Linux-Networking Digest #83, Volume #12 Mon, 2 Aug 99 03:13:57 EDT
Contents:
Re: Does IPCHAINS forward IPX by default? (Paul Rusty Russell)
Re: ipchains in script will not execute (Paul Rusty Russell)
wu-ftpd and mac fetch (brian)
qmail not bouncing bad messages?? ("Dave Wasilka")
Re: S.O.S. Still having problems with modem speed ([EMAIL PROTECTED])
Re: Newbie - ipchains question? (ioleann)
Re: Solaris + Linux + NFS (Vincent Fox)
Re: Modem doesn't do anything (James Niemasik)
Re: Playing network AOE through masq box ("gonZo theGreaT")
Re: Why is the PPP server so slow? ("Andrew Taylor")
Re: NE2000 and kernel 2.2.8 (Aamer Nazir)
DNS or mailer problem (Christopher Chew)
Networking questions... ("Jethro")
Callback and dail-in, PPPD options file? ("THAMIN Pascal")
Help me with PPP ([EMAIL PROTECTED])
gateway routing being lost (Peter Bailey)
Re: Masq works. VPN Doesn't. HELP! ("Andrey Smirnov")
[?] changing file permissions????
----------------------------------------------------------------------------
Subject: Re: Does IPCHAINS forward IPX by default?
From: Paul Rusty Russell <[EMAIL PROTECTED]>
Date: 02 Aug 1999 00:45:45 +0930
"Charles Leeds" <[EMAIL PROTECTED]> writes:
> I have set up an IPCHAINS firewall on Linux (RedHat 6.0). By default will
> IPX be bridged/forwarded from one NIC to the other, or will it not be
> forwarded to the other subnet?
IPCHAINS only deals with IP. IPX is another problem altogether. See
the IPX HOWTO.
Rusty.
--
Hacking time.
------------------------------
Subject: Re: ipchains in script will not execute
From: Paul Rusty Russell <[EMAIL PROTECTED]>
Date: 02 Aug 1999 00:51:25 +0930
marty <[EMAIL PROTECTED]> writes:
> Hiya all, :-)
>
> I have a firewall set up for my office. I start off with:
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output DENY
> /sbin/ipchains -P forward DENY
>
> Then start allowing only those things that I wish the internal
> network to see or access. This takes approximately 100 ipchain
> commands to execute. If I enter these commands by hand
> they all work, but if I put them in any sort of script file, I get a
> whole bunch of errors and statements to use ipchains -h or
> ipchains --help for more info.
No idea. Enter them manually, then use `ipchains-save > /etc/fwrules'
to save them to /etc/fwrules. Use `ipchains-restore < /etc/fwrules'
in your script.
You can get ipchains-save and ipchains-restore if you don't have them
from the ipchains site: http://www.rustcorp.com/linux/ipchains.
Rusty.
--
Hacking time.
------------------------------
From: [EMAIL PROTECTED] (brian)
Crossposted-To: comp.sys.mac.comm
Subject: wu-ftpd and mac fetch
Date: Sun, 01 Aug 1999 23:18:00 -0500
Hey all,
I've been having a hard time with ftp from a friend's linux box. He's
running wu-ftpd 2.5.0. All my mac ftp clients (fetch, anarchie, websynch,
mirror) time out while doing a ls from his box. This doesn't happen all
the time. Sometimes the directory will complete, other times all the
filenames appear, but the ftp client keeps waiting for something, until it
times out or I abort it. All my directories on his box have read and
execute permissions. My isp's running wuftpd 2.4.2 18 and my clients work
just fine on their server, so it must be something in my friend's setup,
right? Any ideas where to start looking? TIA
Brian
--
(remove SPAM from my address to reply by e-mail)
------------------------------
From: "Dave Wasilka" <[EMAIL PROTECTED]>
Subject: qmail not bouncing bad messages??
