Linux-Networking Digest #55, Volume #12 Fri, 30 Jul 99 05:13:38 EDT
Contents:
Re: IP Masquerading RH6 ipchains DNS (Bill Steiner)
Re: Is samba needed for Linux to ping Win95 computer? (Girish Kamath)
Re: ITS WORKING!!!! :) * 1000 (John Brashier)
Re: Services shall only react to one IP (Mark Bestel)
Re: OOPS! Security Question (Howard Mann)
Re: Networking Problem (Lindoze 2000)
Re: Diald / Dial on Demand? (Bill Steiner)
Re: password problems with samba and windows 98 clients (James Stafford)
Re: root login problem with RH6.0 (Lindoze 2000)
Re: root login problem with RH6.0 (Lindoze 2000)
Re: DNS (Jeffrey Kok)
OT: whats the best circuit sim. for Linux? (Brandon30X)
Re: cannot telnet to redhat 6.0 box (Bob Tennent)
Re: IP Masquerading RH6 ipchains DNS (Josh Miller)
Re: How do I have two domain names with just one IP address? (Josh Miller)
Re: 2.2.10, DNS, and module problems (Mohd H Misnan)
----------------------------------------------------------------------------
From: Bill Steiner <[EMAIL PROTECTED]>
Subject: Re: IP Masquerading RH6 ipchains DNS
Date: Thu, 29 Jul 1999 23:22:24 -0700
Steve:
I am using the exact same ipchains setup you are on two Linux boxes. It's
precisely what the IPCHAINS mini-HOWTO recommends. The first Linux box is
a 100mhz i486 that I set up several weeks ago as my first try at a
internet router for my small LAN of Windows PCs. It works fine and serves
internet names to the LAN PCs behind the masq. The second Linux box has a
Pendium 233 (a lot less waiting for X Windows menus/programs to load). I
repeat that it has the same ipchains setup, but it won't serve internet
names to the LAN. To find internet sites with names, each of my PCs must
have the DNS addresses of my IPS in their TCP/IP setups.
I can't figure out why one works and the other doesn't. Must not be in the
ipchains setup. I think I may have played around with DNS once with the
first linux box.
So..... I don't have an answer why your linux router won't serve names to
your LAN, but I do have a temporary fix suggestion for you. Doesn't seem
to be a problem with ipchains. Try including your IPS's DNS server
addresses in the TCP/IP setups in each of your LAN PCs. Actually, I just
noticed that the ipmasquerade miniHOWTO recommends that you include DNS
addresses in each of your LAN boxes/PCs setups. That should allow them to
find internet sites outside the firewall until you figure out why the
Linux router won't serve names. [Let me know when you figure it out. I'll
do the same.]
Bill Steiner.
root wrote:
> I upgraded from RH 5.2 to 6.0, and reconfigured my rc.local to use the
> ipchains instead of the ipfwadm stuff of past. All looks good, even
> configured ppp to do on demand dialing - all works on the linux server
> and private network machines - ping, telnet, ftp, and http, to the
> outside world. (Love it when a plan comes together)
>
> All works that is except DNS queries from the private network systems.
> All are configured with the router being the linux box, and nameserver
> addresses are the same as those set on the linux box (My isp's
> nameservers). From any of those systems a http request for
> http://www.yahoo.com fails (Unable to resolve name), yet
> http://204.71.200.68 displays yahoo's page. This is not true on the
> linux server, which using the same nameserver addresses is able to
> resolve names; therefore I figure my masquerading is blocking/loosing
> the dns queries from the private network, but I don't know why.
>
> Here are the files I changed to setup the masquerading:
> My private network is 192.168.50.x, netmask 255.255.255.0
>
> /etc/rc.d/rc.local
> ...
> ipchains -F
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.50.0/24 -j MASQ
> ...
>
> /etc/sysconfig/network
> ...
> FORWARD_IPV4=yes
> ...
