Linux-Networking Digest #101, Volume #12 Wed, 4 Aug 99 00:13:39 EDT
Contents:
Re: X Windows and port forwarding redux (Peter F. Curran)
Re: Firewall won't let me see ISP ("mikes")
Re: SB1000 Cable modem & Redhat 6.0? ("Joe")
Re: dhcpcd, RH/Mandrake 6.0, and @home ("stressed")
Re: PPTP won't authenticate through ipmasq (David L. Vessell)
Traffic Shaping (Todd Owen)
Modem hangup during PPP connect in RedHat 6.0 (Kelly A Sigmon)
ne2000-pci clone is clown ("Gene Heskett")
Re: dhcpcd, RH/Mandrake 6.0, and @home (Stephen Bosch)
Re: DFE-530TX D-Link NIC (Sean McAvoy)
Re: Problem with DE-528CT and RH6.0 (Sean McAvoy)
Re: Can't ping another computer in the lan ("wk woo")
Re: Can anybody tell me what this message means? (ICMP) ("space")
Re: Installed Samba, Lost Netatalk ("Aaron K. Poffenberger")
SATAN ("Ted Hajduk")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Peter F. Curran)
Crossposted-To: comp.windows.x,comp.os.linux.x
Subject: Re: X Windows and port forwarding redux
Date: 3 Aug 1999 13:49:34 GMT
In article <[EMAIL PROTECTED]>,
Eric the Fruitbat <[EMAIL PROTECTED]> writes:
>
>I apologize for posting this again: I got no responses the first time
>and still need a solution, or at least a hint, to this problem.
>Thanks.
>
>
>>I have successfully rigged a Linux masquerading firewall as follows:
>>
>>ipmasqadm autofw -r tcp 6000 7000 -h <address>
>>
>>where <address> is the IP address of an X server within the
>>masqueraded network. The intent is to cause X connections opened on the
>>masquerading computer, which is not running X, to be forwarded to the
>>internal machine, which is.
>>
>>What I'm wondering is if it's possible to add another masqueraded X
>>server to this arrangement so that a remote client can choose which X
>>server on the internal network it wants to use. It would be easy
>>enough to forward another port range (16000 to 17000, say) to the
>>second server, but how does one get an X client to recognize a
>>non-standard port range? Is there another way to do this that I just
>>don't see? Any help is greatly appreciated.
I'm sorry, but I don't know of a _direct_ solution for this
problem. However, if you use "ssh", it by default automatically
forwards X from remote hosts through it's encrypted pipe. It
will thus let you have any desired number of X connections to
any number of machines through a masqueraded wall.
(Plus, ssh is _so_ much more secure than telnet and ftp that you'd
be crazy _not_ to use it.)
--
Peter F Curran
Rensselaer Polytechnic Institute
"If you paid for your operating system, you probably
paid too much for your operating system."
**** USE EMAIL ADDRESS IN ORG LINE TO REPLY ****
------------------------------
From: "mikes" <[EMAIL PROTECTED]>
Subject: Re: Firewall won't let me see ISP
Date: Tue, 3 Aug 1999 21:55:58 -0500
Reply-To: "mikes" <[EMAIL PROTECTED]>
Allen Wong writes:
> Your routing table looks okay, so that's not it. I think that you
I'll take your word for it. I don't know how to read the darn thing :(
>may have a problem with your IP masquerading rules. Rereading your
That or routing came to my mind....
>original post, I noticed that your firewall is not forwarding packets
>from your Win95 and Samba machines to your ISP. Nor is your Samba
>server forwarding packets from your firewall to the Samba server's eth0
>and your Win95 machine (forgive me if this is obvious). Is this what
>you have on your Samba server?
