Linux-Networking Digest #837, Volume #11 Fri, 9 Jul 99 12:13:46 EDT
Contents:
Re: Here's My Networking Problems ("Salvador Asturias Jr.")
Re: Problem with Linux Networking, need help please ("Salvador Asturias Jr.")
Re: Setting up printer under Samba ("Mark Six")
Re: FTP through IP MASQ problem (Flavio Curti)
Re: Do DNS wildcards have a propagation delay? (Barry Margolin)
Re: Do DNS wildcards have a propagation delay? ("Robert Glover")
Re: diald too frequent ("Robert Glover")
Allow FTP access but disable interactive logins ([EMAIL PROTECTED])
diald and outlook (Dustin Puryear)
RCN USRobotics CMX cable modem woes... ([EMAIL PROTECTED])
Re: Allow FTP access but disable interactive logins (Marius van Wyk (remove NOSPAM.))
Proxy server vs. IP Masquerade
printing via network problem (ng harris)
Re: pppd server - no gettys need apply ("Le, Duc [CAR:CF77:EXCH]")
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (I R A Aggie)
help! Cron Unexpectedly Updates Daily ([EMAIL PROTECTED])
netgear card configuration ([EMAIL PROTECTED])
Postfix (Pranav Kothari)
----------------------------------------------------------------------------
From: "Salvador Asturias Jr." <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,alt.linux,comp.os.linux.questions
Subject: Re: Here's My Networking Problems
Date: Fri, 09 Jul 1999 07:31:08 -0500
Win95 loads the IPX/SPX compatible protocal and NetBEUI by default with the Netware and
Microsoft clients. You must load the TCP/IP protocol manually.
I can't remember what Win98 does, but I've got 3 systems here, one with Linux and the
other two with Win98. Linux is running as an Internet gateway through ADSL so that I
can use my Win98 boxes on the 'net. Make sure that the IP addresses and subnet masks
are correct. What kind of NIC are you using? One "problem" that I have run into
before
is that on the NIC, if it has both a 10BaseT and a 10Base2 (thinnet) connection on it,
make sure that you have the right one enabled if the NIC doesn't do so automatically.
I
spend a couple hours trying to troubleshoot a similar problem and that was the
resolution. I felt kinda stupid by overlooking that.
btw, NT Server 3.51 loaded IPX/SPX protocol by default as well. back in the day...
David Meissner wrote:
> Yuki Taga wrote:
> >
> > On Sun, 20 Jun 1999 17:19:26 GMT, in article
> > <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> >
> > >On Sat, 19 Jun 1999 10:20:30 GMT, [EMAIL PROTECTED] (Yuki
> > >Taga) wrote:
> > >
> > >>On Sat, 19 Jun 1999 01:45:27 -0500, in article
> > >><[EMAIL PROTECTED]>, Bill Reynolds <[EMAIL PROTECTED]> wrote:
> > >>
> > >>>Have you selected the correct transport protocal. Linux uses TCP/IP and Windows
> > >>>98 uses IPX. Also you probably need to assign your linux box some kind of
> > >>>dns number.
> > >>
> > >>This is certainly amazing news about Windows98 to me. Do the folks at Novell
> > >>know about this? <vbg>
> > >>
> > >>Yuki ^_^
> > >
> > >As I recall, Win98 and Win95 both install IPX and NetBEUI by default.
> > >So unless they've changed the default config, Win98 *would* be using
> > >IPX.
> >
> > NetBEUI I could believe. IPX, I don't. I have never seen any M$ product that
> > loaded IPX by default. None. Zero.
> >
> > Yuki ^_^
>
> Actually, if you do a default install of Windows 98 on a clean machine
> that was not running any other OS other than DOS, it will install the
> Netware client and the Microsoft network client, and will therefore also
> install IPX. I've been using customized msbatch installs of Windows 95
> for several years now so I can't recall if Win95 originally did the same
> thing. But Win98 does.
>
> DM
------------------------------
From: "Salvador Asturias Jr." <[EMAIL PROTECTED]>
Subject: Re: Problem with Linux Networking, need help please
Date: Fri, 09 Jul 1999 07:57:37 -0500
I have the same setup here at my home. I have a Linux box running RedHat v6.0
installed right out of the box. I have an ADSL connection to my Linux box that
I share with my 2 other Win98 machines and everything works great except for an
ftp problem that I am having. However, I have not experienced any kind of
connection loss yet.
