Linux-Networking Digest #577, Volume #11 Fri, 18 Jun 99 05:13:41 EDT
Contents:
Linux Workstation with WinNT 4 DNS-Server ("Michael Luetz")
Question: ipportfw ("Carl Filpo")
ssh connection => network connection? ("Brian Zhou")
Re: URGENT bootp - does tftp initiate transfer or does server push kernel? (Stuart
R. Fuller)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft Retest News
Re: ifconfig, route hate CIDR netmasks? ([EMAIL PROTECTED])
Re: Can no one help me with interrupt problems? (Robin Jackson)
Re: ip_forward and slackware 4.0? (Mircea)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft Retest
News (Mark S. Bilk)
Re: cgi scripts return plain text ([EMAIL PROTECTED])
Re: ssh connection => network connection? (Tony Voet)
isdn/eumex ("benjamin biere")
Re: Linux calls out automatically (Lim Chee Onn)
AW: Secure network-backup via nfs? (=?iso-8859-1?Q?Peter_H=E4ufel?=)
Re: ifconfig tells me "dummy" (Charly)
Re: sendmail configuration (Rage-DCA)
Re: SAMBA newbie (Andrew Williams)
----------------------------------------------------------------------------
From: "Michael Luetz" <[EMAIL PROTECTED]>
Subject: Linux Workstation with WinNT 4 DNS-Server
Date: Fri, 18 Jun 1999 07:42:24 +0200
Hi all,
we are using a secondary dns-server running under WinNT4-server in our
network.
Now we would like to have access with Linux-Workstations on it. After
editing resolv.conf (nameserver 192.168.0.25) I can't get any access (no
server found). If I try to access the dns-server from Win95 oder WinNT-PCs
then it works.
ping 192.168.0.25 works fine from the linux ws.
Do I have to edit the registry on the dns-server or what can I do ?
I have heard something about using unencrypted passwords with samba. Will
that help ?
Regards,
Michael
------------------------------
Reply-To: "Carl Filpo" <[EMAIL PROTECTED]>
From: "Carl Filpo" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.firewalls
Subject: Question: ipportfw
Date: Fri, 18 Jun 1999 13:40:48 +0800
Am trying to forward everything for port 80 on a debian 2.1 box running
2.0.36 kernel.
Have a web server on a Win98 host 192.168.0.9 that is functioning correctly.
I issue the command on the linux box with ip 192.168.0.20:
ipportfw -A -t 192.168.0.20/80 -R 192.168.0.9/80
Nothing happens when i connect using the web browser to 192.168.0.20 -
doesn't connect.
Even when I try and forward port 10222 say to port 80 on the windows box
doesn't work either entering :10222 after the URL.
Is there anything else I have to enable to get ipportfw to work ? Here is
what I get with an ipportfw -L
Prot Local Addr/Port > Remote Addr/Port
TCP 192.168.0.20/80 > 192.168.0.9/80
--
Carl Filpo
Computer Network Consultant
=================================================
Carl Filpo BSc(Curtin)
Computer Network Consultant
C&M Computer Solutions
26 Russell St
MORLEY WA 6062
Email: [EMAIL PROTECTED]
Phone: +61 8 9375 1144
Fax: +61 8 9375 1141
Mobile: 0407 396 316
=================================================
------------------------------
From: "Brian Zhou" <[EMAIL PROTECTED]>
Crossposted-To: comp.dcom.vpn,comp.unix.bsd.freebsd.misc
Subject: ssh connection => network connection?
Date: Thu, 17 Jun 1999 22:49:20 -0700
If thru a firewall I can remote login from inside-host to outside-host via
socksified ssh, can I somehow turn that connection into a network
connection? My goal is to be able to ping outside-host from inside-host.
How? Assume both ends are Unix systems.
Options such as using socksified application are not feasible since the
firewall only allow ssh traffic to a particular outside-host.
TIA,
-Brian
------------------------------
From: [EMAIL PROTECTED] (Stuart R. Fuller)
Subject: Re: URGENT bootp - does tftp initiate transfer or does server push kernel?
