Linux-Networking Digest #965, Volume #11 Wed, 21 Jul 99 15:13:26 EDT
Contents:
Re: My Dissapointment to find Linux not a viable solution (root)
Strange reboot (Antonio Santos)
Re: ISP uses PAP, but not always?? (bill davidsen)
Strange reboot (Antonio Santos)
Re: Linux Internet Email gateway and MS Exchange.... ("Chris")
Re: DHCP for 2 addresses on the same ethernet card? (Rudolf Potucek)
Problem accessing SMB shares via NT ("Paul Young")
Re: DHCPd & dual homed server ("Bill")
Re: Automatic Dial on Demand every 15 minutes (bill davidsen)
Firewall and Proxy ([EMAIL PROTECTED])
Re: [Q] ipchains how-to? (Rudolf Potucek)
Re: Block specific IP with ipchains? (bill davidsen)
Remote Printing and RedHat 6.0 ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (root)
Subject: Re: My Dissapointment to find Linux not a viable solution
Crossposted-To: comp.os.linux.advocacy,comp.security.firewalls
Date: Wed, 21 Jul 1999 17:29:43 GMT
I don't think ANY of the Internet Virus Scanners were able to
prevent the recent mayhem via WINDOZE macros, mailers, etc. The
problem is that the virus/whatever can spread much faster than
the companies can detect, analyse, destroy, and then distribute
solutions for their scanning products.
Although such products have limited value in the sense
that they will detect and deal with the use of "old" viruses,
and possibly stop a casual breach of policy, they are not much
use at all.
Better is a simple security policy on how to deal with
email attachments (or how to deal with email at all). Such a
policy has prevented my own networks from being destroyed,
partly because of how email is handled, and partly from the
fact that our people are knowledgeable about how to deal
with unexpected email attachments. We were able to detect and
deal with recent epidemics without the need for network virus
scanners.
rats @ rat-hole . com
(replies to the sending account get dropped at the firewall...)
------------------------------
From: Antonio Santos <[EMAIL PROTECTED]>
Subject: Strange reboot
Date: 21 Jul 1999 17:31:11 GMT
Dear all
I was outside my faculty during a few days to install a linux box
in another department (with a NT network, so it took me a few days...)
While I was logged in as a user I spotted a shutdown at 9:00PM on Monday.
All the users in this box were gone for holidays, and the last login
was at 8:00PM from a friend who was with me at that moment. We run
a firewall at the faculty, but I've set up all the possible (?) security
configurations I know (no unecessary daemons, tcp wrappers, etc). This
linux box is connected to an UPS, and the shutdown was smooth (no
devs uncleanly unmounted). I've looked up the logs but apparently nothing
strange happened. The strange thing is, if it was a power failure, all
the winboxes that are in my subnetwork should have the passwd dialog
in (after rebooting). Is it possible for the kernel to reboot
spontaneously? The box was running for several months and I've noticed that
the pids were getting higher and higher...
Should I suspect from an attack (kind of DOS) or an installed rootshell?
(and no, I didn't install tripwire :-( )
Thanks in advance
Antonio Santos
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
From: [EMAIL PROTECTED] (bill davidsen)
Subject: Re: ISP uses PAP, but not always??
Date: 21 Jul 1999 17:40:02 GMT
In article <[EMAIL PROTECTED]>,
Paul Winkler <[EMAIL PROTECTED]> wrote:
| I'm finding that about half the time, seemingly at random, I can't get a
| connection to my ISP. Some days it's fine, some days it's inconsistent,
| some days it takes so many calls to get a connection that I just give
| up. The ISP uses PAP, but I've determined through my logs and through
| minicom sessions that when things aren't working, for no apparent
| reason, I get a shell account login prompt instead, in which case I
| never get PAP authenticated and chat & pppd eventually give up. (I don't
| have a shell account at the ISP!)
There's a high probability that your chat script is hosed and has an
extra RETURN at the end. On many types of dialing which support both PPP
and shell, if it sees a RETURN it switches to shell login.
