Linux-Networking Digest #941, Volume #11 Mon, 19 Jul 99 16:13:37 EDT
Contents:
in need of FREE stuff for a server ("Webmaster")
Securing an Internal Network (Matt)
Why is the PPP server so slow? (Zoltan Pittner)
Re: linux, PPP, AT&T Worldnet - looks like PPP does not start??? (Lou Poppler)
Re: DNS server problems! ("Andrey Smirnov")
Re: are 4 nics practical? (Greg Leblanc)
Re: RH 6.0 firewall config (Chip Transisto)
Re: A mess at work on LInux ("Morris Maynard")
Session Timeout on RH 6.0 w/ 2.2.5-15 ("Patrick Nolan")
Re: Looking for PPoE on Linux (Francois Magnan)
TELNET & NFS ("Larry Rivera")
Hardware Q: 10Mb DSL Router to 100Mb network ("steve davidson")
Re: NetGear Ethernet Card (Frank Sweetser)
----------------------------------------------------------------------------
From: "Webmaster" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux,comp.os.linux.questions,comp.os.linux.redhat,comp.os.linux.setup
Subject: in need of FREE stuff for a server
Date: Mon, 19 Jul 1999 21:06:33 +0200
Reply-To: "Webmaster" <binyamin@isranews</SPAM>.to>
Hi I am a poor webmaster who is trying to open a webserver with a linux box but
in my country they ask me tones of $ to build the server and I cannot pay for
it. I wander if outside their is any body who will be willing to give away some
software and hardware to build this server?
Please contact me at [EMAIL PROTECTED]
For the moment I really need:
1. 2 network card (3com 100/10)
2. 1 router
3. 1 frame relay card.
4. 64 Mb of RAM
5. every think you may think who may be useful ...
Thank you very much
------------------------------
From: [EMAIL PROTECTED] (Matt)
Crossposted-To: comp.security.firewalls
Subject: Securing an Internal Network
Date: 19 Jul 1999 07:59:20 PDT
I want to share a common connection to the Internet among several
computers. I plan to have a Linux box between the internal network and
the Internet. One NIC on the Linux box will have a valid IP address,
the other NIC will have an internal IP address. The internal network
will have IP addresses assigned via a DHCP server in the 192.168.x.x
range.
The Linux box will have IP masquerade and IP forwarding turned on. It
will have an FTP server and maybe an HTTP server, but no other
services available to the Internet. The internal network primarily
consists of Windoze clients.
My question(s):
Do I need a more formal firewall (w/ proxy servers)?
With the above setup, is there a way for a bad guy on the Internet to
directly access the internal network (without compromising the Linux
box)? I understand that if the Linux box is successfully hacked, all
bets are off.
Any other major security issues to watch out for?
Thanks,
Matt
If this is a dumb question - be kind.
------------------------------
From: Zoltan Pittner <[EMAIL PROTECTED]>
Subject: Why is the PPP server so slow?
Date: Mon, 19 Jul 1999 14:27:09 -0400
Hi.
I'm trying to use the Red Hat 6 as internet gateway in a corporate
enviroment. I don't have internet connection just yet, but the server is
set up, ready to go. In the server I have two network cards (100Mbs) one
is connected to the internal betwork, the other one will be connected to
the ADSL (2.5Mbs) router (perhaps tomorrow). The computers on the
network are configured (through an NT DHCP server) to have the default
gateway pointing to the internal network card in the Linux machine.
Whenever I try to telnet from a workstation to the Linux I have to wait
3-5 minutes while it is connecting properly. Same with the FTP and POP3
servers.
the Linux originally was set up to use as default gateway it's own
(internal) IP, but I took that out, hoping that the whole thing will
speed up a little bit.
Any idea what's going on?
thanks, Zoltan
------------------------------
From: Lou Poppler <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.ppp,linux.redhat.ppp,comp.os.linux.setup
Subject: Re: linux, PPP, AT&T Worldnet - looks like PPP does not start???
