Linux-Networking Digest #555, Volume #11 Wed, 16 Jun 99 12:13:41 EDT
Contents:
Re: named only as local and cache ? ("B. Stienstra")
Laptop and network settings... ("Otto")
SSH & SSHD config files (Jeremy Douglas)
Re: Does anyone know what ports 31789 and 31790 are for? (David Kennedy)
samba-server does not appear in the network neightbourhood (Hauke Luethje)
Re: Networking DSL? ("Jon_Hildrum")
Port Forwarding - What a gip! ("Mike Bowie - CITYPRO")
Re: Diald keeps dialing... (Frank Hahn)
real newbie needs help on domain name registration ("Mic Wang")
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft Retest
News (Miguel Cruz)
Re: modem reccomendations ("joe")
Re: Linux with ISDN router ? Advice ?! ("Chris Cantwell")
----------------------------------------------------------------------------
From: "B. Stienstra" <[EMAIL PROTECTED]>
Subject: Re: named only as local and cache ?
Date: Wed, 16 Jun 1999 10:20:06 +0200
See the DNS Howto, works for me!!
Stefan Triep <[EMAIL PROTECTED]> wrote in message
news:7k6f3e$eda$[EMAIL PROTECTED]...
> Hello from a bind newbie,
>
> in our company we have several nameservers. The network is spread all over
> germany and I would like to set up a nameserver only for local machines
and
> forward all other questions to the main nameservers wich are allready in
our
> local network setup. I also would like to build up a cache so the
questions
> will be answered a bit faster.
>
> Can anyone please give me a clou how to set this up.
>
> Regards
> Stefan
>
>
------------------------------
From: "Otto" <[EMAIL PROTECTED]>
Subject: Laptop and network settings...
Date: Wed, 16 Jun 1999 13:37:26 GMT
I've finally got my NIC with the DEC21143 chipset working and facing another
issue. The laptop in question is moving around in different MS networks,
some with static IP's, others with DHCP servers. Is there an easy way to
change network settings, other than changing it manually? I guess what I'm
looking for is some sort of network switcher.
TIA...
Otto
------------------------------
From: Jeremy Douglas <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security,comp.os.linux.misc,comp.security.ssh
Subject: SSH & SSHD config files
Date: Wed, 16 Jun 1999 10:18:45 -0400
This is a multi-part message in MIME format.
==============9E566BBBB62EA12A5BA561D2
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I have ssh 1.2.27-5i running on Linux. I am trying to log in through
ssh as a user and I am getting this message: "Privileged ports can only
be forwarded by root", what does this mean and how can I fix it.
my ssh.config file looks like this:
Host *
ForwardAgent no
ForwardX11 no
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication no
TISAuthentication no
PasswordAuthentication yes
FallBackToRsh no
UseRsh no
BatchMode no
StrictHostKeyChecking no
IdentityFile ~/.ssh/identity
Port 22
Cipher idea
EscapeChar ~
Compression no
HostName 192.168.1.12
KeepAlive yes
NumberOfPasswordPrompts 5
#FTP
LocalForward port host:port
#Telnet
LocalForward port host:port
# post and host:post are filled in with personnal information
and my sshd.config file looks like this:
Port 22
ListenAddress 192.168.1.12
HostKey /etc/ssh/ssh_host_key
RandomSeed /etc/ssh/ssh_random_seed
ServerKeyBits 512
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
IgnoreRhosts no
StrictModes yes
QuietMode no
X11Forwarding no
X11DisplayOffset 10
FascistLogging no
PrintMotd yes
KeepAlive yes
SyslogFacility DAEMON
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords yes
UseLogin no
# CheckMail no
PidFile /var/run/sshd.pid
AllowHosts myIP
# DenyHosts lowsecurity.theirs.com *.evil.org evil.org
# Umask 022
# SilentDeny yes
#DenyHosts myIP
What changes do I have to make to my config files so that I can have
people login through ssh without having keys passing back and forth
between client and server. All I want is to have it ask ofr
authorization when someone tries to telnet or ftp in or type in ssh -l
username hostname or ssh hostname.
