In <T5t93.19412$[EMAIL PROTECTED]> "YouDontKnowWho"
<[EMAIL PROTECTED]> writes:
>I didn't quite understand your post, so maybe this will be wrong.
>I think that the "order hosts,bind" line belongs in /etc/resolv.conf,
>not /etc/hosts.
It belongs in neither. It belongs in /etc/host.conf
------------------------------
From: "Mitch Appleby" <[EMAIL PROTECTED]>
Subject: Re: host.deny
Date: Tue, 15 Jun 1999 15:01:41 -0500
This is my frustration .. I've looked at both hosts_access and
hosts_options man pages. Terms like ALL, daemon_list are used. What does
ALL refer to? Daemons? How do I refer to just one daemon? In the news
letter above, ' leafnode' is used. This is a what?
I have Redhat 5.2 running. Never goes down, does email, internet access,
faxing. I don't want to screw it up. Most of what I've learned has been by
seeing an example, or lots of them.
Mitch
------------------------------
From: A Dark Elf <[EMAIL PROTECTED]>
Subject: Re: host.deny
Date: Tue, 15 Jun 1999 20:14:27 GMT
the syntax is:
<daemon>:<ip>, <ip>, ...
Examples:
in.telnetd: ALL
smbd: ALL EXCEPT 192.168.1., 127.0.0.1
in.ftpd: 1.2.3.4
Mitch Appleby wrote:
>
> This is my frustration .. I've looked at both hosts_access and
> hosts_options man pages. Terms like ALL, daemon_list are used. What does
> ALL refer to? Daemons? How do I refer to just one daemon? In the news
> letter above, ' leafnode' is used. This is a what?
>
> I have Redhat 5.2 running. Never goes down, does email, internet access,
> faxing. I don't want to screw it up. Most of what I've learned has been by
> seeing an example, or lots of them.
>
> Mitch
--
Patrick Lambert
Software Developer, System Administrator and Security Specialist
================================================================
[EMAIL PROTECTED] http://www.darkelf.net
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: help setting up ppp
Date: 15 Jun 1999 15:48:02 -0500
schwantes frederick ([EMAIL PROTECTED]) wrote:
: I was wondering if anyone could help me solve what is probaby a simple problem:
: I am trying to set up ppp(ver 2.3.5) on linuxppc but when i goto rebuild the kernal
:i get errors
: ppp.c:3104: macro `dev_kfree_skb' used with just one arg
: and
: ppp.c:3104: parse error before `)'
: after several errors of this type the make script just stops.
: i have tried everything i can think of and i still cant get it to work so any
:suggestions would be much appreacated
Boy it's been quite a while since I've seen a post about the infamous
dev_kfree_skb ppp-2.3.5 error. Thankfully. There are nasty problems with
the code and installation for ppp-2.3.5 . Get the latest ppp-2.3.8 at
cs.anu.edu.au/pub/software/ppp
It's better and no nasty problems provided the installation instructions
are followed.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Better is the enemy of good enough. */
------------------------------
Crossposted-To:
omp.os.ms-windows.nt.advocacy,comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
From: [EMAIL PROTECTED] (Mark S. Bilk)
Subject: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft Retest
News
Date: Tue, 15 Jun 1999 20:12:52 GMT
In article <[EMAIL PROTECTED]>, Dan Kegel <[EMAIL PROTECTED]>
wrote:
>For news and background about the Mindcraft retest, see
> http://www.kegel.com/mindcraft_redux.html
>...
>plus news about the current retest.
Microsoft has a history of cheating on benchmarks and
rigging software to prevent competitive products from
functioning. Could they do that in the Mindcraft retest
that's now taking place?
(If you are thinking that MS would not possibly do such a
thing, browse the URLs near the end of this article.)
It's likely that the high-end disk controllers, network
interface cards, and perhaps other system components in
the quad-Xeon server have flash-programmable microcode.
(Maybe there is even provision for loadable microcode in
the Xeon CPUs?)
Microsoft has had months to figure out ways to rig those
components to distinguish between NT/IIS and Linux/Apache
data or instruction sequences and slow down the latter.
They could also mess with the various segments of the
benchmark software, and the hardware and software of the
client machines, as well as the routers, etc., in the
network that interconnects them.
Even if the Mindcraft rules say that Linux/Apache can be
tested first, and will get a "clean machine", microcode
changes could have been put in beforehand (e.g., during
the previous day's testing) and would not be detectable.