Date: 19 Jul 1999 18:40:36 GMT
Reply-To: [EMAIL PROTECTED]
In comp.os.linux.networking,
Andre Konstantinov <[EMAIL PROTECTED]> wrote:
: Jul 18 22:00:08 physics pppd[289]: Connect: ppp0 <--> /dev/ttyS2
: Jul 18 22:00:09 physics pppd[289]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
: <magic 0x3b3d725f> <pcomp> <accomp>]
: Jul 18 22:00:09 physics pppd[289]: rcvd [LCP ConfReq id=0x20 <asyncmap 0x0>
: <pcomp> <accomp> <auth chap MD5> <magic 0x12e0e12>]
: Jul 18 22:00:09 physics pppd[289]: sent [LCP ConfAck id=0x20 <asyncmap 0x0>
: <pcomp> <accomp> <auth chap MD5> <magic 0x12e0e12>]
: Jul 18 22:00:12 physics pppd[289]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
: <magic 0x3b3d725f> <pcomp> <accomp>]
: Jul 18 22:00:12 physics pppd[289]: rcvd [LCP ConfReq id=0x21 <asyncmap 0x0>
: <pcomp> <accomp> <auth chap MD5> <magic 0x12e0e12>]
It looks like the remote is not seeing anything you send to it.
Even though you are ack-ing its requests, and sending some requests
of your own, the remote never seems to see what you are sending, since
it does not send ack nor nak to your requests, and it keeps repeating
the same ConfReq of its own. Why don't you try turning on ppp's
kernel debugging messages, and see what is happening to the stuff
you are trying to send ?
--
Lou Poppler <[EMAIL PROTECTED]> | "Understanding is a three-edged
http://www.msen.com/~lwp/ | sword..."-- Ambassador Kosh, Babylon5
------------------------------
From: "Andrey Smirnov" <[EMAIL PROTECTED]>
Subject: Re: DNS server problems!
Date: Mon, 19 Jul 1999 11:30:56 -0700
Hello,
I'm not sure what version of named you are running, but you may need to edit
/etc/named.conf file. Read man named.
Good luck
PS. One more thing, in your zone file you have a record for your domain
@ IN A 207.199.219.3
and also you have another A record pointed to the same address
ns IN A 207.199.219.3
If you want to use the same machine as your ns1 host, the above record needs
to be changed to:
ns CNAME webdsp.net.
You can only have one A record for IP address, and you need to use aliases
in order to refer to your machine using number of names (www, ftp, news,
etc.)
Rob Calfee wrote in message <[EMAIL PROTECTED]>...
>Hi all,
>
>My friend is having problems setting up his DNS name server. Below
>are all the files. The first is the actual error from nslookup.
>Could someone with more knowlegde of the subject look at these files
>and try find any errors that may be present. He is trying to setup a
>prmary nameserver for the Internet. I know he'd appreciate, him being
>my boss and all. Thanks in advance.
>
>Rob Calfee
>Oracle DBA
>[EMAIL PROTECTED] (or the at the sig below)
>
>
>
>
>IP of Server - 207.199.219.3
>name of server - ns1.webdsp.net
>
>
>
>Error being given by nslookup
>[root@NS1 named]# nslookup
>*** Can't find server name for address 207.199.219.3: Server failed
>*** Default servers are not available
>
>_____________________________________________________________________
>;NAMED.BOOT
>;
>; a caching only nameserver config
>;
>directory /var/named
>cache . named.ca
>primary webdsp.com named.hosts
>primary 219.199.207.in-addr.arpa named.rev
>______________________________________________________
>;NAMED.HOSTS
>;named.hosts file for webdsp.com
>;
>@ IN SOA ns1.webdsp.net. jhonken.webdsp.net. (
>99071901 ; serial number
>86400 ;refresh 24 hrs
>300 ; retry 5 minutes
>2592000 ; expire 30 days
>86400 ; minium 24 hrs
>)
>IN NS ns1.webdsp.net.
