Linux-Networking Digest #15, Volume #12 Mon, 26 Jul 99 17:13:35 EDT
Contents:
Re: hackers ("Lee Sharp")
IP mapping (Daniel Charlebois)
Re: DNS Alias Problem (Rudolf Potucek)
Re: Please help with my sendmail setup... (Christopher Biow)
Re: Netscape/network sharing problem. (=?iso-8859-1?Q?G=F6ran=20L=F6fstr=F6m?=)
Re: NFS problem: No files visible (Artur Swietanowski)
SMB works for Win95 not Win98, NT4.0 ("Paul Young")
Re: IO masquerading for RH5.2 -- can I insert modules? (Peter Buelow)
Expiring passwords under NIS ? (Robert Flemming)
Re: any good book? (Peter Buelow)
Re: very slow ethernet connection IN ONE DIRECTION! (Mandl Martin)
Re: SMB works for Win95 not Win98, NT4.0 (Artur Swietanowski)
logging ipchains kernel messages ("John")
DHCPd ("John G. Drummond")
Re: once I installed the second NIC the first stoped working (Artur Swietanowski)
Re: Supported Token-Ring Cards?? ("Nick Aracic")
Re: IP mapping (Peter Buelow)
Ethernet for X-terminal ("sagolsem")
Re: Help with ethernet card/cable modem (Peter Buelow)
Re: Netscape slow under Suse 6.1 (Peter Buelow)
Links 99 (Peter Buelow)
Re: LINUX firewall again (Peter Buelow)
Re: Netscape/network sharing problem. (Peter Buelow)
Test (ignore) (Adam)
to ping or not to ping...? ("Fr�d�ric Bernard")
----------------------------------------------------------------------------
From: "Lee Sharp" <[EMAIL PROTECTED]>
Subject: Re: hackers
Date: Mon, 26 Jul 1999 13:18:01 -0500
benjamin j snyder wrote in message <7nhv6f$cv4$[EMAIL PROTECTED]>...
|I've had a few people attempt to connect to my linux box, but fortunatley
it
|looks as if they were turned away according to /var/log/secure and
|/var/log/messages. The weird thing is that /var/log/messages doesnt show
any
|failed login attmpts, but they are trying on ftp and telnet. The thing
that
|REALLY bothers me is that it is continually coming from the same 2 or 3
IP's.
|It bothers me that they may be getting in in some way, but there's been no
|changes to my system, no additions/deletions or anything.
|I have a firewall setup that should be denying all incoming traffic (except
|requested of course), but allowing any outgoing traffic.
|Does anyone know how I can go about shutting the people out completely? Or
|give them a nice present the next time they try it?
The quickest way is to set up a static rout for there subnet with a next
hop to the loopback adapter. All of there packets just fall on to the
floor. :-) Also read news://comp.os.linux.security and check out Lance's
whitepapers at http://www.enteract.com/~lspitz/pubs.html for more hints.
Lee
--
SCSI is *NOT* magic. There are *fundamental technical reasons* why it is
necessary to sacrifice a young goat to your SCSI chain now and then. * Black
holes are where God divided by zero. - I am speaking as an individual, not
as a representative of any company, organization or other entity. I am
solely responsible for my words.
------------------------------
From: Daniel Charlebois <[EMAIL PROTECTED]>
Subject: IP mapping
Date: Mon, 26 Jul 1999 12:53:59 -0500
This is a multi-part message in MIME format.
==============63E2E6F9241BEBDD44FF6602
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Anyone know where I can get the source code for IP mapping?
Thanks
Daniel
==============63E2E6F9241BEBDD44FF6602
Content-Type: text/x-vcard; charset=us-ascii;
name="charlebs.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Daniel Charlebois
Content-Disposition: attachment;
filename="charlebs.vcf"
begin:vcard
n:Charlebois;Daniel
tel;fax:+847-632-3727
tel;home:+847-776-1948
tel;work:+847-632-6709
x-mozilla-html:FALSE
org:Motorola - CDMA Systems Division;QC513
adr:;;1475 W. Shure Dr.;Arlington Heights;IL;60004;US
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;17904
fn:Daniel Charlebois
end:vcard
==============63E2E6F9241BEBDD44FF6602==
------------------------------
From: [EMAIL PROTECTED] (Rudolf Potucek)
Subject: Re: DNS Alias Problem
Date: 26 Jul 1999 18:06:46 GMT
Are you sure the problem isn't with the web-server looking at the name rather
than IP of the connection? Did you try doing a nslookup instead?