That is correct for the Internet to Win 95 "flow"
>/sbin/ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0/0
close.. I have:
ipchains -A forward -j MASQ 192.168.1.0/24 -d 0.0.0.0/0
>
>And on your firewall, do you have something like
>
>/sbin/ipchains -A forward -j MASQ -s 192.168.32.0/24 -d 0/0
No.. I have a copy of the line above. Perhaps this is my problem? Let me
change the 1 to a 32 and see what happens. BRB...
<connecting to ISP>
OK.. I still have the same ping table, from the Win95 side of things (I
didn't check the SMB or Firewall). Let me try your next solution...
>
>If so, try
>
>/sbin/ipchains -A forward -j MASQ -s 192.168.0.0/16 -d 0/0
>
>on both your firewall and Samba server. Let me know if this works. If
>it doesn't, please lie. ;o)
Well :( That didnt seem to work either. :( :( :(
I even rebooted and tried again. Bummer....
Let's see... What should the Win95 have as a Gateway? I have it set to
192.168.1.254. Is that correct?
I wonder if there is a routing problem within the firewall? It looks like
everything but the firewall is passing data when going from the Win95
machine my ISP.
>From the Server, I can ping the firewall, but not my ISP
>From the firewall though, I can ping everything from the Internet on down,
but eth0 and the win95 machine. I think that is correct for reasons of
security (ipchains are doing their job)
I suspect the firewall isn't set up right. What do you think?
-Mike
------------------------------
From: "Joe" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: SB1000 Cable modem & Redhat 6.0?
Date: Tue, 3 Aug 1999 22:52:32 -0400
I tried executing the shell sb1kinst.sh, after answering questions about my
isp, it looked at my ioports and irqs, and said it updated my isapnp.conf.
It still failed on the sb1000.c, however. When I ran isapnp isapnp.conf , I
got a new failure, didn't know what to do with (check). So I removed the
check from the end of my two ioports 0x0110 0x0310 and it ran successfully.
gic1000/70180004180 surfboard network adapter:ports 0x110 0x310;irq11
enabled ok
Now I believe the problem with sb1000.c, is this patch I need.
sb1000-1.1.2_127.patch
Does anyone know where to get this patch...
Thanks again.
by the way, I still don't see 0x110 or 0x310, nor irq11 assigned when I look
at proc/ioports or interrupts. Shouldn't I see this, I rebooted and all.
The isapnp.conf file is located in directory etc, should I do something
else?
------------------------------
Reply-To: "stressed" <[EMAIL PROTECTED]>
From: "stressed" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.redhat,alt.os.linux.mandrake
Subject: Re: dhcpcd, RH/Mandrake 6.0, and @home
Date: Wed, 04 Aug 1999 03:16:55 GMT
I had freaky results using anything at all to configure for @Home during
boot. This was with RH 5.2 and with 6.0.
If anything I "play" with comes close to a base I/O or tampers with any
resources near a NIC, the NIC init can fail and driver modules and related
parameters get all screwed up. Not to mention timeouts. But then again, I'm
using very old equipment.
I recently added a vortex card (3c59x.o) and I load all of my NIC modules
manually through "/etc/rc.d/rc.local". Nothing gets loaded until the system
comes up "clean". Here's what I have:
##At bottom of /etc/rc.d/rc.local
modprobe 3c59x (loads driver module for 3c590 card)
dhcpcd -h DNHOSTNAME eth0 (configures 3c590 gateway device a la @Home DHCP)
modprobe 3c509 irq=10 (loads module for 3c509 card)
ifconfig eth1 192.168.1.1 netmask 255.255.255.0 up (configures LAN card)
route add -net 192.168.1.0 netmask 255.255.255.0 (adds local network to
route table for v5.2)
Whenever I loaded things this way it was reliable.
When I chose to let the kernel try at boot - it was unreliable at best.
Then, when I tried to undo the "kernel's way", it got crazy. For instance,
if I went to X and started kernel config, then removed "eth" modules, they'd
reappear at next boot. This is because they were still referenced in
"/etc/conf.modules". If the order of the cards wasn't right or the order of
configuration wasn't right - look out. And if initialization failed for say
eth0, then Linux would just move on to configure the next card as eth0,
which should have actually been eth1, see what I mean? The manual way I
listed above seems best for @Home.
