Linux-Networking Digest #123, Volume #12 Thu, 5 Aug 99 19:13:59 EDT
Contents:
ISDN success? ("Aaron Dershem")
Firewall settings for Quicktime ("Greg Truax")
ifdown unable to disconnect (Emmanuel Regnard)
Re: black addresses ("Shane Chrisp")
Re: Linux DNS ("Shane Chrisp")
Re: Syn_cookies.... (PoD)
sendmail tellme: we do not relay (Hector Gutierrez)
Re: Ping ([EMAIL PROTECTED])
Seeking Linux UDP broadcast forwarding solution (epadin)
Re: Java ICQ (David Goncalves)
Re: Activateing and deactivateing interfaces (Va Thao)
Re: How do you turn off packet logging? (Wolfgang Rufeger)
How do you turn off packet logging? (Ryan)
Re: cable modem + linux, Boston, MA (Alex Luchkovsky)
problem loading netscape 4.51 (Jim Bisnett)
Re: dhcpcd, RH/Mandrake 6.0, and @home (a cleaner way.) (Bob Tennent)
Re: cable modem + linux, Boston, MA (Nicholas Strugnell)
dip & use of securid / securidf ("Martin Kent")
multiple ppp links to isp (Gary Keith)
Re: Linux Printing to a Remote Printer (Matthias Braun)
Re: Too many collisions? ("Brandon W. Beasley")
Sendmail: relaying denied ("Marvin (Georg Ortmanns)")
Re: netscape java redhat 6 (David Pollack)
Kill -9 won't kill a process (Sung Kim)
Re: firewall with multiple public addresses??? ([EMAIL PROTECTED])
Re: Compaq NetFlex 3 on HP NetServer ("Lee Sharp")
Re: Port Scan Problem (Chris Rankin)
Re: PPTP won't authenticate through ipmasq ("John Hardin")
Re: ftpd problems? ("Eric Rector")
Re: How to reach my Server from the Internet? (Alex Yung)
Re: Switch to ProFTPD, root dirs? (billp)
----------------------------------------------------------------------------
From: "Aaron Dershem" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux,comp.os.linux.misc
Subject: ISDN success?
Date: Thu, 5 Aug 1999 13:04:07 -0500
I'm looking into ISDN at home. I can't get xDSL or cable modem, so it looks
like this is the only high-speed option for me. What kinds of experiences
has anyone had? Also, if you can recommend any hardware that is compatible
with SouthWestern Bell (my local baby-bell), that'd be even better.
I'll be connecting it (I hope) to my Red Hat 5.2 box running the 2.2.6
kernel. This is so I can use ipchains to masquerade a Mac and a Win98
computer.
Thanks for any help on the road to fast surfing!
------------------------------
From: "Greg Truax" <[EMAIL PROTECTED]>
Subject: Firewall settings for Quicktime
Date: Wed, 04 Aug 1999 18:21:06 GMT
I use IP masquerading, and I have not been able to use Apple's Quicktime
showcase. I am wondering if anybody has successfully opened up port 554 for
RTSP/TCP data and ports 6970 through 6999 for RTP/UDP data (The settings
recommended by Apple) using ipchains?
Greg Truax
[EMAIL PROTECTED]
------------------------------
From: Emmanuel Regnard <[EMAIL PROTECTED]>
Subject: ifdown unable to disconnect
Date: Thu, 05 Aug 1999 20:40:11 +0200
When I use "ifdown ppp0" (RH6.0) to disconnect nothing happens and I
must kill pppd to disconnect.
Any ideas ?
Thanks
Emmanuel.
------------------------------
From: "Shane Chrisp" <[EMAIL PROTECTED]>
Subject: Re: black addresses
Date: Fri, 6 Aug 1999 02:37:17 +0800
You may even setup some form of port forwarding using something like ipfwadm
or ipchains this will allow you to redirect a particular port from the real
address of the pc connected to the net to an internal pc.
Shane Chrisp
[EMAIL PROTECTED]
Markus <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello!
> Does anybody know if it is possible to connect to a computer on a
> network where all the computers have "black" addresses (they are not
> valid on the real net). All the computers on our network use the
> gateways ip address, hence maybe 50 computers share an ip address out to
> the net, but inside the network all computers have different adresses.