Rudolf
Rob Calfee ([EMAIL PROTECTED]) wrote:
: Can somone look at this file below and tell me what I'm doing wrong,
: because I can type out in my browser, NS1.webdsp.net, and the web page
: comes up fine. But when I type out, www.webdsp.net, it will not bring
: up the same page. Can someone help me and scan the following file to
: see if my syntax is correct. I'd really appreciate this because my
: boss keeps bothering me about it. Actually it is his problem, but you
: know how it is, LOL.
: Rob
--
------------------------------
From: [EMAIL PROTECTED] (Christopher Biow)
Crossposted-To: comp.os.linux.security
Subject: Re: Please help with my sendmail setup...
Date: Mon, 26 Jul 1999 18:43:52 GMT
Birger Toedtmann <[EMAIL PROTECTED]> wrote:
>2. Set up a hack: Most mail clients do an ingoing mail server check ("hello
> pop server, any new mail for me?"). Your log will report this. Catch the
> ip-address this request is coming from. Insert it in your relay_allow/access
> table for some reasonable time (5 min, 30 min, have a try). The client will
> almost always send its outgoing mail later on - and it will be allowed to do
> this. After your allow interval expired, delete the appropriate ip-address
> from your allow-table.
For some good, perlscript and sendmail .mc software that does this, see
http://www.cynic.net/~cjs/computer/sendmail/poprelay.html
It was an easy install for a non-Linux-experienced person. With Redhat 5.0,
we did have to change the O_EXLOCK to an ordinary, exclusive lock. (The
author will look at finding a fix for that once we can give him a user
account on a Linux box.)
>- Note that _some_ mail clients don't do a pop check _before_ sending mail.
> Those customers will get angry....
They'll just have to do a "get email" before sending. That's pretty much a
universal requirement now for "foreign" IP addresses, given the potential
for relay-raping by spammers.
------------------------------
From: =?iso-8859-1?Q?G=F6ran=20L=F6fstr=F6m?= <[EMAIL PROTECTED]>
Subject: Re: Netscape/network sharing problem.
Date: Mon, 26 Jul 1999 18:48:07 +0200
Monte Phillips wrote:
>
> I have the same setup(nearly, i use 2.2.9) as you do. I run netscape
> on linux (the server) at the same time as IE or CuteFTP is running on
> a Win'98 workstation.
> They access the same modem on the linuxbox, I have NO problems such as
> you describe, in fact I have no problems at all with that setup. I
> would look at your networking, routing, masqing configs. Particularly
> in the name resolution and routing files.
>
> g'Luk
I do not have any LAN network settings made. I only have the dialup
configured. Could this be a problem? I use kppp as a frontend to pppd.
My problem is not the access to the -modem-, everything is working
perfectly in that sense. The problem is that I see applications -on the
same machine- started after whatever was started first, taking longer to
connect than the first started application. Therefore I suspected that
the first started application got a higher priority than the later ones.
Do you think I could solve it by adding LAN settings?
Thanks for speedy reply,
G�ran.
>
> G�ran L�fstr�m <[EMAIL PROTECTED]> wrote:
> >I have discovered what I think is either a bug or a misconfiguration in
> >the network implementation of RH6.0.
> >The problem shows itself every time I need to 'share' a dialup
> >connection between several different applications. Apparently, the
> >application started first, has first priority to the connection. This
> >means alls the other networked applications takes forever to make their
> >connections.
