Linux-Networking Digest #52, Volume #12 Thu, 29 Jul 99 21:13:34 EDT
Contents:
Re: 40Sec Delay When FTP gets the USER on MASQ:ed machines (Bernd Eckenfels)
Re: FTP Server Question (Brian Kuschak)
Re: ethernet can't access DSL, gateway ("RAYG")
Re: firewall question (razor)
Re: firewall question (Abdullah Ramazanoglu)
Re: diald troubles ("Robert C. Paulsen, Jr.")
mgetty, where to find the source code (B'ichela)
LINUX & Novell? (Todd A Norbury)
Re: 40Sec Delay When FTP gets the USER on MASQ:ed machines (Bernd Eckenfels)
Reverse Proxy & Load Balance + Redundancy ([EMAIL PROTECTED])
Re: Connecting linux-win95 (Monte Phillips)
Re: ifconfig eth0 MTU xxxxx (Attik System)
OOPS! Security Question ("Nathan T. Lager")
Re: netscape (Stoney)
Re: Adapter SMC9432BTX problem (Mike Simos)
Re: can't see network (Bruce Linton)
Re: Firewall on Linux (Frank Keeney)
Re: binding two NICs ("Cowles, Steve")
Re: port redirection with ipfw? (The Dude)
Re: Reverse Proxy & Load Balance + Redundancy (Tony Finch)
----------------------------------------------------------------------------
From: Bernd Eckenfels <[EMAIL PROTECTED]>
Crossposted-To: comp.security.firewalls
Subject: Re: 40Sec Delay When FTP gets the USER on MASQ:ed machines
Date: 29 Jul 1999 22:40:29 GMT
In comp.security.firewalls Staffan Vinsa <[EMAIL PROTECTED]> wrote:
> After that 40 seconds (at the time all of the FTP-servers i have tried
> is really frozen on my NT Wks) the speed is perfect but it is really
> annoying - and something most be seriously wrong.
Do u get the banner of the FTP Server before or after the delay? You may
check this by telnetting to the ftp port and see if you get a greeting
immediatelly. If you dont get one I think this can be a DNS or Netbios Name
Service Problem (the server tries to get additional info about u and fails
because of missconfigured dns or the firewall dropping the name queries).
Gretings
Bernd
------------------------------
From: Brian Kuschak <[EMAIL PROTECTED]>
Subject: Re: FTP Server Question
Date: Thu, 29 Jul 1999 16:25:19 -0600
A package called BeroFTPD allows ratio, plus a few other goodies.
Otherwise its similar to the FTPD that ships w/ RH.
ftp://beroftpd.unix.eu.org/pub/BeroFTPD/
Brian
[EMAIL PROTECTED]
Tom Young wrote:
>
> Does anyone know where I can get a ratio FTP server for linux (RedHat 5.1
> with 2.0.35 kernel)?
------------------------------
From: "RAYG" <[EMAIL PROTECTED]>
Subject: Re: ethernet can't access DSL, gateway
Date: Thu, 29 Jul 1999 19:23:54 -0400
"I have my etherenet cards installed and configured"
Where are the cards? Are they in 2 separate machines or are they in one
machine?
"I can ping>both of the cards, "
Where are you pinging them from? Are you pinging them from the machine they
are in or are you pinging them from another machine?
"For some reason, I cannot connect to the internet ,
>nor can I ping the gateway address to the internet. "
What is the IP address of the gateway and what is the IP address of the
machine from which you are trying to ping it? What are the subnet masks for
these machines?
Is there a router in between? What is the ip address of the router? Do you
have a firewall?
Could use a touch more information to try to provide you with some help.
John Brashier wrote in message <[EMAIL PROTECTED]>...
>I have my etherenet cards installed and configured, and I can ping
>both of the cards, one with a static IP number ( i have DSL) and the
>other with an internal 192.168.x.x number for the LAN I am trying
>to create. For some reason, I cannot connect to the internet ,
>nor can I ping the gateway address to the internet. What can I
>do to fix this?
>
>Thanks,
>John
>
>
------------------------------
From: razor <[EMAIL PROTECTED]>
Subject: Re: firewall question
Date: Thu, 29 Jul 1999 19:04:10 -0400
please DO NOT send mail to that address. reply here so that all can learn
thanks.
