Linux-Networking Digest #973, Volume #11 Thu, 22 Jul 99 15:13:26 EDT
Contents:
Re: ppp0 and internet connection problems (Clifford Kite)
Re: ppp: proxyarp option is disabled (Clifford Kite)
Cannot set guest privileges (Hemingway)
Win98 to Linux via null modem (Paul McClean)
Re: Are two PCI NIC cards possible? (Fluke)
Re: Securing an Internal Network (Phil DeBecker)
Re: CGI in linux? Help please. (Robert Montgomery)
full duplex (benjamin j snyder)
Re: Linux Dial Up (Roy Grimm)
Re: modem for RH6.0 (manhattanian)
Traceroute with large packet on Linux (Ivan Ming-Chit Tam)
Cable internet ("Steven de Jong")
Re: POP3 on RH 6.0 and how to Forward POP requests to another server?? (Villy Kruse)
Re: ncp-ipx problem: network number collision? ("Laurence WK LAU")
Re: tulip.o (Peter Buelow)
----------------------------------------------------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: ppp0 and internet connection problems
Date: 22 Jul 1999 09:50:52 -0500
Onbekend ([EMAIL PROTECTED]) wrote:
: Can someone help me for the following problems?
: 1 GIVEN: Under X the program minicom works very good; but in a normal
: textconsole the program minicom doesn't work:
: # minicom //textconsole
: minicom WARNING: configuration file not found, using defaults
: DEVICE /dev/modem is locked
: QUESTION: how can I unlock the device /dev/modem ? The symbolic link to the
: device /dev/modem is of course OK. Ik have a dynalink V1433VQE modem.
Remove the file /var/lock/LCK..modem Or /var/lock/LCK..ttySx or
/var/lock/LCK..cuax, x=whatever for modem - this might happen if pppd is
"smart" enough to follow the symbolic link /dev/modem and lock the real
device file.
: 2 # ifconfig ppp0 is in order (all values except MTU (=1500) �n Metric
: (=1) are 0, but the de interface is not yet "up")
: #ifconfig ppp0 up
: SIOCSIFFLAGS: device not configured
: QUESTION: how can I configure this ppp0 interface , knowing that this
: device by netcfg (X)(cfr. http://users.skynet.be/jmi/netcfg is configured
: and that the automatic made script /etc/sysconfig/network-scripts/chat-ppp0
: seems to be completely OK)
Pppd creates ppp0 and then configures it. You can't easily create it
otherwise and, except for very special applications, you don't need to
configure it. Pppd can negotiate interface configuration options such
as MTU and IP addresses.
: 3 GIVEN: if I "ACTIVATE" with netcfg (X) in the tabpage interfaces the
: interface ppp0 , then after saving, each time she is automatic desactivated?
: QUESTION: how can I KEEP the interface ppp0 ACTIVE ?
You don't need to keep the ppp0 active except for a PPP connection and then
pppd does that. I don't have netcfg and can't comment on it's pecularities.
: 4 GIVEN: Netscape doesn't recognize my hosts (there is for instance not an
: entry to home.netscape.com)
: QUESTION: what am I suppose to do that Netscape should recognize my
: hosts and that the server could localise home.netscape.com ?
Configure nameservers in /etc/resolv.conf, make sure pppd has the
defaultroute option, and that there is no default route to a local
network.
: 5 GIVEN: telnet pop.skynet.be 110
: QPOP (version 2.4b2) at foxbert starting
: user ........
: pass ..........
: QUESTION: which is the "help"-commando that I can use for finding what are
: the command's that the mailpakket QPOP (version 2.4b2) is using? Can I find
: in the Internet a helpfile (http://......) for the mailpacket QPOP (version
: 2.4b2) that is describing that the commands?
Don't know QPOP or a HTTP link for POP but not many use POP this way.
Try fetchmail or one of the other programs that do POP mail retrieval.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Better is the enemy of good enough. */
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: ppp: proxyarp option is disabled
Date: 22 Jul 1999 10:06:21 -0500
Bernd Broermann ([EMAIL PROTECTED]) wrote:
: Why do I get this message in /var/log/messages when I try to start pppd
: with proxyarp option.
The 2.2.x kernels need echo -n 1 > /proc/sys/net/ipv4/conf/ppp0/proxy_arp
and echo -n 1 > /proc/sys/net/ipv4/ip_forward .
: Additional info:
: SuSE 6.1, Kernel 2.2.5
: network 192.168.1.0
: pppserver 192.168.1.1
: pppclient 192.168.1.100
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
------------------------------
From: Hemingway <[EMAIL PROTECTED]>
Subject: Cannot set guest privileges
Date: Thu, 22 Jul 1999 16:27:44 GMT
I am running linux 5.2 Ker 2.0.36 wu-ftp2.5.0(1).
