Linux-Networking Digest #576, Volume #11 Fri, 18 Jun 99 01:13:40 EDT
Contents:
Re: Diald keeps dialing... (Frank Hahn)
Re: diald still dials every time (Frank Hahn)
Re: IP-Masqurade!! (Frank Hahn)
file permissions with mounted vfat partition HELP PLEASE ("Aaron")
Re: modem reccomendations (Frank Hahn)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft Retest
News (Jason O'Rourke)
Re: USR ISA 28.8 ("joe")
ip_forward and slackware 4.0?
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft Retest
News ("Stuart Fox")
RADIUS Authentication (Thomas Springer)
Re: linux router ("Al Prati")
Re: Networking two boxesI (Monte Phillips)
Re: iomega ZIP drive (leam)
Re: Editing files through Telnet ("Andrey Smirnov")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Frank Hahn)
Subject: Re: Diald keeps dialing...
Date: Fri, 18 Jun 1999 03:14:34 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 17 Jun 1999 06:21:29 GMT, Gilford Wimbley <[EMAIL PROTECTED]>
wrote:
>On Wed, 16 Jun 1999 12:16:47 GMT, [EMAIL PROTECTED] (Frank Hahn)
>wrote:
>
>[snip]
>
>>Well I can testify to the fact that Samba and diald can both be
>>running at the same time with no problems. I have a three computer
>>network. One is a Windows 95 machine, one is a 486 running Linux,
>>and one is a Sun Sparc machine running Solaris.
>>
>
>Oh, yeah, I never meant to imply that they were incompatible, only
>that I couldn't figure out how to stop the link from coming up every
>fifteen minutes. Are you saying that yours definitely doesn't?
>That's great.
>
I have had a Windows 95 and Linux machine networked together since
about January 1998. Last October, I added the Sun Sparc to the mix.
About the only trouble that I have had with diald (once I got it
working) was that an early version of Netscape that I was using was
set to check for mail at my ISP every 10 minutes. Of course, this
would bring the link up. It took me several weeks to figure that
one out.
I guess the other trouble that I have had with diald has been with
sendmail on both the Linux and the Solaris machines. I have that
pretty much solved.
>At the time I was messing with it, I think I had only tcp/ip
>installed, too. Now I certainly have only tcp/ip installed, and I
>checked (using tcpdump) to see if the packets still come, and they do.
>As I said before, I don't really care now that I have DSL, but for
>everyone's benefit, maybe you could do this:
>
>1) explain your configuration. How is name service provided on your
>intranet? Do you have a caching name server? How have you configured
>the name service relavant options in smb.conf?
>
In my setup, the Linux machine has the modem. The Sun and the
Windows 95 machine use the Linux machine as the gateway. I have
no name server running on any machine. The /etc/resolv.conf
files on the Linux machine and the Solaris machine both use my
ISP's nameserver IP numbers. The same for the Windows 95 machine.
On the Windows machine, under TCP/IP properties, the WINS
configuration is disabled. NetBios support also looks to be
disabled.
>2) especially if you don't have a caching name server on the lan,
>could you post your standard.filter file? Also, if it wouldn't
>compromise your security could you post any firewall rules that might
>be helping to squelch windows95's errant packets.
>
I do have a hosts file on all three machines. These files are all
the same. On the Windows machine, this file is in the c:\windows
directory. There is no lmhosts file on the Windows machine.
The diald.defs is the same as in the diald distribution. I am using
diald version 0.16.5. Here is the standard.filter file:
============================start=============================
# This is a pretty complicated set of filter rules.
# (These are the rules I use myself.)
#
# I've divided the rules up into four sections.
# TCP packets, UDP packets, ICMP packets and a general catch all rule
# at the end.
#------------------------------------------------------------------------------
# Rules for TCP packets.
#------------------------------------------------------------------------------
# General comments on the rule set:
#
# In general we would like to treat only data on a TCP link as signficant
# for timeouts. Therefore, we try to ignore packets with no data.
# Since the shortest possible set of headers in a TCP/IP packet is 40 bytes.
# Any packet with length 40 must have no data riding in it.
# We may miss some empty packets this way (optional routing information
# and other extras may be present in the IP header), but we should get
# most of them. Note that we don't want to filter out packets with
# tcp.live clear, since we use them later to speedup disconnects
# on some TCP links.
#
# We also want to make sure WWW packets live even if the TCP socket
# is shut down. We do this because WWW doesn't keep connections open
# once the data has been transfered, and it would be annoying to have the link
# keep bouncing up and down every time you get a document.
#
# Outside of WWW the most common use of TCP is for long lived connections,
# that once they are gone mean we no longer need the network connection.
# We don't neccessarily want to wait 10 minutes for the connection
# to go down when we don't have any telnet's or rlogin's running,
# so we want to speed up the timeout on TCP connections that have
# shutdown. We do this by catching packets that do not have the live flag set.
# --- start of rule set proper ---
# When initiating a connection we only give the link 15 seconds initially.
# The idea here is to deal with possibility that the network on the opposite
# end of the connection is unreachable. In this case you don't really
# want to give the link 10 minutes up time. With the rule below
# we only give the link 15 seconds initially. If the network is reachable
# then we will normally get a response that actually contains some
# data within 15 seconds. If this causes problems because you have a slow
# response time at some site you want to regularly access, you can either
# increase the timeout or remove this rule.
accept tcp 15 tcp.syn
# Keep named xfers from holding the link up
ignore tcp tcp.dest=tcp.domain
ignore tcp tcp.source=tcp.domain
# (Ack! SCO telnet starts by sending empty SYNs and only opens the
# connection if it gets a response. Sheesh..)
accept tcp 5 ip.tot_len=40,tcp.syn
# keep empty packets from holding the link up (other than empty SYN packets)
ignore tcp ip.tot_len=40,tcp.live
# make sure http transfers hold the link for 2 minutes, even after they end.
# NOTE: Your /etc/services may not define the tcp service www, in which
# case you should comment out the following two lines or get a more
# up to date /etc/services file. See the FAQ for information on obtaining
# a new /etc/services file.
accept tcp 300 tcp.dest=tcp.www
accept tcp 300 tcp.source=tcp.www
# Once the link is no longer live, we try to shut down the connection
# quickly. Note that if the link is already down, a state change
# will not bring it back up.
keepup tcp 5 !tcp.live
ignore tcp !tcp.live
# an ftp-data or ftp connection can be expected to show reasonably frequent
# traffic.
accept tcp 120 tcp.dest=tcp.ftp
accept tcp 120 tcp.source=tcp.ftp
#NOTE: ftp-data is not defined in the /etc/services file provided with
# the latest versions of NETKIT, so I've got this commented out here.
# If you want to define it add the following line to your /etc/services:
# ftp-data 20/tcp
# and uncomment the following two rules.
#accept tcp 120 tcp.dest=tcp.ftp-data
#accept tcp 120 tcp.source=tcp.ftp-data
# If we don't catch it above, give the link 10 minutes up time.
accept tcp 600 any
# Rules for UDP packets
#
# We time out domain requests right away, we just want them to bring
# the link up, not keep it around for very long.
# This is because the network will usually come up on a call
# from the resolver library (unless you have all your commonly
# used addresses in /etc/hosts, in which case you will discover
# other problems.)
# Note that you should not make the timeout shorter than the time you
# might expect your DNS server to take to respond. Otherwise
# when the initial link gets established there might be a delay
# greater than this between the initial series of packets before
# any packets that keep the link up longer pass over the link.
# Don't bring the link up for rwho.
ignore udp udp.dest=udp.who
ignore udp udp.source=udp.who
# Don't bring the link up for RIP.
ignore udp udp.dest=udp.route
ignore udp udp.source=udp.route
# Don't bring the link up for NTP or timed.
ignore udp udp.dest=udp.ntp
ignore udp udp.source=udp.ntp
ignore udp udp.dest=udp.timed
ignore udp udp.source=udp.timed
# Don't bring up on domain name requests between two running nameds.
ignore udp udp.dest=udp.domain,udp.source=udp.domain
# Bring up the network whenever we make a domain request from someplace
# other than named.
accept udp 30 udp.dest=udp.domain
accept udp 30 udp.source=udp.domain
# Do the same for netbios-ns broadcasts
# NOTE: your /etc/services file may not define the netbios-ns service
# in which case you should comment out the next three lines.
ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
accept udp 30 udp.dest=udp.netbios-ns
accept udp 30 udp.source=udp.netbios-ns
# keep routed and gated transfers from holding the link up
ignore udp tcp.dest=udp.route
ignore udp tcp.source=udp.route
# Anything else gets 2 minutes.
accept udp 120 any
# Catch any packets that we didn't catch above and give the connection
# 30 seconds of live time.
accept any 30 any
============================end===============================
Both of these files are located in /usr/lib/diald.