It does sound like that other PC on your ISP's network might be causing a
problem. Have you called your ISP to complain? Don't tell them that you're
running Linux, 'cause they might just blame that. I believe that with
ipchains1, you can filter out packets from a particular ip address. I know
you're not running ipchains, but it's something to think about. Of course, if
your NIC is being flooded with UDP packets, I'm not sure if there's much you can
do about it.
T Clark wrote:
> Greetings,
>
> I recently installed a Linux box as a router for my home PC network. The
> Linux box is connected to a DSL line via a LinkSys LNE100TX card. I have a
> second LinkSys card connected to a 10/100 Mbps Hub which also connects to
> the 2 Win98 boxes in my local net. The Windows boxes have static IP
> addresses, 192.168.1.xxx and the Linux box also has a static IP,
> 207.55.xxx.xxx which was provided by my ISP.
>
> Everything works. I can ping everyone and the 2 Windows PCs can share the
> internet connection just fine. So what's the problem you ask? Well after a
> period of time the connection stops working. It's hard to descrbe the
> symptoms but essentially any requests for information from the internet time
> out, whether its email, news or just plain old web surfing. I can usually
> recover by rebooting the Linux machine, though sometimes I must reboot the
> Windows machine as well. You can usually detect the situation by looking at
> the load monitor that come up in X windows. If there is a solid black 'box'
> indicating heavy loading then you can almost always be sure that the machine
> needs to be rebooted.
>
> I am running RH 5.2 straight out of the box. I have currently loaded no
> patches or updates other than the latest and greatest ipfwadm. I have also
> looked at the log files and an seeing an interesting entry. Another PC on
> the ISP network is sending me UDP packets, alot of them. This is usually the
> last entries before everything hangs. I can see where ipfwadm is denying the
> UDP resuests as I expect it to. I am wondering is this is a hacker attack or
> simply a rogue PC 'spraying' the net with junk UDP packets. I am also
> wondering if this might be the infamous ping of death.
>
> My questions are:
>
> 1. What if any patches should I load on top of 5.2? I have been to the Red
> Hat Errata site and there is a long list of patches available. Some of them
> do not appear to impact networking.
>
> 2. Are there any log files beyond what I can find in /var/log that will help
> me trouble shoot the problem further? How can I tell if someone is trying to
> hack the root account or any other account for that matter? Do I need to
> turn loggin on somewhere?
>
> Thanks in advance
> TC
------------------------------
From: "Mark Six" <[EMAIL PROTECTED]>
Subject: Re: Setting up printer under Samba
Date: Fri, 9 Jul 1999 20:54:44 +0800
Brad Felmey ���g��峹 ...
>On Thu, 8 Jul 1999 15:07:43 +0800, "Mark Six" <[EMAIL PROTECTED]>
>posted:
>
>>I want to use Linux Server as print server, with samba I can share the
>>printer for Windows Platform. Sure I can directly sent the print job to
Jet
>>Direct Printer Server, but I would like the Linux Server handle the print
>>queue.
>
>Why on earth would you have chained print servers/queues? What is the
>difference (to Windows) between sending the job to a Linux queue (and
>thence on to the JD) or sending to the JetDirect queue? Do you
>specifically want a slower and more complex print setup? I get the
>feeling you don't have a solid grasp of what a JetDirect is. It's not
>just a network interface, it's a standalone print server and queue all
>by itself.
>
>Did I misunderstand you?
>--
>Brad Felmey
Sure, I know what a HP JetDirect is, just because it only has 4M memory,
wanna to use the Linux one which has 128M memory and the processing power to
queue lots of print jobs. However, is it make sense to let a PII 450 Linux
box with 128M ram to process the print queue other than print directly to
the Jet Direct 5000 with 4M ram?
thanks.
============
Mark Six
------------------------------
From: Flavio Curti <[EMAIL PROTECTED]>
Subject: Re: FTP through IP MASQ problem
Date: Fri, 09 Jul 1999 15:09:11 +0200
> And then, nothing happens after that. What's up with that? Here are the
> parameters for IP MASQ, which I placed in the /etc/rc.d/rc.local:
>
> ipchains -P forward DENY
> ipchains -A forward -i eth1 -j MASQ
> echo 1 > /proc/sys/net/ipv4/ip_forward
nothin's wrong, just that FTP is a little bit complicated to handle for
the masquerading stuff. this means you need to load an helper
application. try:
insmod ip_masq_ftp
if no output, it worked (to be shure, look for ip_masq_ftp in the output
of 'lsmod')... that should do it... add this command to your rc.local...
hope it helps
------------------------------
From: Barry Margolin <[EMAIL PROTECTED]>
Crossposted-To: ,comp.protocols.tcp-ip.domains,comp.protocols.tcp-ip
Subject: Re: Do DNS wildcards have a propagation delay?