I am setting it up to do anonymous ftp uploads. I followed all the good
instructions and made all basic configs i.e.
Edited /etc/shells and added /etc/ftponly entry for ftp user's shell
to prevent them from access account with telnet.
Created /etc/ftponly file with following entry. Not really needed but
what the hell :) It simply displays a message when someone tries to
telnet into the box with an ftp account.# /etc/ftponly
# ftponly shellecho " "
echo " "echo "Access Denied!"echo " "
echo "Updating Log with Connection Source..."exit 0
Edited /etc/group and added following entry
ftpers::50:
Created a test ftp account in /etc/passwd
test:9efSXXT1EYmxI:500:50::/home/ftp/./:/etc/ftponly
chown root.ftpers /home/ftp/incomingchmod 777 /home/ftp.incoming
Edited /ftpaccess and made the following changes
class remote real,guest my.ip.went.here *
upload /home/ftp/incoming/* yes root ftpers 0777 dirs
guestusers ftpers
When I try to ftp as anonymous in the /var/log/messages I get
LOGIN FAILED (cannot set guest privileges) for
(users.ip.address),ftp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Paul McClean <[EMAIL PROTECTED]>
Subject: Win98 to Linux via null modem
Date: Thu, 22 Jul 1999 19:02:55 -0700
Hi all,
I have 2 PCs one running Linux/Win98 and the other running Win98. I can
connect both together using a null modem serial link, and running
windows on both machines, I can use the direct cable connection wizard
in win98 to set up a connection. I was wondering does anyone know how to
set up a similar connection with one machine running Win95/Win98 and the
other running Linux. ( I tried using Dial up networking, but it expects
a modem and other such problems...)
Paul
------------------------------
From: Fluke <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,alt.linux
Subject: Re: Are two PCI NIC cards possible?
Date: Thu, 22 Jul 1999 19:13:52 +0200
R�tabega� wrote:
> Greetings. I am trying to install a second ethernet card in my RH6
> system for masquerading. I have a 3Com card using the 3c59x module on
> eth0 and have my ADSL modem plugged up to that..it works great. It is
> sharing IRQ 9 with my SCSI card (advansys module) and everything is
> working properly. But when I installed this Linksys Etherfast card
> using the tulip module under eth1 and restarted kerneld, I got message
> "Delaying initialization" for eth1. I then did a cat /proc/pci and it
> turns out that this Linksys card is trying to use IRQ 9 also. All cards
> in question are PCI and I know that the BIOS assigns IRQ for PCI cards.
> Is there a way to change the IRQ for this card? I edited the
> /etc/conf.modules file to set the linksys card using the tulip driver to
> io=0x300 irq=10 but it didn't change anything. It seems that the module
> can't change settings for PCI cards, is this right? What should I do?
uhm.. i think bios handles irq's for PCI/pnp stuff... at least on my box :-)
anyway.. my /etc/conf.modules:
alias eth0 ne
alias eth1 ne
options ne io=0x300,0x320 irq=3,5
1st card: io=0x300 irq 3
2nd card: io=0x320 irq 5
------------------------------
Date: Thu, 22 Jul 1999 12:41:56 -0400
From: Phil DeBecker <[EMAIL PROTECTED]>
Crossposted-To: comp.security.firewalls
Subject: Re: Securing an Internal Network
Matt wrote:
> I want to share a common connection to the Internet among several
> computers. I plan to have a Linux box between the internal network and
> the Internet. One NIC on the Linux box will have a valid IP address,
> the other NIC will have an internal IP address. The internal network
> will have IP addresses assigned via a DHCP server in the 192.168.x.x
> range.
>
> The Linux box will have IP masquerade and IP forwarding turned on. It
> will have an FTP server and maybe an HTTP server, but no other
> services available to the Internet. The internal network primarily
> consists of Windoze clients.
>
> My question(s):
> Do I need a more formal firewall (w/ proxy servers)?
>
> With the above setup, is there a way for a bad guy on the Internet to
> directly access the internal network (without compromising the Linux
> box)? I understand that if the Linux box is successfully hacked, all
> bets are off.
>
> Any other major security issues to watch out for?
>
> Thanks,
> Matt
>
> If this is a dumb question - be kind.
Not dumb at all. No, there's no way for someone from outside to initiate
a connection to your inside machines. It's still _possible_ to
compromise their security in some ways, like maybe with hostile
javascript or ActiveX stuff exploiting bugs in a Web browser, but that's
because those types of attacks work when the victim connects to the
attacker, not the other way around. Things like Back Orifice won't work
either for the same reason: they generally act as a server, and since
your linux machine won't forward connections originating from outside
into your local network nothing can reach them.