Additionally, since the source code of NT and IIS is
secret, and Microsoft is allowed to apply any patches they
wish to it for the test, they could create a dedicated
version that is hand coded and optimized to score high on
the benchmark even though the changes render it incapable
of normal functioning. Or, if nobody checks the size
of the programs, the special code, which would run only
when the benchmark was detected, could be *added* to the
regular software, so it *could* perform normal tasks as
well. In either case, no one outside the Microsoft team
will have any idea what their "patches" are actually doing.
According to Mindcraft's rules the Linux team would have
only a few hours to detect any such cheating, which might
have taken months to design and disguise. They wouldn't
even be able to get copies of the actual patched NT/IIS
programs that Microsoft ran.
The Linux side wouldn't stand a chance of figuring out
how Microsoft rigged the test. (Read in the second URL
below the description of the encrypted code that MS put
into Windows 3.1 to detect and kill DR-DOS.)
Gates could afford to spend $1,000,000 per day for two
months on this project; that's probably less than a tenth
of his daily income. He could have bought several complete
copies of the entire benchmark system -- server, network,
and client machines -- two months ago, out of petty cash,
or through front companies that MS controls, or out of his
own personal fortune, and hired teams of hackers paid
$1,000/hr each to work on them. He could have bribed em-
ployees of the companies that make the network cards, etc.,
to get copies of their microcode sources and compilers.
A few weeks ago, the high volume Microsoft propagandists in
comp.os.linux.advocacy had as their first priority baiting
Linuxers into participating in this third Mindcraft bench-
mark. Most of them use false names and are untraceable.
If Microsoft planned to rig the test, and if they are paying
people to post propaganda to Usenet, they would order them
to goad the Linux folk into the trap. In fact, dozens of
articles of that nature were posted by the high-volume
Microsoft shills in c.o.l.a.
Would Microsoft stoop to such dishonest tactics? They
certainly did in the first Mindcraft benchmark. And
they have not hesitated in the past to rig their software
to kill the competition:
<LI><a href="http://www.vcnet.com/bms/departments/dirtytricks.shtml">Microsoft Dirty
Tricks Department</a>
<LI><a href="http://www.ddj.com/articles/1993/9309/9309d/9309d.htm">MS Code to Kill
DR-DOS -- SEP93: Examining the Windows AARD Detection Code</a>
<LI><a href="http://www.newsbytes.com/pubNews/129945.html">MS talks about killing
DRDOS and Novell -- Caldera Responds To Microsoft Dismissal Motions</a>
<LI><a href="http://www.theregister.co.uk/981020-000020.html">THE REGISTER: Microsoft
on trial -- lots of detailed revelations</a>
<LI><a href="http://www.kmfms.com/whatsbad.html"> What's So Bad About Microsoft? </a>
<LI><a href="http://www.opensource.org/halloween.html">The Halloween Documents</a>
If there are any experts out there who can evaluate the
feasibility of the scenarios I've outlined, I hope you will
post your comments. Please ignore the jeering from the MS
propagandists who will almost certainly post followups.
------------------------------
From: A Dark Elf <[EMAIL PROTECTED]>
Subject: Re: Linux Client to Microsoft Network
Date: Tue, 15 Jun 1999 20:20:27 GMT
Internet access and Samba are 2 diff things. If the NT server is your Internet
gateway, then you just have to configure your system correctly with ifconfig,
add a route to it, and tell route that the NT system will be your gateway. If
you want to share files from it, then using smbmount or smbclient should work
just fine.
Christopher New wrote:
>
> My goal is to connect Linux to our NT Server requiring the following
> configuration on an Windows 9x machine ....
> * Login : Client for Microsoft Network
> * Protocol : TCP/IP
> * Other : MS Proxy Client
>
> We are required to login to the Proxy client in order to get Web access
> ........
> This is done at startup not in a web browser........
> The system allows us to browse the network neighbourhood........
>
> I am aware that Samba may solve some of my problems but I am concerned
> with the logging into the Proxy Client .....
>
> Any advice or assistants would be greatly appreciated ..... ( If I have
> not provided enough information please let me know )
>
> Thanks in advance
>
> Christopher New
--
Patrick Lambert
Software Developer, System Administrator and Security Specialist
================================================================
[EMAIL PROTECTED] http://www.darkelf.net
------------------------------
From: "Stefan Triep" <[EMAIL PROTECTED]>
Subject: named only as local and cache ?