My /etc/diald.conf file is as follows:
============================start=============================
device /dev/cua2
connect "/etc/diald/muscanet"
speed 115200
modem
lock
crtscts
defaultroute
redial-timeout 20
connect-timeout 45
mode ppp
dynamic
local 192.168.100.10
remote 192.168.100.22
accounting-log /var/adm/diald.log
ip-up /etc/diald/timeup
ip-down /etc/diald/timedown
include /usr/local/lib/diald/standard.filter
fifo /etc/diald/diald.ctl
============================end===============================
Here is part of my /etc/rc.d/rc.local file:
============================start=============================
# Start IP Masquerading
echo "Starting IP Masquerading..."
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.100.0/24 -D 0.0.0.0/0
============================end===============================
For what it's worth, mine is just a dialup connection to the
Internet. I don't have a high speed connection, yet. ;)
Sorry about the length. I hope I answered all of your questions.
--
Frank Hahn
Admiration, n.:
Our polite recognition of another's resemblance to ourselves.
-- Ambrose Bierce, "The Devil's Dictionary"
------------------------------
From: [EMAIL PROTECTED] (Frank Hahn)
Subject: Re: diald still dials every time
Date: Fri, 18 Jun 1999 03:14:41 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 16 Jun 1999 16:22:24 GMT, Paulo Garcia <[EMAIL PROTECTED]> wrote:
>I look this standard.conf and to my knowlegement it 's very dificult to
>understand, but I'll research a little more.
>
>If you can send me your standard.conf I accept. May be looking your
>file I can do something...
>
Do a search of http://www.deja.com for the thread "Diald keeps
dialing...". It is in the same newsgroup as this one,
comp.os.linux.networking
I just posted a copy of my /usr/lib/standard.filter file in the above
thread.
Hope that helps.
--
Frank Hahn
There are three kinds of lies: Lies, Damn Lies, and Statistics.
-- Disraeli
------------------------------
From: [EMAIL PROTECTED] (Frank Hahn)
Subject: Re: IP-Masqurade!!
Date: Fri, 18 Jun 1999 03:14:54 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 16 Jun 1999 16:17:55 -0400, Tiger <[EMAIL PROTECTED]> wrote:
>I'm trying to set Linux as a proxy box. I have read some information on the
>internet and still could not get it to work. can some one please help me to
>start this service on my machine.
>
>a guide to a site or some instructions would be appreciated...
>
There is an IP Masquerading How-To available. It pretty much
tells you everything you need to do and what changes need to
be made when compiling a new kernel. You should be able to
find it very easily on any of the larger Linux web sites..
--
Frank Hahn
"In order to make an apple pie from scratch, you must first create the
universe."
-- Carl Sagan, Cosmos
------------------------------
From: "Aaron" <[EMAIL PROTECTED]>
Subject: file permissions with mounted vfat partition HELP PLEASE
Date: Fri, 18 Jun 1999 03:49:40 GMT
ok i tried everything i could think of....i have a vfat partiontion mounted
to /files but i have no control over the permissions i try giving everyone
rwx but it doesnt change anything.....
i do chmod a=rwx /files
and i still all user still cant write, only the owner and group...
please help me ...thanks in advance
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Frank Hahn)
Subject: Re: modem reccomendations
Date: Fri, 18 Jun 1999 03:15:07 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 16 Jun 1999 10:21:38 -0400, joe <[EMAIL PROTECTED]> wrote:
>Here's a quickie. Buy an external modem and you are assured to NOT get a
>Winmodem...plus, if the modem hangs, you can turn it off then back on
>without rebooting.
>
Are there USB modems yet? I'm not familiar if USB on Linux is
working or not.
--
Frank Hahn
Anyone who goes to a psychiatrist ought to have his head examined.
-- Samuel Goldwyn
------------------------------
From: [EMAIL PROTECTED] (Jason O'Rourke)
Crossposted-To:
comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft
Retest News
Date: 17 Jun 1999 20:10:33 -0700
Stuart Fox <[EMAIL PROTECTED]> wrote:
>Your logic is even worse. You note above that the subroutine was skipped.
>Did they reinstate that routine? I would have thought that a prudent
>manufacturer would have to be sure they could support it. If they didn't,
>that would leave them open to lawsuits in the litigious USA.
The point is that they didn't remove it, and instead left it in a way so
that it could easily be implemented. The issue was not in making it run
on drdos, it was to make sure it wouldn't run.