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Reply-To: [EMAIL PROTECTED]
Date: Fri, 18 Jun 1999 05:00:01 GMT
Michael ([EMAIL PROTECTED]) wrote:
: I have read the Diskless HOWTO and the man pages on BOOTPD and TFTPD.
:
: I understand that the client sends it ethernet address out on a broadcast
: packet that a server will respond to (if it can) by replying with the nodes
: assigned IP (or DHCP gets involved I am worried about fixed IP right now).
:
: BOOTP config file has the file name etc. I know that BOOTP uses tftp, but
: does bootp invoke tftp to push the kernel to the client or does the bootp
: client, on the node, invoke the tftp client on the node after the node
: receives its IP and the servers IP from the reply?
:
: In short:
:
: Which system initiates the file transfer using tftp, server or client?
: Does bootp invoke tftp directly? If not, how is it done?
bootp is used to tell the booting client some information:
- its IP address, netmask, etc.
- who it should download its boot image (kernel)
- what is should download
At that point, the client initiates a TFTP connection to the indicated server
to download the indicated boot image.
Stu
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To:
comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft
Retest News
Date: Thu, 17 Jun 1999 22:38:00 -0700
On Fri, 18 Jun 1999 16:04:41 +1200, Stuart Fox <[EMAIL PROTECTED]> wrote:
>
>Jason O'Rourke <[EMAIL PROTECTED]> wrote in message
>news:7kcdb9$e6d$[EMAIL PROTECTED]...
>> Stuart Fox <[EMAIL PROTECTED]> wrote:
[deletia]
>>
>> As for the ridiculous statement about the litigious USA: if that were
>> true, MS would be out of business by now. Just in the last couple months,
>> we've seen the Melissa attack, this recent nasty worm,
>
>It isn't MS's problem if someone exploits the tools provided in an Office
>app. However it might be if a product didn't work as advertised - win 3.1
Sure it is. You entrust your data to those apps.
Just because it's a 'feature not a bug' doesn't
make it excusable.
[deletia]
--
bash: the power to toast your registry in style... |||
/ | \
Seeking sane PPP Docs? Try http://penguin.lvcm.com
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ifconfig, route hate CIDR netmasks?
Date: Fri, 18 Jun 1999 04:26:32 GMT
In article <7kbh37$gju$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (bill davidsen) wrote:
>Is that a typo? If not, what in hell are they doing? 255.255.252.0 is a
>ten bit subnet, but if they really tell you 25.255.252.0 I bet it's
>just flat bad info.
Eureka! Duh--must have seen this netmask a gazillion times as I
systematically pulled my system apart, changed NICs, etc to isolate the
problem.
25.255.252.0 wasn't a typo on my part--Roadrunner must have
misconfigured their DHCP server. Makes sense--all the dhcp clients were
working on Sunday, but on Monday, they all crapped out. I guess someone
didn't check their configs properly.
I just checked--the netmask is back to 255.255.252.0 Geez... I spent the
last four days and nights trying to figure this one out...
Thanks Bill!
...Edmund.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Robin Jackson)
Crossposted-To: comp.os.linux.hardware
Subject: Re: Can no one help me with interrupt problems?
Date: Fri, 18 Jun 1999 07:09:59 +0100
>> I have posted this problem before.
>>
>> My Adaptec 1640 PC card SCSI controller and PC Card Ethernet
>controller are
>> sharing the same interrupt.
>>
>> NOTHING I have tried will make them use different interrupts.
>>
>what did you try already?
>
>which interrupt do they use?
>
>is linux the only os on this machine?
>
>is the bios informed that your os is NOT PNP?
>
>> I am sure I must be overlooking something.
Currently both the Adaptec and Ethernet PC cards grab irq 9.
The were both grabing irq 3 but i disabled that irq in
/etc/pcmcia/config.opts hoping they would then go for different irqs each.
As they are if I copy large files to the scsi attached idks I get console
messages along the lines of unexpected interrupt whan iterrupts masked.
If I swop the cards around they both still grab the same irq but when
copying a big file I get some kind of catastrophic failure on the SCSI
card.