Date: Tue, 15 Jun 1999 23:01:13 +0200
Hello from a bind newbie,
in our company we have several nameservers. The network is spread all over
germany and I would like to set up a nameserver only for local machines and
forward all other questions to the main nameservers wich are allready in our
local network setup. I also would like to build up a cache so the questions
will be answered a bit faster.
Can anyone please give me a clou how to set this up.
Regards
Stefan
------------------------------
From: A Dark Elf <[EMAIL PROTECTED]>
Subject: Re: lmhost??
Date: Tue, 15 Jun 1999 20:16:56 GMT
You sure it is lmhost and not lmhosts ? Because Samba uses a file called
/etc/lmhosts to figure out where systems are. For example, if you have a
system called MYSYSTEM on IP 1.2.3.4, you could put in /etc/lmhosts:
1.2.3.4 MYSYSTEM
Jordan Altena wrote:
>
> I want to make a network with Linux and w98.
> With w98 i can come on the Linux machine, but when i say in Linux
> smbclient -L computername
> Linux says that he can't find lmhost.
> When i look for lmhost i can't find it either.
> How can i make the lmhost and what must stand in it??
>
> Thanks
> Jordan Altena
--
Patrick Lambert
Software Developer, System Administrator and Security Specialist
================================================================
[EMAIL PROTECTED] http://www.darkelf.net
------------------------------
From: "David Means" <[EMAIL PROTECTED]>
Subject: Re: nslookup help
Date: 15 Jun 1999 21:04:51 GMT
Thomas Walz <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> How can i get help or info about nslookup?
> I tried
> man nslookup
> nslookup --help
> nslookup -h
> nslookup /?
On my machine, info on nslookup is in /usr/man/man8.
Maybe your machine has it organized differently, or maybe your
manpath isn't set right.
In either case, you can do this:
$nslookup
Default server: localhost
Address: 127.0.0.1
> help
------------------------------
From: [EMAIL PROTECTED] (Bob)
Crossposted-To: comp.os.linux.setup,linux.help,linux.redhat.install
Subject: can't get telnet up; BUT DEBUG mode WORKS!!!!
Date: Tue, 15 Jun 1999 21:13:18 GMT
I know I must be missing something really stupid....
inetd is running
i can run in.telnetd as debug on, say, port 199;
and i can telnet in NO problem!
Now - I try to telnet thru normal port; and i get
"connection closed by foreign host"
I have plenty of available pty's...
what am i missing?
tia - bg
________________________________________________
Definition of Windows 95:
A 32 bit upgrade to 16 bit extensions for an 8 bit operating system
designed to run on a 4 bit processor by a 2 bit company that
doesn't like 1 bit of competition.
------------------------------
From: "Bob Glover" <app1rtg_at_air.ups.com>
Subject: Re: Does anyone know what ports 31789 and 31790 are for?
Date: Tue, 15 Jun 1999 20:58:56 +0100
I read somewhere that on certain types of *nix systems that port numbers
start repeating themselves above 32767. You know port 32769 = port 1, 32770
= port 2, etc. or something like that. That would repesent a possible
security hole. I _do_ see that your mystery port is below 32768, but I
coudln't resist giving an incomplete answer based upon my vague
recollections. Maybe it was in the 'sentry' documentation.
OR
Doesn't the port's value, 31789, make it a registered port (for some
commercial app)? Maybe someone found a hole in some commercial product and
is trying to exploit it.
Either way, I just don't know. 8^)
David Kennedy wrote in message <[EMAIL PROTECTED]>...
>Hmm, I see you have the same thing?
>
>I will let you know the solution if I find one. Please do the same.
>
>Thanks.
>
>On Tue, 15 Jun 1999 19:45:08 GMT, [EMAIL PROTECTED]
>(Thomas Zajic) wrote:
>
>>On Tue, 15 Jun 1999 17:56:27 GMT, David Kennedy wrote:
>>
>>> [ ... ]
>>> They are showing up in my /var/log/messages and I am curious as to
>>> what someone is looking for. (udp connection)
>>
>>Be sure to post your results here if you find any:
>>
>>Jun 15 21:24:02 sphere udplog: dgram to port 31789 from 195.2.5.65:31790
>> (1 bytes)
>>Jun 15 21:24:18 sphere udplog: dgram to port 31789 from 195.2.5.65:31790
>> (1 bytes)
>>
>>TIA,
>>Thomas
>>--
>>=--- Thomas Zajic aka ZlatkO ThE GoDFatheR,
Austria ---=
>>=-- "It is not easy to cut through a human head with a hacksaw."