Also, I had to get a later dhcpcd for RH 6.0. I was using 0.70 and RH 6.0
needs a later version. I read about a problem where pump and/or dhcpcd
(can't remember which) couldn't get complete IP information from NT DHCP
servers. The manual way above leaves pump out of the picture and dhcpcd does
the trick nicely.
For the record, my "PC" modem light only goes on when the card is actually
active. If dhcpcd fails, the light goes out on the modem and the card's
"dead". With a Windows environment, the light stays on on the modem no
matter what - as long as the TP cable is attached to both the modem and the
computer and the card has power. This can be misleading.
I have a short paper I started to write but never finished awhile back. I
don't know how accurate it really is, but it helped a lot of @Home users get
online with RHL 5.2. It's at
http://members.aol.com/papadorker/cable-home.htm if you want to check it
out.
Hope this helps
[EMAIL PROTECTED]
------------------------------
From: David L. Vessell <[EMAIL PROTECTED]>
Subject: Re: PPTP won't authenticate through ipmasq
Date: Wed, 04 Aug 1999 02:30:36 GMT
John Hardin wrote:
> David L. Vessell wrote in message ...
> >Once I put the NT box back inside the firewall, here's what I'm seeing.
> It
> >seems to find the VPN server okay, and it attempts to authenticate, but
it
> >never does. I don't know why, and the eventual error (which is more
like
> a
> >timeout) just says a session couldn't be established.
>
>
> I use the rasmon status indicator (in the systray) as a debugging tool.
If
> the little telephone lights up, the control channel has been established.
> If the top light blinks, outbound GRE is being sent; if the bottom light
> blinks, inbound GRE is being received. Do you see all of these things
> happening? If the bottom light never blinks, the firewall rules are
> probably blocking the GRE in one or both directions.
Okay, I'll try that....you're right, I'm only transmitting, not receiving.
The only firewall rules I have are the regular "bare minimum" directives
that I see in the ipchains HOW-TO. I don't really have any intelligent
firewall configuration other than what seemed necessary to enable ipmasq.
>
> >The only thing I've read in any of the HOW-TOs that might relate to my
> >problem from a troubleshooting standpoint is that in one place there is
a
> >reference to grepping for masq in the /proc/ksyms file. I don't see the
> >ipfw entries mentioned as being present in a correctly configured PPTP
> >arrangement. If this is an issue, then I don't know how I'm supposed to
> go
> >about fixing it. Did the kernel patch fail? How do I tell? What do I
do
> >about it?
>
> Gordon's PPTP patches don't export any symbols so you can't use this to
> verify his patch.
>
> You might want to visit the VPN Masq home page and try the 2.2.10 patch
> (which is stable beta even though it says it's alpha) - the debugging
code
> is much cleaned up and symbols are exported.
Will I need to upgrade my kernel to 2.2.10 as well, or should it work with
my present 2.2.5 kernel?
>
> >Any assistance on this matter would be appreciated.
>
>
> Posting your firewall ruleset would be the first step. Does the
discussion
> of the firewall rules in the HOWTO make sense? Granted, I haven't updated
> it to reflect ipchains, but the concepts are the same.
Sure. How do I do that? I don't really understand ipchains very well. I
haven't made any attempts to configure my Linux box as a true firewall
beyond what the HOW-TOs claim to be necessary to get ipmasq working. I
figured I want to get one thing working at at time. :-)
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
From: [EMAIL PROTECTED] (Todd Owen)
Subject: Traffic Shaping
Date: Wed, 04 Aug 1999 03:23:13 GMT
I have a 2.2 kernel Linux box set up as a firewall with ip chains and
a 500kbps cable modem on eth1; eth0 is the intranet.