>;
>; The domain itself
>;
>@ IN A 207.199.219.3
>IN MX 100 mailhost.webdsp.net
>IN HINFO PC-586 Linux
>;
>; The primary Nameserver
>;
>ns IN A 207.199.219.3
>nameserver IN CNAME ns1.webdsp.net.
>;
>; Other Hosts
>;
>localhost IN A 127.0.0.1
>
>_________________________________________________________
>NAMED.LOCAl
>@ IN SOA localhost. root.localhost. (
> 1997022700 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> IN NS localhost.
>
>1 IN PTR localhost.
>
>__________________________________________________________
>;NAMED.REV
>;named.rev file for webdsp.com
>;
>@ IN SOA ns1.webdsp.net. jhonken.webdsp.net. (
>99071902 ; serial number
>86400 ; refresh 24 hrs
>300 ; retry 5 minutes
>2592000 ; expire 30 days
>86400 ; minium 24 hrs
>)
>IN NS ns1.webdsp.net.
>;
>; Reverse map the IP addresses
>;
>3 IN PTR ns1.webdsp.net.
>___________________________________________________________
>;NAMED.CA
>; This file holds the information on root name servers needed to
>; initialize cache of Internet domain name servers
>; (e.g. reference this file in the "cache . <file>"
>; configuration file of BIND domain name servers).
>;
>; This file is made available by InterNIC registration services
>; under anonymous FTP as
>; file /domain/named.root
>; on server FTP.RS.INTERNIC.NET
>; -OR- under Gopher at RS.INTERNIC.NET
>; under menu InterNIC Registration Services (NSI)
>; submenu InterNIC Registration Archives
>; file named.root
>;
>; last update: Aug 22, 1997
>; related version of root zone: 1997082200
>;
>;
>; formerly NS.INTERNIC.NET
>;
>. 3600000 IN NS A.ROOT-SERVERS.NET.
>A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
>;
>; formerly NS1.ISI.EDU
>;
>. 3600000 NS B.ROOT-SERVERS.NET.
>B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
>;
>; formerly C.PSI.NET
>;
>. 3600000 NS C.ROOT-SERVERS.NET.
>C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
>;
>; formerly TERP.UMD.EDU
>;
>. 3600000 NS D.ROOT-SERVERS.NET.
>D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
>;
>; formerly NS.NASA.GOV
>;
>. 3600000 NS E.ROOT-SERVERS.NET.
>E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
>;
>; formerly NS.ISC.ORG
>;
>. 3600000 NS F.ROOT-SERVERS.NET.
>F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
>;
>; formerly NS.NIC.DDN.MIL
>;
>. 3600000 NS G.ROOT-SERVERS.NET.
>G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
>;
>; formerly AOS.ARL.ARMY.MIL
>;
>. 3600000 NS H.ROOT-SERVERS.NET.
>H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
>;
>; formerly NIC.NORDU.NET
>;
>. 3600000 NS I.ROOT-SERVERS.NET.
>I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
>;
>; temporarily housed at NSI (InterNIC)
>;
>. 3600000 NS J.ROOT-SERVERS.NET.
>J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
>;
>; housed in LINX, operated by RIPE NCC
>;
>. 3600000 NS K.ROOT-SERVERS.NET.
>K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
>;
>; temporarily housed at ISI (IANA)
>;
>. 3600000 NS L.ROOT-SERVERS.NET.
>L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
>;
>; housed in Japan, operated by WIDE
>;
>. 3600000 NS M.ROOT-SERVERS.NET.
>M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
>; End of File
>
>Rob Calfee
>DBA
>[EMAIL PROTECTED]
>Rob Calfee
>DBA
>[EMAIL PROTECTED]
------------------------------
From: Greg Leblanc <[EMAIL PROTECTED]>
Subject: Re: are 4 nics practical?