C. --=
>>=-- Posted with Free Agent 1.11/32 running on Linux
.0.36/Wine-990226 --=
>>=--- Spam-proof e-mail:
DOT)zajic(AT)teleweb(DOT)at ---=
>
------------------------------
From: Nicholas E Couchman <[EMAIL PROTECTED]>
Subject: PPP
Date: Tue, 15 Jun 1999 03:15:10 GMT
Hey,
I have a RH6.0 linux box running PPP 2.3.7. When I try to connect,
the connection goes through, but after about 1 and 1/2 mins, it
disconnects. Any ideas?
--Nick
------------------------------
From: "George Georgakis" <[EMAIL PROTECTED]>
Subject: Re: NO CARRIER
Date: Tue, 15 Jun 1999 03:26:43 GMT
"NO CARRIER" usually means your modem can't connect to whatever answers the
phone at the other end. Usually it means the modems can't talk to each
other.
PPP is the Point To Point Protocol. PPPD is the PPP daemon, which initiates
and controls the PPP link.
I strongly suggest you do some basic network reading before going any
further. Try the Linux Network Administrator's Guide, written by Olaf Kirch
and published by O'Reilly & Assocs.
George
===========================================================================
I never reply by email as a) I don't give out my real email address freely,
and b) it stops other NG users from reading the solutions to problems
If necessary, however, I can be contacted thru geegs (a) linuxstart DOT com
==========================================================================
Todd Graham <[EMAIL PROTECTED]> wrote in article
<7k42qe$6ji$[EMAIL PROTECTED]>...
> I'm not sure on the "NO CARRIER" message, but you can go to the sbin
> directory "cd /sbin" from the command line and then type "./ifconfig -
> a" to see what your connections are. The first should be loopback and
> then the ppp connection should be there if you are connected.
>
> You may want to try "usenet" to get the ppp connection - good luck!
>
>
> In article <wwc93.433$[EMAIL PROTECTED]>,
> "newb" <[EMAIL PROTECTED]> wrote:
> > I can connect to my ISP(gte.net) but after awhile(around 2 min) my
> modem
> > hangs up giving me NO CARRIER message.
> >
> > My ISP was able to give me an IP. I'm using minicom to dial and every
> > configuration was done in X environment. BTW, how do I know if I have
> named
> > running and ppp running. Do I need this in order to connect. I know
> what's
> > it mean by those two(named and ppp) at least in theory. I have pppd
> running,
> > is this ppp service? Are ppp and pppd the same?
> >
> > TIA
> >
> > Leon
> >
> >
>
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
------------------------------
From: [EMAIL PROTECTED] (B'ichela)
Crossposted-To: comp.os.linux.hardware
Subject: artisoft AE-2/C confusing W7 jumper
Date: Mon, 14 Jun 1999 08:31:59 GMT
Reply-To: [EMAIL PROTECTED]
Being these frustrations are BOTH network and hardware I wanted to mention
both here:
After a year of hiatus on the networking (or trying to). I decided to
REREAD the Artisoft info reguarding my second hand cards. The docs say this
about jumper w7
W7 Selects extended length segment length for thin coaxial cable IEEE
compliance
(AE-2/C) (Will only work properly if ALL nodes on the
Network are AE2 or AE3 cards and ALL nodes have this jumper set)
Problem is. my IBM XT in the bedroom is using a WD8013EP card not Artisoft.
What should I set W7 to? it has two positions A or B? The Artisoft AE-2/C
is installed in my Linux system. and my XT will not work with the other
AE-2/C as the Crynwar packet drivers for the Ne2000 mode lock up machine
when a pachet from the Linux box is sent.
When using the Linux system to the WD8013EP card. (linux AE-2/C is
set to the A position of w7. I just do NOT get any datagrams getting
recognized by Crynwar's pktwatch program on the XT
Should W7 be set for A or B when connecting to non-artisoft
networking hardware?
What is the best way to Make darn sure a packet goes out eth0? I
tried setting up as according to the Net 3-1.3 howto and using ping (XT
would be address 192.168.0.3
Pinging that address results in 100% packet loss.
--
A pearl of wisdom from the y2K newsgroups:
=========================================================================
Y2K appears to be the Baby Boomers mid-life crisis, and it has the
potential to be a dandy.