How do I set up traffic shaping so that those viewing CNN as RealVideo
will not use more than 200kbps and/or those downloading from
newsgroups will have to share 100kbps bandwidth? Which will keep
200kbps free for email access and a few Quake 2 games.
--Todd
------------------------------
From: Kelly A Sigmon <[EMAIL PROTECTED]>
Subject: Modem hangup during PPP connect in RedHat 6.0
Date: Tue, 03 Aug 1999 22:37:41 -0400
Hey,
I've recently installed RedHat 6.0 and wanted to setup PPP to connect
with my ISP (AT&T).
I've read the Linux PPP-HOWTO, RedHat's Tips and FAQs, and AT&T's
unofficial support pages (a.k.a. WURD). None of their suggestions seem
to correct my problem.
Basically the modem mysteriously hangs up after the serial connection is
established.
I've tried reducing the baud rate on the port. I know AT&T uses CHAP so,
I've setup the chap-secrets file (using tabs). However it never gets
that far. I've looked at other message logs to see where my system may
differ. The one thing I've noticed is that chat doesn't seem to send
"ppp^M" to the server. It simply sends "^M" (see line 39 below). Sorry
for the long output but, I thought it might help.
Any advice on what I may/may not be doing correctly?
TIA
Kelly
01: ifup-ppp: pppd started for ppp0 on /dev/modem at 115200
02: kernel: CSLIP: code copyright 1989 Regents of the University of
California
03: kernel: PPP: version 2.3.3 (demand dialling)
04: kernel: PPP line discipline registered.
05: kernel: registered device ppp0
06: pppd[826]: pppd 2.3.7 started by root, uid 0
07: chat[831]: abort on (BUSY)
08: chat[831]: abort on (ERROR)
09: chat[831]: abort on (NO CARRIER)
10: chat[831]: abort on (NO DIALTONE)
11: chat[831]: abort on (Invalid Login)
12: chat[831]: abort on (Login incorrect)
13: chat[831]: send (ATZ^M)
14: chat[831]: expect (OK)
15: chat[831]: ATZ^M^M
16: chat[831]: OK
17: chat[831]: -- got it
18: chat[831]: send (ATDT###-####^M)
19: chat[831]: expect (CONNECT)
20: chat[831]: ^M
21: chat[831]: ATDT743-2230^M^M
22: chat[831]: CONNECT
23: chat[831]: -- got it
24: chat[831]: send (^M)
25: chat[831]: expect (on:)
26: chat[831]: 28800/ARQ/V34/LAPM/V42BIS^M
27: chat[831]: ^H^M^M
28: chat[831]: STATION ID - <station id>^M^M
29: chat[831]: ^M^M
30: chat[831]: Welcome ^M^M
31: chat[831]: Please Sign-on:
32: chat[831]: -- got it
33: chat[831]: send (<my id>^M)
34: chat[831]: timeout set to 5 seconds
35: chat[831]: expect (~)
36: chat[831]: <my id>^M
37: chat[831]: ~
38: chat[831]: -- got it
39: chat[831]: send (^M)
40: pppd[826]: Serial connection established.
41: pppd[826]: Using interface ppp0
42: pppd[826]: Connect: ppp0 <--> /dev/modem
43: pppd[826]: Modem hangup
44: pppd[826]: Connection terminated.
45: pppd[826]: Connect time 0.1 minutes.
46: pppd[826]: Exit.
------------------------------
Date: 03 Aug 99 21:23:58 -0500
From: "Gene Heskett" <[EMAIL PROTECTED]>
Subject: ne2000-pci clone is clown
Unrot13 this;
Reply to: <[EMAIL PROTECTED]>
An ADDTRON pci ethernet adaptor has got the best of me I think!
IF I boot a kernel with ne.o in it, it logs in with an advisory that I
really should be useing the PCI-NE2000 driver, sets up an IO address at
0xe800, with the usual irq=5, and it appears to work although I haven't
put it to any speed tests other than pinging.