Check your chat script.
--
bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
The Internet is not the fountain of youth, but some days it feels like
the fountain of immaturity.
------------------------------
From: Antonio Santos <[EMAIL PROTECTED]>
Subject: Strange reboot
Date: 21 Jul 1999 17:31:13 GMT
Dear all
I was outside my faculty during a few days to install a linux box
in another department (with a NT network, so it took me a few days...)
While I was logged in as a user I spotted a shutdown at 9:00PM on Monday.
All the users in this box were gone for holidays, and the last login
was at 8:00PM from a friend who was with me at that moment. We run
a firewall at the faculty, but I've set up all the possible (?) security
configurations I know (no unecessary daemons, tcp wrappers, etc). This
linux box is connected to an UPS, and the shutdown was smooth (no
devs uncleanly unmounted). I've looked up the logs but apparently nothing
strange happened. The strange thing is, if it was a power failure, all
the winboxes that are in my subnetwork should have the passwd dialog
in (after rebooting). Is it possible for the kernel to reboot
spontaneously? The box was running for several months and I've noticed that
the pids were getting higher and higher...
Should I suspect from an attack (kind of DOS) or an installed rootshell?
(and no, I didn't install tripwire :-( )
Thanks in advance
Antonio Santos
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
From: "Chris" <[EMAIL PROTECTED]>
Subject: Re: Linux Internet Email gateway and MS Exchange....
Date: 21 Jul 1999 18:15:58 GMT
Hmm, I tried this...
I created a hash mailertable.db with makemap. Altered the Kmailertable line
in the sendmail.cf to reflect this and then uncommented some more
mailertable stuff in the sendmail.cf
Still fails in exactly the same way though...
it fails to resolve the host domain.com :(
Andrey Smirnov <[EMAIL PROTECTED]> wrote in article
<7mnola$7t1$[EMAIL PROTECTED]>...
> Edit /etc/mailertable and add the following entry:
>
> domain.com smtp:[exchange_machine]
>
>
> Good luck!
>
> Chris wrote in message <01becf90$2affccc0$9b64a8c0@pf12>...
> >Hmmm, the main issue at the moment seems to be that mail in the queue on
> >the linux machine dosn't get forwarded to the exchange machine. I
thought
> >it would just be a case of adding an entry in the hosts file on the
linux
> >point the email domain to the exchanges IP address (it seems ot wokr
this
> >way in AIX). Is there something else I need to do?
> >
> >Andrey Smirnov <[EMAIL PROTECTED]> wrote in article
> ><7mlu29$66h$[EMAIL PROTECTED]>...
> >> Hello,
> >>
> >> Exchange server needs to have the "Internet Connector" installed and
> >> configured to send all outgoing mail to Linux box (in the properties
of
> >> connector go to 'Connections' tab and choose 'Forward all messages to
the
> >> host' option, then enter Linux box's IP address there).
> >>
> >> As far as accepting e-mail, I think your Linux box needs to be setup
as a
> >> primary e-mail exchanger (in DNS database), so all e-mail addressed to
> >your
> >> domain will be routed to that host. Then you need to work on creating
> >domain
> >> mail routing rule (search in sendmail documentaion for
> >> /etc/mail/domaintable, also /etc/mail/mailertable) so all incoming
e-mail
> >> will be forwarded to the Exchange machine.
> >>
> >>
> >> Good luck!
> >>
> >> Chris Hubbard wrote in message <[EMAIL PROTECTED]>...
> >> >Hi all,
> >> >Here is what I'm trying to do.....
> >> >
> >> >Pick up mail on a linux box, then toss it over to one of our Exchange
> >> servers
> >> >for distribution in the network.