MEGANET SUPPORT wrote:
> I'm currently doing ip masq which is working great. Iam using ipfwadm
> and
> NOT ip chains.
> I'm usinf red hat 5.2 with the 5.2 kernel.
>
> the question is how do i redirect all tcp traffic for ftp to another
> computer in this case 192.168.0.3.
> i included my rc.local file wich shows ip masq (working) and my attempt
> at
> what im asking to do.
> I tested this by going to my lan computer and ftp to the firewall it did
>
> not redirect to the 192.168.0.3 computer wich is a win 98 computer, also
>
> no ftp server (for now) program is running on that win 98 comp. This was
>
> to
> be i test and i wanted to get an error mesg.
> This di not happened i got logged in to the ftp server on my firewall
> machine instead.
>
> #mod probing for ipmasq
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> /sbin/modprobe ip_masq_raudio
> /sbin/modprobe ip_masq_irc
> #deny all not from my lan
> ipfwadm -F -p deny <-----tried it without this, it didn't work.
> #take packets from the 192.168.x.x lan and route it to 0.0.0.0, default
> route
> ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
>
> ***the problem starts here****
> #redirect incoming requests such as ftp and fwd to another computer
> ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.168.0.3 21
------------------------------
From: Abdullah Ramazanoglu <[EMAIL PROTECTED]>
Subject: Re: firewall question
Date: Fri, 30 Jul 1999 02:54:57 +0300
MEGANET SUPPORT wrote:
>
> I'm currently doing ip masq which is working great. Iam using ipfwadm
> and
> NOT ip chains.
> I'm usinf red hat 5.2 with the 5.2 kernel.
>
> the question is how do i redirect all tcp traffic for ftp to another
> computer in this case 192.168.0.3.
> i included my rc.local file wich shows ip masq (working) and my attempt
> at
> what im asking to do.
> I tested this by going to my lan computer and ftp to the firewall it did
>
> not redirect to the 192.168.0.3 computer wich is a win 98 computer, also
>
> no ftp server (for now) program is running on that win 98 comp. This was
>
> to
> be i test and i wanted to get an error mesg.
> This di not happened i got logged in to the ftp server on my firewall
> machine instead.
>
> #mod probing for ipmasq
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> /sbin/modprobe ip_masq_raudio
> /sbin/modprobe ip_masq_irc
> #deny all not from my lan
> ipfwadm -F -p deny <-----tried it without this, it didn't work.
> #take packets from the 192.168.x.x lan and route it to 0.0.0.0, default
> route
> ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
>
> ***the problem starts here****
> #redirect incoming requests such as ftp and fwd to another computer
> ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.168.0.3 21
AFAIK ipfwadm redirecton works for -I rules only. What I had used for
transparent proxy was:
# Redirect all tcp pkt.s coming in from eth0 & going to
# any address with port:80, to squid (port:3128)
ipfwadm -I -a acc -P tcp -D 0/0 80 -W eth0 -r 3128
HTH
--
Abdullah Ramazanoglu [ aramazanoglu AT demirbank DOT com DOT tr ]
------------------------------
From: "Robert C. Paulsen, Jr." <[EMAIL PROTECTED]>
Subject: Re: diald troubles
Date: Thu, 29 Jul 1999 18:04:02 -0500
Eric the Fruitbat wrote:
>
> A machine which performs masqueraded forwarding over a dial-up
> connection occasionally experiences the unexpected termination of its
> diald. No errors are generated, and no events logged; there's no
> evidence of the failure, except that suddenly outbound-bound net
> traffic ceases and no connection can be re-established. Running diald
> again from a shell is sufficient to restore functionality, but it
> still makes me wonder what's going on. Any suggestions? Thanks.
>
> eric
> --
> "We come and go alone, why do they need to know?"
I have seen this when using the 0.16 version of diald with the 2.2.x
kernels. If you have a 2.2.x kernel, upgrade to the 0.99 diald. See
http://diald.unix.ch/
--
____________________________________________________________________
Robert Paulsen http://paulsen.home.texas.net
If my return address contains "ZAP." please remove it. Sorry for the
inconvenience but the unsolicited email is getting out of control.
