Linux-Networking Digest #679, Volume #11 Sat, 26 Jun 99 13:13:46 EDT
Contents:
Re: denying arp-requests (Malware)
Re: Why not C++ (Johan Kullstam)
Re: DNS help!!! (Andrzej Filip)
RE: Linux and DSL ("Richi")
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (Jonathan Guthrie)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (Jonathan Guthrie)
Internet sharing through Win98 (Brian Devlin)
Re: Automating Remote applications running on Unix (Rich)
Re: PPP server authenticate from radiusd/xtacacsd server? (Jonathan Guthrie)
Re: VPN through IP Masq ("John Hardin")
Re: triggering pppd through external phone call (Harald Schwefel)
Re: PPP - What can I tell you to help solve my problem? (Dusman Lam)
Help: FTP under IP_Masq drops carrier... (Millennium Man)
Re: triggering pppd through external phone call (Nick Birkett)
----------------------------------------------------------------------------
From: Malware <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,de.comp.os.unix.linux.misc
Subject: Re: denying arp-requests
Date: Sat, 26 Jun 1999 16:13:34 +0200
Hi teinmahl,
you wrote:
> The problem that I have is, that my linux-packet-filter gladly denys
> icmp-requests, but if I ping it from the same subnet, it gets the
Hopefully "icmp-request" does stand for "ICMP echo requests". Some of
the ICMP message are of need for TCP/IP to operate properly. So blocking
any ICMP traffic will produce quite strange effects.
> arp-broadcast from the pc pinging and it answers that request. But I would
> like to make the packet-filter invisible for everyone.So I would like to
> make the filter to answer only certain arp-requests.
Remove the machine - which' arp-requests you won't answer - from the
local net and put it behind a router. It's a network design flaw if you
are that crazy about someone seeing the MAC address of the packet-filter
but having those machines one the same cable.
Malware
------------------------------
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.development.system
Subject: Re: Why not C++
From: Johan Kullstam <[EMAIL PROTECTED]>
Date: 26 Jun 1999 10:54:15 -0400
Justin Vallon <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Greg Comeau) writes:
>
> > In article <7kscsl$s0h$[EMAIL PROTECTED]> [EMAIL PROTECTED]
> > (Nathan Myers) writes:
> > >2. It takes substantial extra effort to code C++ libraries that are
> > > binary-compatible from one release to the next, so library version
> > > problems are incrementally harder.
> >
> > This is definitely a roadblock, but I wonder how many people actually
> > realized this when they started out? I would suspect not to many.
> > Luckily Standard C++ is out and at least for now binary compatible issues
> > are known and can be addressed by compiler implementors as they upgrade.
> > Of course, some compilers have done this more than others. :)
>
> Why would binary compatibility between compiler releases be an issue
> for the kernel? Don't you build the entire kernel under one
> compiler?
yes. and statically linked programs wouldn't need to care about
changing libs either.
> Maybe for modules, but you'd extern "C" those, anyway.
>
> Or, are you speaking in general (libnifty.1, libnifty.2)?
check out my /usr/lib
-rwxr-xr-x 1 root root 1025339 Mar 21 16:41 libstdc++.so.2.7.2.8
-rwxr-xr-x 1 root root 375773 Mar 21 16:41 libstdc++.so.2.8.0
-r-xr-xr-x 1 root root 1184870 Mar 21 16:41 libstdc++-so.2.9.0
a plethora of libstdc's....
--
J o h a n K u l l s t a m
[[EMAIL PROTECTED]]
Don't Fear the Penguin!
------------------------------
From: Andrzej Filip <[EMAIL PROTECTED]>
Subject: Re: DNS help!!!
Date: Sat, 26 Jun 1999 17:11:27 +0200
Ed Willoughby wrote:
> [...]
> Jun 25 13:15:41 pcflight named[198]: sysquery: findns error (NXDOMAIN) on
> dns1.knology.net.14.192.209.in-addr.arpa?
> [...]
> Jun 25 13:16:06 pcflight named[198]: Sent NOTIFY for "pcflight.com IN SOA"
> (pcflight.com); 1 NS, 1 A
>
> Don't understand the log entry at 13:15:41 and also the one at 13:16:06 gets
> sent quit often and I have not made changes to any of the named files..
Q1: maybe DNS server for 14.192.209.in-addr.arpa uses in
the zone configuration file dns1.knology.net without
trailing dot (so the domain name is added)
Q2: your DNS server notifies secondary DNS servers that
it would be nice to upload newer data for pcflight.com
> [...]