>
> /proc/sys/net/ipv4/ip_dynaddr
> 1
>
> # route
> Kernal IP routing table
> Destination Gateway Genmask Flags Iface
> 192.168.50.16 * 255.255.255.255 UH eth0
> 12.65.164.1 * 255.255.255.255 UH ppp0
> 192.168.50.0 * 255.255.255.0 U eth0
> 127.0.0.0 * 255.0.0.0 U lo
> default 12.65.164.1 0.0.0.0 UG ppp0
>
> --
> Steve Simons "Yea, I can do that"
> [EMAIL PROTECTED]
------------------------------
From: Girish Kamath <[EMAIL PROTECTED]>
Subject: Re: Is samba needed for Linux to ping Win95 computer?
Date: Fri, 30 Jul 1999 06:30:34 GMT
Hi
Ping is not an utility of Samba protocol. It works on TCP/IP
protocol.
Tcp/ip protocol will be installed by default on Linux.
But not in Win95.
Check for TCP/IP Installation in Win95 and give an
unique IP Address for your Win95.
In case you are hooked on the Net then contact your ISP
for an IP Address.
This should work.
Bye,
Girish kamath
Wlmet wrote:
>
> I am trying to get my linux computer to ping my Win95 box and vice versa.
I
> know that this is not a hardware issue as the Win95 box is dual boot and
it
> pings using Linux. Does one need to set up Samba to do this?
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
From: John Brashier <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux,comp.os.linux.help
Subject: Re: ITS WORKING!!!! :) * 1000
Date: Thu, 29 Jul 1999 23:14:50 -0700
luke wrote:
> Thanks to all of you that replied! The reason why it didnt work was
> because of the NIC. The tulip driver that is build into the kernel
> doesnt work with my NDC NIC, so I had to download the module from the
> net, and it worked!!
Luke,
I am experiencing the same problems as you were. I also am using the
included tulip driver. Where did you get your driver? I am using the
Netgear FA310TX 10/100 ethernet card
As you can imagine, I am tearing my hair out. If you can tell me the
site,
I would truly appreciate it. The request also goes out to anyone else
who might have that info.
Thanks,
John
------------------------------
From: Mark Bestel <[EMAIL PROTECTED]>
Subject: Re: Services shall only react to one IP
Date: Fri, 30 Jul 1999 16:16:31 +1000
You should probably configure some sort of packet/port filtering with
ipchains (if using a recent kernel). Block all ports on your external link,
but don't forget that if you have mail incoming via smtp, you will have to
allow connections on port 25. It is possible to restrict connections to the
IP addresses of your ISP's mail servers though.
Mark
Frederik Hermans wrote:
> Hello!
>
> Is it possible to force Apache, Samba, Wu-FTPd, sendmail, pop3d and ircd
> to react only to one IP? If so, how? ;-)
>
> My problem: I�m setting up a little Linux-Server for my homenetwork.
> This server shall connect to the internet via ISDN by request. But it
> should not be possible to access the services mentioned before from the
> internet. The server shall just react to its local IP for the services.
>
> I�m sorry for my english ;-)
>
> Thanks in advance,
>
> Freddy
------------------------------
From: Howard Mann <[EMAIL PROTECTED]>
Subject: Re: OOPS! Security Question
Date: Fri, 30 Jul 1999 06:30:33 GMT
Nathan T. Lager wrote:
> Ok, for the past 2-3 months ive been running a linux box connected to a
> 500k cable modem. its a lot of fun for me concidering i am a
> PC-Networking student at the moment. Like i said it was up for about 3
> months and suddenly someone decided to crack into my system (i assume).
> All i know is that suddenly i cant log into my own system, even as root
> from the console! from what i can tell somehow my passwd file got
> deleted. i intend to fix the system and get it back online but for now
> (before i get it back up and vulnerable) id like to find out anything i
> can about how to make it more secure. all i want it to do (for now) is
> serve Telnet, FTP, HTTP, POP3, and SMTP. I run RedHat 5.2 with a Cable
> connection to the 'net and a 5 computer network also connected to this
> system. I would also like to "Eventually" set the linux box as a router
> so that i can route packets from my LAN over the internet but "Hide" the
> LAN behind the Linux Box. Thanx in advance for any help.
