Linux-Networking Digest #764, Volume #11 Fri, 2 Jul 99 19:14:08 EDT
Contents:
Re: RH Linux Guru Final Exam ("Rich Sena ras*at*tiac.net")
Re: Urgent!NFS problems !!! (Bill Pitz)
Re: Device name for ethernet card (Bill Pitz)
Re: Why not C++ (Nathan Myers)
Re: FTP Client thru Apache.... (Nicholas E Couchman)
Re: Remote login problems in custom RedHat env... (Dave Smart x2890)
Ethernet to Token-Ring Bridge ([EMAIL PROTECTED])
Re: Damn Apache (Wolfgang Rufeger)
masquerading and port numbers (Jeff Burkholder)
Re: ipchains question (Bill Pitz)
Re: ipchains question (Kingsley Turner)
zmodem with cu (larry)
Re: Ethernet to Token-Ring Bridge (Bill Pitz)
----------------------------------------------------------------------------
From: "Rich Sena ras*at*tiac.net" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.help
Subject: Re: RH Linux Guru Final Exam
Date: Thu, 1 Jul 1999 17:41:00 -0400
did you install gated? or anyother routing daemon (routed) it may be
riping and then removing the routes that it thinks are dead...
--
<T.I.A.C.>
There Is A Cabal
On Thu, 1 Jul 1999, Ricky Sethi wrote:
==>Always had an itch to see how good you really were at this networking
==>stuff?
==>Well, here's your chance to finally test your mettle. This problem has
==>stumped everyone I know and they have all been forced to relinquish
==>their
==>crowns. So, it's up for grabs... anyone who helps me solve this
==>problem,
==>wins all bragging rights AND the vaunted no-prize! So what is this
==>problem?
==>
==>Briefly, I just installed Redhat 6.0/WinNT dualboot and I have IP
==>aliasing
==>enabled according to the scheme below (primary interface has a real IP;
==>first alias has a real IP; 2nd alias has a fake IP). So the problem is
==>that
==>the IP aliasing seems to timeout after a while under RedHat. I'm using
==>a
==>Linksys Etherfast (with the latest tulip driver) and the aliases work
==>fine
==>under Windoze NT. However, after about 40 minutes, none of the aliases
==>are
==>pingable under redhat. The primary interface stays functional
==>throughout
==>but the aliases all seem to timeout. A reboot or poweroff doesn't
==>change
==>this. The only thing that seems to help is to remove all the aliases
==>AND
==>the primary interface and then reenter the primary and aliases again.
==>It
==>then works again for about 40 minutes, after which time the aliases time
==>out
==>once again (but the primary interface continues to work). I've tried
==>using
==>both ifconfig and the netcfg from the control-panel to no avail.
==>
==>So there you have it... if you can help solve this not only will you
==>have my
==>eternal undying gratitude; not only will you be able to wear the Linux
==>Guru
==>Crown with pride; but you'll also be the winner of the one and only
==>no-prize
==>(offer valid in the contiguous united states; we are an equal
==>opportunity
==>empire; local sales tax may apply).
==>
==>Thanks in advance!
==>
==>
==>Rick.
==>
==>
==>
==>Ricky J. Sethi <[EMAIL PROTECTED]> wrote in message
==>> Hi guys,
==>>
==>> Okay, a couple of (very) kind souls asked for the ifconfig output so
==>here
==>> goes...
==>>
==>> eth0 Link encap:Ethernet HWaddr 00:A0:CC:26:4C:5E
==>> inet addr:209.178.112.10 Bcast:209.178.112.255
==>> Mask:255.255.255.0
==>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
==>> RX packets:58673 errors:0 dropped:0 overruns:0 frame:0
==>> TX packets:59098 errors:0 dropped:0 overruns:0 carrier:0
==>> collisions:2638 txqueuelen:100
==>> Interrupt:11 Base address:0x6800
==>>
==>> eth0:0 Link encap:Ethernet HWaddr 00:A0:CC:26:4C:5E
==>> inet addr:209.178.112.8 Bcast:209.178.112.255
==>Mask:255.255.255.0
==>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
==>> Interrupt:11 Base address:0x6800
==>>
==>> eth0:1 Link encap:Ethernet HWaddr 00:A0:CC:26:4C:5E
==>> inet addr:192.168.0.5 Bcast:192.168.0.255
==>Mask:255.255.255.0
==>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
==>> Interrupt:11 Base address:0x6800
==>>
==>> lo Link encap:Local Loopback
==>> inet addr:127.0.0.1 Mask:255.0.0.0
==>> UP LOOPBACK RUNNING MTU:3924 Metric:1
==>> RX packets:143 errors:0 dropped:0 overruns:0 frame:0
==>> TX packets:143 errors:0 dropped:0 overruns:0 carrier:0
==>> collisions:0 txqueuelen:0
==>>
==>> Any ideas?
