Linux-Networking Digest #769, Volume #11 Sat, 3 Jul 99 08:13:38 EDT
Contents:
Question about firewall configuration ("Jaroslaw Kolacz")
Re: OK - I GIVE UP! - can't give users ftp access!!!!???? (M. Buchenrieder)
Re: My modem is not responding (CodeWright)
IPCHANS, IP MASQ, Multiple NICS, and problems. (Jack Snodgrass)
Re: DHCP flooded cable network!! (Andreas heydendael)
Re: PCI Eth Card w/ IRQ=5? ("j. de groot")
Re: Worried about snmpd hacker (2nd post) (M. Buchenrieder)
Re: C++ templates: More than Turing Complete? (Nathan Myers)
Still not having any luck... ("Daniel Mitchell")
Re: IP Aliasing - need help real bad ("Ricky J. Sethi")
Pacifc Bell ADSL, RedHat 5.2, Newbie (S.B.)
Worried about snmpd hacker (2nd post) (razoon)
sqlinit: DBROOT must be set !!! ("Pletschette Andr�")
isdn via external TA - how? (Gnana)
Re: DSL filtering ports (James Knott)
----------------------------------------------------------------------------
From: "Jaroslaw Kolacz" <[EMAIL PROTECTED]>
Subject: Question about firewall configuration
Date: Sat, 03 Jul 1999 09:35:12 GMT
Hello all!
I am using a linux machine as a firewall. Everything is working ok with one
exception: I have some problems with ping.
on any LAN computer (with Win98):
- ping another LAN computer: OK
- ping any host in internet: timeout
- ping linux firewall: timeout
on the linux computer:
- ping another LAN computer: OK
- ping any host in internet: OK
- ping linux firewall or the loopback interface: "ping: sendto: Operation
not permitted"
After changing the default input and output policy from "deny" to "accept"
everything is working OK but i want to use "deny" as default.
What should i change to fix this problem? Can any linux expert give me an
example how to configure the firewall with ipfwadm (only for the ICMP
protocol)?
I have already tried some configurations, but i was not able to correct the
problem.
Thanx.
Jarek
------------------------------
Crossposted-To: linux.redhat.install,alt.os.linux.mandrake
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: OK - I GIVE UP! - can't give users ftp access!!!!????
Date: Sat, 3 Jul 1999 07:14:49 GMT
[Newsgroups: trimmed, F'Up-To: set]
[EMAIL PROTECTED] (Bob) writes:
[...]
>SO - anon can login, no problem.
Good.
>real users get bad passwd.
[...]
Make sure that the ftpd daemon is using shadow passwords as well,
otherwise the authentication process will (logically) not work.
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
------------------------------
From: CodeWright <[EMAIL PROTECTED]>
Subject: Re: My modem is not responding
Date: Fri, 02 Jul 1999 23:52:33 -0400
doc450 wrote:
>
> i am using linux redhat 5.2
> I have a rc56hcfpci modem,
===
hcf - host controller function (requires software driver)
Check with your modem's manufacturer. If they don't have a Linux
driver for the modem, then you're SOL. It's a sure bet that the
"Linux community" doesn't have a driver for it, as it's probably
a propriatary device for which the manufacturer will not release
the driver specs for. (If you want more info, do a DeJaNews search
for "Linux" and "WinModem".
Your best bet is to get your money back, and buy a *real* modem.
> My modem uses com port 1, and irq 11 on windows 98.
> I have both win98 and linux on same computer, in which i have each setup on
> a different hard drive.
> When i went into network configurations i created a ppp, when i try
> activating it nothing happens. I tried using minicom to see if i would hear
> or see something happening, but nothing happens.
> I tried at the prompt:
> rm /dev/modem
> ln -s /dev/cua0 /dev/modem
>
> Then i tried using minicom to see what would happen, nothing happened.
> Please help me, I do not know what to do now!
--
Lew Pitcher
Master Codewright and JOAT-in-training
------------------------------
From: [EMAIL PROTECTED] (Jack Snodgrass)
Subject: IPCHANS, IP MASQ, Multiple NICS, and problems.
Date: Sat, 3 Jul 1999 05:30:53 -0500
Hi,
The short form of the question: Does anyone know how to make IP
Masquerading with ipchains use a different IP Address than the IP
Address that it decides to use? It's using the wrong source address.
The long form of the question.....