Date: Mon, 02 Aug 1999 04:47:22 GMT
I setup qmail but when a bad message is sent ex: [EMAIL PROTECTED] if the
user noone doesnt exist it sends the message to my aliased user account..
and the logs have nothing about the no such user, or bounced message.. In
essence nothing is being bounced.. It does the same thing regardless if it
comes from the internal machine or elsewhere on the net.. Any ideas?
PS.. i read through the howtos and the docs that came with qmail.. still
lost.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: S.O.S. Still having problems with modem speed
Date: Mon, 02 Aug 1999 04:30:51 GMT
Bruce,
Thanks for the tip! I tried it, but it didn't cure my problem. I'm
still seeing the "stall" in transmition and when it does move it does
so at a relatively slow rate. From reading the How-To's it has the
flavor of a problem with the interrupts, but when I check the settings
everything looks ok. I've looked at bye-passing the problem entirely
by using cable or DSL, but my area has yet to receive service. In any
case thanks for help.
John
In article <[EMAIL PROTECTED]>,
Bruce Linton <[EMAIL PROTECTED]> wrote:
> John,
>
> I had a similar problem, although with a 3com 56k modem where
Icouldn't get
> the transfer rate above 1k. Downloads were painful. Although my ppp-on
> startup script specified the modem speed at 115,200, I was only
connectong
> at 9,600 baud. My solution was to add a line with 115200 in my
> /etc/ppp/options file. I also fixed the mtu and mru to 576 from an
earlier
> suggestion I had read, but what made the difference was adding
115200. My
> /etc/ppp/options file is:
>
> lock
> 115200
> mtu 576
> mru 576
>
> Good luck,
> Bruce
>
> [EMAIL PROTECTED] wrote:
>
> > I am having severe problems with the transfer rate over my modem. I
> > realize that this problem has been discussed in depth in this forum,
> > and I have attempted to employ many of the remedies suggested over
the
> > past month or so, but so far I have had no luck.
> >
> > I am running RH6.0 with a Blaster 56k external modem connected to
the
> > first serial port. The second serial port had been the internal
modem;
> > which I have since removed, and thus at present I have no second
serial
> > port. As recommended here, I have run the program (setserial) and
> > determined that the IO address and interrupt for ttyS0 are 0x3f8 and
> > 4. This is the same as they are under Windows 98, and I've been
unable
> > to identify any device that could be causing interference on irq
4. I
> > used the program (pnpdump) which stated that there are no p and p
> > devices present. I also ran the program (irqtune) to place irq 4's
> > priority at the top of the list.
> >
> > I really need a remote xwindow to view some graphics, which turned
out
> > to be so slow that I would time out over the simplest graph. I've
run
> > downloads on Netscape to check the transfer rate which turned out
to
> > be 200~300 bytes/sec (occasionally I would see it reach 2k~3k, but
> > rarely) . What is even worse is that most of the time the program
> > reports "stalled" during the transfer. The same modem on the same
> > serial port using the same ISP under Windows 98 runs fine. I've
spent
> > a lot of time on this problem and I need to get it solved. I would
> > very greatly appreciate any help that you can give me.
> >
> > Again thanks for any help,
> > John
> >
> > Sent via Deja.com http://www.deja.com/
> > Share what you know. Learn what you don't.
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (ioleann)
Subject: Re: Newbie - ipchains question?
Date: Mon, 02 Aug 1999 04:22:43 GMT
Hi there,
i had a *very* similar problem a fewdays ago and after i completely
lost patience and was about to throw the box out of the window i saw
the light :
http://rlz.ne.mediaone.net/linux/
Robert has done it all for us guys, plus it works.
have fun
ioleann
On Sun, 01 Aug 1999 19:00:02 GMT, [EMAIL PROTECTED] (ST) wrote:
>I just installed RH 6.0 on my system and before I connect to the big bad
>internet I want to make sure nobody can mess with system. So, I finally
>figured out that I have to set up ipchains to block certain connections,
>etc. I have a couple of questions:
>
>- Is there a list of setting already written that blocks just about
>everything from coming in? I am basically just going to use the
>connection to surf.