Date: Fri, 09 Jul 1999 13:38:30 GMT
In article <[EMAIL PROTECTED]>,
Scientia <[EMAIL PROTECTED]> wrote:
>Yesterday I asked also for DNS wildcards (so that any subdomains
>whatever.mydomain.com is redirected to my domain).
>My provider created DNS wildcards for me, but they do not work yet!
>
>So my question is: s there a propagation delay (around 3 days)
>also for DNS wildcards sbudomains?!
>(That seems strange to me).
Since DNS doesn't "propagate" in the first place, there can't be any
"propagation delay". The only delays in DNS are due to caching. DNS does
have negative caching, so if a server received a "No such name" error, it
will remember that the name doesn't exist and not ask again for a while.
The Minimum field in the domain's SOA record controls how long this lasts,
but most servers on the Internet are not yet running versions of BIND that
implement this; most of them either don't do negative caching or they have
a hard-coded negative cache TTL, which I believe is 15 minutes.
Tell us what your domain is and maybe we can explain the real problem.
--
Barry Margolin, [EMAIL PROTECTED]
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
From: "Robert Glover" <rglover@air(dot)ups(dot)com>
Crossposted-To: comp.protocols.tcp-ip.domains,comp.protocols.tcp-ip
Subject: Re: Do DNS wildcards have a propagation delay?
Date: Fri, 9 Jul 1999 12:46:44 -0000
If they are using periodic zone transfers (every three days), then it
may take that long.
Scientia wrote in message <[EMAIL PROTECTED]>...
Final questions regarding the problems I had with propagation delay.
Now my domain works.
Yesterday I asked also for DNS wildcards (so that any subdomains
whatever.mydomain.com is redirected to my domain).
My provider created DNS wildcards for me, but they do not work yet!
So my question is: s there a propagation delay (around 3 days)
also for DNS wildcards sbudomains?!
(That seems strange to me).
Thanks for your help
Fabrizio
[EMAIL PROTECTED]
------------------------------
From: "Robert Glover" <rglover@air(dot)ups(dot)com>
Subject: Re: diald too frequent
Date: Fri, 9 Jul 1999 12:54:11 -0000
Did you try tcpdump?
I assume that it's a ppp interface. If it is then try:
tcpdump -i ppp0
[EMAIL PROTECTED] wrote in message <7m3scl$vpo$[EMAIL PROTECTED]>...
I have had diald up and running for some time now
on my RH-ish Linux 2.2 box. Recently, diald
decided to start dialing every 2 minutes oor so.
I suspect I got cracked, but I see no hard
evidence. Anyway, is there a way to determine the
process that is generating the network request? I
looked in /var/log/messages, but could only find
the packet type. I'd like to track that sucker
down and kill it like the dog it is.
TIA.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Allow FTP access but disable interactive logins
Date: Fri, 09 Jul 1999 13:25:19 GMT
Hi, I am running Red Hat 6.0 and I was wondering if anyone knows how to
configure Red Hat so that it allows a real user (ie. not an anonymous
user) to login through FTP but does not allow that same user to login
interactively, ie. using telnet, etc. In an attempt to achieve this I
created a test account which has the following line in the passwd file:
test:x:522:522:Test Account:/home/test:/dev/null
I have also tried /bin/false and /etc/ftponly as described in the
man page for ftpaccess. With this entry in the passwd file, it does
not allow me to telnet to the machine, it says 'connection closed'
because there is no shell which is what I am after, but it also does not
allow me to FTP to the machine. I get an error message when I try to
FTP:
530 Login incorrect.
Login failed.
if I changed the shell to /bin/bash, for example, I can login with
both ftp and telnet using this test account. I am starting the ftpd
with the following options in the inetd.conf:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
and my ftpacces file is unmodified from the original installation
except the top line which reads:
class all real *
Does anyone know what I am doing wrong?