My router machine ( redhat 6.0 with 2.2.10 kernel ) looks like this
eth0 24.4.x.x - cable modem
eth1 207.239.x.x - ADSL modem
eth1:0 24.4.x.x - address of my cable modem ( eth0 )
eth2 192.168.x.x - private network
the default route on the box goes through eth1:0 which means
that my default route goes out on my ADSL link using the
source address of my Cable modem. Stuff comes in over the
cable modem but goes out over the ADSL link. This stuff
works great. FWIW: @home has implemented a 128K upload
cap. With this setup, I get 768K upload cap ( via ADSL )
and a faster download than my ADSL link.
The problem is when I use
ipchains -A forward -j MASK -s 192.168.0.0/24 -d 0.0.0.0/0
My 192.168.0.0/24 stuff is sent out, but it gets assigned
the eth1 address as it's source address. It should/needs
to have eth1:0 ( which is the default route ) assigned as
it's source address.
With a 'multihomed' network, I'm assuming that IP Masquerade is
figuring out which interface a packet is going to go out on and
using the IP Address of that interface. This is how it appears
to be working... but isn't the way I need it to work. This
behavior means that the packet goes out with the source address
of my ADSL link so it comes back over the ADSL link.
If anyone has any suggestions on how to work around this or fix
this, please let me know.
--
jack - [EMAIL PROTECTED] - http://www.cybermail.net
ICQ# 27979473 <img src="http://logos.cybermail.net/cybercool.gif">
------------------------------
From: Andreas heydendael <[EMAIL PROTECTED]>
Subject: Re: DHCP flooded cable network!!
Date: Sat, 3 Jul 1999 10:36:21 +0000
First of all: why use DHCP anyway?.....there are only two computer
connected to the internet anyway. Makes the administration a lot easier.
And as far as your problem goes: I think it has to do with IP-forwarding
that isn't turned off. Give that one a try. And use tcpdump to see what
actually happens on your connection to the outside world. So you can
trace the culprit maker.
Good luck
On Tue, 29 Jun 1999, Ed Davis wrote:
> Hi,
> I have had Linux running for almost a year now using ipfwadm to connect 2
> other home computers running windoze. Today the cable internet provider
> called me and said they had to shut down my connection because I was
> flooding the network with requests for an IP address, thousands of requests.
> They said either I had a wrong DHCP configuration (stock redhat config) or
> I had been hacked. This Linux box has been just sitting there running nicely
> for a long time. Has anyone heard of this, it's a Redhat 5.2 distribution.
> Can't imagine being good for a year then crash. Needless to say I have put
> windoze on after I was told I could be terminated as a customer if it
> happened again. Any insight would be appreciated and might help someone else
> avoid this.
>
> Thanks
> Ed
>
>
>
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Andreas Heydendael
#1 mail: [EMAIL PROTECTED]
#2 mail: [EMAIL PROTECTED]
www: http://huizen.dds.nl/~jasminus
*let's all help eachother and make this
world a place to live in in peace*
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
From: "j. de groot" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux,linux.redhat.misc,linux.redhat.install,comp.os.linux.hardware
Subject: Re: PCI Eth Card w/ IRQ=5?
Date: Sat, 3 Jul 1999 12:51:12 +0200
I've got a DEC DE200. It works fine with winblows, and Linux also detected
it like it should do. On the old ISA card you have to set the jumpers right.
So this could be a nice card.
John Hovell heeft geschreven in bericht <[EMAIL PROTECTED]>...
>I am having problems finding an ethernet card that will work in my
>machine since so many of today's cards are PNP and you can't change the
>IRQ.
>
>Bottom line: The only IRQ I have left availible in my system is IRQ 5.
>Does anyone know a PCI Ethernet card that can use (or be configured to
>use) IRQ 5? I have tried the Linksys and Intel to no avail.
>
>Any suggestions would be much appreciated.
>
>TIA,
>John Hovell
>
------------------------------
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: Worried about snmpd hacker (2nd post)
Date: Sat, 3 Jul 1999 10:00:07 GMT
[EMAIL PROTECTED] (razoon) writes:
>I want people be able to make an anonymous ftp connection to my
>server.
Unless you do have very good reasons to do that, don't.
>I read in the messages file someone was connected through snmpd.
>Is that something to worry about? What can the person do?
[...]
There are possible exploits with various daemons and programs
on a standard Linux system. There's no such thing as "perfect
security" with any networked machine. Read some good books
on system security and administration, follow security-related topics
and advisories and see e.g. www.rootshell.org .
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
------------------------------
From: [EMAIL PROTECTED] (Nathan Myers)
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.development.system
Subject: Re: C++ templates: More than Turing Complete?