> >> >
> >> >So its something like this:
> >> >
> >> >Incoming:
> >> > Internet ---- POP3 ----> Linux Box ---- SMTP ----> MS Exchange
> >> >Outgoing:
> >> > MS Exchange ---- SMTP ----> Linux Box ---- SMTP ----> Internet
> >> >
> >> >It seems like something thats do able but I'm having a 'little'
getting
> >the
> >> >Linux to talk to exchange.
> >> >At the moment the Linux is fine, it'll send and receive mail and dial
up
> >> quite
> >> >happily. I have the networking done so it can see the Exchange
server.
> >I'm
> >> just
> >> >a little stumped as to how to get them talking.
> >> >I assume I'll have to get all the mail into one account on the box
> >then
> >> pass
> >> >that to exchange and it can sort out all the peoples mail.
> >> >
> >> >Does anyone have any clues? has anyone done anything similar?
> >> >
> >> >Cheers,
> >> >Chris.
> >> >
> >> >
> >> >--
> >> >If you must choose between two evils,
> >> >pick the one you've never tried before.
> >> >---------------------------------------
> >> > [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Rudolf Potucek)
Crossposted-To: comp.security.firewalls
Subject: Re: DHCP for 2 addresses on the same ethernet card?
Date: 21 Jul 1999 17:53:55 GMT
Ok, I'll take another look, but as I said in the original posting, the
trivial way of making an aliased interface and using DHCPCD for it didn;t
work ...
Rudolf
Greg ([EMAIL PROTECTED]) wrote:
: Have you taken a look at the IP Aliasing How-to ?
: Seems this ought to cover what you need to do.
: Didn't see it mention so I thought I'd ask :)
: Greg
: Rudolf Potucek <[EMAIL PROTECTED]> wrote in message
: news:7n1613$[EMAIL PROTECTED]...
: >
: >
: > I admit I haven't done enough reading yet, but is it impossible to
: > get the 2nd IP because the DHCP protocol uses hwaddr or is it just
: > because the client won't do it?
: >
: > Rudolf
: >
--
------------------------------
From: "Paul Young" <[EMAIL PROTECTED]>
Subject: Problem accessing SMB shares via NT
Date: Wed, 21 Jul 1999 18:16:31 GMT
To all that can help:
I've configured SMB on Red Hat LINUX 6.0 and also added the LINUX box to
be a member of the NT domain. Although I have no trouble accessing the file
shares on LINUX via Windows 95/98 machines, when accessing those same shares
from a NT box, it always prompt for login even though the users are already
defined on /etc/passwd file on the LINUX box. In addition, when I enter in
the account name and password, it denied access by showing the message:
"Machinename is not accessable. The account is not authorized to login from
this station". Any ideas? Help!
------------------------------
From: "Bill" <[EMAIL PROTECTED]>
Subject: Re: DHCPd & dual homed server
Date: Wed, 21 Jul 1999 11:16:54 -0700
Turbo,
I decided to specify the NIC for DHCPD during startup. That seemed to do the
trick.
My thanks to the individual who suggested this earlier.
Something like: dhcpd eth1
(eth1 is the NIC for my LAN)
Bill
TURBO1010 <[EMAIL PROTECTED]> wrote in message
news:7n105b$rgb$[EMAIL PROTECTED]...
> Maybe he means the subnet, I don't know. I'll try to set this up tonight,
> let you know what happens.
>
>
> Bill <[EMAIL PROTECTED]> wrote in message
> news:7ml1m7$rjh$[EMAIL PROTECTED]...
> >
> > I've had the exact same problem. However, what do you mean by
> > "y.y" should be my network address not ip address? Where would
> > I get this info from my service provider? Thanks in advance.
> >
> > Confused Newbie
> >
> > Stuart R. Fuller <[EMAIL PROTECTED]> wrote in message
> > news:3fejm7.ev1.ln@localhost...
