Linux-Networking Digest #131, Volume #12 Fri, 6 Aug 99 11:13:36 EDT
Contents:
Re: dial in server -- pppd help needed (Cristian Mindricelu)
Re: why?? (Paul Wilkins)
12 Step Plan ("Trevor Porter")
Re: cable modem + linux, Boston, MA (Rod Smith)
Firewall attack ("Zoltan Pittner")
Re: non root ppp (John Strange)
eth1 & BOOT (David Hopkins)
Re: How to update the DNS from the dhcp.conf (Michele Nicosia)
Re: Linux - @home cable modem service wierdness ("Robert Glover")
Mail problem ("Robert Glover")
pcnfsd wanted ("Pekka K. Kurki")
Re: Kill -9 won't kill a process ("Daniel Melo")
Re: 2 default routes, which one is used? (Clifford Kite)
Re: dial in server -- pppd help needed (Clifford Kite)
Linux workstation, NT server (Ken R.)
Re: Linux workstation, NT server ("David Murray")
Samba, encrypted passwords ("David Murray")
RH Linux 6 behind MS Proxy (temporarily) ("Nathan J. Underwood")
Re: ppp problem: linux <-> wince ("G. Pollack")
Linux - Win Networking Help ("Jordan Lee")
Re: what's required for rlogin (Michael Jensen)
Re: Kill -9 won't kill a process (Gary Smith)
Intel EEPro/10 (Ben Hatch)
Re: route command hangs (Cristian Mindricelu)
Ccan linux and windows talk ("Vasanth")
Re: PPTP won't authenticate through ipmasq (Dave Kristol)
----------------------------------------------------------------------------
From: Cristian Mindricelu <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: dial in server -- pppd help needed
Date: Fri, 06 Aug 1999 15:02:48 +0300
> The problem is I cannot go further out of the server onto the LAN to
> surf the web etc.
Have you set up your Linux to do IP forwarding?
If you have kernel 2.0.x there is an option in the kernel configuration.
With kernel 2.2.x you have to do "echo 1 >
/proc/sys/net/ipv4/ip_forward".
Hope this helps,
Cristian
------------------------------
From: Paul Wilkins <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.redhat,comp.os.linux.questions,comp.os.linux.setup,linux.redhat.misc,linux.redhat.install
Subject: Re: why??
Date: Sat, 07 Aug 1999 00:19:17 +1200
Allen Wong wrote:
>
> Ricky,
>
> Please post the output of this:
>
> cat /dev/sndstat
>
> Allen
> --
> Linux: If you're not careful, you might actually learn something.
I appear to have the same trouble, and while ls shows it to exist, I
don't appear to be able to get anything from it.
$ ls -l /dev/sndstat
crw-rw-rw- 1 root root 14, 6 Jul 12 17:15 /dev/sndstat
$ cat /dev/sndstat
cat: /dev/sndstat: No such device
Paul Wilkins
--
Proudly sent with Linux
------------------------------
From: "Trevor Porter" <[EMAIL PROTECTED]>
Subject: 12 Step Plan
Date: Fri, 6 Aug 1999 09:30:17 -0230
Hi. My name is Trevor and I've been using M$. Sound like a familiar
admission? Seriously though, we've been using M$ Small Business Server as
our PDC for the past couple of years. In the course of this time, users
have become addicted to some of its prettier features. Meanwhile, there are
some of us who would like to see M$ go the way of the dodo, or at least go
away from our servers.
In an ongoing effort diminish M$'$ presence, I'm trying to determine what we
'll 'lose' by going to a purely Linux-run domain (using Samba . I'm not
optimistic enough to give most of my users Linux !). One of the biggest
problems I can foresee is our mail functionality. Granted, Exchange Server
is a huge PIG, but it does offer some nice features such as a consolidated
mail database and public folders. Is there a Linux-based solution to this?
How can I keep all of my mail in one db (or centralized location) and have a
pool of mail items shared among users?
If anyone has gone through a similar conversion, I'd appreciate some
guidance.
Cheers,
Trevor
------------------------------
From: [EMAIL PROTECTED] (Rod Smith)
Subject: Re: cable modem + linux, Boston, MA
Date: Fri, 06 Aug 1999 12:26:08 GMT
Reply-To: [EMAIL PROTECTED]
[Posted and mailed]
In article <[EMAIL PROTECTED]>,
Nicholas Strugnell <[EMAIL PROTECTED]> writes:
> I checked on the web and found that they only provide the service on Long
> Island of all places. So it seems that if you live in Boston, supposedly
> the hi-tech centre of the east coast, you can't get a fast internet
> connections. Great :-(
Are you aware of DSL? Cable modems aren't the only means of high-speed
net access, you know. I'm about to have DSL service installed from Bell
Atlantic. I live in Malden, but on comp.dcom.xdsl, there was a recent
post from somebody living in Boston proper who's just had DSL installed
from a company called Speakeasy (http://www.speakeasy.net). Both Bell
Atlantic and Covad (the company that provides the infrastructure for
Speakeasy) are still in the process of deploying their equipment in the
Boston area, so I can't guarantee that either company has anything in your
immediate area, but chances are good that it's either available or will be
by the end of the year.