> But if I have a computer outsied our network, how can I get into a
> specific computer inside the network? For example to ftp from outside
> the network into a compter in the network.
>
> Cheers,
> Markus
------------------------------
From: "Shane Chrisp" <[EMAIL PROTECTED]>
Subject: Re: Linux DNS
Date: Fri, 6 Aug 1999 02:22:12 +0800
If you type hostname at the prompt do you get a fqdn?
If this is only returning your domainname or only your host then you have
found your problem.
This may not be the case for you as you havnt said if you are running a
caching only server or a authorative nameserver. email me your conf files if
you like and i will check them for you if you have no joy.
Shane Chrisp
[EMAIL PROTECTED]
Gerhard <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I have configured both named.boot
> my reverse lookup file and my lookup file correctly.
> I have changed my resolv.conf file but everytime I do a nslookup I get
> the response of Can't find server name for addres 127.0.0.1: Server
> failed.
> I do not get errors when I start named and nothing in my logfiles
> I get Name Server Restarted when I do a Named.restart
> Is there something I missed?
>
------------------------------
Date: Fri, 06 Aug 1999 04:05:05 +0930
From: PoD <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.admin
Subject: Re: Syn_cookies....
Colin Wong wrote:
>
> Hello,
>
> Is anyone out there running a 2.0.x kernel? (preferrably 2.0.34
> Slackware release)
>
> If so, can you tell me how to use syn_cookies? I already recompiled the
> kernel with syn_cookies support, but it doesn't show up in
> /proc/sys/net/ipv4
>
> Anyone know why?
> Colin
This is from the config help file(2.2.5):
If you say Y here, note that SYN cookies aren't enabled by default;
you can enable them by saying Y to "/proc filesystem support" and
"Sysctl support" below and executing the command
echo 1 >/proc/sys/net/ipv4/tcp_syncookies
at boot time after the proc filesystem has been
mounted.
Cheers, PoD
------------------------------
From: Hector Gutierrez <[EMAIL PROTECTED]>
Subject: sendmail tellme: we do not relay
Date: Thu, 05 Aug 1999 15:47:40 -0400
Hi,
I have just upgraded to RedHat 6.0 in a linux box we use as mail
server, but now when I try to send a mail with eudora or netscape or
whatever mail client from a Windows machine I get the error message "we
do not relay". Who can I configure sendmail to solve this problem. I
have been looking arround /etc/mail and editing the files ip_allow,
relay_allow but this hasn't worked till now.
Any help would be apreciate
Please answered by mail.
Thanks in advance
Hector
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Ping
Date: Thu, 05 Aug 1999 19:07:30 GMT
In article <7oc6b8$bce$[EMAIL PROTECTED]>,
"Charles Stack" <[EMAIL PROTECTED]> wrote:
> The routing table will determine which interface to use. So, if
you have
> eth0 and eth1 both on network w.x.y.z, and eth0 is your
default interface,
> no matter what you do, the ping will go out eth0.
>
> As for the -i option....I don't think it works (or I never could get
it to
> work).
>
> cjs
Thanks for the reply...
See, the problem is that the interfaces that I setup come up and
down very rapidly...so I can't keep changing my routing
tables :)
It's all in that -I option...Ronny: -I ppp0 or -I eth0 does not
work. It needs something else. I just don't know what.
Sherif :)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: epadin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.setup
Subject: Seeking Linux UDP broadcast forwarding solution
Date: Thu, 05 Aug 1999 19:47:51 GMT
My organization is using Linux-based router/firewalls. We have an
application that we wish to firewall but it uses UPD broadcasts. Right
now, we have it segregated by a Cisco router but we would like route
through a Linux box. The server sends out a directed UDP broadcast
destined to specific networks like 192.168.15.255, 192.168.16.255, etc.
The Cisco router has a 'udp forward' command whereby you specify the
UDP port and it will forward all UDP broadcast traffic seen on the
port. I am seeking a program that will emulate this Cisco feature on a
Linux machine. My company is willing to pay for a programmer to develop
this program if it is not already part of the already available
programs out there.
If anyone can help me with this I will greatly appreciate it.