------------------------------
From: Artur Swietanowski <[EMAIL PROTECTED]>
Subject: Re: NFS problem: No files visible
Date: Mon, 26 Jul 1999 21:29:11 +0200
[EMAIL PROTECTED] wrote:
> We've exported via NFS the directory '/usr/lib/informix',
> specified in '/etc/exports' with entry '/usr/lib/informix (rw)').
>
> If we mount that directory on SCO (*identical* user/group-IDs) with
> 'mount -f NFS [host]:/usr/lib/informix /mnt'
> the system returns 'OK'.
>
> But no files are visible in '/mnt', (for all SCO-users including
> 'root') when chmod on '/usr/lib/informix' is o-rw.
User root on the client is normally mapped to user nobody (RH) or
similar on the server side. To avoid this (normally only admissible
in secure environments), use
/usr/lib/informix (rw,no_root_squash)
in /etc/exports
Then you will probably see the directory listing when logged as root on
the client.
> Files are only visible if we changed any access with 'chmod o+rw'
So you've got it already!. It's a permission problem. NFS may check
the permissions using numeric user and group ID's or the symbolic
ones. See man exports on the Linux server, section 'User ID mapping'.
Let me know if this helps.
HTH,
=====================================================================
Artur Swietanowski mailto:[EMAIL PROTECTED]
Institut f�r Statistik, Operations Research und Computerverfahren,
Universit�t Wien, Universit�tsstr. 5, A-1010 Wien, Austria
tel. +43 (1) 427 738 620 fax +43 (1) 427 738 629
=====================================================================
------------------------------
From: "Paul Young" <[EMAIL PROTECTED]>
Subject: SMB works for Win95 not Win98, NT4.0
Date: Mon, 26 Jul 1999 18:41:42 GMT
To all that can help:
I have Redhat LINUX 6.0 installed with SMB running. I've shared one of
the LINUX directory out to Windows clients. Although I can access it with
no problem from a Windows 95 client, Windows 98 and NT 4.0 keeps on
prompting for the password, when entered, it reject it. Windows 95 clients
allows access to the share without prompting at all. Networking differences
between Win95 and Win98 causing this problem?
the Linux (SMB server) box has been configured as a NT member server. All
inputs are appreciated, thanks.
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Subject: Re: IO masquerading for RH5.2 -- can I insert modules?
Date: Mon, 26 Jul 1999 13:44:42 -0500
Reply-To: [EMAIL PROTECTED]
Michael McLaughlin wrote:
>
> I want to use IP masquerading on RH5.2.
> Do I need to compile the kernel or can I insert modules?
Either way, it doesn't matter really. In terms of easy to do,
compiling it straight into the kernel is better as you don't have to
think about it anyway. Most likely, if you are using the same kernel
that came with 5.2, then it is already compiled in and you just need to
activate it. Read the masquerading HOWTO for this. Should you want to
recompile the kernel, then I suggest compiling in the masquerading
support and not worrying about using modules. It doesn't make the kernel
that much bigger than a kernel with just IP. Good luck.
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: Robert Flemming <[EMAIL PROTECTED]>
Subject: Expiring passwords under NIS ?
Date: Mon, 26 Jul 1999 12:16:12 -0700
Anyone got any nifty tricks for expiring passwords under Linux's NIS
implementation? Something cheesy like
if [ ! -f ~/.passwd ]; then
/usr/bin/yppasswd
touch ~/.passwd
fi
In /etc/profile would work and when I wanted to expire a password I
could just remove the .passwd file from the user's home directory but
there are too many ways to circumvent that. I've seen it under other YP
implementations where after the password hash there is a comma and some
more characters to designate an expiration time but I didn't see
anything that indicated I could do that under Linux. Anything thoughts
are appreciated, and no switching over to NIS+ isn't really any option.
Robert
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Subject: Re: any good book?
Date: Mon, 26 Jul 1999 13:49:03 -0500
Reply-To: [EMAIL PROTECTED]
Bonn wrote:
>
> i am start to learn networking (TCP/IP), i want to know any good books
> on the two areas:
> (1) TCP/IP administration
> (2) TCP/IP programming
> any suggestion?
> please also send to:
> [EMAIL PROTECTED]
>
> thank you.