Date: 3 Jul 1999 01:03:33 -0700
Davin McCall <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (Nathan Myers) wrote:
>
>>The point you missed by quibbling is that once you cleave the solution
>>space along a library boundary, you have left the domain of "computer
>>science" and are firmly in the domain of "engineering" where your
>>precious axioms are just obvious facts, and the hard problems
>>involve tradeoffs and organizational choices.
>
>I'm really not sure what you mean. "Cleave the solution space along a
>library boundary"??
Any complete program is just, ultimately, a sequence of instructions,
and any Turing-complete language can generate them.
Split the program into pieces, and then you have interfaces between
the pieces. Turing completeness says nothing about those interfaces.
Getting those interfaces right, and getting the cut lines in the
right places to allow them to be right, is the domain of engineering.
C++ has a large variety of very strong tools to describe library
interfaces because it is an engineering language. C has many fewer
such tools.
>>>I take it that you mean they must understand the principles, although
>>>not necessarily how they are applied in C++.
>>
>>No, absolutely the opposite! Real, useful programs are written
>>using real language features. To understand principles you must
>>first understand the specific application. All valid principles
>>are derived from experience, however they may be dressed up after
>>the fact.
>
>Perhaps I was taking you too literally again. If not: Maybe principles
>are derived from experience (that is probably arguable in itself)
You think maybe principles come from a big divinely inspired book?
> , but
>not necessarily from experience with C++. Even the principles of the
>C++ language can be seen in use in other languages. I can envisage the
>indirect studying of the C++ principles, whether knowingly or
>unknowingly, by studying various other languages (including those
>which C++ has borrowed its principles from).
Principles, divorced from experience, rot. If you want to understand
good principles, the only trustworthy source is good code. If you
want to understand the principles behind the success of C++, you must
study good, real C++ programs and libraries. There are no shortcuts.
--
Nathan Myers
[EMAIL PROTECTED] http://www.cantrip.org/
------------------------------
From: "Daniel Mitchell" <[EMAIL PROTECTED]>
Subject: Still not having any luck...
Date: Sat, 3 Jul 1999 03:15:18 -0500
Okay, I tried all the stuff you guys suggested and I think I'm very close to
getting it to work, but there all still a few problems. I'm trying to start
PPP from a command prompt like this:
pppd /dev/ttyS2 115200 debug user <username> connect "chat -v '' ATD<phone
number> CONNECT ''"
I'm logging the pppd and chat responses and they look like this (I've only
included what I presume to be the important stuff):
pppd started by root, uid 0
...
CONNECT
-- got it
send (^M)
Serial connection established.
Using interface ppp0
Connect: ppp0 <--> /dev/ttyS2
sent [LCP ConfReq id=0x1 <magic (this value keeps changing)> <pcomp>
<accomp>]
last message repeated 9 times
LCP: timeout sending Config-Requests
Connection terminated.
Receive serial link is not 8-bit clean:
Problem: all had bit 7 set to 0
Hangup (SIGHUP)
Exit.
It seems to me that it is that "sent [LCP..." line that is screwing things
up.
Here is what my /etc/ppp/options and /etc/ppp/pap-secrets files contain. I
tried adding +pap to my options file, but pppd would return the error "peer
authentication required but no suitable secret(s) found for authenticating
any peer to us (localhost.localdomain)".
/ETC/PPP/OPTIONS:
lock
crtscts
defaultroute
noipdefault
default-asyncmap
/ETC/PPP/PAP-SECRETS:
<username> ppp0 <password>
Just for reference, I found a web page that I'm using as sort of a guide at
http://axion.physics.ubc.ca/ppp-linux.html . I really appreciate all the
help, and I look forward to your next posts. Thanks again,
Daniel
------------------------------
From: "Ricky J. Sethi" <[EMAIL PROTECTED]>
Subject: Re: IP Aliasing - need help real bad
Date: Sat, 3 Jul 1999 01:25:59 -0700
Hi Bob,
I've been having major problems with IP aliases, too (you might want to
check my previous posts, especially the "RH Linux Guru Final Exam"). Have
you tried using "netcfg"? In my experience, that works very well.
Alternatively, you can access it by running "control-panel". This should
allow you to set em up and if it gives you any problems, delete all the
interfaces (the aliases and the primary one) for that particular interface
(e.g., delete eth0:1, eth0:0, and eth0) using netcfg and then re-enter them
all (again using netcfg). You can then either restart network or <gasp>
reboot (if you want to play it safe... for some reason, that sometimes works
better than just a /etc/rc.d/init.d/network restart). That should bring em
up and as long as they don't time out (my continuing problem :), you should
be fine. If they do time out, then all I can say is "Welcome onto my
boat... plenty of room in the back" :-]
Good luck,
Rick.