IF I boot a kernel with no ne.o in it, or available in its
modules/matching.number.etc/net directory, then it doesn't show in the
dmesg output. I have that address set as an option in the
/etc/conf.modules file, which apparently doesn't work, and when I
attempt a 'modprobe ne2k-pci', it returns a message squawking about the
IO address.
The ne2k-pci.c was obtained from the nasa site where Donald Becker has
all that posted, says its v1.00f, and carries a date of just a few
weeks back. I had to remove a var from the device array statement near
line 141, as its repeated at about line 352 or so, but with the extra
var, and that errored out the compiler.
I just restored the version from the 2.2.10.tar, but that also gives
the same error when trying to bring eth0 up. Thats v0.99L.
Next, I'm going to put that one in the kernel. And in the kernel it
works. Or at least ifconfig says its running ok. At IO=0xe800!
And from here, a ping -f lights it up steady, and 1500 packets later a
control c says there were no dropped packets. I guess I'll run it that
way.
Cheers, Gene
--
Gene Heskett, CET, UHK |Amiga A2k Zeus040 50 megs fast/2 megs chip
Ch. Eng. @ WDTV-5 |A2091,GuruRom,1g Seagate,CDROM,Multiface III
|Buddha + 4 gig WDC drive, 525 meg tape
|Stylus Pro, EnPrint, Picasso-II, 17" vga
RC5-Moo! 690kkeys/sec isn't much, but it all helps
email gene underscore heskett at iolinc dot net
--
------------------------------
From: Stephen Bosch <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.redhat,alt.os.linux.mandrake
Subject: Re: dhcpcd, RH/Mandrake 6.0, and @home
Date: Wed, 04 Aug 1999 02:40:43 GMT
haze wrote:
> is your nic in pnp mode if so i believe you can get a utility to turn it off
> from 3com
This card is a PCI card =( the card works, as I said. Linux reports the
configuration correctly after an ifconfig, and my card starts, too (the PC light
is on on the cable modem).
Somebody mentioned (in relation to another thread) that the system might be
trying to call pump when it should be calling dhcpcd for dhcp client services.
Could that be the problem? Why won't my static IP work, then?
I must be missing something here. HELP!
Thanks,
Stephen
PS: Remove my spamshield to reply =)
------------------------------
Date: Wed, 04 Aug 1999 03:33:25 +0000
From: Sean McAvoy <[EMAIL PROTECTED]>
Subject: Re: DFE-530TX D-Link NIC
the 530tx should use the tulip Driver included in RH6.0
try loading that module up... should do it
Tom wrote:
> Hey, anyone know how I can get this PCI card to work in RedHat Linux 6.0?
> I've managed to gather that it needs a Rhine driver of some sort, and even
> managed to download the source code for it, but I don't seem to have gcc
> installed to compile the driver. Even then, I'm not sure what to do with it.
> Thanks...
>
> Just another Windows expert trying to learn a superior OS.....
------------------------------
Date: Wed, 04 Aug 1999 03:38:20 +0000
From: Sean McAvoy <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,comp.os.linux.hardware,linux.redhat.install
Subject: Re: Problem with DE-528CT and RH6.0
The 528 uses the RealTEK 8029 chipset... very generic..
try looking in /proc/pci to see the IRQ/PORT info and then
load ne2k-pci with those values. It will work under Linux, I have setup
a few under Linux... I didn't have any problems though :)
Terrance wrote:
> Just installed RH6.0. I have a D-Link DE-528CT PCI ethernet card that
> gets
> detected as a ne2k-pci clone during the installation, but the ne2k
> driver
> fails to initialize the DE-528CT card during boot. Does anyone have a
> solution to this?
>
> Please reply to "tlockett at ti dot com".