>
> bonn
> --
> ___________________________________________________________
> |> Food is the first thing. Morals follow on. <|
> |< Bread and Puppets >|
> |< <|
> |> and I wonder... <|
Oh yeah. Internetworking with TCP/IP by Richard Stevens and Doug
Comer. There are three volumes with versions for both windows and unix.
Great resources and I highly recommend them. Actually, there are quite a
few networking books written by Stevens that are very good.
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: Mandl Martin <[EMAIL PROTECTED]>
Subject: Re: very slow ethernet connection IN ONE DIRECTION!
Date: Mon, 26 Jul 1999 21:28:12 +0200
INTEL ethernet express ...
Simon Burley wrote:
>
> Mandl Martin wrote:
> >
> > .... as said before: I have a similar problem but with a "normal" setup:
> >
> > I can send fast, but I receive approximatly a factor 1000 slower ...
> >
> > I had the same setup with REDHAT 4.1, and everything worked fine ...
> > Then I upgraded to REDHAT 5.1 (2.0.35) and got this problem. I am
> > connected directly to our "intranet" ... All (IP, Gatway, DNS,
> > nameserver ...) is as before ... ifconfig shows only some dropped TX
> > packages, but not that many ...
> >
> > Any suggestions ????
> >
> > Martin
>
> Which ethernet card?
------------------------------
From: Artur Swietanowski <[EMAIL PROTECTED]>
Subject: Re: SMB works for Win95 not Win98, NT4.0
Date: Mon, 26 Jul 1999 21:31:54 +0200
Paul Young wrote:
> I have Redhat LINUX 6.0 installed with SMB running. (...)
> I can access it with
> no problem from a Windows 95 client, Windows 98 and NT 4.0 keeps on
> prompting for the password, when entered, it reject it.
Passwords used to be sent unencoed over the net in Windows 95, while
NT since ServicePack 3, and possibly Win98 encode passwords. Read up
more about it in the Samba manuals.
HTH,
=====================================================================
Artur Swietanowski mailto:[EMAIL PROTECTED]
Institut f�r Statistik, Operations Research und Computerverfahren,
Universit�t Wien, Universit�tsstr. 5, A-1010 Wien, Austria
tel. +43 (1) 427 738 620 fax +43 (1) 427 738 629
=====================================================================
------------------------------
Reply-To: "John" <[EMAIL PROTECTED]>
From: "John" <[EMAIL PROTECTED]>
Subject: logging ipchains kernel messages
Date: Mon, 26 Jul 1999 19:30:32 GMT
Is there a possibility to log only ipchains messages to a file.
I have tried all the prioritys which are describe in the "man syslog.conf"
with no success.
thanX
John
for all cable modem users try
http://www.cablemodeminfo.com/LinuxCableModem.html
------------------------------
From: "John G. Drummond" <[EMAIL PROTECTED]>
Subject: DHCPd
Date: 26 Jul 1999 18:45:14 GMT
Greets, Linuxers. I'm having a problem that I can't solve,
no matter how many versions of TFM I read. . .
When I start DHCPd on my new, handy-dandy box (running the
latest version of slackware, kernel 2.2.6), I get the message:
socket: Protocol not available - make sure CONFIG_PACKET and CONFIG_FILTER
are defined in your kernel configuration!
Well, they are, AND all the requisite ports are uncommented in
/etc/services.
This box only has one ethernet interface. Anyone with a suggestion
will be rewarded with my gratitude and thanks, whatever that's worth.
--
-=-=-=-
<[EMAIL PROTECTED]> http://falcon.jmu.edu/~drummojg/
"On the keyboard of Life, always keep one finger on the ESC key."
--H.C. Phillips
------------------------------
From: Artur Swietanowski <[EMAIL PROTECTED]>
Subject: Re: once I installed the second NIC the first stoped working
Date: Mon, 26 Jul 1999 21:21:21 +0200
Matt wrote:
>
> Ok I tried that, but when I try to add a route it tells me "Network is
> down". So I tried a "ifconfig eth0 up" command and a get the message
> "SIOCSIFFLAGS: Resource temporarily unavailable".