Bob Creedy <[EMAIL PROTECTED]> wrote in message
news:7lkb69$plr$[EMAIL PROTECTED]...
> I'm desperate with this problem and if anyone can help I'll really
> appreciate it.
>
> I've just installed Mandrake 6.0 (redhat 6.0), and ran 'linuxconf' to
> set up my ip aliases but found after activating them that there's no
> response to ping. I've done this many time on Redhat 5.2 and I
> followed the same procedure and it did create the correct
> configuration files.
>
> I ran "/sbin/ifconfig eth0:0 up" and got this response:
> SIOCSIFFLAGS: Cannot assign requested address
>
> I then ran 'ifup eth0:0' and got this:
> SIOCSIFNETMASK: No such device
> SIOCSIFBRDADDR: No such device
> 205.210.156.248: unknown interface: No such device
> SIOCADDRT: No such device
>
> the config file (/etc/sysconfig/network-scripts/ifcfg-eth0:0)
> contains this:
> IPADDR="205.210.156.248"
> NETMASK="255.255.255.0"
> which seems normal to me.
>
> Can anyone help? About 40 businesses are off-line because of this
> and I have to get them going soon.
>
> Thanks.
>
> Bob
>
> --
>
>
>
============================================================================
=
> Bob Creedy [EMAIL PROTECTED]
> Internet Innovations
> Cambridge, Ontario
> Canada
>
============================================================================
=
------------------------------
From: [EMAIL PROTECTED] (S.B.)
Subject: Pacifc Bell ADSL, RedHat 5.2, Newbie
Date: Sat, 03 Jul 1999 09:02:27 GMT
Is there anyone out there who is using the DSL service from pacbell.
I am trying to setup the service on my laptop. Can anyone give me some
direction on how to do this. I am using a Tohiba 325 CDS. With a
Kingston Ethernet PC Card Adapter Model No: KNE-PC2BT. I am new to
linux and cannot find any information on DSL and Laptops any info
would be greatly appreciated.
Thanks
S.B.
------------------------------
From: [EMAIL PROTECTED] (razoon)
Subject: Worried about snmpd hacker (2nd post)
Date: Sat, 03 Jul 1999 08:24:43 GMT
Reply-To: [EMAIL PROTECTED]
I want people be able to make an anonymous ftp connection to my
server.
I read in the messages file someone was connected through snmpd.
Is that something to worry about? What can the person do?
What is the ipchains-rule for letting people in as anonymous
user and still be safe on the other hand?
thanks
------------------------------
From: "Pletschette Andr�" <[EMAIL PROTECTED]>
Crossposted-To:
comp.infosystems.www.servers.unix,comp.os.linux,comp.os.linux.help,japan.www.server.apache
Subject: sqlinit: DBROOT must be set !!!
Date: Sat, 3 Jul 1999 12:55:16 +0200
When starting Apache, with httpd I get:
sqlinit: DBROOT must be set !!!
Does anybody know what this means and can anybody help me?
Thank's
______________________
Pletschette Andr�
http://www.grosbous.lu
------------------------------
From: Gnana <[EMAIL PROTECTED]>
Crossposted-To: de.alt.comm.isdn4linux
Subject: isdn via external TA - how?
Date: Sat, 03 Jul 1999 11:23:04 GMT
hello all,
I am running redhat linux 6.0 kernel 2.2.5
I have a ISDN TA128E that sits in COM1 of my box.
I have used pppd but I don't know how to go about dialing to
ISDN.
What tools should I get? How do I connect?
Pl. consider this urgent and send a reply as soon as possible.
Thanks
-gnana
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (James Knott)
Subject: Re: DSL filtering ports
Date: Fri, 02 Jul 1999 20:06:12 -0400
Reply-To: James Knott <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>,
Mark Evans <[EMAIL PROTECTED]> wrote:
>Scott Sweeting <[EMAIL PROTECTED]> wrote:
>
>> "Pacific Bell Internet Services filters out all non-IP protocols for DSL
>> customers, however, this does not guarantee the security of your
>> computer or LAN. If file and print sharing is not required on your
>> computer or network, we recommend that you turn it off as a minimum
>> security solution."
>
>Sounds like this is written to be understood best by Windows users.
See Dick.
See the computer.
See Dick look at the computer.
See the computer crash.
Hear Dick say "<expletive deleted> Windows!!!". :-)
--
E-mail [EMAIL PROTECTED]
_________________________________________________________________________
The above opinions are my own and not those of ISM Corp., a subsidiary of
IBM Canada Ltd.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