I am not really a PC person (I mainly use a Mac) so do not understand all
these bios and irq issues, they simply do not happen on a Mac.
The machine does still have Windows95 on another partition but have no clue
how to get in to the bios.
For clarity the machine is an IBM Thinkpad 560.
Many thanks for your help.
Robin
------------------------------
From: Mircea <[EMAIL PROTECTED]>
Subject: Re: ip_forward and slackware 4.0?
Date: Fri, 18 Jun 1999 00:53:46 -0400
Check your /etc/rc.d/rc.inet2; one of the first things it does, is turn
on IP forwarding.
MST
[EMAIL PROTECTED] wrote:
>
> Does anyone know how to turn on ip_forward under slackware 4.0? Do I
> have to re-compile the kernel? Everytime I recompile I get a kernal
> panic on the reboot...
>
> cordially, as always,
>
> rm
------------------------------
Crossposted-To:
comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
From: [EMAIL PROTECTED] (Mark S. Bilk)
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft
Retest News
Date: Fri, 18 Jun 1999 05:52:30 GMT
In article <7kcgk8$3q9oa$[EMAIL PROTECTED]>, Stuart Fox <[EMAIL PROTECTED]> wrote:
>Jason O'Rourke <[EMAIL PROTECTED]> wrote in message 7kcdb9$e6d$[EMAIL PROTECTED]
>>Stuart Fox <[EMAIL PROTECTED]> wrote:
>>>Your logic is even worse. You note above that the subroutine was skipped.
>>>Did they reinstate that routine? I would have thought that a prudent
>>>manufacturer would have to be sure they could support it. If they didn't,
>>>that would leave them open to lawsuits in the litigious USA.
>>
>>The point is that they didn't remove it, and instead left it in a way so
>>that it could easily be implemented. The issue was not in making it run
>>on drdos, it was to make sure it wouldn't run.
>
>You seem to be taking a rather sinister view of all this. Do you think that
>it might be possible that MS programmers are just lazy? Maybe they just
>didn't remove it because they didn't get around to it. Maybe it wasn't a
>high priority.
I can't wait to hear your explanation for why the DR-DOS
detection code was stealthed and encrypted.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: cgi scripts return plain text
Date: Fri, 18 Jun 1999 06:39:20 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (David Efflandt) wrote:
>>The problem is that it returns the source of the page as plain text. For
>Your guess is correct. Although, cgi scripts should run in the main
>cgi-bin by default, if you want to run cgi elsewhere, you have to
>uncomment the line in in srm.conf to enable that:
>AddHandler cgi-script .cgi
My srm.conf contains this:
======================================
ScriptAlias /cgi-bin/ /web/cgi-bin/
# cgi-bin for S.u.S.E. help system
# using SetHandler
<Directory /usr/lib/sdb/cgi-bin>
AllowOverride None
Options +ExecCGI -Includes
SetHandler cgi-script
</Directory>
# enable perl for cgi-bin
<Location /cgi-bin>
AddHandler perl-script .pl
PerlHandler Apache::Registry
PerlSendHeader On
Options +ExecCGI
</Location>
# To use CGI scripts:
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
======================================
The script actually runs, it's just that instead of interpreting the
resulting HTML, the web browser displays the source HTML, including the
initial "Content-type" line (and blank line).
Is it possible that the "PerlSendHeader On" setting is sending a header
that supercedes (precedes?) my content-type header? Or perhaps I need to
set up a location block for /web/cgi-bin? The script has a .pl extension.
Thanks for the help!
========================================================================
Uncle Roger "There is pleasure pure in being mad
[EMAIL PROTECTED] that none but madmen know."
Roger Louis Sinasohn & Associates
San Francisco, California http://www.crl.com/~sinasohn/
------------------------------
From: Tony Voet <[EMAIL PROTECTED]>
Crossposted-To: comp.dcom.vpn,comp.unix.bsd.freebsd.misc
Subject: Re: ssh connection => network connection?
Date: Fri, 18 Jun 1999 08:30:54 +0200
Brian Zhou wrote:
>
> If thru a firewall I can remote login from inside-host to outside-host via
> socksified ssh, can I somehow turn that connection into a network
> connection? My goal is to be able to ping outside-host from inside-host.