You're right about the "compromising the linux box" bit though - if
someone gets in there, you're toast. You don't need a firewall with
proxies etc, but you do want to look into running a complete ipfwadm or
ipchains based firewall that protects all your services.
At home I run a setup just like you describe: I have a mac, an old Unix
SVR3.2 box, a Win 98 box and my main Linux box, all behind an old P90
masq/firewall box running Linux. The firewall also serves as a Squid
proxy, print server, file server, name server, and occasional Quake3
server. I set up a nice set of firewall rules that basically blocks most
ICMP, _all_ UDP or TCP access to any ports below 1024 and certain other
ports (for Squid, NFS, etc), and only allows ACKed TCP connections and
UDP connections to the remaining ports. Since I don't run any services
visible to the outside world, there's really not much to worry about.
However, since you are planning to run HTTP and FTP services available to
the outside world, you need to be very careful about configuring those.
You might look into running them chroot'ed for example.
Have fun,
Phil D.
------------------------------
From: Robert Montgomery <[EMAIL PROTECTED]>
Subject: Re: CGI in linux? Help please.
Date: Thu, 22 Jul 1999 17:28:53 GMT
Andrew wrote:
> Hi. I tried to run some CGI scripts in Redhat 5.2 linux but I didn't get any
> response when I push the "submit button" in the html form.
> (This program works ok if I run it on my university's machine)
> I don't know if I should change something about my pppd or I need do
> something else. Any one can help me or point out some reference will be very
> appreciate.
If it's a perl script, make sure the first line points to the perl program on
your machine (your schools machine may have it in a different location)
The first line of the CGI should be something like:
#! /usr/bin/perl
or
#! /usr/local/bin/perl
Type "which perl" from the command line to find out the path to perl
on your machine.
Rob
------------------------------
From: [EMAIL PROTECTED] (benjamin j snyder)
Subject: full duplex
Date: 22 Jul 1999 17:11:59 GMT
Is there anything special that I need to do to get Full duplex to work in
linux? I have pruchased both a NIC and switch that are full-duplex capable,
and I REALLY want to take full advantage of it.
Thanks in advance for those who reply.
--
Ben Snyder
------------------------------
From: Roy Grimm <[EMAIL PROTECTED]>
Subject: Re: Linux Dial Up
Date: Thu, 22 Jul 1999 12:34:31 -0500
[EMAIL PROTECTED] wrote:
>
> Greetings.
>
> I am looking for information on a Linux dial up set-up that would access
> an ISP and download all mail on a scheduled basis (say every half hour
> or so)?
>
> Is there a package that can be used (Red Hat?) or (as I am currently
> thinking) setting it up in "cron" and let the system do it all?
>
> Thanks....
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
Have you considered using dial on demand PPP? You could set your mail
program to check and download every half hour and just leave the system
running. When the mail program goes to connect, dial-on-demand would
connect you. Just set it to a short idle time (say, 1 minute) for
disconnect so that once it was done, it would time out in short order,
freeing up the phone line.
Alternatively, you could set up a script to do a ppp connection, run
your mail program to download and quit (perhaps by redirecting stdin
from a text file that has your keyboard commands if command line
arguments won't do it), then log out. Then put the script in as a
crontab entry.
Or, you could setup sendmail to be a remote mail client which initiates
a periodic connection. I think it can be set to auto dial and hang up
but don't quote me on that. Alternatively, you could do the
dial-on-demand for sendmail...
Hope that helps.
Roy
------------------------------
From: manhattanian <[EMAIL PROTECTED]>
Subject: Re: modem for RH6.0
Date: Thu, 22 Jul 1999 13:28:17 -0400
==============6CE3A32B500DC733A30D380E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Any names of internal modem? I bought a USR 56k internal. It has not work so
far.
"M. Smith" wrote:
> >manhattanian <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >Hi,
> >Anybody can name some brands of modem that really works under RH6.0?
> >Thanks.
>
> I'm using an external US Robotics 28.8K that works just fine off of serial
> port 1.
--
_________________________
Zheng Wang
Tel: 212-802-6276
Fax: 212-802-6253
==============6CE3A32B500DC733A30D380E
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Any names of internal modem? I bought a USR 56k internal. It has
not work so far.
<p>"M. Smith" wrote:
<blockquote TYPE=CITE>>manhattanian <[EMAIL PROTECTED]> wrote in
message
<br>><a
href="news:[EMAIL PROTECTED]">news:[EMAIL PROTECTED]</a>...
<br>>Hi,
<br>>Anybody can name some brands of modem that really works under RH6.0?
<br>>Thanks.