Thank you.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: David Goncalves <[EMAIL PROTECTED]>
Subject: Re: Java ICQ
Date: Thu, 05 Aug 1999 20:18:57 +0100
root wrote:
> I am trying to install Java ICQ but JDK is required in order to install
> it. What I need to know is how to install JKD 1.1.7.
Well it's quit easy, in Linux it resumed to unpacking the 12M zip file
and setting JDK_HOME variable to point to the jdk home directory and
CLASSPATH variable to the java class directory (or to the classes.zip
file if you decide not to unzip it).
Most first time errors will compiling java programs are related to
CLASSPATH not assigned with all the directories needed to compile. The
javac option -classpath is very useful to assign the needed directories
at the command line.
Good luck
David Gon�alves
<[EMAIL PROTECTED]> - <ICQ #23217307>
"Life is too short for all the things we need to do..."
------------------------------
From: Va Thao <[EMAIL PROTECTED]>
Subject: Re: Activateing and deactivateing interfaces
Date: Thu, 05 Aug 1999 14:39:10 -0500
Reply-To: [EMAIL PROTECTED]
Alexander Atkin wrote:
>
> Huh????
> I would have thought the same command you use when on the machine locally,
> ppp-go / ppp-off.
> Of course these might not work unless you are logged in as root (usually
> disabled for Telnet) but there are ways to change permissions to get this
> to work as any user. No idea how secure it is if you do though but I dont
> see the problem with someone telnetting into your server from the internet
> and doing a ppp-off. Would be rather dumb and the chances of them getting
> in is unlikely anyway.
>
> Alex.
>
> Bill Steiner wrote:
>
> > Hello!
> >
> > I was wondering if there was a command I could use to activate and
> > deactivate my ppp0 interface. My RH 6.0 Linux internet/file server is
> > in a different room than from where I work. I was wondering if there
> > was a command I could use in a telnet session that would activate and
> > deactivate the ppp0 interface.
> >
> > Please help me out if you know of such a command! Thanks!
Bill,
If you are connected via ethernet or serial cable you can do the
following: telnet to your box and su to root, then start ifup ppp0 /
ifdown ppp0 or whatever your command is to bring up your modem.
Va Thao
Systems Administrator
PC Professionals, Inc.
------------------------------
Date: Thu, 05 Aug 1999 21:21:10 +0200
From: Wolfgang Rufeger <[EMAIL PROTECTED]>
Subject: Re: How do you turn off packet logging?
Ryan wrote:
> I have a box with the 4.0 Slackware distribution (2.2.6
> kernel) set up as a "dial on demand" Internet gateway. I am
> using diald and ipfwadm (I guess I should be using ipchains
> nowadays).
>
> Anyway, it is working great but the kernel is flooding me
> with logging info. Every single packet that goes it gets
> logged to /var/log/messages.
Have a look at /etc/syslog.conf for more information ...
-- Wolfgang Rufeger ----- o o ----- [EMAIL PROTECTED] --
--- Tokajerweg 25 -------- O --------- http://home.pages.de/~wolf/ ----
===== 89075 Ulm =======================================================
====================== PGP: http://home.pages.de/~wolf/pgp.html =======
------------------------------
From: Ryan <[EMAIL PROTECTED]>
Subject: How do you turn off packet logging?
Date: Thu, 05 Aug 1999 11:06:11 -0800
Hello gurus,
I have a box with the 4.0 Slackware distribution (2.2.6
kernel) set up as a "dial on demand" Internet gateway. I am
using diald and ipfwadm (I guess I should be using ipchains
nowadays).
Anyway, it is working great but the kernel is flooding me
with logging info. Every single packet that goes it gets
logged to /var/log/messages. I can see how that would be
helpful debugging info but I don't need it to do that
anymore and would like to turn it off. How do you turn it
off?
I have scoured the newsgroups and searched through the
HOWTOs until my head hurts. I normally don't bother people
unless I just can't figure it out myself; but I am stuck.