> How? Assume both ends are Unix systems.
>
> Options such as using socksified application are not feasible since the
> firewall only allow ssh traffic to a particular outside-host.
If your SOCKS firewall doesn't allow ICMP (ping), the only thing you can do is
talk to your firewall administrator.
tv
------------------------------
From: "benjamin biere" <[EMAIL PROTECTED]>
Subject: isdn/eumex
Date: Thu, 17 Jun 1999 11:57:10 +0200
i have got a problem with my new eumex 404pc with an integrated pc-card for
my fast ;-) isdn.
under my new suse 6.1, i cant install it as a normal isdn card (Fritz AVM),
because the card is not found by the modul. the connection to the eumex is
over the com-port, maybe linux cant find this, because of externality.
can i tread the card as a modem?
thanks for helpful advices
------------------------------
From: Lim Chee Onn <[EMAIL PROTECTED]>
Subject: Re: Linux calls out automatically
Date: Fri, 18 Jun 1999 09:55:38 +0800
"Bj�rn Wolfgardt" wrote:
>
> I think that something wants to connect to the DNS of my ISP. But I have no
> Idea what. There is an Entry in my message Log like :
> OPNE: DUMMY-IP -> DNS-IP-ISP UDP PORT: 61033 -> 53
>
Are you running a caching nameserver on your gateway? If you are then
add the following lines to your /etc/named.conf near the top of the
file. The options line seems to be there already.
options
{
forward only
forwarders {
IP.OF.ISP.DNS1;
IP.OF.ISP.DNS2;
};
};
Next, check the DNS configuration of your client workstations. It might
be set to the IP address of your ISP's nameservers and the above
'problem' will appear the moment someone fires up IE as it will
automatically try to load M$ homepage by default.
Hope that helps.
Cheers.
--
=====================================================================
Passengers of the mothership earth, these are your children speaking.
When disembarking, please leave a good clean environment behind.
Thank you.
=====================================================================
Alex C. O. Lim
Future Trend Computer Services
http://www.ftrend.com.my
=====================================================================
------------------------------
From: =?iso-8859-1?Q?Peter_H=E4ufel?= <[EMAIL PROTECTED]>
Subject: AW: Secure network-backup via nfs?
Date: Fri, 18 Jun 1999 08:58:06 +0200
Try Arkaia Backup Software.
In Germany SuSE is the Distributor of this software package.
In the States you should have a look at the web site of arkaia.
Mit freundlichen Gruessen
> Peter Haeufel
> Dipl.-Ing.
> Systemberater
> _____________________________________________
> InfoConcept GmbH
> CompetenceCenter f=FCr Netze und Betriebssysteme
> M=F6rscher Str. 17-25
> 76275 Ettlingen=09
> Fon.: 07243/5380-33
> Fax.: 07243/5380-99
> EMail: [EMAIL PROTECTED]
> http://www.InfoConcept.com
>=20
Gesch=E4ftsstellen: M=FCnchen - Stuttgart - Ulm - Heilbronn - Kaiserslauter=
n
=====Urspr=FCngliche Nachricht=====
Von: James Youngman
[mailto:[EMAIL PROTECTED]]
Gesendet am: Dienstag, 15. Juni 1999 19:37
An: [EMAIL PROTECTED]
Betreff: Re: Secure network-backup via nfs?
[EMAIL PROTECTED] writes:
> I work for a company who runs a number of publicly accessible servers.
> That's five servers running some version of RedHat ( kernel 2.2.x ) and
> various services like sendmail, apache, mysql.
> For backups we have a HP SureStore 24eU DAT tapedrive, which is
> connected to one of the servers. BRU is the preferred software.
>=20
> My question is: How can I backup all the servers in a secure way, by
> using the host to which the DAT is connected?
tar zcf - /filesystem-name | ssh dat-host dd bs=3D10240 of=3D/dev/st0=20
> Ideally I would like to nfs-mount all servers on the DAT-host, but I
> have avoided nfs for perceived lack of security and performance issues.
