Linux-Networking Digest #118, Volume #12 Thu, 5 Aug 99 07:13:35 EDT
Contents:
Re: Looking for TCP port forwarder (Chris Severn)
Re: IPChains Help Needed (Monte Phillips)
Re: DNS Setup ("Hans A. Lang")
Intel PRO/100 + (Zhang Yong)
NE3200 Network card trouble (Bond Robbins)
Re: Callback and simple dial-in, PPPD options file? (Valentin Abramov)
Samba - Netbios aliases (Felix Radensky)
Re: Problems transfering large files (Artur Swietanowski)
Re: Modem hangup during PPP connect in RedHat 6.0 (W.G. Unruh)
userrights on a samba domainctrl ("Marcus J�ttner")
Re: PPP Server Problem - no "outside" IP access (W.G. Unruh)
Re: Modem hangup during PPP connect in RedHat 6.0 (W.G. Unruh)
Re: RH 6.0 and diald (Mike Jagdis)
----------------------------------------------------------------------------
From: Chris Severn <[EMAIL PROTECTED]>
Subject: Re: Looking for TCP port forwarder
Date: 5 Aug 1999 14:52:16 +0800
[EMAIL PROTECTED] (Nick Andrew) writes:
>I'm looking for a quick-n-dirty hack off the net to listen on port L on the
>local machine and whenever something connects to it, to open a connection
>to port P on some specified IP address, and then to forward the bytes which
>flow until the connection closes.
>nc (netcat) will do the local listening part, but its output is to stdout
>so it's not appropriate.
>tcpserver will listen and can execute nc to make the outbound connection.
>That should be able to do what I want. However, is there a single program
>out there with both part-functions combined?
rinetd will do exactly what you're after. It's easy to use.
Some bits from the man page follow:
RINETD(8) UNIX System Manager's Manual RINETD(8)
NAME
rinetd - internet ``redirection server''
SYNOPSIS
/usr/sbin/rinetd
VERSION
Version 0.61, 3/1/1999.
DESCRIPTION
rinetd redirects TCP connections from one IP address and port to another.
rinetd is a single-process server which handles any number of connections
to the address/port pairs specified in the file /etc/rinetd.conf. Since
rinetd runs as a single process using nonblocking I/O, it is able to
redirect a large number of connections without a severe impact on the ma-
chine. This makes it practical to run TCP services on machines inside an
IP masquerading firewall. rinetd does not redirect FTP, because FTP re-
quires more than one socket.
rinetd is typically launched at boot time, using the following syntax:
/usr/sbin/rinetd
The configuration file is found in the file /etc/rinetd.conf, unless an-
other file is specified using the -c command line option.
FORWARDING RULES
Most entries in the configuration file are forwarding rules. The format
of a forwarding rule is as follows:
bindaddress bindport connectaddress connectport
For example:
206.125.69.81 80 10.1.1.2 80
Would redirect all connections to port 80 of the "real" IP address
206.125.69.81, which could be a virtual interface, through rinetd to port
80 of the address 10.1.1.2, which would typically be a machine on the in-
side of a firewall which has no direct routing to the outside world.
Although responding on individual interfaces rather than on all inter-
faces is one of rinetd's primary features, sometimes it is preferable to
respond on all IP addresses that belong to the server. In this situa-
tion, the special IP address 0.0.0.0 can be used. For example:
0.0.0.0 23 10.1.1.2 23
Would redirect all connections to port 23, for all IP addresses assigned
to the server. This is the default behavior for most other programs.
Service names can be specified instead of port numbers. On most systems,
service names are defined in the file /etc/services.
Both IP addresses and hostnames are accepted for bindaddress and connec-
taddress.
CONTACT INFORMATION
See http://www.boutell.com/rinetd/ for the latest release. Thomas
Boutell can be reached by email: [EMAIL PROTECTED]
Chris Severn
--
Delete the 'x' to remove the spamblock.