==============9E566BBBB62EA12A5BA561D2
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Mozilla-Status2: 00000000
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 16 Jun 1999 09:22:09 -0400
From: Jeremy Douglas <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.6 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: comp.security.ssh
To: [EMAIL PROTECTED]
Subject: SSH & SSHD config files
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I have ssh 1.2.27-5i running on Linux. I am trying to log in through
ssh as a user and I am getting this message: "Privileged ports can only
be forwarded by root", what does this mean and how can I fix it.
my ssh.config file looks like this:
Host *
ForwardAgent no
ForwardX11 no
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication no
TISAuthentication no
PasswordAuthentication yes
FallBackToRsh no
UseRsh no
BatchMode no
StrictHostKeyChecking no
IdentityFile ~/.ssh/identity
Port 22
Cipher idea
EscapeChar ~
Compression no
HostName 192.168.1.12
KeepAlive yes
NumberOfPasswordPrompts 5
#FTP
LocalForward port host:port
#Telnet
LocalForward port host:port
# post and host:post are filled in with personnal information
and my sshd.config file looks like this:
Port 22
ListenAddress 192.168.1.12
HostKey /etc/ssh/ssh_host_key
RandomSeed /etc/ssh/ssh_random_seed
ServerKeyBits 512
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
IgnoreRhosts no
StrictModes yes
QuietMode no
X11Forwarding no
X11DisplayOffset 10
FascistLogging no
PrintMotd yes
KeepAlive yes
SyslogFacility DAEMON
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords yes
UseLogin no
# CheckMail no
PidFile /var/run/sshd.pid
AllowHosts myIP
# DenyHosts lowsecurity.theirs.com *.evil.org evil.org
# Umask 022
# SilentDeny yes
#DenyHosts myIP
What changes do I have to make to my config files so that I can have
people login through ssh without having keys passing back and forth
between client and server. All I want is to have it ask ofr
authorization when someone tries to telnet or ftp in or type in ssh -l
username hostname or ssh hostname.
==============9E566BBBB62EA12A5BA561D2==
------------------------------
From: [EMAIL PROTECTED] (David Kennedy)
Subject: Re: Does anyone know what ports 31789 and 31790 are for?
Date: Tue, 15 Jun 1999 20:02:26 GMT
Hmm, I see you have the same thing?
I will let you know the solution if I find one. Please do the same.
Thanks.
On Tue, 15 Jun 1999 19:45:08 GMT, [EMAIL PROTECTED]
(Thomas Zajic) wrote:
>On Tue, 15 Jun 1999 17:56:27 GMT, David Kennedy wrote:
>
>> [ ... ]
>> They are showing up in my /var/log/messages and I am curious as to
>> what someone is looking for. (udp connection)
>
>Be sure to post your results here if you find any:
>
>Jun 15 21:24:02 sphere udplog: dgram to port 31789 from 195.2.5.65:31790
> (1 bytes)
>Jun 15 21:24:18 sphere udplog: dgram to port 31789 from 195.2.5.65:31790
> (1 bytes)
>
>TIA,
>Thomas
>--
>=--- Thomas Zajic aka ZlatkO ThE GoDFatheR, Vienna/Austria ---=
>=-- "It is not easy to cut through a human head with a hacksaw." M.C. --=
>=-- Posted with Free Agent 1.11/32 running on Linux 2.0.36/Wine-990226 --=
>=--- Spam-proof e-mail: thomas(DOT)zajic(AT)teleweb(DOT)at ---=
------------------------------
From: Hauke Luethje <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: samba-server does not appear in the network neightbourhood
Date: Tue, 15 Jun 1999 22:12:53 +0200
Hi, all together,
I have a problem with a samba-server (version 2.0.3) with
SUSE Linux 6.1.
My network looks like this:
2 Windows NT 4.0 Servers (SP4) as PDC and BDC
1 Windows NT 4.0 Workstation (SP4) with Firewall-SW as primary DNS
1 Linux PC (SUSE 6.1 with Samba 2.0.3) as secondary DNS
some Win95 and Win98 Clients.
The samba-server work fine but he does not appear in the network
neightbourhood windows of the windows servers and clients.
With "search computer" the samba-server will be found and its shares
will be displayed.
The services smbd and nmbd are started through scrips in the
file rc.config and not in the file inetd.conf.
There is another fact that can be important for the solution of the
problem:
when i call "nmblookup -d 2 '*'", then i only receive an answer (got
positive name query response) from the samba-server itself. The other
machines in the network dont give a response, but they are in
the same subnet ( net:172.16.x.x subnetmask: 255.255.0.0).
does anybody have a solution for this problem?
Hauke
A copy of my smb.conf:
[global]
netbios name = teslixa
workgroup = TESCOM
guest account = nobody
server string = Samba Server
keep alive = 10
os level = 33
interfaces = 172.16.0.12/255.255.0.0
security = domain
password server = tesnt4b
encrypt passwords = yes
domain master = no
local master = no
preferred master = no
wins support = no
[homes]
comment = Heimatverzeichnis
browseable = no
read only = no
create mode = 0750
[all]
comment = root
path = /
valid users = luethje
browseable = yes
writeable = yes
read only = no
public = no
[temp]
comment = temp
path = /tmp
browseable = yes
writable = yes
public = yes
------------------------------
From: "Jon_Hildrum" <[EMAIL PROTECTED]>
Subject: Re: Networking DSL?