-- Anonymnous --
==========================================================================
B'ichela
------------------------------
From: [EMAIL PROTECTED]
Subject: Linksys LNE100TX (tulip) keeps going on and off ... conflict ?
Date: Mon, 14 Jun 1999 00:33:50 GMT
Running Redhat 6.0 w/ 2.2.5 kernel. Fresh install. Was working last
week, but drive recently crashed so I had to rebuild. Now the network
card won't initialize. The hub light just goes on and off. When I do
a ifdown eth0 and then ifup eth0 it tells me that the netmask does not
match the default route. Also I downloaded the latest tulip.c and
recompiled. I have the tulip driver as a module now also, but still no
luck. Anyone having similar issues ?
Also as a side note, the message log show repeated entries indicating
PNIC configuration to half-duplex CSR6 .... ???
------------------------------
From: [EMAIL PROTECTED] (Thomas Zajic)
Subject: Re: ftp localhost problems...
Reply-To: [EMAIL PROTECTED]
Date: Mon, 14 Jun 1999 01:05:19 GMT
On Thu, 10 Jun 1999 10:49:32 +1000, Andrew Wedding wrote:
> My problem:
>
> [root@brutus /etc]# ftp localhost
> Connected to localhost.
> 421 Service not available, remote server has closed connection
> ftp>
> ftp>quit
> [root@brutus /etc]#
>
> I am getting exactly the same problem with Telnet.
>
> I must be missing something very simple, but here is what I
> have tried and failed at doing...
Add the following line to /etc/hosts.allow:
in.ftpd,in.telnetd: 127.0.0.1,localhost
Then do a 'man 5 hosts_access' and 'man 5 hosts_options' to
understand why. Use 'tcpdchk' to check your tcpd configuration
for errors, and 'tcpdmatch' to check whether a specific host
and/or user would be granted or denied access using your current
configuration. Also read the man pages for tcpdchk and tcpdmatch.
Get used to read man pages in general. ;-)
HTH,
Thomas
--
=--- Thomas Zajic aka ZlatkO ThE GoDFatheR, Vienna/Austria ---=
=-- "It is not easy to cut through a human head with a hacksaw." M.C. --=
=-- Posted with Free Agent 1.11/32 running on Linux 2.0.36/Wine-990226 --=
=--- Spam-proof e-mail: thomas(DOT)zajic(AT)teleweb(DOT)at ---=
------------------------------
From: Stuart Macdonald <[EMAIL PROTECTED]>
Subject: Re: Help! Networking & IP Masquerading & PPP, oh my!
Date: Mon, 14 Jun 1999 01:12:41 GMT
> David, I am having the exact same problem, I think. I have Redhat 5.2 with
> 2 NIC's. Forwarding turned on. I have read all the How-to's I can find to
> try and setup a basic massquerading scheme. I'll add more rules once I get
> it working.
Everything on the Linux box works, I can get to the internet no problem. On
the internal net side I can get to both interfaces on the Linux box, ftp,
telnet, etc. I just cant connect to the internet at all. The ipmasq-HOWTO
has a section on testing the setup. I tried the tests and they all work. I
can check the forwarding rules using 'ipfwadm -F -l', and it looks OK. My
win95 PC just cant get through.
I think the Kernel is compiled for ip_masqureding but I don't know how to
check that, so I don't have to re-compile just to be sure.
I have been working on this for 2 weeks and also getting fed up.
The only thing that doesn't seem to work is "netstat -M". I get the message
"netstat.c: feature 'FW_MASQUERADE' not supported."
"Please recompile Net-Tools with newer kernel source or full
configuration."
Does this mean my kernel is not compiled for Masquerading?
Thanks all for any help
> Okay. I'm fed up with trying to do book learning. I just want a solution.
> Once I get that I'll go back and figure out how it works. :)
>
> Here's my set-up:
>
> 1 Server running RedHat 5.2 with a 56k modem and 1 NIC
> 5+ Windows 98 PCs with NIC
>
> I've got PPP working and it dials my ISP just fine. I'm able to browse the
> web and everything from my Server.
> I'm also able to telnet and ftp to my server from the Win 98 machines. No
> problems there.
>
> How do I set up IP masquerading with a ipfwadm so that I can browse the web
> on the win 98 machines? I really don't want to go out and set up a separate
> firewall machine.
>
> Can anyone help? Please e-mail me directly with answers or if you want more
> info. I'm really eager to get this working ASAP.
