Linux-Networking Digest #106, Volume #12 Wed, 4 Aug 99 11:13:44 EDT
Contents:
TCP Data Loss? (Paul Chien)
Re: newbie dns and telnet ("Zaphod Beeblebrox")
Re: Dial-On Demand with RH 5.2? (Tom Poindexter)
Re: Can't telnet myself (Florian Lorenzen)
Re: Zoomtown ADSL & linux ([EMAIL PROTECTED])
Re: D-Link DFE-530TX multiple cards (Jose Santiago)
Re: My server won't wake up! (Marc)
Re: Transparent Proxy ([EMAIL PROTECTED])
Re: "illegal port command" error when ftping over a linux router ("Mark Hodges")
Re: NFS Problem ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Paul Chien <[EMAIL PROTECTED]>
Subject: TCP Data Loss?
Date: Wed, 04 Aug 1999 14:49:54 +0200
Hi,
I have encountered some data loss while toggling a TCP/IP connection
between blocking and nonblocking mode. I wonder if someone can share
some insight...
Sender: blocking, periodically sends blocks of data to the TCP socket.
A block a data has 16 bytes of header followed by some amount of data as
indicated in the header.
msg header {
int msgtype
int length
int var1
int var2
}
Receiver: switches between non-blocking and blocking mode.
Repeat periodically (with delays between cycles)
{
Set socket to non-blocking;
Try to receive the block header, if header is
received successfully, then set the socket to
blocking mode and receive the entire message.
After the entire message has been received,
set the socket to non-blocking again for the next
message.
}
The mechanism above genrally works fine, but occasionally the first 8
bytes of a new block seem to be lost.
The fault (data loss?) only occurs when the server and and client are
run on separate machines. So TCP fragmentation, collision or retransmit
may have a role to play.
I have attached the testing code at the end of this email. It consists
of three files: server.c, client.c and McIohMsg.h.
My testing platform was between two Linux machines. So I will be
interested to know how the code runs on other platforms, eg between 2
Unix machines. But again, maybe there is a bug in my code.
Thank you for your help. Any comments are appreciated.
Cheers,
Paul
/*========================================================================*
* Program: Header files for client/server testing
* File: McIohMsg.h
* Author: Paul Chien
* Date: 1999-08-04
*========================================================================*/
#ifndef __MCIOHMSG_H__
#define __MCIOHMSG_H__
#define BACKLOG 5
#define MAXCLIENTS 10
#define MAXHOSTNAME 32
#define SERVER_PORT 16000
#define TCP_SNDBUF 16384 /* TCP send window size */
#define MSGLEN 16368 /* MAX Size in bytes of msg data */
#define MSGADD 16 /* 4 Longs see msgdata below */
#define BUFSIZE (512*1024) /* 512KB buffer */
typedef struct {
long msgtype; /* Type of message packet */
long len; /* Length of data portion */
long var1; /* Generic var */
long var2; /* Generic var */
} MSGDATA;
/*========================================================================*
* Message Types
*========================================================================*/
#define MSGTYPE_ONE 20 /* Test message type 1 */
#define MSGTYPE_TWO 21 /* Test message type 2 */
/*========================================================================*
* Macro DIVCEIL(x,y) : Divide and ceil the value.
* The normal divide (/) is divide and floor.