>
> Just to make clear, I can't see eth0 when I do a "ifconfig" command, but
> I can see it when I do a "ifconfig eth0" command, and there is a green light
> lit on the NIC.
Unfortunately, I don't know how these cards are configured. Is there
a chance of a hardware configuration conflict (IRQ and/or IO address
overlap)? Maybe there is a conflict between one of the cards and
some other device in the computer?
If they are both PCI, you probably have little to worry about on
this front. But if any one is ISA you may be in trouble there.
You probably could get some diagnostic software from 3com. They
have it all listed on their web site.
Regards,
=====================================================================
Artur Swietanowski mailto:[EMAIL PROTECTED]
Institut f�r Statistik, Operations Research und Computerverfahren,
Universit�t Wien, Universit�tsstr. 5, A-1010 Wien, Austria
tel. +43 (1) 427 738 620 fax +43 (1) 427 738 629
=====================================================================
------------------------------
From: "Nick Aracic" <[EMAIL PROTECTED]>
Subject: Re: Supported Token-Ring Cards??
Date: Mon, 26 Jul 1999 12:17:52 -0700
This is no longer the case. For the latest information on supported token
ring cards check
http://www.linuxtr.net/ the Linux Token Ring Project
<[EMAIL PROTECTED]> wrote in message
news:7nhfdg$hs0$[EMAIL PROTECTED]...
> Steve Horejsi <[EMAIL PROTECTED]> schrieb
>
> SH> Linux support of Token Ring is limited to the IBM 'Tropic' chipset
which was
> SH> also used by other manufacturers. In general, all ISA cards and all
> SH> (gasp!) MicroChannel cards (with the exception of the 'Streamer'
models) will
> As I remember, there was an anoucement from Olicom to support their TR
cards.
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Subject: Re: IP mapping
Date: Mon, 26 Jul 1999 13:39:39 -0500
Reply-To: [EMAIL PROTECTED]
Daniel Charlebois wrote:
>
> Anyone know where I can get the source code for IP mapping?
>
> Thanks
> Daniel
How do you mean, IP mapping? Sort of a vague question. Anyway, most of
the linux IP code lives in the kernel and that is where you should look.
--
Peter Buelow - Software Engineer
Motorola - Common Platform Group
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: "sagolsem" <[EMAIL PROTECTED]>
Subject: Ethernet for X-terminal
Date: Mon, 26 Jul 1999 15:43:26 -0400
I want to run a diskless X-Terminal on redhat 5.2. I saw a ne2000 compatible
card with bootrom at www.lsl.com which is costing $90.
Can anybody suggest a cheaper card ?
Sago
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux,comp.os.linux.help
Subject: Re: Help with ethernet card/cable modem
Date: Mon, 26 Jul 1999 14:20:49 -0500
Reply-To: [EMAIL PROTECTED]
luke wrote:
>
> Thanks for your help, but now when i execute the commands i get the
> following errors:
>
> after running /sbin/route add -net 24.114.0.0 netmask 255.255.252.0 i
> get :
> "SIOCADDRT: No Such Device"
>
> and for this one /sbin/route add default gw 24.114.8.1 metric 1 :
> "SIOCADDRT: file alreadly exists"
>
> any suggestions?
the command is /sbin/route add ... 255.255.252.0 eth0 <-- Note the
device. This tells it which adapter to append the route to. Very
important.
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Subject: Re: Netscape slow under Suse 6.1
Date: Mon, 26 Jul 1999 14:25:41 -0500
Reply-To: [EMAIL PROTECTED]
"Michael L. Rasile" wrote:
>
> I have used RH 6.0 but presently am using Suse 6.1. Why does Netscape
> stall constantly under both distributions? Is there a setting und
> Linux that will make Netscape 4.51 retrieve sites faster? I have
> compared Netscape under Winbloz 98(sorry for swearing) and it does
> seem to load sites faster. Any help will be greatly appreciated. I
> don't think it's Netscape, but rather my Linux setup, but I don't know
> where to look to fix this, if indeed it is fixable.