--
Andrzej (Andrew) A. Filip fax: +1(801)327-6278
mailto:[EMAIL PROTECTED] http://bigfoot.com/~anfi
Postings: http://deja.com/profile.xp?author=Andrzej%20Filip
------------------------------
From: "Richi" <[EMAIL PROTECTED]>
Subject: RE: Linux and DSL
Date: Sat, 26 Jun 1999 10:15:06 -0500
I have some new info and I will recap some of the old for any newcomers. I
still haven't got it to talk yet, but learned some valuable info.
First the Linux box has two network cards (eth0 and eth1)
The eth0 card is configured as 192.168.1.1 with a netmask of 255.255.255.0
The eth1 card is configured as 192.168.1.2 with a netmask of
255.255.255.128
All other windows machines on the LAN are 192.168.1.X and 255.255.255.128
The router is set up as defualt. The only items I have entered into the
router are:
set ppp wan0-0 ipcp 0.0.0.0
set ppp wan0-0 dns 0.0.0.0
set ppp restart enabled
set dhcp server enabled
set nat enabled
and login and passwords.
This is what USWEST has in the book. This setup is currently working plugged
into my hub.
What I just realized doing a winipcfg in windows was the Cisco 675 router
has the following. I am going to add all info beacuse I am not sur if it is
relevent.
Host name Rich
DNS servers 207.108.32.1 and 204.147.80.5
Node type =broadcast
IP address 10.0.0.2
Subnet Mask 255.255.255.0
Default gateway 10.0.0.1
DHCP server 10.0.0.1
I am thinking that this info needs to be entered under routing in netcfg
Under router I have :
default gateway____________
default gateway device__________
And then if I click add I get
Device_________________
Network_______________
Netmask_______________
Gateway_______________
I tried a few combinations but haven't hit the right one.
Any help is appreaciated. I hope to get this thing online this weekend.
Thanks
Rich
------------------------------
From: Jonathan Guthrie <[EMAIL PROTECTED]>
Crossposted-To:
omp.os.ms-windows.nt.advocacy,comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark?
Date: 26 Jun 1999 14:33:42 GMT
In comp.os.linux.networking Terry Carmen <[EMAIL PROTECTED]> wrote:
> If you take NT certified hardware, install NT, the web server of your
> choice and a recent service pack, then log off and walk away from the
> console, it will run quite nicely for a very long time.
But I run Linux on crap hardware that NT turns its nose up at and if my
service ever got down to 99.8% availability (which is about 15 minutes per
week) on the single machine that runs each of those tasks (Microsoft uses
a server farm running any given task to achieve their availablility,) I
would have users screaming in my ear and ringing my phone of the wall.
> The biggest reason NT has less uptime is mostly because people can't
> resist installing all sorts of new software that may or may not leak
> resources, and may or may not replace core OS components with versions
> that are either incompatible or buggy.
> Modifying the kernel under Linux requires a recompile. Modifying core
> NT components requires nothing more than leaving a DLL where the OS
> can find it.
Oh? The last time I added devices to a system, (a PC-DIO card to control
pump motors as part of an embedded system that I'm working on) I didn't
have to recompile the kernel, neither did I have to reboot. I just
compiled a module and told the system about it. Windows is NOT the only
system that has DLL's!
The question I have is why would an application, even if it's a server
task, need to modify core NT components? I install all kinds of things
(servers for FTP, HTTP, SMB, LDAP, DHCP, NCP, to name a few) under Linux
and haven't ONCE needed to change the kernel functionality to run them.
Perhaps NT isn't as well designed as you think it is.
--
Jonathan Guthrie ([EMAIL PROTECTED])
Brokersys +281-895-8101 http://www.brokersys.com/
12703 Veterans Memorial #106, Houston, TX 77014, USA
------------------------------
From: Jonathan Guthrie <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark?
Date: 26 Jun 1999 14:59:49 GMT
In comp.os.linux.networking Terry Carmen <[EMAIL PROTECTED]> wrote:
> Because if you actually did this for a living, you would notice that
> now and then a customer will request a specific OS, and it's much more
> profitable to smile and take their money and give them what they want,
> than to try to convert them to your religion and sell them something
> else.
> It makes absolutely no difference to me if it needs a diesel-powered
> network interface or new starch for the floppy drive. If the customer
> wants it, who cares what it runs on?
This is perhaps the dumbest thing I've ever heard on this or any other
newsgroup. It shows a fundamental misunderstanding of the way business
works and how your time is best spent.
Usually, I am trusted by my customers to be able to suggest the form of a
solution. After all, It's results that count, not whether or not I or
they line Mr. Gates's pockets. Yes, I sometimes get requests from
customers for things that run on hardware or under software that I don't
support. I don't preach to those customers, for that would be just as big
a waste of my time, I simply tell them "no". Usually, they ask me for my
reasons, and I tell them. They offer me more money. I still tell them no.