A few URL's :
Basic security: http://www.xmission.com/~howardm/security.html
Detailed security : https://www.seifried.org/lasg/
LAN setup/security : http://rlz.ne.mediaone.net/linux
IP Masquerading : http://metalab.unc.edu/LDP/HOWTO/mini/IP-
Masquerade.html
This should get you going :-)
Howard Mann.
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
From: Lindoze 2000 <[EMAIL PROTECTED]>
Subject: Re: Networking Problem
Date: Fri, 30 Jul 1999 02:44:33 -0400
ahhh!
PoonJ wrote:
>
> Dear LinuxUser (Anyone),
>
> Need help...and don't really get this. I just formatted and freshly
> installed RH6 on my system. I have networking enabled for the
> computer. I can ping myself in the loopback...but I can't ping other
> computers on my network. The light on the hub for my connection to it
> keeps blinking.....so for some reason..my computer is pinging the
> hub...what is wrong? why can't I log on and ping the other computers?
> I am using a Kingston 10/100 KNE100TX NIC...but I am using the Tulip
> module. I am thinking this might be a module problem. I also have
> Win98 on the same computer and the NIC works great. But for some
> reason, Linux doesn't like my NIC? Please offer some suggestions.
type
ifconfig eth0 321.234.324.324 up <-----replace with your IP address
if your network driver works then it should be fine.
>
> Also...I have a server computer running Win98 Second Edition that is
> running Internet Sharing Connection for my ADSL connection. Would using
>
> Linux as a client computer work and get access to the net through the
> Win98 server?
your win98 can run a proxy server. how about wingate?
download it from wingate.com
>
> But more importantly...I need my Linux to register on the computer
> =)
>
huh?
you mean you want your linux to be seen on your network neighbourhood
browser?
> Please help. Any suggestions would be appreciated. Thanks!
>
> My E-mail is [EMAIL PROTECTED]
--
########################################################
## ##
## http://www.FusionPlant.com ##
## ##
########################################################
------------------------------
From: Bill Steiner <[EMAIL PROTECTED]>
Subject: Re: Diald / Dial on Demand?
Date: Thu, 29 Jul 1999 23:28:08 -0700
Jonathan:
Diald is an available linux daemon to provide dial on demand service. You
can obtain diald a lot of places. For example, I downloaded a copy from
http://powerlinux.linuxberg.com/software.html.
Bill Steiner
[EMAIL PROTECTED] wrote:
> Hi,
>
> I read through the HowTos and Mini-HowTos, there is one called "Diald"
> and "Dial on Demand", are they refer to the same thing? or what is the
> different of them?
>
> Thanks.
>
> Jonathan
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: James Stafford <[EMAIL PROTECTED]>
Subject: Re: password problems with samba and windows 98 clients
Date: Thu, 29 Jul 1999 23:19:07 -0700
Scott Fleming wrote:
>
> After reading the ENCRYPTION.txt - as suggested, I noticed something
> peculiar:
>
> To generate the smbpasswd file from your /etc/passwd file use the
> following command :-
>
> cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd
>
> I performed this task and found that I do not have a folder
> /samba/private/smbpasswd within my /usr/local directory. Samba is installed,
> but this directory does not exist, and I recieve and error when I attempt to
> perform this action.
>
> Running 5.2RH... Any suggestions?
>
Uh... you might try and go to /usr/local and mkdir the directories that
you need.
jamess
--
"On the side of the software box, in the 'System Requirements' section,
it said 'Requires Windows 95 or better'. So I installed Linux."
-Anonymous
------------------------------
From: Lindoze 2000 <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: root login problem with RH6.0
Date: Fri, 30 Jul 1999 02:29:18 -0400
I had the same problem. removing the /etc/securetty file does work.
now how do you get rid of the root passwd? that is how do I login as
root
and no passwd?
I'm running linux on my own home network so there is no need for any
level of
security.
Matthew wrote:
>
> Hello,
>
> I haven't tried it with RH6, but have you tried removing the
> /etc/securetty file? Just move it to securetty.old or something and then
> try the telnet again. As for security...
>
> Regards,
> Matthew
>
> On Fri, 23 Jul 1999, CNelson wrote:
>
> >Hi,
> >
> >Any body know how to enable root login from a telnet session in RH6.0?