Thanks in advance,
Ryan
[EMAIL PROTECTED]
(Remove _X_)
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Alex Luchkovsky <[EMAIL PROTECTED]>
Subject: Re: cable modem + linux, Boston, MA
Date: Thu, 05 Aug 1999 15:16:21 -0400
[[ This message was both posted and mailed: see
the "To," "Cc," and "Newsgroups" headers for details. ]]
In article <[EMAIL PROTECTED]>,
Nicholas Strugnell <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Does anyone know of any cable modem ISPs in Boston, MA that are
> linux-friendly? For that matter, does anyone know the names of the cable
> companies in Boston - I don't know anyone with cable and have had trouble
> finding out. I tried RCN who are linux-friendly but they don't run to my
> area (Fenway/St. Mary's for those who are local).
>
> Cheers,
> Nick
>
> Dept. of Geography | Phone (Office): +1 (617) 353-8031
> Boston University | Phone (Home): +1 (617) 247-6292
> 675 Commonwealth Avenue | Fax: +1 (617) 353-8399
> Boston, MA 02215-1401, USA | WWW: http://crsa.bu.edu/~nstrug/
That's a tough area to get a cable modem in, the only two companies
that have it in and around Boston are RCN and Media One.
------------------------------
From: Jim Bisnett <[EMAIL PROTECTED]>
Subject: problem loading netscape 4.51
Date: Thu, 05 Aug 1999 15:50:36 -0400
I have netscape communicator 4.08 running under redhat 5.2. I
downloaded 4.51 from redhat, but when I try to load the common section I
get an error saying that I
need
LibNoVersion.so.1
for it to load. I can't seem to find what this means. Can anyone help
me. I can't find a RPM that remotely resembles this. I even downloaded
the new libc under 6.0, with no change in error.
Jim Bisnett
------------------------------
From: [EMAIL PROTECTED] (Bob Tennent)
Crossposted-To: comp.os.linux.redhat,alt.os.linux.mandrake
Subject: Re: dhcpcd, RH/Mandrake 6.0, and @home (a cleaner way.)
Date: 5 Aug 1999 19:49:41 GMT
Reply-To: rdt(a)cs.queensu.ca
On Thu, 05 Aug 1999 17:29:01 GMT, d3v wrote:
>first get dhcpcd version 1.3 or > then in /etc/sysconfig/network-scripts/
>edit
>the ifup script to use dhcpcd (just replace pump and arguments with
>/sbin/dhcpcd -h "your host name" -c
>/etc/sysconfig/netword-scripts/ifdhcpc-done $DEVICE
>that's all there is to it.
>
pump-0.7.0 will take a -h hostname option as well; get it from
ftp://ftp.redhat.com/rawhide/
Bob T.
------------------------------
From: Nicholas Strugnell <[EMAIL PROTECTED]>
Subject: Re: cable modem + linux, Boston, MA
Date: Thu, 5 Aug 1999 16:31:40 -0400
Reply-To: [EMAIL PROTECTED]
On Thu, 5 Aug 1999, Alex Luchkovsky wrote:
>
> That's a tough area to get a cable modem in, the only two companies
> that have it in and around Boston are RCN and Media One.
>
I called RCN and they said they didn't serve my house and had no plans to,
even if I wanted them to. Media One don't operate in Boston (they're in
Cambridge). I found out that the monopoly cable company in Boston is
called Cablevision. I called their local office and talked to three
people, none of whom had every heard of cable modems and didn't know what
I was talking about, the f*cking muppets.
I checked on the web and found that they only provide the service on Long
Island of all places. So it seems that if you live in Boston, supposedly
the hi-tech centre of the east coast, you can't get a fast internet
connections. Great :-(
Nick
Dept. of Geography | Phone (Office): +1 (617) 353-8031
Boston University | Phone (Home): +1 (617) 247-6292
675 Commonwealth Avenue | Fax: +1 (617) 353-8399
Boston, MA 02215-1401, USA | WWW: http://crsa.bu.edu/~nstrug/
------------------------------
From: "Martin Kent" <[EMAIL PROTECTED]>
Subject: dip & use of securid / securidf
Date: Thu, 5 Aug 1999 20:47:22 +0100
The man page for dip gives details of two commands:
securid
securidf
for use with ACE SecurID cards, however trying to use these in any script or
interactively running dip -t the command is unknown, listing known commands
with help doesn't show it either. So, is the man page incorrect or is there
something else I'm missing?
This was on two systems, one running Redhat 5.2, the other Redhat 6.0
I've tried using several of the RMPs from the repositorys running from
3.3.7.o-8 to 3.3.7.o-15 with the same results.