*========================================================================*/
#define DIVCEIL(x,y) (((x) - 1 + (y)) / (y))
#endif /* __MCIOHMSG_H__ */
/*========================================================================*
* Program: Server that accepts multiple concurrent connections
* File: server.c
* Author: Paul Chien
* Date: 1999-04-19
*========================================================================*/
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <fcntl.h>
#include <pwd.h>
#include "McIohMsg.h"
void serverWork (int sock, int id);
static int send_msg (int sock, int msgtype, char *data, int len);
/*========================================================================*
* Main
*========================================================================*/
int main (int argc, char *argv[])
{
int s, t; /* socket descriptors */
int i; /* general purpose integer */
int id; /* child process count */
struct sockaddr_in sa, isa; /* Internet socket address structure */
struct hostent *hp; /* result of hostname lookup */
char localhost[MAXHOSTNAME + 1];
printf ("Starting server\n");
/*
* Get host information
*/
gethostname (localhost, MAXHOSTNAME);
/*
* Get host information
*/
if ((hp = gethostbyname (localhost)) == NULL) {
fprintf (stderr, "%s: cannot get local host info?", localhost);
exit (1);
}
printf ("Host: %s : %s : port %d\n",
localhost,
inet_ntoa (*hp->h_addr),
SERVER_PORT);
/*
* Put socket number and address info into the socket structure
*/
sa.sin_port = htons (SERVER_PORT);
bcopy ((char *)hp->h_addr, (char *)&sa.sin_addr, hp->h_length);
sa.sin_family = hp->h_addrtype;
/*
* Allocate an open socket for incoming connections
*/
if ((s = socket (hp->h_addrtype, SOCK_STREAM, 0)) < 0) {
perror ("socket");
exit (1);
}
/*
* Bind the socket to the server port so we hear cincoming
connections
*/
if (bind (s, &sa, sizeof (sa)) < 0) {
perror ("bind");
exit (1);
}
/*
* Set maximum connections we will fall behind
*/
listen (s, BACKLOG);
/*
* Go into an infinite loop waiting for new connections
*/
id = 0;
while (1) {
i = sizeof (isa);
/*
* We hang in accept () while waiting for new connections
*/
if ((t = accept (s, &isa, &i)) < 0) {
perror ("accept");
exit (1);
}
/*
* Fork a child process to handle the new connection
*/
id++;
printf ("Try forking (id %d)\n", id);
if (fork () == 0) {
/* child process */
printf ("Start serverWork %d (fd %d)\n", id, t);
serverWork (t, id);
printf ("Close serverWork %d (fd %d)\n", id, t);
close (t);
exit (0);
}
}
close (s);
return 0;
}
/*============================================================================
* serverWork ()
*===========================================================================*/
void serverWork (int sock, int id)
{
char buf[512*1024];
for (;;)
{
/* Simulate a periodic load */
if (send_msg (sock, MSGTYPE_ONE, buf, 512*1024) < 0)
break;
usleep (1000000);
}
}
/*========================================================================*
* SEND_MSG -- Send a message to a socket
*========================================================================*/
static int send_msg (int sock, int msgtype, char *data, int len)
{
int slen, tlen;
int cnt_pkt, tot_pkt;
char msghead[MSGADD];
MSGDATA *pMsg = (MSGDATA *)msghead;
char shortbuf[1024];
if (sock <= 0)
return -1;
cnt_pkt = 0;
tot_pkt = DIVCEIL (len, (TCP_SNDBUF - MSGADD));
tlen = 0;
while (tlen < len)
{
slen = len - tlen;
cnt_pkt++;
if (slen > TCP_SNDBUF - MSGADD)
slen = TCP_SNDBUF - MSGADD;
pMsg->msgtype = htonl (msgtype);
pMsg->len = htonl (slen);
pMsg->var1 = htonl (tot_pkt);
pMsg->var2 = htonl (cnt_pkt);
/* Send message header */
if (send (sock, msghead, MSGADD, 0) < 0 )
{
printf ("ERR: statMsgSend\n");
return -1;
}
/* Send message data */
if (send (sock, &data[tlen], slen, 0) < 0)
{
printf ("ERR: statMsgSend\n");
return -1;
}
/* Each MSGTYPE_ONE may be subdivided into many smaller blocks
*/
/* Attach a MSGTYPE_TWO after each of these blocks */
if (msgtype == MSGTYPE_ONE)
if (send_msg (sock, MSGTYPE_TWO, shortbuf, 4) < 0)
return -1;
tlen += slen;
}
return 0;
}
/*========================================================================*