> >
> >Yes, I knew you can add /dev/ttyp? or something similiar to
> >/etc/securetty. It works for most case, likes RH5.2 or other
> >distribution but just not work for RH6.0.
> >
> >Does anybody using RH6.0 and know how to get it?
> >
> >Thanks
> >
> >Nelson
> >
> >
> >
--
########################################################
## ##
## http://www.FusionPlant.com ##
## ##
########################################################
------------------------------
From: Lindoze 2000 <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: root login problem with RH6.0
Date: Fri, 30 Jul 1999 02:30:14 -0400
when I login as a user then su, I noticed that my alias and other
settings
are not there. why? how come it does not work as a regular login?
Gert Jensen wrote:
>
> I have the same problem but I was written that it was a security feature in
> Linux, what I do is to login as a normal use then su... I works!!
> Hope it helps
>
> Gert
>
> Matthew <[EMAIL PROTECTED]> wrote in message
> news:Pine.SOL.3.96.990728211011.768B-100000@sun-cc203...
> > Hello,
> >
> > I haven't tried it with RH6, but have you tried removing the
> > /etc/securetty file? Just move it to securetty.old or something and then
> > try the telnet again. As for security...
> >
> > Regards,
> > Matthew
> >
> >
> > On Fri, 23 Jul 1999, CNelson wrote:
> >
> > >Hi,
> > >
> > >Any body know how to enable root login from a telnet session in RH6.0?
> > >
> > >Yes, I knew you can add /dev/ttyp? or something similiar to
> > >/etc/securetty. It works for most case, likes RH5.2 or other
> > >distribution but just not work for RH6.0.
> > >
> > >Does anybody using RH6.0 and know how to get it?
> > >
> > >Thanks
> > >
> > >Nelson
> > >
> > >
> > >
> >
> >
--
########################################################
## ##
## http://www.FusionPlant.com ##
## ##
########################################################
------------------------------
From: Jeffrey Kok <[EMAIL PROTECTED]>
Subject: Re: DNS
Date: Fri, 30 Jul 1999 14:30:35 +0800
> I have a NT DNS server and a linux server. If I want my linux server to use
> the DNS service of NT, should I add the entry of NT nameserver in the file
> resolv.conf in linux?
yes, definitely
------------------------------
From: Brandon30X <[EMAIL PROTECTED]>
Subject: OT: whats the best circuit sim. for Linux?
Date: Fri, 30 Jul 1999 01:54:32 -0500
Any good circuit simulation programs will work,
preferably with a nice interface.
Thank You, sorry fo being off topic.
~Brandon
------------------------------
From: [EMAIL PROTECTED] (Bob Tennent)
Crossposted-To: redhat.networking.general
Subject: Re: cannot telnet to redhat 6.0 box
Date: 29 Jul 1999 22:45:12 GMT
Reply-To: rdt(a)cs.queensu.ca
On Thu, 29 Jul 1999 14:54:36 -0400, Joey Morris wrote:
>I recently installed Redhat 6.0, and for some reason I cannot telnet to the
>machine. Any attempts to do so are met with:
>
>Trying 152.7.8.26...
>Connected to afc-008-026.rh.ncsu.edu.
>Escape character is '^]'.
>Connection closed by foreign host.
>
>I can ftp to this machine using wu-ftpd with no problems at all, and I can
>telnet out with no problems at all. Can anyone provide some clues about what
>might be wrong?
>
Check out /etc/inetd.conf
Bob T.
------------------------------
From: Josh Miller <[EMAIL PROTECTED]>
Subject: Re: IP Masquerading RH6 ipchains DNS
Date: Fri, 30 Jul 1999 04:10:43 -0400
Though this doesn't answer the question of what's wrong with your ipfw
setup...
you may want to just set up a dns server on the router. Just setting up a
cache'ing only name server is a breeze, nothing to it, and it can save
you a lot of name queries out over whatever connection those boxes
have.... and it'll fix your problem.