==>>
==>> Thanks again!!!
==>>
==>>
==>> Rick.
==>>
==>
==>
==>P.s., apologies for any multiple posts... my news server was acting up
==>and I wasn't sure if these went through.
==>
==>
==>
==>
==>
==>
==>
==>
==>
==>
==>
------------------------------
From: Bill Pitz <[EMAIL PROTECTED]>
Subject: Re: Urgent!NFS problems !!!
Date: Fri, 02 Jul 1999 21:22:50 GMT
phquark <[EMAIL PROTECTED]> gave us the interesting posting of:
> Our system is consisted of a server and 7 clients, all running RH5.2 and
> kerneld 2.2.2
> We upgraded one of the machine to kerneld 2.2.10 and found the following
> errors while booting:
> Mounting remote filesystems.ypbind[228]:clnt_create for server
> 192.168.1.1 fail
> 192.168.1.1 is the server. While there's still the login prompt but the
> remote file system is not mounted !!! and we can't ping to the other
> machines !!
> Any ideas ?? Thanks in advance.
> ps. we'd checked the /etc/fstab , /etc/exports in the server,
> /etc/hosts, /etc/hosts.equiv, everything is just intact and the same as
> the other clients running kernel 2.2.2. We'd NIS also and 192.168.1.1 is
> the server.
It's not loading the module for your NIC probably... Try recompiling
the kernel with the NIC card driver built in and not as a module as
a temporary solution to your "URGENT" problem. Also check
/etc/conf.modules just to make sure that the upgrade didn't roach the
conf.modules file.
-Bill
--
Bill Pitz [EMAIL PROTECTED]
Silicon Valley North, Inc. www.svn.net
Internet and World Wide Web Services (707) 781-9999
------------------------------
From: Bill Pitz <[EMAIL PROTECTED]>
Subject: Re: Device name for ethernet card
Date: Fri, 02 Jul 1999 21:30:46 GMT
[EMAIL PROTECTED] gave us the interesting posting of:
> Hello,
> Can anyone tell me the typical device name for an ethernet card ?
> I know about eth0, eth1, ... but I cannot find them in /dev
Have you compiled Networking support into your kernel? Sometimes they
don't create the devices until the driver is setup.
-Bill
--
Bill Pitz [EMAIL PROTECTED]
Silicon Valley North, Inc. www.svn.net
Internet and World Wide Web Services (707) 781-9999
------------------------------
From: [EMAIL PROTECTED] (Nathan Myers)
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.development.system
Subject: Re: Why not C++
Date: 2 Jul 1999 14:27:37 -0700
[EMAIL PROTECTED]> wrote:
>Bruce Hoult <[EMAIL PROTECTED]> wrote:
>: [EMAIL PROTECTED] wrote:
>:> C++ is still slower and bulkier.
>
>I compiled and compared like this:
>My point was that C++ output is still bigger than C, _for the exact same
>source code_, using the same code generator and optimizer.
Cunning lies are worse than obvious lies.
In the example you posted both compilers produced an identical
sequence of instructions. Only the assembler directives were
different. The honest interpretation of your example is that
the C and C++ compilers appear to produce code of exactly equal
efficiency, for identical input.
--
Nathan Myers
[EMAIL PROTECTED] http://www.cantrip.org/
------------------------------
From: Nicholas E Couchman <[EMAIL PROTECTED]>
Subject: Re: FTP Client thru Apache....
Date: Fri, 02 Jul 1999 04:14:57 GMT
FTP isn't Apache's job. Usually (definentaly on RH6), WU-FTP is the program
that controls FTP. I guess I don't quite understand your situation. Are you
trying to FTP the linux box itself or a ftp site outside (ie on the net)? From
the looks of the console messages you left, it looks like the problem is one
with the Linux box. Check linuxconf (it should have FTP server options under
Configure -> Networking -> Server Tasks).