--
Rod Smith
[EMAIL PROTECTED]
http://www.channel1.com/users/rodsmith
NOTE: Remove the "uce" word from my address to mail me
Author of _Special Edition Using Corel WordPerfect 8 for Linux_, from Que
------------------------------
From: "Zoltan Pittner" <[EMAIL PROTECTED]>
Subject: Firewall attack
Date: Fri, 6 Aug 1999 08:31:01 -0400
Hi.
Since I have a decent (I hope) firewall in place, I get all kind of packet
deny messages in my logs. The most common one seems to be on port 137.
Last night I've seen that someone tried some different ports as well:
packet deny 216.129.6.227:375
packet deny 216.129.6.227:399
packet deny 216.129.6.227:439
packet deny 216.129.6.227:460
packet deny 216.129.6.227:481
packet deny 216.129.6.227:504
is this an attack? I couldn't find any reference for the ports used here.
What are these ports?
What about the first? 137? I know this has something to do with netbios, but
is this an attack or just random convergence?
Thanks for your help, Zoltan.
------------------------------
From: [EMAIL PROTECTED] (John Strange)
Crossposted-To: comp.os.linux.setup
Subject: Re: non root ppp
Date: 6 Aug 1999 12:42:38 GMT
As root,
cd /dev
chmod +rw cua1
hos ([EMAIL PROTECTED]) wrote:
: hi
: can't use ppp as non-root.
: get the error, can't access /dev/cua1 permission denied.
: have tried set uid to root on pppd,
: also x priviledges are very liberal, all users can execute.
: any thoughts?
: thanks
: horst
--
While Alcatel may claim ownership of all my ideas (on or off the job),
Alcatel does not claim any responsibility for them. Warranty expired when u
opened this article and I will not be responsible for its contents or use.
------------------------------
From: David Hopkins <[EMAIL PROTECTED]>
Subject: eth1 & BOOT
Date: Fri, 06 Aug 1999 09:01:28 -0400
I have set up RH Linux 5.2 with 2 3c509 cards installed. When the
machine boots there are 3 messages:
eth0: Setting Rx mode to 1 addresses.
eth1: Setting Rx mode to 0 addresses.
eth1: Setting Rx mode to 1 addresses.
Is this correct? Thanks for any help--DaveH.
David Hopkins
[EMAIL PROTECTED]
------------------------------
From: Michele Nicosia <[EMAIL PROTECTED]>
Subject: Re: How to update the DNS from the dhcp.conf
Date: Fri, 06 Aug 1999 15:01:20 +0200
www.isc.org
dhcpd3.0b1pl0 with nsupdate
bye
------------------------------
From: "Robert Glover" <rglover@air(dot)ups(dot)com>
Subject: Re: Linux - @home cable modem service wierdness
Date: Fri, 6 Aug 1999 12:43:35 -0000
Yes, that's true. I just looked in /etc/resolv.conf after it was
updated by dhcpcd. I took the domain name listed there and told
windows to use that as a search domain under the network settings.
Don't fear the Penguin!
Eugene wrote in message ...
check your cnfiguration on the windows side:
@Home geniuses set up your home page as www, mail server as mail, news
server as news, etc. The servers resolve to www.whatever.home.com,
mail.whatever.home.com, news.whatever.home.com, etc. -- that is
assuming you
are connecting directly. What you need to do is find out *what* this
"whatever" is (look at the info sheet they gave you when they set it
up),
and change the settings accordingly.
Vincent <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> This one's strange. When connected to the cable modem directly from
> Win98 or WinNT machines, the cable modem ISP @home's mail server is
> accessible. I can also connect to erol's and Netcom's mail servers.
>
> But, when I connect to the internet from either Windows machine
through a
> gateway Linux machine running RedHat 5.2, I cannot connect to
@home's
> mail server. Netcom's and erol's mail servers are still accessible.
> Also, the browser's home page is different, even though no changes
were
> made to it.
>
> the @home tech support person told me that its mail server was down,
> what I was experience was just a coincidence. However, needless to
say,
> when I removed the Linux machine, and connected directly to the
cable
> modem again, our original home page loaded, and we were able to get
to
> @home's mail server again.
>
> I'm using ipfwadm rules to enable ip_masquerading.
>
> Anybody have an explanation for this? Thanks.