* Program: Client that attaches to a server
* File: client.c
* Author: Paul Chien
* Date: 1999-04-19
*========================================================================*/
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <errno.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <fcntl.h>
#include <pwd.h>
#include "McIohMsg.h"
static int McGetOnlineData (int sock);
static int recv_msghead (int sock, MSGDATA *msg);
static int set_nonblock_flag (int desc, int value);
/*========================================================================*
* Main
*========================================================================*/
int main (int argc, char *argv[])
{
int s; /* socket descriptors */
struct sockaddr_in sa; /* Internet socket address structure */
struct hostent *hp; /* result of hostname lookup */
int optval;
char localhost[MAXHOSTNAME + 1];
printf ("Starting client\n");
if (argc < 2)
{
fprintf (stderr, "Usage: %s <host>\n", argv[0]);
exit (1);
}
/*
* Get host information
*/
if (argc >= 2)
{
if ((hp = gethostbyname (argv[1])) == NULL) {
fprintf (stderr, "%s: cannot get local host info?\n",
argv[1]);
exit (1);
}
printf ("Host: %s\n", argv[1]);
}
else
{
gethostname (localhost, MAXHOSTNAME);
if ((hp = gethostbyname (localhost)) == NULL) {
fprintf (stderr, "%s: cannot get local host info?\n",
localhost);
exit (1);
}
printf ("Host: %s\n", localhost);
}
/*
* Assign socket number and the local host
* info into the socket structure
*/
sa.sin_port = htons (SERVER_PORT);
bcopy ((char *)hp->h_addr, (char *)&sa.sin_addr, hp->h_length);
sa.sin_family = hp->h_addrtype;
/*
* Allocate an open socket for incoming connections
*/
if ((s = socket (hp->h_addrtype, SOCK_STREAM, 0)) < 0) {
perror ("socket");
exit (1);
}
/*
* Connect the socket to the remote server
*/
if (connect (s, &sa, sizeof (sa)) < 0) {
perror ("connect");
exit (1);
}
optval = 16384;
if (setsockopt (s, SOL_SOCKET, SO_RCVBUF, &optval, sizeof (optval))
< 0)
{
perror ("setsockopt");
exit (1);
}
clientWork (s);
close (s);
}
/*============================================================================
* clientWork ()
*===========================================================================*/
int clientWork (int sock)
{
int i;
int rlen;
/*
* Go into an infinite loop and receive data from server
*/
i = 0;
for (;;)
{
i++;
if ((rlen = McGetOnlineData (sock)) < 0)
break;
if (rlen == 0)
usleep (5000);
else
printf ("McGetOnlineData %08d: %d bytes\n", i, rlen);
}
return 0;
}
/*========================================================================*
* Get a online data block
*========================================================================*/
static int McGetOnlineData (int sock)
{
static MSGDATA msg;
int len;
int blen;
int glen, rlen;
int tot_rlen;
static char buf[16384];
int error;
/* Set the TCP socket to be non-blocking while anticipating the
header */
set_nonblock_flag (sock, 1);
tot_rlen = 0;
len = 0;
/* recv_msghead() will return -1 if no message is waiting to be
delivered */
while ((error = recv_msghead (sock, &msg)) >= 0)
{
/* Set the TCP socket to be blocking while reading the message
data */
set_nonblock_flag (sock, 0);
printf ("MSGTYPE %ld ", msg.msgtype);
printf ("LEN = %6ld ", msg.len);
printf ("VAR1 = %2ld ", msg.var1);
printf ("VAR2 = %2ld ", msg.var2);
printf ("\n");
/* Now get the message data */
len = msg.len;
rlen = 0;
while (len != rlen)
{
if ((blen = len-rlen) > 16384)
blen = 16384;
if ((rlen % 16384) + blen > 16384)
blen = 16384 - (rlen % 16384);
glen = recv (sock, &buf[rlen % 16384], (blen) , 0);
if (glen <= 0)
{
printf ("Error receiving data from socket (%d)\n",
glen);
close (sock);
exit (1);
}
rlen += glen;
if (rlen >= len)
break;
}
tot_rlen += rlen;
/* The message is ready */
switch (msg.msgtype)
{
case MSGTYPE_ONE:
break;
case MSGTYPE_TWO:
break;
default:
return -1;
break;
}
/* Set the TCP socket to be non-blocking for the next message */
set_nonblock_flag (sock, 1);
}
return tot_rlen;
}
/*========================================================================*
* RECV_MSGHEAD -- Read a meesage header from a socket
* The message data is not yet read out.