--Nick
Pat Bergan wrote:
> I've got RedHat 6.0 up with Apache acting as a proxy (with a remote proxy)
> for a Win98 machine. IPChains is up and running fine. Ftp from Linux works
> fine, but when I try to connect an Win98 FTP client through the Linux box,
> this is what I get:
> ..
> ..
> ..
> 230 Guest login ok, access restrictions apply.
> CWD /pub/Linux/distributions/redhat/updates
> 250 CWD command successful.
> PWD
> 257 "/pub/Linux/distributions/redhat/updates" is current directory.
> Host type (I): UNIX (standard)
> PORT 192,168,86,2,4,77 <<<<<<<<<< 192.168.86.2 is the Win98 box's
> address
> 500 Illegal PORT Command <<<<<<<<<<
> DoDirList returned 0
>
> I'm not sure if I've hosed Win98 or if IPChains is not working right?
> Can anyone point me in the right direction?
>
> [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Dave Smart x2890)
Crossposted-To:
comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.security
Subject: Re: Remote login problems in custom RedHat env...
Date: 2 Jul 1999 19:31:56 GMT
Wallace Barnes ([EMAIL PROTECTED]) wrote:
: DNS is disabled on this box. I've even gone as far as to remove the resolv.conf
: file. Besides, tcpdump shows that the box is able to send acks to whatever
: remote machine is involved. Also remember that all established connections can
: reach any host via telnet, ftp, rlogin, etc... (as long as they're in the hosts
: table of course). As for the network card, this problem has been replicated on
: three other identical systems to rule out just that. Network traffic is
: non-existent on this box. I've even prevented misc. services such as sendmail
: from starting to make sure to no avail. Thanks for your responses though.
DNS dissabled or not .. your host still could be waiting for info.
For example, typical installation of TCPD (tcp wrappers) has
the -paranoid setting active which immediatly tries to do a reverse
name lookup. {AFTER the connection, BEFORE the LOGIN just where your hang is!}
If you have TCP wrappers installed with paranoid (default), and no way
to complete the lookup this will indeed hang the connection for some time.
I suspect that once tcpd is blocked by one invocation from someone NOT in
your /etc/hosts file, all other requests through tcpd would queue up too
effectively blocking access to your host.
We use host tables exclusively and disabled DNS too.
I had to get TCP-Wrappers source and recompile without paranoid
option for this reason.
-other thoughts
Also, 'no-route-to-host' and other network timeouts may be
very long, causing a hang that may not clear for 10's of
minutes. Combined with an attempt by your host to access
a server (dns, kerberos), or auth/ident (client) this
could cause a hang .. but trail would show in network log.
Check 'netstat -nr' or 'route' to see the default gateway
is still OK. If it changed (possibly by a RIP default update,
or an ICMP re-route msg) then
you would loose all remote network access at that point.
Also, disruption of network protocols can be caused by firewall,
router config, or disabled services.
Do you have IPFW active and too restrictive?
For example, If you disable or block ICMP, then any network
query may take forever to finish since it may get no response.
As the client telnets to your host, your host (telnetd and/or
tcp wrappers) may use auth/ident back to the client to
validate the userid/port info. If this service is blocked,
the Linux timeout may take a while, particularly if there is no
response at all.
--Dave
: Wally
: [EMAIL PROTECTED]
: Bryan wrote:
: > Jon Skeet wrote:
: > >
: > > [EMAIL PROTECTED] wrote:
: > >
: > > > I have an unusual problem with telnet, rlogin, ftp and any other
: > > > program which requires logging in remotely. The system specs are: 400Mhz
: > > > Pentium Pro, 256MB RAM, onboard Intel etherexpress pro 10/100Mbs network
: > > > card, 2 serial ports, running a custom Red Hat 5.2 kernel. Four kernel
: > > > header files were modified to allow for a 3072 process limit ( fs.h,
: > > > limits.h, posix_types.h, /usr/include/gnu/types.h ). The machine will
: > > > boot and run fine for about 10 minutes then any form of remote log in
: > > > (even rcp and rsh) will hang after it successfully connects to the
: > > > system just before it gives you the opportunity to provide your login
: > > > name and/or password. On telnet you can even see the "Connected to
: > > > <host>" message. Any connection made before this problem occurs is fine
: > > > and has full capabilities. I can get out of the box using any method I
: > > > choose (telnet, ftp, etc). The oddest thing about this problem is that
: > > > all other inetd services are unaffected. They continue to respond to
: > > > request on their respective ports without fail. A tcpdump on the machine
: > > > will show telnet, rlogin, etc ... activity. They send their initial acks
: > > > and replies but don't complete their initialization procedures.