------------------------------
From: [EMAIL PROTECTED] (B'ichela)
Subject: mgetty, where to find the source code
Date: Thu, 29 Jul 1999 18:59:48 -0400
Reply-To: [EMAIL PROTECTED]
A hardware terminal I use has hardware flow control. If I use
the agetty program and the terminal is not turned on, I get messages
from init saying agetty is respawning to fast. using the -Lhw switches
seemed to help but when I used to have a simple mgetty package I did
not have this problem or the need for agetty to wait for a carriage
return. I remembered slakware 3.1 had mgetty. but I could not find it
on my slakware 3.1 cdroms. who has mgetty in a tar.gz file? I do not
need mgetty+sendfax. just plain old mgetty. that will not keep trying
to send something to my terminal when DTR and CTS (from the terminal)
are not asserted. I seem to remember with the simple mgetty. the
program did not try to send until the serial port on the linux side of
the null-modem saw DCD was asserted.
Please help!
--
A pearl of wisdom from the y2K newsgroups:
=========================================================================
Y2K appears to be the Baby Boomers mid-life crisis, and it has the
potential to be a dandy.
-- Anonymnous --
==========================================================================
B'ichela
N O T E
---------------------
If [EMAIL PROTECTED] don't work try [EMAIL PROTECTED]
------------------------------
From: Todd A Norbury <[EMAIL PROTECTED]>
Subject: LINUX & Novell?
Date: Fri, 30 Jul 1999 09:45:30 +1000
Reply-To: [EMAIL PROTECTED]
Gday all,
how hard is it to get LINUX (RH 6) to connect as a client to Novell? I
would like the linux machine to backup my Novell Intranetware 4.11
server.
Please email reply.
Thanx
--
Todd Norbury
Norbury Technologies
mailto:[EMAIL PROTECTED]
------------------------------
From: Bernd Eckenfels <[EMAIL PROTECTED]>
Crossposted-To: comp.security.firewalls
Subject: Re: 40Sec Delay When FTP gets the USER on MASQ:ed machines
Date: 29 Jul 1999 22:42:49 GMT
In comp.security.firewalls Jesper Dybdal <[EMAIL PROTECTED]> wrote:
> I set it up this way once, using ipfwadm to reject connections to
> the auth/ident port.
I know a few servers which dont like rejects from ipfwadm... for example the
ircd-undernet I run as a cooporate chat server. It does however stop
requesting auth info if you have an unconnected port. This is 2.0.37's ipfw.
Greetings
Bernd
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
comp.infosystems.www.servers.unix,microsoft.public.proxy,alt.unix.wizards
Subject: Reverse Proxy & Load Balance + Redundancy
Date: Thu, 29 Jul 1999 23:14:30 GMT
I would like to load balance two apache servers running on two different
physical machines as well as make them redundant using Reverse Proxy
Server as load balancer and duplicating the content from one machine to
another one using a shared file system and scheduled duplications of
files. The content to be served is hihgly static.
First, has anybody done this with two machines? How would we deal with
an outage in case the machine with the Reverse Proxy Server will go
down. Is there a way to find whether one of the two machines is down or
extremely overloaded and route the requests to less busy machine.
If the above is not doable can you anybody suggest relatively
inexpensive alternative.
Thank you,
Mark
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Monte Phillips)
Subject: Re: Connecting linux-win95
Date: Thu, 29 Jul 1999 23:05:25 GMT
Well nothing is going to work real well till you enable packet
forwarding.
Maybe wipe the whole thing and start with these:
This site has a step by step howto for complete setup of samba. steps
for both linux and the win machine. (and they really work <G>)
http://www.sfu.ca/~yzhang/linux/samba/index.html
and this one as well
http://home.talkcity.com/MigrationPath/maguai/samba.html
These sites singly or in combination are nearly guaranteed to get you
networked.
<tKHm3.2463$[EMAIL PROTECTED]>,
>>but when I ping the other IP from either machines, it never gave me any
>>information but those such as '..Time Out'.. or just nothing.
>>I think more possibility is that my linux box is a little bit awfully
>>configurated.
>>/etc/sysconfig/network
>>NETWORKING=yes
>>FORWARD_IPV4=false
>>HOSTNAME=localhost.localdomain
------------------------------
From: Attik System <[EMAIL PROTECTED]>
Subject: Re: ifconfig eth0 MTU xxxxx
Date: Thu, 29 Jul 1999 23:49:11 GMT
In article <7nogt7$2nm$[EMAIL PROTECTED]>,
"Funb" <[EMAIL PROTECTED]> wrote:
> You are a lifesaver!!!