>
>- In trying to make sure that the rules get set every time I know I need
>to use a script like the one in the ipchains HOWTO, but I don't
>understand how to "Make sure this is run early in the bootup procedure.
>In my case (RH 6.0), I make a symbolic link called
>`S39packetfilter' in the `/etc/rcS.d' directory (this will be run before
>S40network)." Help???
>
>Any help would be appreciated,
>
>st
------------------------------
From: [EMAIL PROTECTED] (Vincent Fox)
Subject: Re: Solaris + Linux + NFS
Date: 2 Aug 1999 04:57:37 GMT
In <[EMAIL PROTECTED]> Peter Camenzind <[EMAIL PROTECTED]> writes:
>What kind of error are you getting? I am trying to mount a linux
>box from a Solaris 2.6 box and the linux box always returns
>"permission denied" to the mount request.
You *both* need to be more specific in future.
Despite that, it sounds like you have a different problem than
the original poster. What you are likely seeing is that Redhat 6.0
has a broken knfsd that tries to do NFSv3 but doesn't do it right.
Solaris tries to work with it, but doesn't handle the problem.
At any rate, the short-term fix I found was to disable the NFSv3 by
modifying the startup scripts from simply
rpc.mountd
to
rpc.mount --no-nfs-version 3
This is a short-term workaround until knfs is fixed.
--
"Who needs horror movies when we have Microsoft"?
-- Christine Comaford, PC Week, 27/9/95
------------------------------
Date: Sun, 01 Aug 1999 22:21:07 -0700
From: James Niemasik <[EMAIL PROTECTED]>
Subject: Re: Modem doesn't do anything
Well actually I managed to get the dialing working today, so I can dial out in minicom,
although I can't get ppp working and when it says "welcome to best internet moutnain
view" etc
in minicom it's VERY slow. The modem is a PC56RVP. Anyway, I'm going on vacation in a
few
days, and when I get back we're moving, and then hopefully getting a dsl line etc, so
I'm
going to wait until I get my dsl line and then set that up (because I heard that
pacbell's
modem works in linux).
Abdullah Ramazanoglu wrote:
> James Niemasik wrote:
> >
> > I found it in the database! strange that I didn't before, maybe I mistyped it...
>anyways
> > it says "OK".
> > That's good news. Knowing that it should work now, any suggestions?
>
> This is getting interesting. I also have bought an "OK" modem which
> doesn't get recognized by BIOS. I have returned it as defective and now
> waiting for new party arrive to my local store to replace it. Though I
> didn't try it on windows (don't have one). Is there any chance that
> yours is Apache ISA A56SP-R ? If yes, it is a little bit too much for a
> coincidence...
>
> You said that linux detects onboard UARTs. So serial driver support
> included in kernel.
> To begin with, your modem is recognized by BIOS, before linux booted up.
> Is this correct? If yes, it is still more interesting. Linux kernel has
> just got to detect it. No way. If no, then either winmodem database is
> in error, or your modem is not a standard 16550 and thus some other
> kernel parameters (regarding serial driver) should be tweaked, or there
> are some special software or procedures to make it work. The best person
> for these information is the one who has reported that modem as "OK".
> You can find him/her address at the database also.
>
> For instance, there are modems with RAM based (vs. ROM) firmware. Which
> means that the firmware should be loaded into modem before it can work.
> Though the modem is hardware based, and though the software to load the
> firmware can't be called "driver", there still is a need for assistant
> software to make such a modem work.
>
> I am near the end of my guesses. I think the best way is to contact the
> person who reported it as "OK".