> > > Allan Wingenback ([EMAIL PROTECTED]) wrote:
> > > : I have RH Linux 5.2 installed on a box I want to use as a server and
> an
> > > : internet gateway for a small network (5-10 win95 clients). This
> server
> > has
> > > : 2 network cards and I want to use DHCPd to provide network addresses
> to
> > the
> > > : internal computers only. My network setup is good, and I've
installed
> > dhcpd
> > > : and written the dhcpd.conf file as per the mini-HOWTO for my
internal
> > subnet
> > > : address range. When I start the dhcpd service, it reports "No
Subnet
> > > : declaration for eth0 (184.161.y.y)" which is the Internet interface.
> > Since
> > > : I don't want to send DHCP info to the Internet, how do we configure
> > > : dhcpd.conf to not use eth0?
> > > :
> > > : My configuration:
> > > : External (Internet) NIC: eth0, 161.184.y.y, subnet 255.255.255.248,
> > 3c509b
> > > : Internal NIC: eth1, 192.168.x.x, subnet 255.255.255.0, 3c509b
> > >
> > > In your /etc/dhcpd.conf, add the following:
> > >
> > > subnet 161.184.y.y netmask 255.255.248.0 {
> > > }
> > >
> > > where "y.y" is your network address (not your IP address).
> > >
> > > What this does is to:
> > >
> > > a) make dhcpd happy that the 161.184.y.y subnet is declared
> > > b) tell dhcpd to not service that subnet
> > >
> > > Stu
> > >
> >
> >
> >
>
>
>
------------------------------
From: [EMAIL PROTECTED] (bill davidsen)
Subject: Re: Automatic Dial on Demand every 15 minutes
Date: 21 Jul 1999 17:01:29 GMT
In article <7misa8$jbk$[EMAIL PROTECTED]>,
Robert Daumann <[EMAIL PROTECTED]> wrote:
| Now every 15 minutes the server starts the ISDN interface and contact the
| nameserver outside. There were sent out 240 bytes and 249 bytes are coming
| in. The files at the local nameserver have no flag with a time of 15 minutes
| or 900 seconds.
|
| In the messages log file there is the following entry:
|
| 192.168.100.25 ->194.25.0.124 (UDP) 1024 -> 53
|
| the private IP is the adress from the ISDN-interface.
I'm more interested in the other address... it doesn't seem to resolve
in DNS. My speculation is that something in your system is trying to use
a name which requires outside DNS. The master record for the domain in
question lists 194.25.0.124 as the nameserver. That is not a valid IP
address as far as I can tell, or is so many hops down the food chain in
Germany that it can't be reached from the USA (see below).
I would look and see what in you systems served by this nameserver is
asking for an address in Germany and not getting it. Sendmail often
retries queue runs every 15 minutes (HINT!!).
One possible solution is to add routing to route that address via lo0,
which will prevent the calls. Yes, I know it's ugly.
================================================================
traceroute to 194.25.0.124 (194.25.0.124), 30 hops max, 40 byte packets
1 B1-T18.195.prodigy.com (198.83.18.195) 2 ms 1 ms 1 ms
2 207.115.49.6 (207.115.49.6) 3 ms 4 ms 2 ms
3 nyor1sr1-2-0.ny.us.ibm.net (165.87.28.3) 3 ms 3 ms 3 ms
4 nyor1br1-12-1-0.ny.us.ibm.net (165.87.28.161) 4 ms 3 ms 3 ms
5 bethjbr1-at-1-1-1-2.md.us.ibm.net (165.87.230.81) 12 ms 13 ms 12
ms