> How vulnerable does it make our servers if we use nfs ( assuming we
> configure it properly )?
Provided you allow only your own hosts in /etc/exports and forbid
access to everyone else, making double-sure with ipchains (NB: protect
the nfsd port as well as portmapper!), then it isn't screamingly
insecure, but SSH is still better.
> Another possibility would be using the rmt device. I would still need to
> enable rpc for that, again opening up the system.
Not is you use SSH.
> What's the best way of handling backup for a similar setup?
I'd use SSH, or the Cryptographic NFS filesystem (search the web).
--=20
ACTUALLY reachable as @free-lunch.demon.(whitehouse)co.uk:james+actually
------------------------------
From: Charly <[EMAIL PROTECTED]>
Subject: Re: ifconfig tells me "dummy"
Date: Fri, 18 Jun 1999 09:47:37 +0200
Nick Jennings wrote:
> Hey, dont dis' the dummy! =)
>
> The dummy is a must on any linux machine, the dummy was there before the
> network. I cannot properly explain the dummy without looking it up in the
> NET-3 HOWTO, it which case ill just say that, pointing you twords that
> howto, check it out.
>
> --
> Nick Jennings : [EMAIL PROTECTED]
> Systems Tech. / Linux Admin.
> ValueStar, Inc.
Hi,
Thanks for your answer.
I saw as you said that the dummy interface is quite useful, but only in
standalone machines.
Mine is connected to a LAN. So I think I don't need it.
What I want to know is :
Can this interface keep my machine from being pinged ?
Thanks again.
Charly.
P.S. forgive my poor english !
------------------------------
From: Rage-DCA <[EMAIL PROTECTED]>
Subject: Re: sendmail configuration
Date: Fri, 18 Jun 1999 07:58:54 GMT
Gib Bogle wrote:
> I have a similar problem (maybe the same). I had sendmail/RH4.2 working
> fine, but recently installed RH6.0 and sendmail now creates problems. I
> connect to the internet via a dialup, but have registered a domain name
> (bogle.co.nz). sendmail runs on the machine called "wem1", and my email
> goes out with "Mail from: <[EMAIL PROTECTED]>. Some mail servers
> bounce it back, saying "Server domain must exist", because although
> bogle.co.nz is known, wem1.bogle.co.nz is not. I have tried setting
> everything I know about (and a few more besides) in sendmail.cf to say
> that my mail is coming from @bogle.co.nz, but the "Mail from:" field
> resolutely insists on @wem1.bogle.co.nz. What should I do? Is it a
> matter of recompiling sendmail, or is there another way around this?
maybe this will help
from sendmail.cf - sendmail8.9.3
# my official domain name
# ... define this only if sendmail cannot automatically determine
your domain
#Dj$w.Foo.COM
Djrage.dynip.com
CP.
# "Smart" relay host (may be null)
DSmail.flash.net
basically, i have my domain name declared here since i have a dialup
connection. this works great because rage.dynip.com is = to current ip and
my isp allows mail from thier ip subnets making this work perfectly. never
have had a sender domain can't resolve error. guess you just have to trick
it. mail me if you have any further questions.
--
Jason Osborne (Rage-DCA)
- [EMAIL PROTECTED]
- http://rage.dynip.com
- LinuxInside - I run it, do you?
------------------------------
From: Andrew Williams <[EMAIL PROTECTED]>
Subject: Re: SAMBA newbie
Date: Fri, 18 Jun 1999 09:53:23 +0200
Reply-To: [EMAIL PROTECTED]
My web-page should be of some help, it also points you at the documentation that
comes with Samba, and to more appropriate newsgroups.
thomas wrote:
> Hello, i am a newbie in the Linux word and i want to get my setup to work as
> a fileserver to Win95 clients. How do i setup the Samba?
>
> --
> MVH, Thomas Winberg.
--
Mielipiteet omiani - Opinions personal, facts suspect, especially on my
http://www.germanynet.de/teilnehmer/101/69082/samba.html
Simple Samba Solutions web page. ICQ 1722461
__________________________________________________________
| Fight Spam! Join EuroCAUCE: http://www.euro.cauce.org/ |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