: > >
: > > Is it feasible that the problem is in reverse host lookup? I know telnetd
: > > checks that the host that is telnetting to it is valid before going ahead
: > > with the connection; it's possible that rcp does the same. If so,
: > > possibly your DNS is going wrong...
: > >
: >
: > I agree; it could be reverse DNS or no DNS at all.
: >
: > Another idea: Network card burps...
: >
: > How much activity is there once the system is up? I had a Netgear
: > 10/100 card in my box with one of the original DEC tulip chips (they've
: > since created their own proprietary set due to DEC's discontinuation of
: > the 21something series), and it would come up with some overrun problems
: > at high NFS loads. I finally swapped it with a newer one I had bought
: > for a Windows box, and the old card works fine in the Windows box, and
: > the new one works beautifully in the Linux box (gotta love 100Mbps).
: > (Probably some inconsistencies with the tulip driver and that older
: > chipset..)
: > .
: > Which kernel version are you using? You can use the 2.2.x kernel series
: > on Redhat 5.2. A custom RedHat 5.2 kernel sounds like you used th
: > 2.0.36 kernel that came with it.
: >
: > 2.2.5 runs really stable on three of my 5.2 machines. I'm suggesting a
: > kernel and network card driver upgrade because even if you turn off
: > networking, like you said you're doing, the card may still be on the
: > fritz, and there may be a compatibility issue with the EtherExpress
: > Pro. (Is that intel or 3com? 3com's drivers were semi-broken in
: > 2.0.36...)
: >
: > > --
: > > Jon Skeet - [EMAIL PROTECTED]
: > > http://www.pobox.com/~skeet/
: >
: > -- Bryan Scott
: > -- CTR Online Systems Administration
: > (remove the NOSPAM. for email)
--
+------------------------------------------------------------------+
| Dave Smart E-Mail: [EMAIL PROTECTED] |
| Computer Sciences Corp. |
| 7700 Hubble Drive, Voice: (301)-794-2890 |
| Lanham-Seabrook, MD 20706 FAX (301)-794-9530 |
| #include /std/disclaimer 'My opinions are mine own...' |
+------------------------------------------------------------------+
------------------------------
From: [EMAIL PROTECTED]
Subject: Ethernet to Token-Ring Bridge
Date: Fri, 02 Jul 1999 20:35:16 GMT
Is there anyone in the Linux Community that has
successfully setup a Ethernet to Token-Ring
Bridge? If so could you please steer me in the
right direction.
ri
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Fri, 02 Jul 1999 22:08:52 +0200
From: Wolfgang Rufeger <[EMAIL PROTECTED]>
Subject: Re: Damn Apache
> > >I went to Netscape on my Windows 98 box and set the http proxy to
> > >10.8.80.6 port 80. I don't know if port 80 is right, or if i can change
> > >the port or what, but the locally stored apache page came up with every
> > >web site.
>
> Yeah, way off, i have it configured as a gateway but for the browser it
> has to be a proxy. But thank you for the input, your the only one who
> has answered all day! Thanx again!
>
If You have set up IP masquerading the right way it shouldnt be a
problem to reach the internet from Your Windows machine directly. If You
want to use Your Linux box as a proxy, try to install a proxy server. I
use junkbuster for that. That way I get rid of all the junk and
commercials on the web. Use the junkbuster port on Your Linux machine
for the proxy on the Win machine. Works excellent with me :-)
-- Wolfgang Rufeger ----- o o ----- [EMAIL PROTECTED] --
--- Tokajerweg 25 -------- O --------- http://home.pages.de/~wolf/ ----
===== 89075 Ulm =======================================================
---- 0731/9501308 -----------------------------------------------------
------------------------------
From: Jeff Burkholder <[EMAIL PROTECTED]>
Subject: masquerading and port numbers
Date: Fri, 02 Jul 1999 21:23:56 GMT
hello -
I'm using masquerading and port forwarding on my 2.0.36 firewall box,
everything is working fine but for one thing. I'm hoping someone knows
how to force the port number on an outgoing connection.