As for the ridiculous statement about the litigious USA: if that were
true, MS would be out of business by now. Just in the last couple months,
we've seen the Melissa attack, this recent nasty worm, and the knowledge
that anyone could exploit IIS with a single line of code.
That last detail is a particularly relevent one to the linux vs NT battle.
--
Jason O'Rourke [EMAIL PROTECTED] www.jor.com
'96 BMW r850R
last dive: June 13th, Pescadero Wash Rocks (Carmel), 46 mins at 64ft max
------------------------------
From: "joe" <[EMAIL PROTECTED]>
Subject: Re: USR ISA 28.8
Date: Thu, 17 Jun 1999 23:43:38 -0400
Hehe. Actually, I mistyped the rc.serial line in my last post. the line
actually reads "setserial /dev/ttyS0 irq 4 port 0x3f8" so I'm calling for
the correct device. However, and this is odd (or maybe not), I can bring up
a terminal and run "setserial /dev/ttyS0" and it brings up the correct irq,
port, and even reports the uart. When I then try to connect via kppp, it
again reports "sorry, the modem is not ready." I can bring up the
miniterminal and select "modem...reset" ( I cannot type any AT commands int
the miniterminal window) and at the bottom is says "modem ready" but after
that it again reports that the modem is not ready.
Does that make anything more clear, or am I muddying the waters further?
Thanks for the advice,
Joe
Clifford Kite wrote in message <7kav9f$[EMAIL PROTECTED]>...
>Have you tried setserial with the full device file pathname: /dev/ttyS0 ?
>
>--
>Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
>/* 97.3% of all statistics are made up. */
------------------------------
From: <[EMAIL PROTECTED]>
Subject: ip_forward and slackware 4.0?
Date: Fri, 18 Jun 1999 02:42:32 GMT
Does anyone know how to turn on ip_forward under slackware 4.0? Do I
have to re-compile the kernel? Everytime I recompile I get a kernal
panic on the reboot...
cordially, as always,
rm
------------------------------
From: "Stuart Fox" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft
Retest News
Date: Fri, 18 Jun 1999 16:04:41 +1200
Jason O'Rourke <[EMAIL PROTECTED]> wrote in message
news:7kcdb9$e6d$[EMAIL PROTECTED]...
> Stuart Fox <[EMAIL PROTECTED]> wrote:
> >Your logic is even worse. You note above that the subroutine was
skipped.
> >Did they reinstate that routine? I would have thought that a prudent
> >manufacturer would have to be sure they could support it. If they
didn't,
> >that would leave them open to lawsuits in the litigious USA.
>
> The point is that they didn't remove it, and instead left it in a way so
> that it could easily be implemented. The issue was not in making it run
> on drdos, it was to make sure it wouldn't run.
You seem to be taking a rather sinister view of all this. Do you think that
it might be possible that MS programmers are just lazy? Maybe they just
didn't remove it because they didn't get around to it. Maybe it wasn't a
high priority.
>
> As for the ridiculous statement about the litigious USA: if that were
> true, MS would be out of business by now. Just in the last couple months,
> we've seen the Melissa attack, this recent nasty worm,
It isn't MS's problem if someone exploits the tools provided in an Office
app. However it might be if a product didn't work as advertised - win 3.1
on DR-DOS for instance.
Does this mean that if I wrote a virus in VB that MS would be responsible?
>and the knowledge
> that anyone could exploit IIS with a single line of code.
Are you suggesting that *nix has no bugs? Or requires no patches to get
running securely? ALL operating systems have bugs that must be patched, I
don't care if it's linux, NT, Solaris etc. And why has no-one found this
bug until now - IIS 4.0 has been out for quite a while now...
Stu
------------------------------
From: Thomas Springer <[EMAIL PROTECTED]>
Subject: RADIUS Authentication
Date: Thu, 17 Jun 1999 09:25:16 +0200
Hi,
I going to build a central LDAP based user management.
In the LDAP directory there is all user information like uid, passwd,
... saved.
In order to restrict the access to the LDAP directory I thought about a
RADIUS solution. I think some RADIUS server can get their user
information from a LDAP server. Now I want connect my UNIX machines to
such a RADIUS server in order to get the authentication response during
login. Because of that only the RADIUS server need access rights to the
directory.
I heard (only a little bit) about pam_radius, which is able to
authenticate against RADIUS.
Does this module work with every RADIUS server, or do I have to use a
special one ?
I`m going to save the password in a hashed way in the directory.
Is it possible to use this information to authenticate the users via
CHAP, or is in this case PAP the only one ?