>
> Good luck, (pls. feedback if yours is Apache/ISA A56SP-R series)
>
> --
> Abdullah Ramazanoglu [ aramazanoglu AT demirbank DOT com DOT tr ]
--
* James Niemasik
* [EMAIL PROTECTED]
* ICQ: 7490296 AIM: njamie
* http://welcome.to/jamesbeam
------------------------------
From: "gonZo theGreaT" <[EMAIL PROTECTED]>
Subject: Re: Playing network AOE through masq box
Date: Sun, 01 Aug 1999 15:01:05 GMT
Juergen Pabel <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> hi everyone,
> i am having problems setting up a RH6.0 (2.2.5) masq'ing box that
> will allow for a windows box on the inside to play age of empire
> over the internet.
>
> i have tried to allow ports to be open/masq'ed using ipchains
> but that doesn't do it. i have searched and found numerous
> references to 'ipportfw'. A tool supposed to do 'port forwarding'.
> i figured if i'd do that then that should work, but i have not
> found this magic tool...
>
> is this the right tool or is there anything else i could do to
> achieve this (ip_masq_aoe module maybe?). please let me know. i
> am desperate and clueless...
>
> thanx for all your help
> jp
>
> please post and reply to me!!
Think you're looking for IPMASQADM
You should fin this at
http://juanjox.linuxhq.com/
To see how to configure take a look at the mini-HOWTOs for IP-Masquerading
at http://gd.tuwien.ac.at/opsys/linux/LDP/HOWTO/mini/
but I don't know exactly which of the HOWTOs is right !
Hope it Helps !
Gonzo
------------------------------
From: "Andrew Taylor" <[EMAIL PROTECTED]>
Subject: Re: Why is the PPP server so slow?
Date: Sun, 1 Aug 1999 16:30:47 +0100
The linux box is having problems with the reverse lookups. I've never used
DHCP I've always assigned each PC and individual IP address then listed all
the IP's and names in the hosts file. Maybe someone could expand on how it
would work in a DHCP environment.
Andy
[EMAIL PROTECTED] wrote in message <7o1nhg$v9k$[EMAIL PROTECTED]>...
>In article <[EMAIL PROTECTED]>,
> Zoltan Pittner <[EMAIL PROTECTED]> wrote:
>> Hi.
>>
>> I'm trying to use the Red Hat 6 as internet gateway in a corporate
>> enviroment. I don't have internet connection just yet, but the server
>is
>> set up, ready to go. In the server I have two network cards (100Mbs)
>one
>> is connected to the internal betwork, the other one will be connected
>to
>> the ADSL (2.5Mbs) router (perhaps tomorrow). The computers on the
>> network are configured (through an NT DHCP server) to have the default
>> gateway pointing to the internal network card in the Linux machine.
>> Whenever I try to telnet from a workstation to the Linux I have to
>wait
>> 3-5 minutes while it is connecting properly. Same with the FTP and
>POP3
>> servers.
>> the Linux originally was set up to use as default gateway it's own
>> (internal) IP, but I took that out, hoping that the whole thing will
>> speed up a little bit.
>>
>> Any idea what's going on?
>>
>> thanks, Zoltan
>
>I had a similar problem, but without the dual interface or gateway.
>It turned out that DNS running on the Linux box was confusing the
>clients. I solved the problem by disabling DNS since it was not really
>needed. Clients could connect instantly if I used the IP address instead
>of the host name.
>
>Hope this helps.
>
>Cheers!
>Syd.
>
>
>Sent via Deja.com http://www.deja.com/
>Share what you know. Learn what you don't.
------------------------------
From: Aamer Nazir <[EMAIL PROTECTED]>
Subject: Re: NE2000 and kernel 2.2.8
Date: Mon, 02 Aug 1999 05:52:24 GMT
Reply-To: [EMAIL PROTECTED]
Thanks for the reply(and sorry for the delay). I even tried that. But
when I look at the dmesg file I can't even see the message that the
detection process failed or anything of that sort. The card actually is
not a pci card but goes into an isa slot. But I guess I should get at
least some message that the card was not detected. Any help would be
appreciated.
Thanks in advance,
Aamer.