Any clues on how to use these commands or what version of dip is required?
Thanks
------------------------------
From: Gary Keith <[EMAIL PROTECTED]>
Subject: multiple ppp links to isp
Date: Thu, 5 Aug 1999 16:07:55 -0400
I thought I saw at one time a way to set up multiple ppp links to more
than one isp at the same time and set up routing to balance the load
between the two. Unfortunately I didn't save the url and now I am unable
to find it again. Any help would be appreciated.
Gary
[EMAIL PROTECTED]
------------------------------
From: Matthias Braun <[EMAIL PROTECTED]>
Subject: Re: Linux Printing to a Remote Printer
Date: Thu, 05 Aug 1999 23:05:44 +0200
Try as root:
# chmod 0662 /dev/lp* and there will be light.
Matthias
------------------------------
From: "Brandon W. Beasley" <[EMAIL PROTECTED]>
Subject: Re: Too many collisions?
Date: Thu, 05 Aug 1999 16:26:46 -0500
Okay. Here are the numbers: It's eth1 that I'm looking at. Thanks in advance.
***********************************************************
eth0 Link encap:Ethernet HWaddr 00:40:95:00:D8:6B
inet addr:x.x.x.x Bcast:x.x.x.x Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1250395 errors:0 dropped:0 overruns:0 frame:0
TX packets:1311071 errors:0 dropped:0 overruns:0 carrier:0
collisions:113 txqueuelen:100
Interrupt:11 Base address:0xe800
eth1 Link encap:Ethernet HWaddr 00:C0:F0:2B:7E:E9
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
IPX/Ethernet 802.3 addr:00000002:00C0F02B7EE9
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:279826881 errors:0 dropped:0 overruns:0 frame:91
TX packets:33655512 errors:4 dropped:0 overruns:0 carrier:4
collisions:185110 txqueuelen:100
Interrupt:10 Base address:0xec00
*********************************************************************
"Stuart R. Fuller" wrote:
> Brandon W. Beasley ([EMAIL PROTECTED]) wrote:
> : ifconfig reports a number of collisions occuring on my NIC.
> : There are two in the linux box doing a ip masquerading task.
> :
> : Question: what is the threshhold for too many collisions?
>
> Answer: it depends.
>
> If you're on a switch, then the threshold should be fairly low. If you're on
> a hub or on a true shared wire, then it may be high.
>
> The actual count of collisions is not usually of interest, but rather the
> number of collisions per packet sent. For example, my Linux box does not show
> any collisions, for 1-2 million packets sent. My workstation at work (a
> Digital VAXstation 4000/90, on a switch) shows 1600 collisions with 5 million
> packets sent.
>
> Are you seeing a problem with your network?
>
> Remember, collisions are not a Bad Thing. Excessive collisions, however, are.
> So, post some numbers.
>
> Stu
------------------------------
Date: Thu, 05 Aug 1999 21:56:12 +0200
From: "Marvin (Georg Ortmanns)" <[EMAIL PROTECTED]>
Subject: Sendmail: relaying denied
Hi Folks!
Sendmail, fetchmail, pop3d work fine on my S.u.S.E. 6.1.
When I try to send from my WinNT box via sendmail on my Linux to an outside eMail
adress I receive
"relaying denied".
What am I missing in the sendmail.cf?
Any help welcome.
--
Thank's in advance
Georg Ortmanns (Marvin) eMail [EMAIL PROTECTED]
To get my PGP key send mail with subject "Send PGP key"
------------------------------
From: David Pollack <[EMAIL PROTECTED]>
Subject: Re: netscape java redhat 6
Date: Thu, 05 Aug 1999 14:00:09 -0700
edit the /etc/X11/fs/config file and add 75dpi fonts but leave off the
:unscaled part. Basically add a line like
/usr/X11R6/libs/X11/fonts/75dpi
I am not sure if that is the exact line but it should be something
similar...
Dennis Kinder wrote:
>
> Please tell me how to get Netscape to work with java in redhat 6.
> Every time a page with java opens the netscape closes.
> Thank you.