>
> I was having a problem with a new ethernet driver on a machine, and
> changing the MTU to 1000 fixed all the wierd problems I was having
> with network access! Thanks!
Hello!
Good!
I'm curious: what kind of Ethernet card do you have?
--
Attik System
Philippe Lang
Switzerland
http://www.attiksystem.ch
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Nathan T. Lager" <[EMAIL PROTECTED]>
Subject: OOPS! Security Question
Date: Thu, 29 Jul 1999 23:31:59 GMT
Ok, for the past 2-3 months ive been running a linux box connected to a
500k cable modem. its a lot of fun for me concidering i am a
PC-Networking student at the moment. Like i said it was up for about 3
months and suddenly someone decided to crack into my system (i assume).
All i know is that suddenly i cant log into my own system, even as root
from the console! from what i can tell somehow my passwd file got
deleted. i intend to fix the system and get it back online but for now
(before i get it back up and vulnerable) id like to find out anything i
can about how to make it more secure. all i want it to do (for now) is
serve Telnet, FTP, HTTP, POP3, and SMTP. I run RedHat 5.2 with a Cable
connection to the 'net and a 5 computer network also connected to this
system. I would also like to "Eventually" set the linux box as a router
so that i can route packets from my LAN over the internet but "Hide" the
LAN behind the Linux Box. Thanx in advance for any help.
------------------------------
From: Stoney <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.x
Subject: Re: netscape
Date: Thu, 29 Jul 1999 19:55:54 -0400
>
> Or just go to http://wwp.mirabilis.com/10818276 - which crashes my netscape every
> time until i switched off the java (not javascript) part of netscape. After that I
> dont get the sudden closure of netscape. Any idea of how to fix this ?
>
> It is the same problem since Net. Communicator Rel. 4.51 - Im currently up to date
> with the 4.61
>
> Best regards
> Jesper K. Pedersen
Hey, Jesper,
It didn't crash for me with NS 4.61 with Java and Javascript enabled.
The java
app, however, slowed my 400 mhz machine to a crawl until I clicked out
to your
homepage. Maybe it's bad coffee?
Stoney
------------------------------
From: Mike Simos <[EMAIL PROTECTED]>
Subject: Re: Adapter SMC9432BTX problem
Date: Thu, 29 Jul 1999 23:59:00 GMT
Robert Szabo wrote:
> we've run into a problem when trying to configure our SMC9432 BTX (Combo
> BNC and UTP 10/100) networking card to run with its BNC interface.
> We tried to load the module driver as proposed at
> http://cesdis.gsfc.nasa.gov/linux/drivers/epic100.html
>
> insmod epic100.o debug=1 options=1
>
> which sets its media type to 10Base2/BNC.
>
> Unfortunately it does not work.
Try running EZSTART from your driver disk. I believe you'll be able to
force the network card to use the BNC interface. This will hopefully
allow the Linux driver to autosense correctly. If you don't have EZSTART
you can download it at www.smc.com.
Mike
------------------------------
From: Bruce Linton <[EMAIL PROTECTED]>
Subject: Re: can't see network
Date: Thu, 29 Jul 1999 17:14:52 -0700
Yes, I have to use isapnp to get the cards recognized. As far as the io
addresses, interrupts and such, I set up these cards and tested them on my
home network so I'm sure they are correct. Are there any other debugging
tools or methods that would help? I'm thinking of pulling out one card to see
if I can connect with just one???
Bruce
Rudolf Potucek wrote:
> Hmmm, a trivial question. As it looks lie a PnP setup to me, are you
> certain you've got the two cards detected the right way around? I treally
> would't do if you, in essence, had the cabling for internal and external
> networks switched.
>
> Rudolf
>
> : eth0: 3Com 3c515 at 0x280, 00:10:4b:d9:49:9b, DMA 6, IRQ 9
> : eth1: 3Com 3c515 at 0x300, 00:10:4b:d9:44:b9, DMA 7, IRQ 10
> ^^^^^
>
> --
------------------------------
From: Frank Keeney <[EMAIL PROTECTED]>
Crossposted-To:
alt.uu.comp.os.linux.questions,aus.computers.linux,comp.security.firewalls,list.firewall,lists.firewalls,tnn.internet.firewall
Subject: Re: Firewall on Linux
Date: Thu, 29 Jul 1999 16:18:49 -0700
Telaxian Shield:
http://www.fireants.com
"Kenneth Soh @ BTM Singapore" wrote:
>
> Can someone tell me some mainstream Firewall products in Linux ?