In article <7nmvjs$63k$[EMAIL PROTECTED]>,
rdt(a)cs.queensu.ca wrote:
> On Wed, 28 Jul 1999 04:49:05 -0800, Aamer Nazir wrote:
> >
> >I just upgraded from kernel 2.0 to 2.2.8 in RH 5.2 and
> >suddenly the system doesn't detect my card anymore. My card
> >was using NE2000 drivers and was running perfectly fine
> >using irq 3 and i/o 0x300.
> >
> >Now I can't see any ne2000 driver(after upgrading), but the
> >only thing I see is ne(missing 2000). Is it the same
> >driver ? If it is then why is it having problems detecting
> >the card ?
> >
> Try adding the following to /etc/conf.modules:
>
> alias eth0 ne2k-pci.o
>
> Bob T.
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Christopher Chew <[EMAIL PROTECTED]>
Subject: DNS or mailer problem
Date: 2 Aug 1999 05:49:14 GMT
I am presently hosting a primary DNS for a very small network. However, after
setting up the MX records and sendmail, I get the following error when I mail.
>From [EMAIL PROTECTED] Mon Aug 2 13:40:30 1999
Date: Mon, 2 Aug 1999 13:38:21 +0800
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Returned mail: Local configuration error
The original message was received at Mon, 2 Aug 1999 13:38:21 +0800
from [EMAIL PROTECTED] [202.42.136.9]
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
----- Transcript of session follows -----
554 MX list for silvermoon.com.sg. points back to postman.silvermoon.com.sg
554 <[EMAIL PROTECTED]>... Local configuration error
[ Part 2: "Delivery Status" ]
Reporting-MTA: dns; postman.silvermoon.com.sg
Received-From-MTA: DNS; betelgeuse.silvermoon.com.sg
Arrival-Date: Mon, 2 Aug 1999 13:38:21 +0800
Final-Recipient: RFC822; [EMAIL PROTECTED]
Action: failed
Status: 5.5.0
Remote-MTA: DNS; silvermoon.com.sg
Last-Attempt-Date: Mon, 2 Aug 1999 13:38:21 +0800
[ Part 3: "Included Message" ]
Date: Mon, 2 Aug 1999 13:36:44 +0800 (SGT)
From: Christopher Chew <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: mail test mail test
Testing testing
=============================================================================
This problem occurs when I mail to silvermoon.com.sg but if I mail to a
specific host, it's okay. I have appended cut version of my dns record below.
@ IN SOA ns.silvermoon.com.sg.
smurfie.betelgeuse.silvermoon.com.sg. (
19990802008 ; Serial YYYYMMDDI
8H ; Refresh
2H ; Retry
1W ; Expire
1D) ; Minimum TTL
NS ns.silvermoon.com.sg.
postman A 202.42.136.7
silvermoon.com.sg. A 202.42.136.2
MX 10 postman.silvermoon.com.sg.
If anyone could help me out, please point out my mistakes and mail me at
[EMAIL PROTECTED]
------------------------------
From: "Jethro" <[EMAIL PROTECTED]>
Subject: Networking questions...
Date: Mon, 2 Aug 1999 00:14:12 -0400
I have two linux boxes (Red Hat 6.0, kernel 2.2.5-15). I have Ethernet
cards in both. I was able to ping both machines, and telnet to each other
no problem. On one box I have a modem, and wanted to ipchain it so that the
other box could use the ppp0 connection. Played with the ipchain stuff,
could not get it to work, and now I can not ping either one of the machines.
I have even reformatted/reloaded both machines, still can not ping either
machine.
On the machine with the IP address 192.168.0.2 with no modem, typing route
gives me the standard 128.0.0.0 lo but it has also added 192.168.0.2,
genmask 255.255.255.255, and 192.168.0.0,genmask 255.255.255.0. I can delete
the .0.2 entry, but when I try to delete the .0.0 entry, it say process doe
not exist ("No such process") I did not add any of these entries, they were
all put there by the installation. The other machine 192.168.0.1, with the
modem, has the same thing. The hosts file on both machines have entry for
the other machine. Networks file is empty.