Except spammers, for whom my email address is abuse@localhost
------------------------------
From: [EMAIL PROTECTED] (Monte Phillips)
Subject: Re: IPChains Help Needed
Date: Thu, 05 Aug 1999 09:04:18 GMT
Ahh, Ok I think that you need to look at ipmasqadm this comes
with RH6.0
It is the replacement for ipprtfw & ipautofw
example of usage might be
ipmasqadm portfw -A -t x.x.x.x/xx -R y.y.y.y/yy
or some such
g'luk
Greg <[EMAIL PROTECTED]> wrote:
>> "Greg" <[EMAIL PROTECTED]> wrote:
>> >I have RedHat 6.0 on which I have set up the ipforwarding / masqerading
>> >using
>> >ipchains. I have loaded the IRC module but I can not DCC anyone from my
>> >windows 95 box which is behind the firewall. I have enabled:
>> >
>> >/sbin/ipchains -F forward
>> >/sbin/ipchains -P forward DENY
>> >/sbin/ipchains -A forward -i eth0 -j MASQ
>> >echo 1 > /proc/sys/net/ipv4/ip_forward
>> >
>> >I have loaded the ip_masq_irc.o module.
>
>I think the problem lays more in the fact
>that DCC acknowlagement is directed on a
>different port than the ones that are being used as
>masquerading. This kind of connection is not really masq. It is a
>request from the remote machine to connect to me.
>It goes something like that:
>I send a request saing: Connect to me on
>123.123.123.123 ip and 2930 port
>(could be a range of ports) then the other
>machine is sending the actual
>request to my ip (linux box). The question is
>how do I get the request
>transfered to the windows box and how do I
>establish the connection.
------------------------------
From: "Hans A. Lang" <[EMAIL PROTECTED]>
Subject: Re: DNS Setup
Date: Thu, 05 Aug 1999 08:36:09 +0000
Reply-To: [EMAIL PROTECTED]
Choong Kar Fai wrote:
>
> Hi,
> I am facing a performance problem with my DNS. The DNS is used to
> service the clients on my LAN and whenever it requires to resolve names
> outside the network, forwarders will be used. The problem is that when
> I am not connected to the Internet, a telnet from a client to the Server
> is very slow. But once the connection is up, a telnet will be very
> fast. I figure that it is due to the DNS name lookup for the
> forwarders. If the network is not up, the server will take a longer
> time to timeout.
>
> What can I do to resolve this problem?
>
> Kar Fai Choong
> [EMAIL PROTECTED]
The Server tries to resolve the IP-Adress of the telnet - client to a
name.
When youre not on the internet the server tries until timeout.
you may solve this problem by using /etc/hosts on the server for your
local clients.
Dont forget to set "order hosts, bind" in the /etc/resolve.conf of your
server.
Hans
------------------------------
From: [EMAIL PROTECTED] (Zhang Yong)
Subject: Intel PRO/100 +
Date: 5 Aug 1999 08:31:42 GMT
Dear Guru,
I am trying to Install RedHat5.2 to a new PC, with the network card
Intel (R) PRO/100+ Management Adapter with Alert On LAN*
When I am trying to boot the system with Linux kernal (in floppy disk),
the system hangs with the following message:
ide0 at 0x1f0-0x1f7, 0x3f6 on irq 14
and I cannot even proceed to the installation menu.
Any suggestion is highly appreciated.
If possible, please also send a copy to me at:
[EMAIL PROTECTED]
With a bunch of thanks,
Daniel
--
------------------------------
From: Bond Robbins <[EMAIL PROTECTED]>
Subject: NE3200 Network card trouble
Date: Thu, 05 Aug 1999 19:44:37 +1000
I have been having trouble installing a NE 3200 PCI network card.
What happened:
1. I installed Linux and skipped network setup.
2. I put the card in and went into "linuxconf" and set it up and it
worked fine.
I was able to ping other machines and able to telnet into it fine.
3. I then loged and went to a NT workstation and tryed to telnet back in
again
and I was unable to ping the linux machine.
4. So I logged back into the linux box and checked the settings
everthing thing was
still the same.
5. The only thing I have nothiced is that when I reboot the machine that
the "delaying eth0 initilization" is failing.