> Thanks for anything.
>
> Regards,
> Mike
> [EMAIL PROTECTED]
Can you do anythhing else fast? Do you ftp files much faster? Download
the latest version of Netscape using Navigator and then do the same
thing using ftp (command line I think). If ftp is significantly faster,
then you may have a weird config problem, otherwise I would look at the
connection as being slow under Linux. I use SuSE 6.1 and have not had a
problem using netscape 4.6
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Subject: Links 99
Date: Mon, 26 Jul 1999 14:32:40 -0500
Reply-To: [EMAIL PROTECTED]
Got a speedy little network running with linux as the masquerader.
Could have let the new 98 do it, but I wanted to avoid rebooting.
Anyway, I love my Links LS 99 (and MS Golf 99) and want to play over the
internet when I finish building my new 98 box. I am curious to know
whether anyone else has played links or MSG99 over a linux masquerade
without problem? I had problems with MS Golf 99 that I think are due to
the firewall, but have no proof as my last windows box died two weeks
ago and now I am waiting for a new MB and video card. Someone put a
sticker over the AGP pins on my new SIS card and the sticker gunk got
stuck in the AGP slot. Have to send it back today. If you are smart,
never let anyone build a computer for you. Anyway, if anyone has any
info, I would appreciate it. Otherwise, it is QuakeII/III for me.
Thanks.
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Subject: Re: LINUX firewall again
Date: Mon, 26 Jul 1999 14:14:36 -0500
Reply-To: [EMAIL PROTECTED]
Dan wrote:
>
> Still having strife with this firewall thing.
>
> Configuration:
>
> - RH 5.2, all packages installed, kernel is 2.0.37
> - local 'net address is 192.168.0.1
> - net card is a Vortex/Boomerang 3c500 or something, it's working.
> Named eth0.
> - other machines on the local net are 192.168.0.whatever (ie
> 192.168.0.0 nm 255.255.255.0)
> - modem ppp connection will dial on demand, IP is dynamic. Name is
> ppp0.
> - I don't have a local LAN nameserver, nor do I have need for one
> - site is physically secure, users are all trustworthy (ie it's at
> home :O)
>
> I want the following outcome:
> - All local machines can basically pretend they have a direct
> connection to the internet, (although using this machine as a 'default
> gateway') for purposes of web browsing, ftp, telnet, mail retrieval,
> mail sending (to the ISPs SMTP server), ICQ etc... happy to use
> passive mode for FTP to avoid having to allow a port 20...
>
> I think I need the following connections allowed, all others denied:
>
> - LAN --> Internet all connections, all ports.
> - LAN --> Telnet.. I won't have a monitor on this computer
>
> the connections need to be masqueraded I guess, and there is no way
> for me to know what IP the ppp adapter will have. I don't fancy
> having the script setting up the firewall rules every time the ppp
> connection comes up, processing power is at a premium (this'll be
> running on a 386sx/20!!) I hope it's up to it...
>
> I must be able to perform DNS lookups from all the machines, on the
> primary and secondary dns's provided by my ISP. I don't want to run a
> nameserver on the poor 386 which will be the only machine up pretty
> much 24/7, and the local net needs no nameserver.
>
> I wish to use ipfwadm to configure as this is what I have ;oP
>
> Everything else should be right, kernel configured, dialing daemon
> I'll figure out last, but setting the rules is causing me immense
> problems!! Does anyone have a set of rules they are using in the
> same/very similar situation they could email me? Or could they advise
> me on the EXACT types of rules I need... I can't seem to nut it out
> and I don't know that much about TCP/IP at this point in time... I
> want the firewall asap!
>
> Thanks all in advance!!!
>
> Dan
>
> Facts, my opinions, and sometimes bull***t, are all that I express.
> reply to [EMAIL PROTECTED]
> remove the NOSPAM-....
Just so you know, posts to this newsgroup deserve replies to the
newsgroup. Doesn't help everyone if they can't see it.