Date: Mon, 19 Jul 1999 18:39:38 GMT
In article <7museg$6no$[EMAIL PROTECTED]>,
"Beat Rupp" <[EMAIL PROTECTED]> wrote:
> Ok, I have a home server with 2 nics (LAN, cable modem) and the whole
> network is BNC. Now I want Fast Ethernet and I don't wanna buy some
> expensive dual speed hub (the thing is, that 2 parts of the network
have to
> stay 10mbits)
>
> Now I have one practical solution, which requires the least amount of
new
> cabling: the current server gets two additional nics and will become
some
> sort of router/hub. Now that this shouldn't be a problem on the
software
> side with Linux I suspect that this could decrease network speed
drastically
> on the hardware front. It's a Pentium 166, 64mb, Asus X-P55T2P4. The
nics
> would be: 10/RJ45/ISA for cable modem, 2 x 10/BNC/ISA for the 10 mbits
parts
> of the network and finally one 100 PCI nic for the new, fast part.
>
> Is it possible to copy large amounts of data (let's say hundres of
> megabytes) between these "subnets" without slowing everything down?
>
Sounds to me like you'll be beating up that server pretty badly. Are
these high quality NICs with good onboard processors? I'm guessing that
you have one host-to-pci bridge, and one pci-to-isa bridge, so
everything is running off of one data channel to the CPU. If these are
all high quality nics (not necessarily new, but definately not cheap
ne2000 clones) then I don't think you'll have much trouble unless these
file transfers are going all the time. I've seen 4 port dual speed hubs
for about $80, so they're really not all that expensive. You might look
at that, depending on how much you're willing to spend.
Greg
> Thanks in advance
>
> Beat
>
>
--
It's pronounced "sexy" not "scuzzy"!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Chip Transisto)
Crossposted-To: redhat.networking.general
Subject: Re: RH 6.0 firewall config
Date: Mon, 19 Jul 1999 19:29:15 GMT
Reply-To: Chip Transisto
My linux server has an ip of eth0:192.168.0.1 and
eth1:xxx.xxx.xxx.xxx. My other machine on the lan has
eht0:192.168.0.2. With those numbers, the following in your
/etc/rc.d/rc.local file does the trick:
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQ
On 16 Jul 1999 07:31:03 GMT, Amir Malik <[EMAIL PROTECTED]> wrote:
>I have a server which I would like to use as a firewall, it has to NICs, one for the
>Internet which has a fixed IP, and another for the network (192.168.0.2).
>I want to provide HTTP and FTP service on the server machine and also use it as a
>firewall for the other computers on my network. I just don't know how to configure
>ipchains.
>My main goal is to give the other computers on the LAN access to the Internet via the
>server machine.
>
>Network Setup:
>SERVER = LAN, eth0 (192.168.0.2) and INTERNET, eth1 (xxx.xxx.xxx.xxx)
>OTHER = LAN, eth0 (192.168.0.1)
>
>What should be the appropriate ipchains configuration? So basically Internet access
>from LAN computers should be allowed, but incoming connections on the server should
>not get to the LAN.
>
>Thanks,
>Amir
>
>------------------ Posted via SearchLinux ------------------
> http://www.searchlinux.com
------------------------------
From: "Morris Maynard" <[EMAIL PROTECTED]>
Subject: Re: A mess at work on LInux
Date: Mon, 19 Jul 1999 13:48:29 -0400
I'm not sure exactly what is meant by "accessing the data files". If you
mean that some program (one copy on each workstation) accesses a specific
file or files and that results in a sharing vioation error, then the answer
is probably that the programs were not written to be able to share their
data files with multiple copies ("instances") of the program.
If you mean that you get the problem when trying to view or list directories
from more than one machine, then there is a problem with some
operating-system-related software. First of all, are you running any
programs that you know of at startup on the Win95 boxes? Perhaps one of
these is doing something with a data file in a single location. For example,
a shareware or homegrown program trying to "protect" the Windows
configuration from changes by any user may be using a lock file, which may
be mistakenly located on the Linux machine.