------------------------------
From: Sung Kim <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.help,comp.os.linux.setup
Subject: Kill -9 won't kill a process
Date: Thu, 05 Aug 1999 21:42:36 GMT
I am currently running redhat6.0 with kernel 2.2.10 on a P-400.
Everything runs fine except for one exception. Especially in X when a
process crashes it remains in memory and no matter what I try I can't
kill it. I have tried killing them as root and nothing. Even when I
reboot the machine linux can't unmount the filesystem due to the
locked/linked files. Is there anyway to kill these processes or is my
kernel not compiled correctly?
Tx for your time.
Sung Kim
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: firewall with multiple public addresses???
Date: Thu, 05 Aug 1999 21:01:39 GMT
In article <7o7a6p$rcj$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I have a TCI cable modem, with a Linux firewall and several PCs
> off a second interface using DHCP in the 192.168.1.X address space.
> My primary address is in the 24.1.A.B address space. This all works
> fine.
>
> I asked TCI for a second IP address, and they gave me one in the
> 24.9.C.D address space. I want a PC with a public address to sit
> behind the same firewall. Is this possible?
>
> I put in a third network card, and configured it as 24.9.C.1. The PC
> has address 24.9.C.D with 24.9.C.1 as its gateway. The PC and linux
> box can ping each other, and packets get forwarded out, but packets
> don't get returned.
>
> The PC connected to the cable modem works fine with either
> address 24.1.A.B or 24.9.C.D. So I'm assuming it's a netmask/routing
> problem with the linux box public interface. Does the netmask need
> to be set to 255.0.0.0 to allow 24.*.*.* packets in? When I set it
> to 255.0.0.0, it doesn't seem to relay any packets.
For the record, it turned out that I needed proxy arp set up, as
partially described in teh Proxy ARP Mini-Howto:
http://www.linux-howto.com/LDP/HOWTO/mini/Proxy-ARP-Subnet.html
in the end I needed to execute a command like this:
arp -v -i eth0 -Ds 24.9.C.D eth0 netmask 255.255.255.255 pub
and everything is now fine. The firewall responds to arp requests
on behalf of the PC which is hidden behind the firewall.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Lee Sharp" <[EMAIL PROTECTED]>
Subject: Re: Compaq NetFlex 3 on HP NetServer
Date: Thu, 5 Aug 1999 17:17:46 -0500
Eric Steele wrote in message ...
|I just acquired an HP Netserver 4d 66 LM computer and am in the process of
|installing RedHat 5.2 on it. Everything has gone well except the network
|card. I looked at the card and it is a Compaq NetFlex3. Does anyone have
|any experience with this card? There are boatloads of network card
|options and none of them look like what I need.
How odd. HP and Compaq do NOT like each other in the corporate world.
:-) Anyway, you have a tlan card. Running "insmod tlan" should allow you
to "ifconfig."
Lee
--
SCSI is *NOT* magic. There are *fundamental technical reasons* why it is
necessary to sacrifice a young goat to your SCSI chain now and then. * Black
holes are where God divided by zero. - I am speaking as an individual, not
as a representative of any company, organization or other entity. I am
solely responsible for my words.
------------------------------
From: Chris Rankin <au.com.zipworld@{no.spam}rankinc>
Subject: Re: Port Scan Problem
Date: Fri, 06 Aug 1999 08:08:40 +1000
Charles Stack wrote:
> > They have to be run by tcpd
> > Thus you need a line like
> > pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
> > Not
> > pop-3 stream tcp nowait root /usr/sbin/ipop3 ipop3d
>
> My line reads:
> pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
>
> So, why can't I block this? Is there something else that needs to be done?
No, not if you're POP server is called ipop3d. *MY* POP server was
called in.pop3d and so my inetd.conf file contained:
pop3 stream tcp nowait root /usr/sbin/tcpd in.pop3d
Remember - you're trying to construct a command line for inetd to run
your server.
Chris.
------------------------------
From: "John Hardin" <[EMAIL PROTECTED]>
Subject: Re: PPTP won't authenticate through ipmasq
Date: Thu, 5 Aug 1999 15:08:24 -0700
Dave Kristol wrote in message <[EMAIL PROTECTED]>...
>So the real question is, what incantation is necessary in the firewall
>setup to make this work. (I fear the answer is, "can't be done without
>as-yet written patches".)