-
Josh I.
root wrote:
> I upgraded from RH 5.2 to 6.0, and reconfigured my rc.local to use the
> ipchains instead of the ipfwadm stuff of past. All looks good, even
> configured ppp to do on demand dialing - all works on the linux server
> and private network machines - ping, telnet, ftp, and http, to the
> outside world. (Love it when a plan comes together)
>
> All works that is except DNS queries from the private network systems.
> All are configured with the router being the linux box, and nameserver
> addresses are the same as those set on the linux box (My isp's
> nameservers). From any of those systems a http request for
> http://www.yahoo.com fails (Unable to resolve name), yet
> http://204.71.200.68 displays yahoo's page. This is not true on the
> linux server, which using the same nameserver addresses is able to
> resolve names; therefore I figure my masquerading is blocking/loosing
> the dns queries from the private network, but I don't know why.
>
> Here are the files I changed to setup the masquerading:
> My private network is 192.168.50.x, netmask 255.255.255.0
>
> /etc/rc.d/rc.local
> ...
> ipchains -F
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.50.0/24 -j MASQ
> ...
>
> /etc/sysconfig/network
> ...
> FORWARD_IPV4=yes
> ...
>
> /proc/sys/net/ipv4/ip_dynaddr
> 1
>
> # route
> Kernal IP routing table
> Destination Gateway Genmask Flags Iface
> 192.168.50.16 * 255.255.255.255 UH eth0
> 12.65.164.1 * 255.255.255.255 UH ppp0
> 192.168.50.0 * 255.255.255.0 U eth0
> 127.0.0.0 * 255.0.0.0 U lo
> default 12.65.164.1 0.0.0.0 UG ppp0
>
> --
> Steve Simons "Yea, I can do that"
> [EMAIL PROTECTED]
------------------------------
From: Josh Miller <[EMAIL PROTECTED]>
Subject: Re: How do I have two domain names with just one IP address?
Date: Fri, 30 Jul 1999 04:34:05 -0400
Just have whoever it is that is hosting the DNS for that other domain to
point it to your IP.
As far as reverse lookups (which only really come into play on secure
connections, like downloading netscape with 128bit encryption or using rsh
and stuff) your IP can only resolve to one domain name.
You can point as many names to that IP as you want though.
apache even lets you use all of them, all pointing to the same site, or all
to different pages on your machine on that same ip, or whatever.
It's just a change to one line in a dns config file.
Masa Yamada wrote:
> Hello,
>
> I have a static IP address and a domain name matched with the IP address.
> I am running Linux as a server.
>
> I have another domain name that is hosted by an ISP. I am thinking of
> moving that domain name
> to my Linux machine, so eventually two domain names will use just one IP
> address.
>
> My question is how I will do this. Do I just need to make another set of
> zone files? I mean, do I
> need to make one regular zone file to get the IP address from the domain
> name and one more
> zone file to get the domain name from the IP address?
> Do I need to make any changes to any files?
>
> Thank you in advance,
> Masa
------------------------------
From: [EMAIL PROTECTED] (Mohd H Misnan)
Crossposted-To: comp.os.linux.setup
Subject: Re: 2.2.10, DNS, and module problems
Date: 30 Jul 1999 04:38:19 GMT
On Thu, 29 Jul 1999 12:40:52 GMT, Thomas M. Sasala wrote:
>To all:
>
> I recently upgraded to 2.2.10 from RH6.0
>(2.2.5-??). In the process I compiled the kernel
>with direct support of my two ethernet cards
>instead of using modules. Ever since then
>I have been getting error messages in the syslog
>about can't find module. Something like:
>
>mod_probe: can't locate module lo:0
>mod_probe: can't locate module lo:1
>....
>mod_probe: can't locate module lo:49
This is caused by IP aliasing. I disable this by commenting the ifup-aliases
line inside my /etc/sysconfig/network-script/ifup-post file.
--
|Mohd Hamid Misnan | [EMAIL PROTECTED] / [EMAIL PROTECTED] |
|iMac/233RevB/MacOS 8.6 | [EMAIL PROTECTED] |
|AMDK6-2/300/Linux2.2.10 | http://www.geocities.com/SiliconValley/3319/ |
-"And try not to kill anyone this time." -- Joel Robinson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