------------------------------
Crossposted-To: comp.protocols.ppp,comp.as.linux.setup
Subject: Re: Callback and simple dial-in, PPPD options file?
From: [EMAIL PROTECTED] (Valentin Abramov)
Date: 05 Aug 1999 10:02:07 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
> Hello,
>
>I use callback from icce on linux, and I want that it is possible to
>connect
>from win95 with callback (with DUN) or with simple dial-in, but the
>problem
>is the options file for PPPD which is common to the two connecting ways
>so
>some options like "auth login -chap +pap" go right for the dial-in mode
>but
>go wrong with the callback mode.
>
>Have you got an idea?
>
>Thank you
>
>Anthony Neveu -- Sopra France
>[EMAIL PROTECTED]
Hi!
Take a look to http://www.tartu.customs.ee/index.shtml
There is page about callback, hope it helps.
Regards,
Valentin
------------------------------
From: Felix Radensky <[EMAIL PROTECTED]>
Subject: Samba - Netbios aliases
Date: Thu, 05 Aug 1999 12:48:23 +0300
Hi
I'm using netbios aliases in my smb.conf to provide
two virtual servers, one with user level access and
another with share level. My /etc/smb.conf looks
as follows:
[global]
netbios name = FELIX
netbios aliases = LABPRINT
workgroup = ALLOT
include = /etc/smb.conf.%L
I've got both /etc/smb.conf.felix and /etc/smb.conf.labprint.
But... My Win95/NT clients can see only FELIX in Network
Neigbourhood. I can locate LABPRINT by addinng an appropriate
entry into C:\Windows\lmhosts and running "Find Computer".
How can I make samba advertise both netbios name and netbios
alias for browsing.
Thanks.
Felix.
------------------------------
From: Artur Swietanowski <[EMAIL PROTECTED]>
Subject: Re: Problems transfering large files
Date: Thu, 05 Aug 1999 10:55:10 +0200
Marc Marais wrote:
> I have a Linux and Win98 box on a LAN. (...) I'm
> having problems transfering large files across the network (~500MB)
> using Samba and FTP. The transfer seems to stall (no data is
> transfered) and then the connection is dropped. Its impossible for
> me to transfer any large files this way - it always fails! Smaller
> files work 100%.
I use Samba to burn CD's over the net. I put an ISO image on the
Linux box and direct a Windows burning software to use this image
from an SMB mount. Effectively it's almost like a 600-700 MB file
transfer.
The same problem when I just tried to copy the image file over SMB.
When I did it on an IDE disk, the Linux box (P120) was indicating
very high processor usage and the Windows (NT) usually dropped
connection somwhere during the transfer. When I switched to a SCSI
disk (LVD), the processor usage in unnoticable and the disks are
burned just fine.
My conjecture:
1. Windows drops a connection because of one of the following:
-- it's slow and a timeout occurs, or
-- it's slow and a Windows bug manifests itself.
2. Alternatively, Samba doesn't manage and drops connection. This
could only be a bug.
3. Linux kernel is not implicated in either case.
Anyone cares to comment?
Regards,
=====================================================================
Artur Swietanowski mailto:[EMAIL PROTECTED]
Institut f�r Statistik, Operations Research und Computerverfahren,
Universit�t Wien, Universit�tsstr. 5, A-1010 Wien, Austria
tel. +43 (1) 427 738 620 fax +43 (1) 427 738 629
=====================================================================
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: Modem hangup during PPP connect in RedHat 6.0
Date: 5 Aug 99 09:31:16 GMT
Kelly A Sigmon <[EMAIL PROTECTED]> writes:
>Thanks for trying to help.
>"W.G. Unruh" wrote:
>>
>> Try axion.physics.ubc.ca/ppp-linux.html
>Didn't help.
Did you actually try it. In particular, did you try the first step, which was to set
up syslog.conf with the
daemon.* /var/log/messages
or daemon.* /var/log/ppp
(whichever you want) and then do
killall -1 syslogd.
This must be done to allow pppd to log its debugging messages.