Thanks,
Dave
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Dustin Puryear)
Subject: diald and outlook
Date: Fri, 09 Jul 1999 13:57:09 GMT
When Outlook tries to send an email and there is no connection diald
is either too slow to bring up a connection or not doing it at all.
Outlook then gives a "cannot connect to pop server" message. Is there
a way around this?
---
Dustin Puryear
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: RCN USRobotics CMX cable modem woes...
Date: Fri, 09 Jul 1999 13:45:56 GMT
Hi,
I've been using MediaOne's cable modem service (with dhcpcd) for a year
now on my RedHat 4.2 machine. I decided to switch to RCN recently and
now, my dhcp doesn't work anymore. They gave me a USRobotics CMX cable
modem. Their IP addresses don't change once they give u one (they claim
and I've sort of verified it thru booting 98 many times). My win98 box
works fine with it. I've even tried setting it up statically (not using
dhcpcd) with the same numbers I got out the win98 box winipcfg and that
doesn't work either. I tried it on another box running RedHat 5.2 using
the dhcpcd that came with it and that doesn't work either. I know
people have said they've gotten that modem to work fine with 5.2 and
dhcpcd. I don't know if it's something I setup wrong or if it's a linux
dhcpcd/RCN compatibility problem. Any help would be GREATLY
appreciated!
Thanks,
-Mike
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Marius van Wyk (remove NOSPAM.))
Subject: Re: Allow FTP access but disable interactive logins
Date: Fri, 09 Jul 1999 14:43:03 GMT
On Fri, 09 Jul 1999 13:25:19 GMT, in comp.os.linux.networking [EMAIL PROTECTED]
wrote:
> Hi, I am running Red Hat 6.0 and I was wondering if anyone knows how to
> configure Red Hat so that it allows a real user (ie. not an anonymous
> user) to login through FTP but does not allow that same user to login
> interactively, ie. using telnet, etc. In an attempt to achieve this I
> created a test account which has the following line in the passwd file:
>
> test:x:522:522:Test Account:/home/test:/dev/null
You must add /dev/null as a valid shell in /etc/shells. There is an option someplace in
ftp to disable this security option, but I can't remember for the life of me where.
Another option to disallow people would be to edit /etc/securetty and only have local
ttys
in there.
There is however the problem that people will still (depending on the setup) be able to
rlogin and rsh to the machine, but most versions of these programs use the same
version of
auth as login. You just ay need to test it to make sure.
Better yet, remove rsh and rlogin from your services file.
There is another handy tip, changing:
> test:x:522:522:Test Account:/home/test:/dev/null
to:
> test:x:522:522:Test Account:/home/test/./:/dev/null
Will do a chroot (For ultimate security) on /home/test/ (See your ftpd.conf man pages
for
this)
PS: Use /dev/false instead of /dev/null, it's an executable as well as being more
apltly
named.
Anyway, hope this helped.
M.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Proxy server vs. IP Masquerade
Date: 9 Jul 1999 14:52:08 GMT
What are the security issues in using a proxy server such as socks5
versus implementing Linux IP masquerading? I'm trying to decide between
the two for connecting a small LAN to the Internet. We basically want
to block any request initiated from the outside. (We don't have a web
server or anything else that needs to be visible to the outside world.)
My readings thus far indicate the proxy server is probably better for this,
but I must admit that I am not clear on all of the issues involved in
choosing between these two approaches.
Thanks in advance for any helpful advice...
--
Roger Blake
(remove second "g" from address for email)
------------------------------
From: ng harris <[EMAIL PROTECTED]>
Subject: printing via network problem
Date: Wed, 7 Jul 1999 12:57:51 GMT
Hei all,
I'd be very grateful for any help with this problem.
PROBLEM
I'm trying to print to a remote printer (mac3) which is a
HP4000N model attached to a NT server. I'm trying to
print from my RH6.0 box (kernel 2.2.5) but the
printjob never gets out of the print queue.
SYMTOMS:
When the printcap is this:
##PRINTTOOL3## REMOTE laserjet 300x300 a4 {} LaserJet Default {}
mac3:\
:sd=/var/spool/lpd/lp:\
:mx#0:\
:sh:\
:rm=:\
:rp=mac3.domain.name.com:\
:if=/var/spool/lpd/lp/filter:
the lpq and lpc commands gives similar messages, for example lpq:
Warning: unable to get official name for remote machine
mac3 is ready and printing
Rank Owner Job Files
Total Size
active root 4 /etc/printcap 402
bytes
..and nothing comes out of the printer and the job stays queued.