Eventually, if they are truly interested in whatever it is they said they
want, they go elsewhere.
This makes far more business sense than doing whatever the customer says
they want you to do. Instead of wasting all my time learning VM/CMS JCL
for the ONE customer who wants ONE application, I learn the skills needed
to deliver similar solutions to hundreds of customers simultaneously.
Each one pays as much as that one customer with the wierd requirements and
it's a whole lot easier. Works like a champ, too.
What a business is prepared to sell at any given time is what the business
schools call the "focus" of a business. Figure out what you want to sell
and get really good at selling it. (Before Bill Gates, the richest
private citizen was Sam Walton, who made billions from a "five and dime"
store. He knew all about "focus".) The hard part is figuring out what
you're going to sell. However, it really isn't all THAT hard.
--
Jonathan Guthrie ([EMAIL PROTECTED])
Brokersys +281-895-8101 http://www.brokersys.com/
12703 Veterans Memorial #106, Houston, TX 77014, USA
------------------------------
From: Brian Devlin <[EMAIL PROTECTED]>
Subject: Internet sharing through Win98
Date: Sat, 26 Jun 1999 16:11:59 GMT
I have two computers (one is my family's). We have a cable modem hooked
up to that box. It is running Win98 and uses sygate to share the cable
modem. My computer is dual booting linux and Win98. I can access the
internet using win98, but I am not sure how I should configure linux to
access the internet.
Here is a list of the settings.
Sygate computer:
Internal IP - 192.168.0.1
SUBNET - 255.255.255.0
DNS - 24.0.240.33
24.0.240.34
HOSTNAME CX500477-a.shing1.ri.home.com
Linux machine (Win98 settings):
IP - 192.168.0.1
SUBNET - 255.255.255.0
GATEWAY - 192.168.0.1
Any help would be appreciated. You can e-mail me at [EMAIL PROTECTED]
is you don't want to post.
Thank You
Patrick Devlin
------------------------------
From: [EMAIL PROTECTED] (Rich)
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.development.system
Subject: Re: Automating Remote applications running on Unix
Reply-To: [EMAIL PROTECTED]
Date: Sat, 26 Jun 1999 16:21:57 GMT
On 26 Jun 1999 10:30:37 GMT, Stanley Mathew <[EMAIL PROTECTED]> wrote:
>I would like your help for writing a C or Java application that can
>connect to the remote unix system and capture each screens into a file and
>edit it and run it.
>
Assuming that you can't write some sort of direct interface to the
remote application, by far the easiest way to do this would be
with a Perl program. In particular, you can use the Net::Telnet module
to do precisely this sort of operation without breaking a sweat.
- Rich
------------------------------
From: Jonathan Guthrie <[EMAIL PROTECTED]>
Subject: Re: PPP server authenticate from radiusd/xtacacsd server?
Date: 26 Jun 1999 15:18:27 GMT
James Peterson <[EMAIL PROTECTED]> wrote:
> I am trying to set up a ppp server on a linux box I could use some advice or
> rather some reading materials other than the HOWTO's. Ifyou have any
> sugestions please let me know.
I'd do a dejanews search for "RADIUS client" over the last couple of
years. This comes up, periodically, and the last time I remember it a
solution was offered by someone.
Just so that you know, it is quite possible to do this. Four years ago, I
took the MERIT RADIUS client software and patched pppd and init to use it
for RADIUS authentication and accounting. That software has, however,
fallen into disuse. It was always ugly, is now out of date, and never
worked all that well. (The authentication wasn't a problem, but the
accounting, especially the patch to init, caused failures sometimes.)
It took me about a week to put together. Please don't ask me to send it
to you.
--
Jonathan Guthrie ([EMAIL PROTECTED])
Brokersys +281-895-8101 http://www.brokersys.com/
12703 Veterans Memorial #106, Houston, TX 77014, USA
------------------------------
From: "John Hardin" <[EMAIL PROTECTED]>
Subject: Re: VPN through IP Masq
Date: Sat, 26 Jun 1999 08:39:48 -0700
Mark Constable wrote in message <8V2d3.34$[EMAIL PROTECTED]>...
>Sorry I can't help you guys but I am also searching for a solution
>to this problem of a MASQ'd linux server with a dial-up w98 client
>who wants to connect via PPTP to an outside service.
>
>There is 3 of us now who would dearly like to find a solution so
>if anyone has experience down this track then please don't hold
>back. I've been searching and readin howto/faq's for two weeks
>now and found nothing relevent for 2.2 kernels + ipchains.
Try ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
It's listed in freshmeat, google (try searching for "linux pptp
masquerade") and many other search engines, but I haven't been able to get
the HOWTO into the repository - Tim Bynum seems to be ignoring me...