*========================================================================*/
static int recv_msghead (int sock, MSGDATA *msg)
{
int glen, rlen;
int len;
char *rbuf;
rbuf = (char *)msg;
rlen = 0;
for (;;)
{
if ((glen = recv (sock, &rbuf[rlen], MSGADD-rlen, 0)) <= 0)
{
return -1;
}
rlen += glen;
if (rlen >= MSGADD)
break;
}
len = ntohl(msg->len) + MSGADD;
if (rlen > len)
printf ("********** RCV %d out of %d *********\n\07", rlen,
len);
msg->msgtype = ntohl (msg->msgtype);
msg->len = ntohl (msg->len);
msg->var1 = ntohl (msg->var1);
msg->var2 = ntohl (msg->var2);
return rlen;
}
/*========================================================================*
* Set the O_NONBLOCK flag of sock if value is nonzero,
* or clear the flag if value is 0.
* Return 0 on success, or -1 on error with errno set.
*========================================================================*/
static int set_nonblock_flag (int sock, int value)
{
#if WIN32
int on;
if (value != 0)
on = 1;
else
on = 0;
return ioctlsocket (sock, FIONBIO, &on);
#else
int oldflags = fcntl (sock, F_GETFL, 0);
/* If reading the flags failed, return error indication now. */
if (oldflags == -1)
return -1;
/* Set just the flag we want to set. */
if (value != 0)
oldflags |= O_NONBLOCK;
else
oldflags &= ~O_NONBLOCK;
/* Store modified flag word in the descriptor. */
return fcntl (sock, F_SETFL, oldflags);
#endif
}
------------------------------
From: "Zaphod Beeblebrox" <ps [EMAIL PROTECTED]>
Subject: Re: newbie dns and telnet
Date: Wed, 4 Aug 1999 05:51:04 -0700
Is the Linux box running named? If it is and it's not a name server, then
kill named and remove from the rc scripts.
Gert Jensen wrote in message <7o7m08$nfe$[EMAIL PROTECTED]>...
>Hello
>
>Hope you can help me with this one.
>
>I have a Win98 workstation which I use telnet to connect to my Linux box,
at
>first there was really long response time, then I put in the IP address of
>the workstation in /etc/hosts, then it worked as it should
>does anybody knows why???
>
>Why does a RH6.0 workstation need to know who is telnetting by name??
>
>I will put more computeres on this network, but I do not want to add
>all pc manually into the hosts file....
>
>If anybody have a clue I will be happy to read about it.
>
>Best regards
>Gert
>
>
>
>
------------------------------
Subject: Re: Dial-On Demand with RH 5.2?
From: [EMAIL PROTECTED] (Tom Poindexter)
Date: Wed, 04 Aug 1999 14:03:36 GMT
In article <37a7f016.40143822@localhost>,
Dan <[EMAIL PROTECTED]> wrote:
>My linux fw is working great, high speed, very reliable, and so far as
>I know secure. Problem is that I am having to manually connect to the
>internet, or have it setup to connect at startup. This is bad, as it
>ties up the facsimile line, meaning no faxes can be recieved, or sent
>for that matter.
>
>I have tried to use pppd, like in the man page, but it says 'dial on
>demand not available with v2.2.1 kernel driver' or something along
>those lines, indicating that I might need a newer kernel than my
>2.0.37...
Try installing a newer version of pppd. I installed pppd-2.3.7 on my
RH 5.2 firewall, which has built-in diald on demand. See the pppd man
page for which options to specify to turn on demand dialing.