6 beth1sr2-12-1-0.md.us.ibm.net (165.87.29.164) 12 ms 11 ms 11 ms
7 165.87.97.225 (165.87.97.225) 14 ms 13 ms 13 ms
8 sl-bb12-rly-0-1.sprintlink.net (144.232.0.33) 13 ms 13 ms 13 ms
9 sl-bb11-rly-8-0.sprintlink.net (144.232.7.213) 13 ms 14 ms 13 ms
10 sl-bb11-pen-7-0.sprintlink.net (144.232.8.154) 14 ms 16 ms 15 ms
11 sl-bb10-pen-10-0.sprintlink.net (144.232.5.154) 15 ms 15 ms 15 ms
12 Penns-gw1.USA.net.DTAG.DE (194.25.6.197) 153 ms 172 ms 173 ms
13 NYC-gw1.USA.net.DTAG.DE (62.156.131.145) 203 ms 212 ms 209 ms
14 HH-gw12.HH.net.DTAG.DE (62.156.131.141) 299 ms 282 ms 281 ms
15 HH-gw13.HH.net.DTAG.DE (62.156.140.70) 270 ms 262 ms 270 ms
16 H-gw13.H.net.DTAG.DE (62.156.139.21) 255 ms 244 ms 239 ms
17 * DO-gw13.DO.net.DTAG.DE (62.156.131.54) 279 ms *
18 DO-gw1.DO.net.DTAG.DE (62.156.131.18) 293 ms 287 ms 287 ms
19 MS-gw2.MS.net.DTAG.DE (62.156.138.162) 288 ms 284 ms 292 ms
20 NIC-ditch.MS.net.DTAG.DE (194.25.10.70) 340 ms 283 ms 269 ms
21 * * *
22 * * *
================================================================
--
bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
The Internet is not the fountain of youth, but some days it feels like
the fountain of immaturity.
------------------------------
From: [EMAIL PROTECTED]
Subject: Firewall and Proxy
Date: Wed, 21 Jul 1999 18:11:42 GMT
I've been hearing some great things about Linux, and Im eager to learn.
I need some guidance regarding setting up a firewall/proxy on a Linux
box for my home network.
Network specs:
1 - Novell 4.11 Server (file and print services, security)
1 - NT 4 Server (applications)
1 - Win98 wrkstn
1 - Win95 wrkstn
10/100 TP-Cat5 Hub
I currently am running my NT box as my proxy/gateway using a 3rd party
app call Wingate. Wingate uses D.U.N. (dialondemand) to establish my
net connection.
I've recently aquired a PentiumPro 180 and would like to set it up as
proxy/firewall. Ill be using 2 3com 3C905T4 Nic's.
I've searched the web and have yet to find any info regarding setting
this up in easy to understand instructions. Red Hat Linux 6.0 hasn't
been installed yet on this machine so it will be a fresh install. What
components need to be installed beside the standard. Does Linux support
DUN? The IP addresses are abigeous except for the Gateway and DNS for
my DUN. My main concern is security(firewall) but IP sharing is equally
important. Anyone else have a similar setup. Is all this possible?
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Rudolf Potucek)
Subject: Re: [Q] ipchains how-to?
Date: 21 Jul 1999 18:14:01 GMT
Hey guys, there was a *reason* I was very brief in spelling this out.
Have you ever considered the difference between:
ipchains -A forward -s 192.168.1.2 -j MASQ
and
ipchains -A forward -i eth1 -j MASQ
I believe you need to be somewhat paranoid when you set up a firewall,
because otherwise you might just as well stay with the 'forward
everything' setup and let the Machines behind the gate deal with it.
Plus it's called IP *chains*. How about:
---
ipchains -P input DENY
ipchains -A -i <world iface 1 = eth0) -j in-world
...
ipchains -A -i <world iface n = ppp0) -j in-world
ipchains -A -i <local iface n = eth1) -j in-local
...