Is there s detailed description of configuration pam_ldap ? Which config
files do I have to use ?
Do you know about products, which support LDAP on one side and
pam_radius at the second ?
Sorry, I don't know if this list is the right one to answer my questions
?
Thanks in advance,
- Thomas
------------------------------
From: "Al Prati" <[EMAIL PROTECTED]>
Subject: Re: linux router
Date: Fri, 18 Jun 1999 00:26:08 -0400
Hi Suhaimie,
Yes, you can do all those things with linux...
1. Don't know the particulars about TNG, but if it can do SNMP then Linux
supports an SNMPD agent with a mib to gather standard MIB2 stuff, plus HOST
extensions for things like CPU performance and disk usage.
You will probably want to look at this http://ucd-snmp.ucdavis.edu/
2. Linux can be a great router.. see http://www.linuxrouter.org/
3. Check out an adapter card called 'WanPipe'. Some models even have built
in CSU/DSU's. There are references to it at the linux router site above.
Good luck,
Al
suhaimie wrote in message <7kb4b8$a86$[EMAIL PROTECTED]>...
>> question
>>
>> 1. i am currently implementing CA Unicenter TNG
>> can it monitor and manage linux as well?
>>
>> 2. can i use linux to act as a router instead of buying
>> cisco or 3 com products?
>>
>> 3. how can i connect linux to a V.35 interface?
>
>------------------ Posted via SearchLinux ------------------
> http://www.searchlinux.com
------------------------------
From: [EMAIL PROTECTED] (Monte Phillips)
Subject: Re: Networking two boxesI
Date: Fri, 18 Jun 1999 03:54:51 GMT
This site has a step by step howto for complete setup of samba. steps
for both linux and the win machine. (and they really work <G>)
http://www.sfu.ca/~yzhang/linux/samba/index.html
and this one as well
http://home.talkcity.com/MigrationPath/maguai/samba.html
These sites singly or in combination are nearly guaranteed to get you
networked.
On Thu, 17 Jun 1999 23:18:23 GMT, [EMAIL PROTECTED] wrote:
>I have a linux box and a win98 box connected to a 4-port hub.
>linux 198.168.200.1
>win98 198.168.200.2
>I can't get to ping back and forth yet?
------------------------------
From: leam <[EMAIL PROTECTED]>
Subject: Re: iomega ZIP drive
Date: Fri, 18 Jun 1999 01:02:34 -0500
Greg;
It is my understanding that yu cannot yet have the same "pass-through"
that dos has for the Zip drive. In other words, your parallel port is
assigned to the printer, and it is locked that way. You can re-compile
the kernel to have the printer and ppa modular, and just load whichever
you need. Or so I'm told, my wife has the printer and I have the zip
drive.
leam
"Gregory D. Horne" wrote:
>
> How do you connect an iomega ZIP 100 Drive to a Linux box (parallel
> port)? You need not comment "Just plug it in." :-)
>
> I read the HOW-TO and tried the 'insmod ppa' command but to no avail.
> The HP 4L printer which is connected to the ZIP drive which in turn is
> conencted to the parallel port (LPT) works perfectly. Obviously the
> cable connectivity is good. Any solutions or suggestions?
>
> TIA.
>
> Greg
>
> "While Gates Windozed, the penguin Linuxed."
--
Leam Hall
[EMAIL PROTECTED]
http://www.bloated.com/~gershom/index.html
------------------------------
From: "Andrey Smirnov" <[EMAIL PROTECTED]>
Subject: Re: Editing files through Telnet
Date: Thu, 17 Jun 1999 22:12:07 -0700
You should learn some vi commands if you want to use it or you may use other
editor like pico, etc.
Try typing 'pico' (without the quotes) at your command prompt.
Good luck!
[EMAIL PROTECTED] wrote in message <7kc2od$2k3$[EMAIL PROTECTED]>...
>I have recently set up a linux box running RedHat 5.1 as a router for
>my new DSL connection. It is a headless box, and my only access to it
>is through telnet. Generally, this works great, but I do have one
>problem, concerning editing files through telnet. When I open up a file
>with vi, I have no problems except that I am unable to delete anything
>in the file. I can add things OK, but not delete. The delete and
>backspace keys work fine at the command prompt, so I know that the
>problem is not my telnet client.
>
>Can someone help? I can be reached through email at
>[EMAIL PROTECTED]
>
>Thanks!!
>
>Tim Schmitz
>
>
>Sent via Deja.com http://www.deja.com/
>Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