--
Tom Poindexter
[EMAIL PROTECTED]
http://www.nyx.net/~tpoindex/
------------------------------
From: Florian Lorenzen <[EMAIL PROTECTED]>
Subject: Re: Can't telnet myself
Date: Wed, 04 Aug 1999 14:18:14 +0100
Hi,
I answer my own question, just in case somebody else has the same
problem.
As (nearly) always, the solution was absolutely trivial. I wanted to
start the in.telndetd-server with the inetd-super-server. All conf-files
(inetd.conf, hosts.allow and hosts.deny) were o. k., inetd and
in.telnetd were in usr/sbin wre they should be. But all this works of
course only, if the inetd-daemon is loaded. In my configuration there
was no symbolic link for /etc/rc.d/init.d/inetd in /etc/rc.d/rc3.d, so
inetd wasn't invoked in my default runlevel 3.
Pretty simple, hu?
Florian
Florian Lorenzen wrote:
>
> Hi,
> I tried had to telnet myself but the telnet client message is
> "connection refused". I've checked all entries in hosts.allow and
> hosts.deny, enabled the inetd-service for /usr/sbin/tcpd in.telnetd and
> couldn't find the problem. I've as well restarted the servers few times
> that changes could take effect.
> Does anyone know, which configuration-file might be the problem?
>
> Florian
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Zoomtown ADSL & linux
Date: Wed, 04 Aug 1999 13:17:29 GMT
There are two ways that I know of to get it to work right. one is to
request a static ip, this method is best if you plan on running any
servers such as email and web and what ever else. the second way is to
setup a dhcp client on your linux box and reprogram your adsl router so
that is acts as a DHCP server. This works but not the best for email
servers and such. or a third I just thought of now is to plug the
router into a 95 box and grab the IP that it is using. I believe that
the ADSL modem get a single dynamic IP when it is sent to you. And you
could use that IP on your linux box. one flaw with that is if your
router gets shut off or disconncted it gives up its current IP.
In article <[EMAIL PROTECTED]>,
"Weazer" <[EMAIL PROTECTED]> wrote:
> i have recently installed Redhat 6 Mandrake on my computer and trying
to get
> it to work with Zoomtown ADSL & Choice.net does anyone know how to
get this
> to work properly?
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Jose Santiago <[EMAIL PROTECTED]>
Subject: Re: D-Link DFE-530TX multiple cards
Date: Wed, 04 Aug 1999 08:35:23 -0500
R2VyaGFyZCBTY2h3YXJ6ZXIgd3JvdGU6DQoNCj4gSSBhbSB1c2luZyB0d28gb2YgdGhlc2Ug
Y2FyZHMuIE9uZSBjYXJkIGlzIHdvcmtpbmcgcHJvcGVybHkgd2l0aCB0aGUNCj4gdmlhLXJo
aW5lIGRyaXZlci4gSSBoYXZlIGZvdW5kIG5vIHdheSB0byBpbml0aWFsaXplIHRoZSBzZWNv
bmQgb25lLg0KPiAoaSBoYXZlIHRyaWVkIGFueXdheSBhcm91bmQpDQo+IChjYXJkcyBhcmUg
b2spDQo+IChhbGwgc2V0dGluZ3MgYXJlIGFzIHRoZXkgc2hvdWxkIGJlKQ0KDQpUaGUga2Vy
bmVsIGJ5IGRlZmF1bHQgb25seSBpbml0aWFsaXplcyBvbmUgbmV0d29yayBjYXJkLiBNb3Jl
IHByZWNpc2VseSwNCml0IHN0b3BzIGxvb2tpbmcgZm9yIG5ldHdvcmsgY2FyZHMgYWZ0ZXIg
aXQgZmluZHMgb25lLiBZb3Ugd2lsbCBwcm9iYWJseQ0KaGF2ZSB0byBjb25maWd1cmUgbGls
byB3aXRoIHNvbWUgYm9vdCBwYXJhbWV0ZXJzIGxpa2U6IGV0aGVyPWV0aDANCmV0aGVyPWV0
aDEgLg0KDQpSZWFkOiBodHRwOi8vbWV0YWxhYi51bmMuZWR1L0xEUC9IT1dUTy9FdGhlcm5l
dC1IT1dUTy0zLmh0bWwjc3MzLjINCg0KYW5kDQoNCmh0dHA6Ly9jZXNkaXMuZ3NmYy5uYXNh