{sniffle}
As for the Novell VPN, if it is IPsec, PPTP or TCP based, it should work.
Otherwise, give me some pointers to where the protocol is defined and I may
be able to do something with it.
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
=======================================================================
In the Lion
the Mighty Lion
the Zebra sleeps tonight...
Dee de-ee-ee-ee-ee de de de we um umma way!
------------------------------
From: Harald Schwefel <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux.dial-up,yale.users.linux
Subject: Re: triggering pppd through external phone call
Date: Sat, 26 Jun 1999 11:56:51 -0400
> Why do you not just connect via ppp to your home machine? YOur procedure
> sounds a very roundabout way of doing things. Ie, set up mgetty, dial in
> from �our work machine, mgetty answers, you log on and run ppp on the
> home machine and then ppp on your work machine. Or set up AutoPPP and
> use pap, or...
Well it is not that easy to dial in, when you are sitting at a
workstation, without modem, and a system which would probably not allow
it anyhow to just connect to something outside through the phone line,
due to security reasons. That's why I want to connect trough the IP
address.
Regarding the cron jobs, which make me always being online, I don't like
the idea to be in the net for longer than I have to, why bare the risk,
if I don't need the connection.
One probably can get the system relatively easy to just watch the line
and if it rings exactly 2 or n number of times then just call the ISP. I
might have to look into that, otherwise it seems that vgetty might be a
thing to look into, but I haven't had time to really do that. I think
there are already some fax or answering machines out there for linux.
If everyone has done something like that or has knowledge about
something like that, I would really appreciate it
harald
------------------------------
From: Dusman Lam <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: PPP - What can I tell you to help solve my problem?
Date: Wed, 23 Jun 1999 11:37:56 +0000
Reply-To: [EMAIL PROTECTED]
"Matthew O. Persico" wrote:
> Well, to make long story short, after installing RH6.0, using the
> linuxconf tool to set up PPP, getting over the 21/26/24 conf errors
> (thanks [EMAIL PROTECTED]), printing out if*, ppp*, reading the heck out
> of them and tailing -f /var/log/messages, I STILL cannot get a
> successful
> connection. I think I have two problems:
>
> 1) Since my ISP (erols.com) uses dynamic IP addresses, I have set the
> noipaddress arguement to PPP. After all the pppd negotiation, I get
> messages that state that ppp has determined the remote and the local
> IP addresses. Two lines later, it says it cannot determine the local
> address!
>
> 2) Since my ISP uses dynamic DNS assignemnts, I use the usedpeerdns
> argument. I guess that pppd is reading them correctly since
> a new resolv.conf is created every time I connect. But it's not
> in /etc, it's in /etc/ppp. Is this a going to be a problem once
> I get problem #1 fixed.
>
> So, in order you you to help me solve this, what information should
> I post? Snippets of /var/log/messages?
>
> BTW, I have debug and kdebug 1 set on the pppd.
>
> Thanks.
> --
> Matthew O. Persico
Try to use a softlink to the file
ln -s /etc/ppp/resolv.conf /etc/resolv.conf
------------------------------
From: [EMAIL PROTECTED] (Millennium Man)
Subject: Help: FTP under IP_Masq drops carrier...
Date: Sat, 26 Jun 1999 15:56:46 GMT
I have a problem with a home network I cannot find an answer to.
Slakware 3.5 dialup to internet
IP masq enabled
6 win95 workstations connecting as a proxy client (all same problem.)
I can download for days with no problem but as soom as I try to up a
file by FTP or E-mail attachment the linux box drops carrier.
I tried WS-FTP with passive transfers as suggested but still the same.
Every thing else works great. Transfers are fast and solid but only
coming in.
rc.modules only has FTP and Real Audio enabled (_masq)
ftp and telenet are disabled in inetd.conf ( is this right?)
Any help or ideas too try would be great.
------------------------------
From: Nick Birkett <[EMAIL PROTECTED]>
Subject: Re: triggering pppd through external phone call
Crossposted-To: alt.os.linux.dial-up,yale.users.linux
Date: Sat, 26 Jun 1999 17:40:39 +0100
On Sat, 26 Jun 1999, Nun wrote:
>Someone mentioned cron job. How about everyday at 7am, have a cron job
>email to you@work its IP and every some interval check and see if its IP
>address changed. If it changed have it email you the change. You probably
>can do all of these in Perl. I'm not a Perl guru but sound like it could be
>done a lot easily than by phone as you mentioned.
Look for the xringd application - it's the one you want.
You can configure it to expect any number of ring / pause sequences and
fire off any executable in response.
If you have a dynamic IP address then you need to use something like
speak-freely (www.fourmilab.ch) to post your current IP to a server.
Nick
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