Nope, the patches are all working properly. Twiddling the firewall setup
and getting it to work proves that.
I haven't tried Robert's firewall generator to see what it generates. Are
there any options for permitting non-TCP non-UDP protocols?
Generally what I recommend (in broad strokes) is:
permit whatever TCP and UDP traffic you want, then
block all TCP and UDP traffic, then
permit all traffic.
If you're running ipchains you can get it tighter than this (i.e. "permit
proto 47" instead of "permit all"), but 2.0.x ipfwadm only supports TCP,
UDP, ICMP and "everything else", so that's the best you can do when using
ipfwadm.
Take a look at the HOWTO. This is all described in more detail there.
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
=======================================================================
In the Lion
the Mighty Lion
the Zebra sleeps tonight...
Dee de-ee-ee-ee-ee de de de we um umma way!
------------------------------
From: "Eric Rector" <[EMAIL PROTECTED]>
Subject: Re: ftpd problems?
Date: Thu, 5 Aug 1999 16:08:13 -0400
This happened to me; Red Hat changed something between 5.2 and 6.0, because
I had no problem ftping to the 5.2 box immeditely after set up (after
creating the appropriate user), but COULD NOT get into the 6.0 box no matter
what.
Unfortunately, I don't remember what I changed, or if I changed anything,
but after a couple days I tried again, and I got right in on the user
account I had previously set up and then given up on.
Anybody else know what's going on?
--Eric Rector
Harborside Graphics Sportswear
Thomas J. Boyd wrote in message <[EMAIL PROTECTED]>...
>I have two machines, each running RH 6.0. I have loaded each of them
>recently. The inetd.conf files are almost identical. On one of the
>two, ftp requests get the following:
>
>Connected to XXX.XXX.XXX.XXX
>421 Service not available, remote server has closed connection
>
>Is there any reason why this should occur? The machine that accepts ftp
>requests has been upgraded from RH 4.2 through 5.2 to 6.0. Otherwise
>they are the same???
>
>Thanks,
>
>Tom Boyd
>US Naval Research Laboratory
>
>
------------------------------
From: [EMAIL PROTECTED] (Alex Yung)
Subject: Re: How to reach my Server from the Internet?
Date: 5 Aug 1999 21:19:05 GMT
Reply-To: [EMAIL PROTECTED]
Paskal van Lomm ([EMAIL PROTECTED]) wrote:
: I've a 486 running Slackware and a PII Running Redhat 5.2 and Apache
: I want to reach my Apache server from the Internet using the 486 as firewall
: (Internet -> 486 -> PII/Apache)
: I know this should probably be done using IPCHAINS/IPMASQADM.....
: I've been reading a lot of Howto's etc., but I can't get it running :-(
: The other way around PII -> 486 -> Internet works fine!
: Could you please help me?
Install "rinetd" or "redir" in your 486!
------------------------------
From: billp <[EMAIL PROTECTED]>
Subject: Re: Switch to ProFTPD, root dirs?
Date: Thu, 05 Aug 1999 18:11:48 -0700
Drew wrote:
> Hey all,
> After many e-mail suggestions, I made the swtich to ProFTPD,
> and I must say I am very impressed, I only have two minute
> configuration issues:
>
> 1. How to reset the anonymous root directory?
>
> 2. How to set the guestgroup root directory?
>
> As you can tell these are easy questions to shoot down,
> and I have already looked at proftpd.org, and read the man
> pages. I am not even sure if PROftpd even uses ftpaccess,
> its a little different than Bero. I assume it reads
> proftpd.conf but I havent figured out much on how to set
> up root dirs.
>
> Thanks Much,
> Drew
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
If you mean how do you have an annonymous user (ftp) be made to log into a
specific directory, let's say the ftp directory which is located here :
/home/ftp
then
you would have an entry like this
<Anonymous ~ftp>
User ftp
Group ftp
"put what ever else you want here"
</Anonymous>
and when an anonymous user logs in as ftp then they will find themselves in
the ftp which will be there root directory. For guest, you need to configure
another <Anonymous ~guest> and configure it to do whatever you need.
hope this helps. I just spent a little time playing around with proftpd and
like it cuz it is similar to Apache.
Bill
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