Lmdvdi9saW51eC9taXNjL211bHRpY2FyZC5odG1sDQoNCi0tDQpKb3NlIFNhbnRpYWdvDQoN
ClNlbmlvciBTeXN0ZW1zIEFuYWx5c3QgLSBTY2llbnRpZmljIFN5c3RlbXMNCktvbWF0c3Ug
TWluaW5nIFN5c3RlbXMgLSBQZW9yaWEgT3BlcmF0aW9ucw0KMjMwMCBOLkUuIEFkYW1zIFN0
cmVldA0KUC5PLiBCb3ggMjQwDQpQZW9yaWEsIElMIDYxNjUwLTAyNDANCg0KVm9pY2U6MzA5
LTY3Mi03MzI1ICBGYXg6MzA5LTY3Mi03NzUzDQptYWlsdG86am9zZUBoYXVscGFrLmNvbQ0K
DQoNCg==
------------------------------
From: Marc <[EMAIL PROTECTED]>
Subject: Re: My server won't wake up!
Date: Wed, 04 Aug 1999 09:28:25 -0400
I'm having the exact same problem with my RH 6 Linux server connected through
an Efficient SpeedStream 5250 bridge to my ADSL ISP. I have all power saving
features in my BIOS turned off. sometimes I'm unable to ping (address or
domain name) and tracert can't find the machine either. Then it starts working
all of a sudden. This happens several times a day.
Basically the machine seems to e unreachable from the internet if there is no
outgoing traffic. My machine was just unreachable, so I had my wife connect
her laptop (on my home network which routes through the Linux box) and she was
able to get to the internet, and then I was able to get to the machine again.
Is this an ISP thing, an ADSL thing, or a Linux networking/IPChains thing?
Thanks,
Marc
Rudolf Potucek wrote:
> I would assume you NEVER want a server to go into idle mode nyhow ...
> that sort of defeats the whole point. So why don't you just change
> the BIOS settings to suppress the machine from ever going to sleep?
>
> Just my $.02,
>
> Rudolf
>
> Charlie ([EMAIL PROTECTED]) wrote:
> : Okay... my RH6 server runs fine if it's connected to remotely at least
> : once an hour or so, however if it becomes idle for more than an hour or
> : two it goes into this bizarre mode where it will not wake up when it is
> : asked for something (be it a ping, ftp, http, mail, or telnet.) It's not
> : just how long I am waiting... netscape will time out, so will ftp and
> : telnet, and if I try again it still won't respond.
>
> : If I wait long enough (like 4 hours) it will suddenly wake up and be
> : fine... another way I can wake it up is log onto the local terminal and
> : THEN use netscape, ftp, or telenet, and the server wakes up everyone can
> : connect and everything is spiffy-keen.
>
> : The server is using a fixed IP so it's not a DHCP problem as some peoble
> : have told me. This problem has been going on for quite a while now (like
> : 4 weeks) and has lasted through several fresh installs of RH6.
>
> : If anyone can give any insight into what might be the problem, PLEASE let
> : me know!
>
> : Thanks!
> : Charlie
>
> --
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Transparent Proxy
Date: Wed, 04 Aug 1999 13:27:02 GMT
Personaly my self I would setup IP Forwarding and not Transparet Proxy
with your setup. Both will accomplish the same goal but a lot easer to
do with IP Forwarding. For Example with IP Forwarding you can with IP
Chains set up up to denie everying but port 80, 25, 23 on both eth0 and
eth1. This will allow only packets from the web(port80) sendmail or
email(port 25) and telnet (port 23). But if you really want to just
block just setup IP Chains to block those to ports on eth1. since you
have everything else already setup.