Then did you try just sending
/usr/sbin/pppd /dev/ttyS1 57600 connect "/usr/sbin/chat -v '' ATDT7654321 CONNECT
'\d\c'"
? and looking at teh debug output to see if any negotiation is started and
if lines containing <auth pap> or <auth chap 05> occured?
If youdid it would have been useful to people helping you to say so. If you did not,
why not?
>> The connection is never actually established. I think that you might have been led
>> up the garden path by the login. It may be that ATT uses CHAP and does not
>> want you to log in ( and when you do leaves you in limbo)
>> Anyway that document will show you how to figure out what they want, and how
>> to debug your connection.
>Possible. I've read some other posts from people using AT&T and tried
>their method.
>> You do not show us your chat file so we do not know how it corresponds to what
>> is actually sent.
>> You also do not seem to have the debug option for pppd set (or you have not setup
>> syslog.conf )
>I've specified the -d as a PPP option (I'm using netcfg) as well as
>placed "debug" in the /etc/ppp/options file. Is there anything else I
>need to do?
Yes. You need to switch it on in /etc/syslog.conf as above. I do not know netcfg
nor do I trust any of those scripts. Almost all make assumptions which are
often wrong, and when they are wrong, they leave you with no way of figuring out
why or how to fix them.
>Here's a better /var/log/messages listing with the timing info. I do see
>some delay when the modem dials. Is this typical?
Yes, that is typical. The key is the delay (none in your case ) between the intitial
AT and the receipt of the OK.
>Aug 4 04:57:40 localhost pppd[744]: pppd 2.3.7 started by root, uid 0
>Aug 4 04:57:40 localhost ifup-ppp: pppd started for ppp0 on /dev/modem
>at 115200
>Aug 4 04:57:41 localhost chat[746]: abort on (BUSY)
>Aug 4 04:57:41 localhost chat[746]: abort on (ERROR)
>Aug 4 04:57:41 localhost chat[746]: abort on (NO CARRIER)
>Aug 4 04:57:41 localhost chat[746]: abort on (NO DIALTONE)
>Aug 4 04:57:41 localhost chat[746]: abort on (Invalid Login)
>Aug 4 04:57:41 localhost chat[746]: abort on (Login incorrect)
>Aug 4 04:57:41 localhost chat[746]: send (ATZ^M)
>Aug 4 04:57:41 localhost chat[746]: expect (OK)
>Aug 4 04:57:41 localhost chat[746]: ATZ^M^M
I would rather use AT&F (or sometimes &F0 or &F1 depending on your modem)
as ATZ can be pretty random in what actually got stored in the modem by
someone soring their weird init script at some time.
But I do not think this is the problem.
>Aug 4 04:57:41 localhost chat[746]: OK
>Aug 4 04:57:41 localhost chat[746]: -- got it
>Aug 4 04:57:41 localhost chat[746]: send (ATDT###-####^M)
>Aug 4 04:57:41 localhost chat[746]: expect (CONNECT)
>Aug 4 04:57:41 localhost chat[746]: ^M
>Aug 4 04:57:55 localhost chat[746]: ATDT###-####^M^M
>Aug 4 04:57:55 localhost chat[746]: CONNECT
>Aug 4 04:57:55 localhost chat[746]: -- got it
>Aug 4 04:57:55 localhost chat[746]: send (^M)
>Aug 4 04:57:55 localhost chat[746]: expect (on:)
>Aug 4 04:57:55 localhost chat[746]: 28800/ARQ/V34/LAPM/V42BIS^M
>Aug 4 04:57:56 localhost chat[746]: ^H^M^M
>Aug 4 04:57:56 localhost chat[746]: STATION ID - <station id>^M^M
>Aug 4 04:57:56 localhost chat[746]: ^M^M
>Aug 4 04:57:56 localhost chat[746]: Welcome ^M^M
>Aug 4 04:57:56 localhost chat[746]: Please Sign-on:
>Aug 4 04:57:56 localhost chat[746]: -- got it
>Aug 4 04:57:56 localhost chat[746]: send (<my login id>^M)
>Aug 4 04:57:56 localhost chat[746]: timeout set to 5 seconds
>Aug 4 04:57:56 localhost chat[746]: expect (~)
>Aug 4 04:57:57 localhost chat[746]: <my login id>^M
>Aug 4 04:57:57 localhost chat[746]: ~
This whole section confuses me. What happened to the password, or does their
system not use a password on intial login. Qhat is the ~ you are expecting here?