I have a server (quake3) running behind my firewall. I have port
(27960) forwarding set up so that incoming connections (udp) are
forwarded to the right box on my internal network, like so:
ipportfw -A -u24.131.182.112/27960 -R 192.168.0.100/27960
and this works like a charm - players connect to the 24.131.182.112 IP
and pass tru to my server.
my only problem is when this server communicates with id Software's
'master' server, masquerading alters the port number. I want id
Software to register 24.131.182.112:27960 but they are getting
24.131.182.112:63365 which is wrong.
when I do a list of masquerading rules
ipfwadm -M -l
i get back
prot expire source destination ports
udp 05:27.93 192.168.0.100 monster.idsoftware.com 27960
(63365) -> 27950
where this last part with the ports is what is causing the problem.
my server is sending a udp packet out on port 27960 on its way to
idSoftware's port 27950, but masquerading is substituting 63365 as the
originating port.
Is there a way to force masquerading to use the original, or even a
specific, port number?
I notice for ipfwadm there is an option to specify the source and
destination ports on the masquerading rules, I tried this:
ipfwadm -F -a m -P udp -D 192.168.0.10/24 27960 -D 0.0.0.0/0 27960
thinking this might be what I want to force masquerading to generate
packets with the port number I want, but this didn't seem to make a
difference.
Thanks in advance if you can help me.
-Jeff
[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Bill Pitz <[EMAIL PROTECTED]>
Subject: Re: ipchains question
Date: Fri, 02 Jul 1999 21:29:30 GMT
Jack Snodgrass <[EMAIL PROTECTED]> gave us the interesting posting of:
> I'm trying to get ipchains set up so that I can masquerade a win98
> box via my Linux box which I've attached my cable modem to.
> I use
> ipchains -P forward DENY
> ipchains -A forward -s $gameboy -j MASQ
> I thought that the 'ipchains -A forward -s $gameboy -j MASQ' line
> would tell the Linux box to use it's own IP Address when it made
> the outgoing connection.
Try
ipchains -A forward -s $gameboy -d 0.0.0.0/0 -j MASQ
Sometimes ipchains can't "guess" what your destination is. Also make
sure that the Win98 machine is using the Linux box as its default
gateway.
-Bill
--
Bill Pitz [EMAIL PROTECTED]
Silicon Valley North, Inc. www.svn.net
Internet and World Wide Web Services (707) 781-9999
------------------------------
From: Kingsley Turner <[EMAIL PROTECTED]>
Subject: Re: ipchains question
Date: Sat, 03 Jul 1999 07:45:59 +1000
Jack Snodgrass wrote:
>
> I'm trying to get ipchains set up so that I can masquerade a win98
> box via my Linux box which I've attached my cable modem to.
>
> I use
> ipchains -P forward DENY
> ipchains -A forward -s $gameboy -j MASQ
>
> where $gameboy is the IP Address of my win98 box.
Jack,
I seem to remember reading that ipchains will use the first applicable
record.
So it DENYs everything, because that's your first rule.
You should be able to leave off the top rule anyway,
try:
ipchains -A forward -s $gameboy -d 0.0.0.0/0 -j MASQ
If all this fails, try opening up everything, and then close off
stuff until you break it.
-kt
------------------------------
From: larry <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,redhat.general
Subject: zmodem with cu
Date: Fri, 02 Jul 1999 21:30:47 GMT
I am using Expect scripts and cu to access (propriatary) systems remotely.
Some systems offer zmodem transfers that I can acess using minicom. I
would like to use expect and cu to complete these zmodem transfers but I'm
unsure how to use zmodem with cu. Minicom's interface is to combersome for
me to use with expect.
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
From: Bill Pitz <[EMAIL PROTECTED]>
Subject: Re: Ethernet to Token-Ring Bridge
Date: Fri, 02 Jul 1999 21:34:02 GMT
[EMAIL PROTECTED] gave us the interesting posting of:
> Is there anyone in the Linux Community that has
> successfully setup a Ethernet to Token-Ring
> Bridge? If so could you please steer me in the
> right direction.
That would work the same as any other bridge. Check the Bridge and
Bridge+Firewall HOWTOs at the Linux Documentation Project...
There are also some other resources available at www.linux.org
Basically, you need an ethernet board and a token ring board. Run
the bridging configuration tool, or just setup the two networks on
different machines. Either way would work.
Linux views the network devices all the same when it's routing/forwarding/
bridging so you could bridge lots of things... (ethernet, ppp, hdlc,
token ring, etc..)
-Bill
--
Bill Pitz [EMAIL PROTECTED]
Silicon Valley North, Inc. www.svn.net
Internet and World Wide Web Services (707) 781-9999
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