Thats just my two cents
In article <[EMAIL PROTECTED]>,
"Kerry J. Cox" <[EMAIL PROTECTED]> wrote:
> Howdy,
> I have read through the Ipchains HowTo and the man pages, but have
> been unable to come up with examples that would assist me.
> I have set up a Linux firewall using ipchains 1.3.9 running RedHat
> Linux 6.0 with kernel 2.2.10. I have made sure that Transparent IP is
> enabled, etc. I have an old Western Digital NIC and a SMC Ultra both
of
> which work great. When I do an "ifconfig -a" I am able to see both
eth0
> and eth1. I can ping them and through them with no problem.
> What I want to do is set this box up between us and our DSL
customers
> so that ports 137 and 139 would be blocked. But I want the box itself
> to be invisible and have it simply block any packets from these ports
> from going through.
> Here's a schematic that I hope will help.
>
> .-------.
> | Router |
> '-------`
> |
> |
> .-------.
> | HUB |
> `-------'
> |
> | outer device # 206.71.77.72
> .-----------------------.
> | Firewall |
> | (Linuxbox) |
> `-----------------------'
> | inner device # 206.71.77.78
> |
> |
> .-------.
> | HUB |
> `-------'
> |
> |
> .--------. # 206.71.77.55
> | Winbox | # later I will replace this one
Winbox
> with the DSL customers through the main hub.
> `--------'
>
> The .55 Winbox needs to be able to surf and I should be able to ping
it
> from outside the firewall, but that's it.
> Any sugggestions for simply blocking packets from these ports and
> preventing us and them from seeing each other in the Network
> Neighborhood would be most appreciated. They still need to be able to
> surf the web and such, but they should not be able to see each other.
> Thanks.
> KJ
>
> --
> .-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-.
> | Kerry J. Cox Vyzynz International Inc. |
> | [EMAIL PROTECTED] Systems Administrator |
> | (801) 596-7795 http://www.vii.com |
> | ICQ# 37681165 http://quasi.vii.com/linux/ |
> `-------------------------------------------------------'
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Mark Hodges" <[EMAIL PROTECTED]>
Subject: Re: "illegal port command" error when ftping over a linux router
Date: 4 Aug 1999 14:00:54 GMT
The FTP port command tells the server to open a port on your machine to
send data to. e.g the result of an ls command or a get command.
Your machine is saying open port n on host a.b.c.d, but because the packets
are masqueraded the address in the port command is not the same as the
source address of the request. Most FTP servers will not allow this as it
is a security risk (as you could try and connect to any port on any machine
with the FTP server as the source)
You will need to either a) use a ftp proxy server or b) use FTP passive mode
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NFS Problem
Date: Wed, 04 Aug 1999 13:57:42 GMT
I don't think this problem is related either to the permission of the
exports file or the /etc/hosts.allow or /etc/hosts.deny files. To me, I
would check the permission on both /user directories and make sure they
have right permissions.
Hope this will help!
Alan Watt
In article <[EMAIL PROTECTED]>,
Peter Slade <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am running Red Hat Linux 6.0 and trying to share a directory on one
of
>
> our computers.
>
> In trying to set it up (I am attempting to provide access to all
> machines
> until I can get it working correctly and will then restrict it to
> certain hosts) I configured the exports file to look like:
>
> # Exports file
> /users (rw)
>
> I then ran exportfs.
>
> When I go onto another machine (log in as root) and type showmount -e
> <othermachine> I see the response
> Export list for 192.168.0.53:
> /users (everyone)
>
> I then attempt (on the same machine (as root))
> mount 192.168.0.53:/users /users
>
> which responds with:
> mount 192.168.0.53:/users failed, reason given by server: Permission
> denied.
>
> Has anyone come across this problem before? - I have read in various
> places
> that the permission denied problem is related to the exports file. But
I
>
> have tried many combinations of settings and would not expect to get
the
>
> response I am getting from showmount if there was a problem.
>
> Any help with this would be greatly appreciated.
>
> Pete.
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