WHAT HAVE I DONE!!!! :) Can someone please help me to understand why
one machine can not see the other, no ping, no telnet, nothing! I have read
the HOWTO's, read the Using LINUX by Que, but not sure what I need to do to
get them to talk again.
Second question is: With the kernel that I have(2.2.5-15), do I need to
rebuild my kernel to get the MASQ. to work properly?
Thank you for any responses and any help!!
Jared James
Student-Electrical Eng
Univ. of North Carolina, Charlotte
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: "THAMIN Pascal" <[EMAIL PROTECTED]>
Subject: Callback and dail-in, PPPD options file?
Date: Mon, 2 Aug 1999 10:34:59 +0200
Hello,
I use callback from icce on linux, and I want that it is possible to connect
from win95 with callback (with DUN) or with simple dial-in, but the problem
is the options file for PPPD which is common to the two connecting ways so
some options like "auth login -chap +pap" go right for the dial-in mode but
go wrong with the callback mode.
Have you got an idea?
Thank you
Anthony Neveu -- Sopra France
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Help me with PPP
Date: Mon, 02 Aug 1999 06:16:24 GMT
I followed the procedure in PPP-HOWTO to set up the PPP connection
manually on my RH6.0 with 56K modem. I dialed in with Minicom1.82,
logged in by typing my usernam/password. At the prompt on the server
side, I typed the command "ppp" and saw garbage characters. Pressed
Control-A, Q to quit Minicom without resetting the modem. Typed the
command
pppd -d -detach /dev/ttyS1 38400 &
and saw the following message in the window and got disconnected
immediately. I can dial in when I reboot into WindowsNT and so I
rechecked the dial-in properties for Windows: not enable software
compression, not enable PPP LCP extensions, everything (including the
default gateway) is from the DHCP server, accept any authentication
including clear text. In the modem configuration, hardware flow-control,
modem error control and modem compression are all enabled. I don't think
we use CHAP or PAP. Thanks a lot for help.
Yong
Email:[EMAIL PROTECTED]
********* Screen Dump **************
bash# pppd -d -detach /dev/ttyS1 38400 &
[1] 776
bash# Using interface ppp0
Connect: ppp0 <--> /dev/ttyS1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x237107c5> <pcomp>
<accomp>]
rcvd [proto=0x3d] c0 00 00 00
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x237107c5> <pcomp>
<accomp>]
rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x1cf2989a>
<pcomp> <accomp> < 11 04 05 dc> < 12 02> < 13 09 03 00 80 2d 07 89 03>]
sent [LCP ConfRej id=0x1 <auth pap> < 11 04 05 dc> < 12 02> < 13 09 03
00 80 2d 07 89 03>]
rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <auth pap> <magic 0x1cf2989a>
<pcomp> <accomp>]
sent [LCP ConfRej id=0x2 <auth pap>]
rcvd [LCP ConfReq id=0x3 <asyncmap 0x0> <auth pap> <magic 0x1cf2989a>
<pcomp> <accomp>]
sent [LCP ConfRej id=0x3 <auth pap>]
rcvd [LCP ConfReq id=0x4 <asyncmap 0x0> <auth pap> <magic 0x1cf2989a>
<pcomp> <accomp>]
sent [LCP ConfRej id=0x4 <auth pap>]
rcvd [LCP ConfReq id=0x5 <asyncmap 0x0> <auth pap> <magic 0x1cf2989a>
<pcomp> <accomp>]
sent [LCP ConfRej id=0x5 <auth pap>]
rcvd [LCP ConfReq id=0x6 <asyncmap 0x0> <auth pap> <magic 0x1cf2989a>
<pcomp> <accomp>]
sent [LCP ConfRej id=0x6 <auth pap>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x237107c5> <pcomp>
<accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x237107c5> <pcomp>
<accomp>]
Modem hangup
Connection terminated.