SOLUTIONS TRIED
(1)
When I fill in the rm line of the printcap with the server's IP#
lpq gives the following:
IP-address-of-LINUX-box: mac3 is ready and printing
Rank Owner Job Files
Total Size
1st root 6 /etc/printcap
415 bytes
connection to IP-address-of-server is down
(2) pinging the server or the printer IP is successful
(3) adding the server and printer IP#'s to hosts.lpd makes no difference
(4) printing using winNT direct to the printer IP is successsful
..any ideas?
thanks in advance
n. harris
------------------------------
From: "Le, Duc [CAR:CF77:EXCH]" <[EMAIL PROTECTED]>
Subject: Re: pppd server - no gettys need apply
Date: Fri, 09 Jul 1999 10:35:11 -0400
Hi,
I followed the instructions from this site until the end, but I can't get
pass the PAP authorization.
Any help are much appreciated.
Chris Cocozzo wrote:
>
> I recently did the same thing. I used mgetty 1.14 (I think, whatever came
> with RH6.0) and pppd 2.3.7. The following site walks you thru it.
> http://members.bellatlantic.net/~mrdennis/mgetty.html
>
> I can dial in from any win 9x pc and check my mail, surf, telnet...the whole
> shebang!!
>
> Good luck!
>
> Chris
> Leo Cyr wrote in message <[EMAIL PROTECTED]>...
> >I'd greatly appreciate pointers to get a pppd server setup which does
> >not use getty for the user to login to and then run pppd as the user's
> >login shell. I've heard of this being done by running pppd inside
> >inittab and having the options set so that pppd with auth dialin users
> >via pap or chap. I'm asking this because I've tried a WIDE variety of
> >configuration possibilities with (virtually) no success.
> >
> >TIA
> >Leo
> >
--
Duc H. Le
===============================================================
Nortel Networks | Phone: (613) 763-3798
P.O. Box 3511, Station C, | Fax: (613) 763-5507
Ottawa, Ontario, K1Y 4H7 | email: [EMAIL PROTECTED]
===============================================================
------------------------------
From: [EMAIL PROTECTED] (I R A Aggie)
Crossposted-To:
omp.os.ms-windows.nt.advocacy,comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark?
Date: 9 Jul 1999 14:21:25 GMT
Reply-To: [EMAIL PROTECTED]
On 8 Jul 1999 18:08:32 -0700, Jason O'Rourke <[EMAIL PROTECTED]>, in
<7m3i2g$pat$[EMAIL PROTECTED]> wrote:
+ I R A Aggie <[EMAIL PROTECTED]> wrote:
+ >What part of 9.2 million >> 300,000 are you having difficulty
+ >understanding? Your statement doesn't stand up to scrutiny very
+ >well.
+
+ Which part of combat+civilian casualties was so hard for you to figure
+ out.
That wasn't the point. The original, wrong-headed, stated-as-fact
supposition was that US *combat* casulties exceeded the ENTIRE BRITISH
POPULATION, CIVILIAN, MILITARY AND ROYALTY.
+ That said, one source suggests that combat + civilian deaths in England
+ was closer to 400k.
Thank you for proving my point...
James
------------------------------
From: [EMAIL PROTECTED]
Subject: help! Cron Unexpectedly Updates Daily
Date: Fri, 09 Jul 1999 14:30:40 GMT
Any Linux gurus out there? I have a web server
that keeps logs on the number of hits that my
customers get, but for some reason, instead of
the logs rolling over every month, they are
rolling over every day.
I'm not exactly sure if its cron or not, but its
just very weird.
Any suggestions would be greatly appreciated.
Lawrence Mak
[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: netgear card configuration
Date: Fri, 09 Jul 1999 15:04:00 GMT
Hey guys!
I have a problem setting up my Netgear card (a tulip card)on Linux 5.2.
I tried to activate eth0 in netcfg. But every time I do is getting
deactivated again
ifconfig only returns a local loop.
Thanks for an advice in advance.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Pranav Kothari <[EMAIL PROTECTED]>
Subject: Postfix
Date: Fri, 09 Jul 1999 10:35:09 -0500
I was recently told about an alternative to Sendmail called Postfix.
Does anyone have practical experience with this product. I would like
to have more security with my mail. Is postfix my solution to
Sendmail's woes??? Thanks in advance for all help.
Chris
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