Date: Wed, 16 Jun 1999 07:36:17 -0700
Crossposted-To:
comp.os.ms-windows.networking.tcp-ip,microsoft.public.win95.networking,alt.unix.wizards
Yes, you can do it. I'm assuming your using windows as an operating system.
With win98SE you can use ICS that is part of win98SE. If you have earlier
versions of windows, you will need a proxy server or a NAT type
applications.
Try these places:
http://www.sygate.com
http://www.wingate.com/
--
Jon Hildrum 274582
http://www.hildrum.com
MVP_DTS
[EMAIL PROTECTED]
Adam Dorenter <[EMAIL PROTECTED]> wrote in message
news:7k7iss$[EMAIL PROTECTED]...
: Anybody in hear every have any experience in sharing a DSL connection
out
: over a peer to peer 100mb in-home network? I'm looking to get one DSL line
: for my home and be able to share it out to three different machines for
: simulatenous operation. I'd like to be able to do it via software, rather
: then having to buy expensive routers (that is, if possible of course).
:
: Any help/info appreciated, email replys prefered.
:
: - Adam
:
:
------------------------------
From: "Mike Bowie - CITYPRO" <[EMAIL PROTECTED]>
Subject: Port Forwarding - What a gip!
Date: Wed, 16 Jun 1999 14:57:02 +0100
Hi,
After a fortnight of email and web hunting I am resorting to the
newsgroups... It seems I am the only person on the WORLD with this problem.
Running and Internet Gateway / Firewall on a RedHat 6.0 Machine. (Upgraded
to 6.0 for a PPTP masq patch.) *TRYING* to get port forwarding to work. It
is ALL complied into the kernel and the module is loaded into memory. It
tells me the module is in use once I apply some general rules using
"ipmasqadm portfw " etc etc. BUT IT DOESN'T FORWARD SQUAT!
I am getting incredibly frustrated, I am trying to do this to forward to an
internal PPTP server on 1723 and 47(GRE), but can't even make it work with
port 21 for FTP as a test! (I have also seen on "TrinityOS" that forwarding
over 1023 doesn't work, is this true?)
I have email lots of people who appear not to give a damn and am posting
here in sheer despiration. (So that more people who don't give a damn can
see it.)
Any help would be most appreciated... especially if it will work as a
result!
Mike
PS... close to venting, not quite there, but close! :-)
------------------------------
From: [EMAIL PROTECTED] (Frank Hahn)
Subject: Re: Diald keeps dialing...
Date: Wed, 16 Jun 1999 12:16:47 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 16 Jun 1999 04:01:38 GMT, Gilford Wimbley <[EMAIL PROTECTED]>
wrote:
[Snipped]
>I tried ignoring all netbios packets, but either I didn't do it right
>or it didn't help. I played with the rules quite a bit, in fact, but
>I never found a way to filter only those packets. At the time I was
>not running samba, so what I ended up doing was disconnecting all of
>microsoft's networking services from tcp/ip and leaving them bound
>instead to netBEUI. This allowed me to have a windows lan using
>netBEUI without my lan traffic bringing up the linux server's ppp
>link. Because tcp/ip was still installed, I still had internet
>access, but the windows networking software did not use tcp/ip at all,
>and was therefore ignored by linux. It did not allow samba to work,
>of course.
>
>If I were still worried about it (which I am not), I guess I would try
>to follow Tim's suggestion to use tcpdump to find out exactly what
>kind of packets were coming from the windows machine.
>
Well I can testify to the fact that Samba and diald can both be
running at the same time with no problems. I have a three computer
network. One is a Windows 95 machine, one is a 486 running Linux,
and one is a Sun Sparc machine running Solaris.
The Linux and Solaris machines are both running Samba and the Linux
machine has diald running on it. I'm not positive, but, I think the
solution is to just use TCP/IP networking on the Windows machine.
At least with me, that is the only one installed.
[Snipped]
>what does fwiw stand for?
>
fwiw = "for what it's worth" (I believe)
--
Frank Hahn
Consultants are mystical people who ask a company for a number and then
give it back to them.