Connect time 0.1 minutes.
[1]+ Done pppd -d -detach /dev/ttyS1 3
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Mon, 02 Aug 1999 15:36:32 +1000
From: Peter Bailey <[EMAIL PROTECTED]>
Subject: gateway routing being lost
Hi, I've recently installed RedHat 6.0, and am
running the 2.2.10 kernel on a dual processor
PIII, with an Intel EtherExpressPro 10/100 network
card. The machine is located within a subnet of
our campus domain. It isn't running any special routing
or gateway daemons. From time to time, I've encountered
strange or downright weird behaviour with the networking.
The symptoms are this:
- Intermittently, network access to the machine from
outside its subnet is broken. I can't ping or get
to it by traceroute from outside the subnet. The
traceroute information indicates that it gets to
the last hop before the machine itself (the gateway
machine).
- I can reach other machines on the subnet, from outside.
- From within the subnet, it can be reached by ping and
traceroute.
- From the machine itself, it's possible to reach other
hosts on the subnet, but not to get outside the subnet.
- After a period of time (usually of the order of 5-30
minutes), the problem disappears and I can reach the
machine again. This happens without any intervention
on my part. (I don't shutdown/startup networking or
interfaces.)
- If detected, then logging in to the machine from another
computer within the subnet often seems to cause the
external access to reappear; again without any other action
on my part.
We considered that it might be a hardware problem,
but we tried changing everything barring the subnet
switch and the ethernet card of the machine. The
problem still recurred. (Of course, it could still
be the ethernet card, but it seems unlikely given
that internal subnet traffic seems fine.)
The output of ifconfig and route are both sane
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
150.203.20.73 * 255.255.255.255 UH 0 0 0
eth0
150.203.20.0 * 255.255.255.0 U 0 0 0
eth0
127.0.0.0 * 255.0.0.0 U 0 0 0
lo
default csithub.anu.edu 0.0.0.0 UG 0 0 0
eth0
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:90:27:58:90:87
inet addr:150.203.20.73 Bcast:150.203.20.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:951481 errors:0 dropped:0 overruns:0 frame:0
TX packets:715671 errors:0 dropped:0 overruns:0 carrier:0
collisions:450 txqueuelen:100
Interrupt:18 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:1072859 errors:0 dropped:0 overruns:0 frame:0
TX packets:1072859 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
It sounds like it might be either an ARP problem or
a problem with the gateway. The last time it happened,
once I logged in to the machine from another on the
subnet, external access through the gateway had reappeared
by the time I was able to do arp -a.
Has anyone encountered anything like this before?
Many thanks,
Peter
--
Peter Bailey
ACSys CRC, Dept. Computer Science, ANU
Canberra ACT 0200 Australia
ph: +61 2 6249 3460
------------------------------
From: "Andrey Smirnov" <[EMAIL PROTECTED]>
Subject: Re: Masq works. VPN Doesn't. HELP!
Date: Sun, 1 Aug 1999 23:52:26 -0700
Are you trying to use PPTP from within masqueraded network?
Jeff Kenward <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I'm using the 2.2.5 kernel.
> I have patched it with the 2.2 patch found on the VPN howto.
>
>
> I'm masquerading correctly but I'm still not getting vpn traffic through
> my linux box.
>
> 192.168...
> NT Box --> linux box --> internet --> vpn
>
> I'm using the following ipchains:
>
> ipchains -P foward deny
> ipchains -A forward -s 192.168.1.0/24 -j MASQ
>
> Do I need more ipchain commands? Another patch? I'm stuck.
>
> Thanks for any help.
>
> -Jeff
>
> p.s. Take the 'nospam' off my e-mail to respond.
>
> [EMAIL PROTECTED]
>
------------------------------
From: <[EMAIL PROTECTED]>
Subject: [?] changing file permissions????
Date: Sat, 31 Jul 1999 17:56:46 -0700
Can anyone show me how to use the "chmod" command to change file
permissions??????
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