------------------------------
From: "wk woo" <[EMAIL PROTECTED]>
Subject: Re: Can't ping another computer in the lan
Date: Wed, 4 Aug 1999 10:01:34 +0800
ok, how about:
1. try to ping your boxes in ip address 1st.
eg. from your linuxbox do this: $ping 192.168.0.1
from your winbox do this: c:\ping 192.168.0.2
if you can ping each other, then your linuxbox's /etc/hosts and
winbox's c:\windows\hosts are not configured correctly.
else pls check:
. your hardware
. have you configured your nic correctly?
hope it helps. cheers
woo wai kee
hitechniaga sdn bhd
[EMAIL PROTECTED] wrote in message ...
>On Tue, 3 Aug 1999 08:10:38 -0400, Mike Kokinda <[EMAIL PROTECTED]> wrote:
>:Can you ping the individual machines from themselves? By IP address? By
>:localhost?
>:
>:Start with the machine(s) itself then move to the network.
>:
>:Mike Kokinda
>:
>:
>
>I can ping myself though ethernet card's interface on bith machines,
>both of them can ping localhost.
>
>--
>|====================================|
>|=> op_nemon <==> [EMAIL PROTECTED] <=|
>|====================================|
------------------------------
From: "space" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux.slackware,comp.unix.admin,comp.unix.misc
Subject: Re: Can anybody tell me what this message means? (ICMP)
Date: Tue, 3 Aug 1999 19:28:17 -0700
> >Dmitrij
>
>
> "A war for master browsing"??? You guy's almost talk a foreign
> language to me, but this seems to be on the right track Dmitrij. The
> network I'm on is an NT domain, and I either boot linux or NT with the
> same ip address and network config.
>
> I only get these wierd messages in a linux console (but not in an X
> terminal for some reason).
>
> The NT domain I'm in has about 300 workstations in a tightly
> administered environment, so it seems unlikely that any kind of
> hacking will be going on, and more likely that something odd and
> microsofty may will be going on - dunno what though. I can't resolve
> any info on the machine in question with MS tools like nbtstat, are
> there any methods I could try from linux?
>
> Nobody has actually said what the message _means_ but thanks for your
> thoughts anyway fellas.
>
> Harry
(ICMP) is part of the tcp/ip protocol that works on the network layer of the
osi stack,
it uses <Source Quenching>: the host request that the sender stops sending
until advised to send again.
Router redirects: this is send by a router to host that is asking for the
routing services, or asking for the shortest path to the destination host
Host unreachable: you know what that is
Echo request/echo reply: is sent win you ping an ip address,
first it echoes the host, host replies with echo reply etc.
if the linux pc is configured the same as the nt pc ( same ip address)
the arp cache table on the router and pc that last connected to the op
will see that the nt pc has ip address for x.x.x.x and linuz x.x.x.x but the
netbios cache will be different, since linuz Doesn't use netbios but instead
dns names --- you get the pitcure. if the linuz box is also setup to with
rip it could give you messages in that format,
Space
mcs...................etc
------------------------------
From: "Aaron K. Poffenberger" <[EMAIL PROTECTED]>
Subject: Re: Installed Samba, Lost Netatalk
Date: Tue, 3 Aug 1999 11:02:11 -0500
Reply-To: <[EMAIL PROTECTED]>
Well, I figured it out. I mis-understood some instructions in the
Faq-O-Matic and accidentally gave my Netatalk server the same name and IP as
the Mac (I thought I was explicitly authorizing the Mac host ;-). Works
great, now!
--Aaron
------------------------------
From: "Ted Hajduk" <[EMAIL PROTECTED]>
Subject: SATAN
Date: Tue, 3 Aug 1999 21:40:45 -0500
Gentlepeople,
Has anyone had any experience with running SATAN under Linux. I don't want
to bore the group with step by step details of the installation - suffice it
to say thet I've done all the research I can find.
When I start satan I get the message that "satan is starting up" and then it
never comes back.
Any ideas? Should I post more details?
Thanks in advance for your time.
Regards
Ted
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