>
> Thanks,
>
> David
> [EMAIL PROTECTED]
------------------------------
From: root <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: more diald stuff
Date: Sun, 13 Jun 1999 22:53:46 -0400
Brian Witowski wrote:
>
> Gary,
>
> My diald binary is in /usr/sbin. And it is a binary. I'm using Caldera 1.3 w/2.0.35
> kernel. My init.d dir is in /etc/rc.d/. And my diald.conf is in /etc and my options
> is in /etc/ppp as well as my 'connect' script.
> The problem I have with 'diald up' is that it dials even if I don't need it to. Then
> if it times out and hangs up due to no activity, it dials again. Even if I'm not on
>my
> Win98 box. So thats one issue I need to resolve.
>
I have only had experience with Red Hat and SuSE. Caldera puts your files
and startup scripts in strange (at least to me anyway) places. If your
diald dials once and only once on bootup, I can say that I am experiencing
the same thing. I think it just connects to see if you have mail or
someting. I would be curious to know why, but I just live with it, since I
don't reboot that often and it is not a big problem. Do let me know if you
do find the answer.
If it is repeatedly connecting every few minutes, then you must some some
daemon or process (probably a mail task) set to check for mail or some other
information every few minutes or so. Make sure you are not running routed,
since it causes frequent net traffic, totally unsuitable for a dial-up
connection. I would experiment by keeping the Win95 box powered down, (I
have heard from an earlier posting here that windows boxes can generate
routine queries across the network which keeps waking up the diald. diald's
rules can be configured to ignore these packet types - check deja for
postings here in the past two months and in the samba NG for more
information about this.
Keep the windows machine powered down, and look for unnecessary dialouts.
If they are still occuring, I would try killing off any suspicious daemons
one at a time, starting with mail tasks. Do not have any unnecessary
applications running, especially any browsers or mail tools. You should be
able to find the culprit by a process of elimination. Once you find it,
read the man pages HOW-TOs, any or documentation to see if you can
reconfigure the offending process or daemon. (If you need it at all) Once
you get the Linux box behaving properly by its lonesome, you can reconnect
the windows machines one at a time (if more than one) to see what wierdness
they add to diald requests. top will show the PIDs of every daemon and
process. do a kill -9 on them one at a time, and wait to see if the dialing
out stops.
> Another issue that maybe you can offer some help with is my commands to start my ip
> masquerading. Every time I reboot my Linux server I have to reissue the commands
> "ipfwadm -F -p deny" and "ipfwadm -F -a masquerade -S 192.168.1.0/24 -D 0.0.0.0/0".
>I
> have tried putting these in /etc/rc.d/rc.local but it does'nt take effect. Either
>that
> or something is happening afterwards that is taking it down before it's completly
> booted.
I am running with the new 2.2 kernel, so I am using ipchains. You should
use ipchains instead of ipfwadm with 2.2 kernels, so I assume you are
running a 2.0 vintage kernel. My boot.local configuration is:
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -P forward DENY
ipchains -A forward -j MASQ -s 192.203.0.2/24 -d 0.0.0.0/0
I also have added another script to prevent IP spoofing. One suggestion
that has helped me debug startup scripts: Put an echo "Testing..." just
before you execute the ipfwadm statements, and reboot your machine. Look
for the "Testing..." message, just to be sure they really are being
executed. SuSE is pretty complex about their startup proceedure, and until
I became fully comfortable with their startup I needed this sanity check be
sure intialization and shutdown commands I added were run when and when I
thought they were.
Thanks for showing me your diald.conf. I just was curious to see how much
different it was to mine. I don't have the debug statement, and my redial
timeout is longer, but otherwise it looks similar:
device /dev/modem
-m ppp
-buffer-packets
speed 115200
lock
crtscts
local 127.0.0.3
remote 127.0.0.2
reroute
defaultroute
dynamic
disconnect-timeout 15
redial-timeout 30
dial-fail-limit 0
accounting-log /var/log/istar-diald.log
connect '/etc/suseppp/scripts/ppp-up istar'
disconnect '/etc/suseppp/scripts/ppp-down ppp0'
fifo /var/run/diald.ctl
I have been playing with a few parameters to try and make diald more
robust. Leaving netscape running for a long time tends to bring it down.
--
===========================================================================
.~. Powered by SuSE Linux 6.0
/V\ Sometimes, you get more than you paid for...
_// \\_ Return address is for spambots. True address is:
(\ /) garyc at istar dot ca
^`~'^ Gary C. P. Eng. DSP & Embedded software engineer
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