ipchains -A -i <local iface n = eth1:10) -j in-local
ipchains -A -i lo -j ACCEPT
---
ipchains -N in-world
# Kill illegal addresses
ipchains -A in-world -s 10.0.0.0/8 -j DENY
ipchains -A in-world -s 127.0.0.0/8 -j DENY
ipchains -A in-world -s 172.16.0.0/12 -j DENY
ipchains -A in-world -s 192.168.0.0/16 -j DENY
# Maybe block off some ports etc. here. Up to you
# The default policy for non-standard chains seems to be accept
# but this way we are certain AND we can count traffic ...
ipchains -A in-world -j ACCEPT
---
ipchains -N in-local
# Some paranoia (assuming we are using 10.0.0.0/8 as internal IPs
ipchains -A in-local -s ! 10.0.0.0/8 -j DENY
ipchains -A in-local -j ACCEPT
---
That would be a nice basic setup. From here you can start masking off
illegal ports, redirecting stuff etc. but always keep in mind: either you
don't care or you need to be paranoid. The two setups in the quoted
posting, for example, will allow anyone cunning enough, to send a packet
from the outside world to your linux machine stating that it comes from
192.168.1.2 and wants to be sent to x.x.x.x. You machine will gladly
masquerade that packet and guess who'll get the blame when any
porthacking attempts are detected from your IP ...
Just my $.02
Rudolf
Chris Spears
([EMAIL PROTECTED]) wrote: : These are the correct rules
: ipchains -P forward DENY
: ipchains -A forward -s 192.168.1.2 -j MASQ
: ipchains -A forward -p TCP -d 192.168.1.2 2000:2200 -j MASQ
: ipchains -A forward -p UDP -d 192.168.1.2 4000 -j MASQ
: The first rule denys all
: second sets up basic MASQ rules
: and the third and fourth let ICQ run correctly
: You need to make copies of the last 3 rules for each machine changing the ip
: to your setup.
: Chris
: --
: Chris Spears
: [EMAIL PROTECTED]
: CS1501/2330 Rec. TA
: Georgia Tech UnderGrad.
: Marc <[EMAIL PROTECTED]> wrote in message
: news:[EMAIL PROTECTED]...
: > Hello,
: >
: > After reading some how-to's about ipchains I still have problems.
: > We have 3 pc's on a lan (10.10.10.2-10.10.10.4) running win95.
: > On our gateway we are running RH6 and installed two networkcards, for
: > the lan with ip 10.10.10.1 and to the cable internetmodem with the
: > static ip from the isp. I have to use a default gateway at my isp.
: > On the linux pc I can use internet fine.
: >
: > What must the ipchains commands looks like to allow the win95 pc's
: > on the lan to use internet with all the common protocols
: > (http,ftp,pop,new,icq)
: >
: > Many thanks in advance.
: >
: >
--
------------------------------
From: [EMAIL PROTECTED] (bill davidsen)
Subject: Re: Block specific IP with ipchains?
Date: 21 Jul 1999 17:38:01 GMT
In article <7mtekk$a2c$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
| I am on a corporate network with 5 of my buddies
| running redhat 6.0. At times someone will
| occasionally export DISPLAY=<my IP> and launch
| xsnow or xmelt or something. I want to be able to
| block all traffic from their IP addressess while
| allowing me to contact them if necessary. I have
| installed ipchains and used the following command
You can't do that. If you block all packets you have nada
communications. You can block packets to your X server, or even prevent
them from opening any sockets to your machine (see -y in ipchains), but
if you block everything they're gone.
I might note that running your X server wide open is a bad thing(tm) to
do anyway...
--
bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
The Internet is not the fountain of youth, but some days it feels like
the fountain of immaturity.
------------------------------
From: [EMAIL PROTECTED]
Subject: Remote Printing and RedHat 6.0
Date: Wed, 21 Jul 1999 18:25:25 GMT
I have several linux boxes running file and print services. I have
remote printing setup so that print jobs destined for the one of the
other networks goes to the local server, then to other network server,
and finally it is sent to the printer.
My problem is that I recently upgraded one of the servers to RedHat 6.0
and now it no longer accepts remote print jobs. Here are the error
messages:
lpd[18145]: Can't create temp cfp file
lpd[18145]: w_engineer: can't scan /var/spool/lpd/w_engineer
Is this a bug with the lpd? I've noticed that this was listed as bug on
the Debian bug list when doing a www.deja.com search. Does anybody know
what I can do to fix this?
Thanks
James Hubbard
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