------------------------------
From: "Mic Wang" <[EMAIL PROTECTED]>
Subject: real newbie needs help on domain name registration
Date: Wed, 16 Jun 1999 11:37:11 GMT
I want to setup a webpage on my own computer, i am using cable with static
ip
address. And I have some problems in filling out the Name Server
Information which
requires "Primary & Secondary Server Hostname:", "Primary & SecondaryServer
Netaddress:"
Below is the example figure that my isp provides for my computer able to
connect to the net:
Host Name: xxxxxxxx.yyyyy.eee.com
DNS Servers: 123.123.123.1
123.123.123.2
123.123.123.3
My IP address: 222.222.222.2
Can anyone help me what thing should I put into "Primary & Secondary Server
Hostname:", "Primary & SecondaryServer Netaddress:"??
Thank you very much~~
Mic
------------------------------
Crossposted-To:
comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft
Retest News
From: [EMAIL PROTECTED] (Miguel Cruz)
Date: Wed, 16 Jun 1999 14:36:18 GMT
In article <[EMAIL PROTECTED]>, Mark S. Bilk <[EMAIL PROTECTED]> wrote:
> The tests would have to be repeated on hardware that is known to have
> unmodified microcode, and with software and configuration data that are
> also known not to have been meddled with. The precautions to ensure this
> would have to take into account the fact that executing any program
> furnished by the Microsoft team could modify the hardware microcode and
> the software in a stealthy manner. So the MS software would have to be
> bought shrinkwrapped, and set up by hand to match the configuration used
> by MS for the Mindcraft test. There would be no way to permit patches to
> be applied to it.
But with this sort of lead time, and the way MS products fly off the shelves
into the arms of grateful consumers, how do you know they haven't planted a
Deep Cover software mole into NT Server for the specific purpose of the day
when they're called upon to conduct the benchmark with a shrinkwrapped
copy?
No, I think the only fair solution is for them to show the source.
miguel
------------------------------
From: "joe" <[EMAIL PROTECTED]>
Subject: Re: modem reccomendations
Date: Wed, 16 Jun 1999 10:21:38 -0400
Here's a quickie. Buy an external modem and you are assured to NOT get a
Winmodem...plus, if the modem hangs, you can turn it off then back on
without rebooting.
Cyclone000 wrote in message
<[EMAIL PROTECTED]>...
>Can anybody reccomend a good PCI modem for Linux? I've been to fry's twice
this
>weekend(and any of you who know fry's know my pain) and both times
unknowningly
>returned with a win modem. I'm looking for a 56K, any ideas or suggestions
>would be helpful. I've looked at the compatability list at
>http://www.o2.net/~gromitkc/19990613a.html, but i'm not sure if there are
ones
>that are easier to setup than others. BTW i'm running rh6
>thanks
>dave
------------------------------
From: "Chris Cantwell" <[EMAIL PROTECTED]>
Subject: Re: Linux with ISDN router ? Advice ?!
Date: Wed, 16 Jun 1999 10:55:39 -0400
Reply-To: "Chris Cantwell" <[EMAIL PROTECTED]>
Assuming your network is setup correctly (the command "ifconfig" displays
the network interface info.)
All you need to do is setup the default gateway on your Linux box to point
to the existing ISDN router:
/etc/sysconfig/network-scripts/ifcfg-eth0
should contain the following:
GATEWAY=x.x.x.x
GATEWAYDEV=eth0 (if you have multiple network interfaces)
DNS has to be setup for your ISP, also
Chris
Carlos RCU <[EMAIL PROTECTED]> wrote in message
news:7k59k2$8br$[EMAIL PROTECTED]...
>
> > Greetings
> >
> > We have a small LAN here of Win 95 machines, with an ISDN router on the
> > network. The router is set as the default gateway on the windows
> > machines, and this works easily and effectively.
> >
> > I have now installed linux on one of the machines, and would like it to
> > access the internet in a similar way.
> >
> > Is there a howto for configuring a network in this way ? Has anyone done
> > it, and know the pitfalls ? How do I set up the rooting, and is there
> > any danger of the linux machine demanding a dial-up every couple of
> > minutes during the night ?! And is there any smart software that might
> > be able to tell me whether the router is online or not ???
> >
> > Any help or advice with this would be greatly appreciated !
> >
> > Thank you.
> >
> > Cheers
> >
> > Jamie.
>
> If you installed RedHat try with 'netconf'.
>
> For making Linux to reach Internet use the command 'route' to see your
> routing tables.
> At least you should have a root for loopbacking (lo) to 127.0.0.0 and
> another one for reaching your network.
> You should add the default route for Internet like this:
> route add default gateway x.x.x.x eth0
> Where x.x.x.x is the IP address of your router and eth0 is the device name
> of your network card.
>
> Hope this is helpful to you.
> Salu2
> Carlos
>
> Try man route to see how it works.
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