You don't need to run a nameserver, but you do need to give all the
machines behind the firewall the DNS IP. If you don't, they won't resolv
names. Masquerading won't do that for them. You can ususally get this
from the ISP's website. And for ipfwadm, here are some good rules
(sorry, I don't do ipfwadm anymore so I can't say for sure they will
work for you, but they should)
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
This will deny all traffic by default and
The second line adds masquerading to the subnet
Any more rules you will have to invent yourself. By your post, you don't
seem to want to shutdown any types of connections, so there is really no
need for extra rules. by allowing all ports for all connections, there
isn't anything to deny and this should do what you want. Since it is a
PPP connection, security isn't that big a deal in my opinion. Since it
is a dynamic IP and only those you tell will know you are running an
linux server, you shouldn't be too paranoid about breakin's or hacks. Be
mindful and careful, but I wouldn't worry much. Good luck.
And I suggest checking this site
http://metalab.unc.edu/LDP/HOWTO/mini/IP-Masquerade.html
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Subject: Re: Netscape/network sharing problem.
Date: Mon, 26 Jul 1999 13:56:29 -0500
Reply-To: [EMAIL PROTECTED]
G�ran L�fstr�m wrote:
>
> Monte Phillips wrote:
> >
> > I have the same setup(nearly, i use 2.2.9) as you do. I run netscape
> > on linux (the server) at the same time as IE or CuteFTP is running on
> > a Win'98 workstation.
> > They access the same modem on the linuxbox, I have NO problems such as
> > you describe, in fact I have no problems at all with that setup. I
> > would look at your networking, routing, masqing configs. Particularly
> > in the name resolution and routing files.
> >
> > g'Luk
>
> I do not have any LAN network settings made. I only have the dialup
> configured. Could this be a problem? I use kppp as a frontend to pppd.
>
> My problem is not the access to the -modem-, everything is working
> perfectly in that sense. The problem is that I see applications -on the
> same machine- started after whatever was started first, taking longer to
> connect than the first started application. Therefore I suspected that
> the first started application got a higher priority than the later ones.
>
> Do you think I could solve it by adding LAN settings?
>
> Thanks for speedy reply,
>
> G�ran.
>
> >
> > G�ran L�fstr�m <[EMAIL PROTECTED]> wrote:
> > >I have discovered what I think is either a bug or a misconfiguration in
> > >the network implementation of RH6.0.
> > >The problem shows itself every time I need to 'share' a dialup
> > >connection between several different applications. Apparently, the
> > >application started first, has first priority to the connection. This
> > >means alls the other networked applications takes forever to make their
> > >connections.
You might try checking your MTU and some of the various other PPP and
IP settings. MTU being the most visible and probably the most effective.
Most sources will tell you to set you MTU for a ppp connection via a
modem to 576. You can find a whole lot of info on optimizing PPP
connections with just a little browsing of the web, therefore, I won't
go into that here. Also, I don't care how fast a modem you have (unless
it is a cable modem), downloading a 20MB file and then expecting good
bandwidth for other apps is a little presumptious. You may look into
this as part of the problem. Good luck
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: Adam <[EMAIL PROTECTED]>
Subject: Test (ignore)
Date: Mon, 26 Jul 1999 15:35:28 -0400
Reply-To: [EMAIL PROTECTED]
Sorry, but had to do a test to see if our newsprogram is actually
posting to the net. Thanx for the shared bandwidth ;-)
--
Adam
------------------------------
From: "Fr�d�ric Bernard" <[EMAIL PROTECTED]>
Subject: to ping or not to ping...?
Date: Mon, 26 Jul 1999 21:39:56 +0200
Could anyone give me an idea how to solve the following "simple?" problem..
Ethernet card 3c509b seems ok.. ping on it locally (192.1.1.29) works fine..
but i can not ping any other machine on the local NT network.. The netmask
is the same, i ran only netcfg and linuxconf.. should i add something with
route ? (i did it, but nothing changed...)
Please, if anyone could help.. i'm blocked with this stupid problem since a
week...
thanx a lot to have read until the end !! ;)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