>Aug 4 04:57:57 localhost chat[746]: -- got it
>Aug 4 04:57:57 localhost chat[746]: send (^M)
Now you send a carriage return. Are you sure that this is what you are supposed
to do?
>Aug 4 04:57:57 localhost pppd[744]: Serial connection established.
>Aug 4 04:57:57 localhost pppd[744]: Using interface ppp0
>Aug 4 04:57:57 localhost pppd[744]: Connect: ppp0 <--> /dev/modem
>Aug 4 04:58:01 localhost pppd[744]: Modem hangup
This I must admit is weird. In just 3 seconds the modem hangs up. It looks to
me like either your modem has prblems, or the far end has problems and does
not like your logon and hangs up on you. Are you sure that you have your modem
inialised properly? Are you sure you are using crtscts and not xonxoff flow
control?
Are you sure that your logon process is the right one?
>Aug 4 04:58:01 localhost pppd[744]: Connection terminated.
>Aug 4 04:58:01 localhost pppd[744]: Connect time 0.1 minutes.
>Aug 4 04:58:02 localhost pppd[744]: Exit.
------------------------------
From: "Marcus J�ttner" <[EMAIL PROTECTED]>
Subject: userrights on a samba domainctrl
Date: Thu, 5 Aug 1999 12:44:53 +0200
Hi
I am testing here the domaincontroler function of samba. I am able to
connect my NT-WS to the domain and i can log in with my name and PW. I get
connectet with my home dir as h: and the profile dir is there.
All woks great.
But how can i now change the rights of a domain-user. For example that the
user is allowed to change the time or is able to use systembackup and so on.
And how is it possible to transfer a local user to a domain-user. I think it
is not enough to copy its profile dir to the server.
Many question i know ... i think i have to by a book of NT admin :-)
thanx
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: PPP Server Problem - no "outside" IP access
Date: 5 Aug 99 09:49:06 GMT
kite@NoSpam.%�inetport.com (Clifford Kite) writes:
>You need to turn on proxy arp in teh 2.2.x kernel series with
> echo -n 1 > /proc/sys/net/ipv4/conf/ppp0/proxy_arp
Who in the world thought of this totally obscure path for setting up proxy arp?
It is totally stupid to bury something like this 6 subdirectories down.
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: Modem hangup during PPP connect in RedHat 6.0
Date: 5 Aug 99 09:46:15 GMT
Kelly A Sigmon <[EMAIL PROTECTED]> writes:
>I found the problem. Turns out there was an extra option in the
>/etc/ppp/options file that needed setting for CHAP to work correctly. I
>just knew it was an authentication problem. Big sigh of relief.
>Thanks for your help!
>Kelly
???? No, it was not an authentication problem. And there is no option that I
could imagine in /etc/ppp/options that would alter your logon problems.
Just what option was it you set?
------------------------------
From: [EMAIL PROTECTED] (Mike Jagdis)
Subject: Re: RH 6.0 and diald
Date: 5 Aug 1999 10:52:05 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Tim Underwood wrote:
>How do I know what "Rule 32" is?
It's the 32nd rule in the list of filters you using (probably from
diald.conf or standard.filter).
>I know proto 1 is the protocol defined in
>/etc/protocols. Where are some good help docs in debugging the link, and
>determining what is keeping the link up?
Usually it's easiest to just run dctrl and look at the connection
queue :-).
Mike
--
A train stops at a train station, a bus stops at a bus station.
On my desk I have a work station...
.----------------------------------------------------------------------.
| Mike Jagdis | Internet: mailto:[EMAIL PROTECTED] |
| Roan Technology Ltd. | |
| 2 Markham Mews, Broad Street | Telephone: +44 118 989 0403 |
| Wokingham ENGLAND | Fax: +44 118 989 1195 |
`----------------------------------------------------------------------'
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