--
================================================================
Network Monitored by Pasadena Networks, Inc.
Network monitoring and intrusion detection.
http://www.pasadena.net mailto:[EMAIL PROTECTED]
------------------------------
From: "Cowles, Steve" <[EMAIL PROTECTED]>
Subject: Re: binding two NICs
Date: Thu, 29 Jul 1999 19:15:00 -0500
If I understand your post correctly, your wanting to "load balance" network
traffic across two or more NIC cards on the same subnet.
I'm not aware of any driver for linux that allows you to do this. But in the
NT world, these drivers do exist. 3com and Intel have these drivers
available on their WEB site. Intel's term is called "teaming" (guess some
marketing guy at intel had to get paid since binding was already used!).
Anyay, when you select the Intel adaptor properties, there is a TAB for
"teaming" multiple NIC's to load balance network traffic across multiple
Intel cards. In fact, I just installed 8 NT servers with 4 Intel NIC cards
apiece. Each server was configured to "team" two NIC cards per network (my
customer has a primary and redundent network path) Of course, the concept of
"teaming" is only feasable if your network infrastructure can handle the
traffic being thrown at server with multiple NIC's.
Steve Cowles
SWCowles at gte dot net
douglasf <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> This is asked under the "I'm real new at all this but is it possible,
> heading". So here goes. Is it conceivable to put two 10T NICs in a
> Linux server and have them bind together on the same (or different) IP
> to share the load? Sort of like the two modem dialup set. Perhaps one
> set to receive only the other to transmit, or whichever one isn't busy
> gets the next packet?
>
> I have a RedHat 5.2 / 2.2.10 server running on a shared Macintosh and PC
> network, and I and going to add an IDE Raid0 to the server volume this
> weekend. So I got to thinking if I can strip the drives for more
> through put can I do something similar to the ethernet.
>
> This whole setup is done as a linux learning experience and as a way to
> mildly upset the NT admin.
>
> If NIC binding is possible is it a good idea?
>
> Thanks for any info
> Douglas
------------------------------
From: [EMAIL PROTECTED] (The Dude)
Subject: Re: port redirection with ipfw?
Date: Fri, 30 Jul 1999 00:08:56 GMT
Yes. You can do it also with redir x.x.x.x zz 192.168.1.14 23
where x.x.x.x it's your internet address,zz the port you are accepting
telnet and 192.168.1.14 your internal machine. For the correct sintax
do a man redir.
Mihai
[EMAIL PROTECTED]
On 27 Jul 99 16:29:39 MDT, sl3nf.cc@usu@edu (Sniggerfardimungus)
wrote:
>Can ipfwadm redirect tcp connections coming in on one port to a different port
>(in my case, 23) on another machine inside the protected firewall? I want to
>be able to telnet to one of the machines on my private network, but since I'm
>doing masquerading, it doesn't have a public address. ={
>
> rOn
------------------------------
From: Tony Finch <[EMAIL PROTECTED]>
Crossposted-To:
comp.infosystems.www.servers.unix,microsoft.public.proxy,alt.unix.wizards
Subject: Re: Reverse Proxy & Load Balance + Redundancy
Date: Fri, 30 Jul 1999 00:07:22 GMT
[EMAIL PROTECTED] wrote:
>
>I would like to load balance two apache servers running on two different
>physical machines as well as make them redundant using Reverse Proxy
>Server as load balancer and duplicating the content from one machine to
>another one using a shared file system and scheduled duplications of
>files. The content to be served is hihgly static.
You'll probably be better off with a layer 4 switch rater than a
reverse proxy, because it will be able to monitor the servers for
availability and load. Reverse proxies are helpful for reducing the
load on back end servers if the content is static (or if it is
dynamically generated in such a way that the same URL leads to the
same content), but they don't really improve availability. For
back-end filesystem purposes a NetApp is good.
Tony.
--
f.a.n.finch [EMAIL PROTECTED] [EMAIL PROTECTED] e pluribus unix
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