If none of these ramblings lead you to an answer, post more details about
the exact sequence of events which leads to the error, the exact error
message, and how it is displayed (window or dos prompt text line).
MIKE MURRAY <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I have converted my business to using a Linux 6.0 Server with Win 95
> clients.
> It works great as long as only one of the workstations is accessing the
> data files.
> When 2 workstations try to access the same files, I getl a sharing
> violation on the
> Win95 workstation and have to go to the server and kill the workstation
> to even
> get the Other workstation to move ahead. It happens every time.
>
> I've read pages til my eyes are running red. I just don't know what;
> permissions to set or
> what to try., but I'm not giving up.
>
> Linux is going to work for us in the end
>
> Thanks.
>
>
------------------------------
From: "Patrick Nolan" <[EMAIL PROTECTED]>
Subject: Session Timeout on RH 6.0 w/ 2.2.5-15
Date: Mon, 19 Jul 1999 14:00:29 -0500
Where can I configure the telnet session timeout value on RH 6.0 running
2.2.5-15? It disconnects too quickly (about an hour of inactivity) and I'd
like to increase it to a different value.
Patrick
------------------------------
Subject: Re: Looking for PPoE on Linux
From: [EMAIL PROTECTED] (Francois Magnan)
Date: Mon, 19 Jul 1999 19:42:58 GMT
Bell Canada is currently changing it's current ADSL service to use
PPPoE. They claimed that they will release a Linux client. Maybe you
can use theirs. There is a lot of Linux users that made pressure on
Bell to get a Linux client and it seems to have worked.
If you want I can email you the client as soon as I get it.
Francois Magnan
On 07/19/99, Mugur wrote:
>PPPoE is RFC2516, so it's standardized (sort of...).
>For Linux PPPoE client, try http://www.nts.com. they're the only ones
to have
>one so far (I couldn't get it working, though :-( )
>
>Mugur
>
>______________________________________
>Mailto: mugurd at nortelnetworks.com.
>PLS do not hit "reply" directly.
>
>
>
--
______________________________________________________
Francois Magnan
Departement de Mathematique & Statistiques
Universite de Montreal
email: [EMAIL PROTECTED] (MIME, NeXTMail Ok!)
------------------------------
From: "Larry Rivera" <[EMAIL PROTECTED]>
Subject: TELNET & NFS
Date: Mon, 19 Jul 1999 12:32:52 -0700
I know that i may sound like a moron but hey I am a newbie and a linux fan
as well.
I need to know how I can setup NFS mounting and telneting to my linux boxes
i have 1 nt machine and 2 reh hat linux boxes
Thank you in advance
------------------------------
From: "steve davidson" <[EMAIL PROTECTED]>
Subject: Hardware Q: 10Mb DSL Router to 100Mb network
Date: Mon, 19 Jul 1999 12:14:35 -0700
I have a 100 Mb network with three clients, all using Netgear 100Mb net
cards connected to a 4-port 100Mb LinkSys ethernet hub. The hub has uplink
capability. I am considering purchasing DSL from a local provider - they
supply a DSL router, but it is only 10Mb capable. What are my options for
adding this device to my network? I am looking for low-cost options, as
this is my home net.
Thanks!
Steve Davidson
------------------------------
From: Frank Sweetser <[EMAIL PROTECTED]>
Subject: Re: NetGear Ethernet Card
Date: 19 Jul 1999 15:36:49 -0400
root <[EMAIL PROTECTED]> writes:
> I have a NetGear EA201 10mbps card and I need a Linux driver. Anyone
> know of one?
use the tulip driver.
--
Frank Sweetser rasmusin at wpi.edu fsweetser at blee.net | PGP key available
paramount.ind.wpi.edu RedHat 5.2 kernel 2.2.5 i586 | at public servers
Anybody want a binary telemetry frame editor written in Perl?
-- Larry Wall in <[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