<p>I'm using an external US Robotics 28.8K that works just fine off of
serial
<br>port 1.</blockquote>
<pre>--
_________________________
Zheng Wang
Tel: 212-802-6276
Fax: 212-802-6253</pre>
</html>
==============6CE3A32B500DC733A30D380E==
------------------------------
From: [EMAIL PROTECTED] (Ivan Ming-Chit Tam)
Subject: Traceroute with large packet on Linux
Date: 22 Jul 1999 17:44:29 GMT
Hi :
I am trying to do a traceroute using large
packet, e.g., 2800 bytes. I can do this on
sunos 5.5 but not on redhat Linux 5.1. On Linux
it says that the message was too long.
Looking at the traceroute source code, it is the
'sendto' that complains, possibiliy because
2800 byes is longer than what can be send in
atomic fashion. Since I didn't set the don't
fragment flag, so I would expect the IP to
do the fragmentation, instead of getting a
complain.
My question is how come I can do that in
Solaris but not in Linux, when both have ethernet
interface. How can I do it on Linux ?
Would really appreciate some help here,
thanks.
-Ivan
------------------------------
From: "Steven de Jong" <[EMAIL PROTECTED]>
Subject: Cable internet
Date: Thu, 22 Jul 1999 19:58:57 +0200
Can anyone help me setup my internet in linux?
------------------------------
From: [EMAIL PROTECTED] (Villy Kruse)
Crossposted-To: comp.os.linux.setup,linux.redhat.misc
Subject: Re: POP3 on RH 6.0 and how to Forward POP requests to another server??
Date: 22 Jul 1999 20:22:12 +0200
In article <XHGl3.124$3C5.2340@client>,
{MoosEMaN} <[EMAIL PROTECTED]> wrote:
>Hello...
>
>I recently installed RedHat 6.0..
> hmmm nice...
>
>First off.. It seems like the POP server is down!?... how do I get it back
>up?..
>
Most likely not installed. Try do rpm -q imap. The imap can be installed
from the redhat CD.
Villy
------------------------------
From: "Laurence WK LAU" <[EMAIL PROTECTED]>
Subject: Re: ncp-ipx problem: network number collision?
Date: Fri, 23 Jul 1999 02:06:20 +0800
1. Have you tried ethernet using frame type 802.3 ?
2. Are you using Novell Netware with bindery support?
G. Pollack wrote in message <[EMAIL PROTECTED]>...
>I've been trying, without success, to mount a novell server on my linux
>system (RedHat 5.2; kernel 2.2.2; ncpfs package 2.0.11-5). I have obht
>ipx and ncps modules loaded, and when I do slist I see a listing of
>servers. When I issue the ncpmount command I am prompted for a password
>and, when I enter it, I get the message "mount failed". In
>/var/log/messages I see the following:
>
>Jul 22 10:00:28 jiminy kernel: IPX: Network number collision 84cee200
>Jul 22 10:00:28 jiminy kernel: eth0 EtherII and eth0 802.2
>
>From what I've been able to discern from scanning other messages in this
>newsgroup, network collision suggest that the network is overloaded. But
>I don't think that's the case here; I can reliably log onto the network
>when running Windows, but I never can from linux.
>
>Any suggestions will be appreciated.
>
>--
>Gerald Pollack
>Dept. of Biology, McGill University
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Subject: Re: tulip.o
Date: Thu, 22 Jul 1999 12:33:56 -0500
Reply-To: [EMAIL PROTECTED]
Snowi3 wrote:
>
> Hi
>
> I have a cnet pro110b fast ethernet card, 10/100 mbit .... I found out
> through cnet that it's based on the Asix 88140 chip. And through the net, I
> found out that this chip is supported by the tulip.o driver .... I modprobed
> with it, and it found a card ... I recompiled the kernel, and inserted
> support for the tulip.o driver ..... And it finds a card on bootup,
> modprobes it, and up's it and everything ... when I run ifconfig, I have an
> eth0 with the ip 192.168.1.10 ... And no errors what sp ever when it boots
> up the card, it even identifies the chip as AX88140 ..... But whenever I try
> to ping another ip on my network, and on the same subnet, like 192.168.1.20,
> I get a 100 % packet loss, and no replies. I works fine to ping my ip
> internal though, like if I ping 192.168.1.10, I get full reply ..... And
> then there is another strange thing .... When I ping another on my net, the
> lamp on the hub that is lid for my nic blinks, so obviesly there is
> something going on on the network ...... I know the card is ok, since it
> works fine in windows ... Does anybody have an idea ??
>
> /Snowi3
Try a new cable. Doesn't sound like a card issue to me at all, but
rather a bad cable (I just had two bad cables in a row. This can happen
very easily, they get crushed or bumped. They are exposed to a magnet or
somesuch electrical source. Doesn't take much. Anyway, I would wager
that this is the source of the problem. Also, if you are paranoid, try
looking at both the female connectors (the card and the hub) and see if
there are bent pins, or maybe some dirt. Good luck.
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