>
------------------------------
From: "Robert Glover" <rglover@air(dot)ups(dot)com>
Subject: Mail problem
Date: Fri, 6 Aug 1999 13:01:59 -0000
Sometimes when I send mail, the recipient gets the following wierd
kind of "From" address:
From: [EMAIL PROTECTED] on behalf of Bob Glover
[[EMAIL PROTECTED]]
It seems that Netscape is doing something wierd with my private
username (bob) that is causing the destination mail servers to think
that the mail is from something local to them. Is there any way I can
change this?
------------------------------
From: "Pekka K. Kurki" <[EMAIL PROTECTED]>
Subject: pcnfsd wanted
Date: Fri, 06 Aug 1999 15:09:03 +0300
Reply-To: [EMAIL PROTECTED]
Hi all!
I am looking for a pcnfsd daemon for Linuz (I have RH 6.0). So far I was
not successfull to locate one. Can anybody help?
best regards,
Pekka
--
(Mr.) Pekka K. Kurki
Intellectics GesmbH
Schlossstrasse 59
A-2551 Enzesfeld, Austria
[EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.intellectics.co.at/Pekka_Kurki.html
------------------------------
From: "Daniel Melo" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.help,comp.os.linux.setup
Subject: Re: Kill -9 won't kill a process
Date: Fri, 6 Aug 1999 12:50:47 +0200
Try an ps -eaf
and kill -9 those results that are applicable
Sung Kim <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
I am currently running redhat6.0 with kernel 2.2.10 on a P-400.
Everything runs fine except for one exception. Especially in X when a
process crashes it remains in memory and no matter what I try I can't
kill it. I have tried killing them as root and nothing. Even when I
reboot the machine linux can't unmount the filesystem due to the
locked/linked files. Is there anyway to kill these processes or is my
kernel not compiled correctly?
Tx for your time.
Sung Kim
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: 2 default routes, which one is used?
Date: 6 Aug 1999 08:05:36 -0500
Barry Hill ([EMAIL PROTECTED]) wrote:
: If one enters two default routes in the Linux routing table, which one
: does the kernel use as standard: the first, the fastest, the least busy
: one or a random one?
The second one.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Crossposted-To: comp.os.linux.setup
Subject: Re: dial in server -- pppd help needed
Date: 6 Aug 1999 08:18:31 -0500
Braam ([EMAIL PROTECTED]) wrote:
: The problem is I cannot go further out of the server onto the LAN to
: surf the web etc.
: Proxyarp in the ppp options is used.
If you're using a 2.2.x kernel then view linux/Documentation/proc.txt
and search for proxy_arp and ip_forward .
You're aware of course that teh IP of the call-in must be on the LAN
of the called-to box.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* The signal-to-noise ratio is too low in many [news] groups to make
* them good candidates for archiving.
* --- Mike Moraes, Answers to FAQs about Usenet */
------------------------------
From: Ken R. <[EMAIL PROTECTED]>
Subject: Linux workstation, NT server
Date: Fri, 06 Aug 1999 13:10:43 GMT
I am on an NT domain with 4 NT servers and would like to take advantage
of the file and print sharing of NT. I am running RH 6 on a dell 266
laptop. I have used samba with a win98 to linux server, but I can't find
any way to do the reverse other than smbmount which I cant find how to
print through it. Is there an easier way to log onto NT from Linux and
use these services?
Thanks in advance, Ken Redman
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "David Murray" <[EMAIL PROTECTED]>
Subject: Re: Linux workstation, NT server
Date: Fri, 06 Aug 1999 13:38:47 GMT
I do this all the time. When you setup RH6 it asks about a printer and
just tell it the printer is on a Windows SMB network and give all the
proper information. Also, you can go into the redhat control panel under
printers and setup it up later as well. It works for me. We have a lot of
printers on jet-direct boxes which are spooled from our Primary Domain
Controller.. so I just print right to them.
--DavidM.
Ken R. <[EMAIL PROTECTED]> wrote in article
<7oemsa$4q3$[EMAIL PROTECTED]>...
> I am on an NT domain with 4 NT servers and would like to take advantage
> of the file and print sharing of NT. I am running RH 6 on a dell 266
> laptop. I have used samba with a win98 to linux server, but I can't find
> any way to do the reverse other than smbmount which I cant find how to
> print through it. Is there an easier way to log onto NT from Linux and
> use these services?
------------------------------
From: "David Murray" <[EMAIL PROTECTED]>
Subject: Samba, encrypted passwords
Date: Fri, 06 Aug 1999 13:43:06 GMT
This is the most irritating problem. If I go into the /etc/smb.conf and
tell it to use encrypted passwords then all the NT systems are able to
communicate with the Linux box. But then the windows 95 boxes just keep
asking for the password over and over. If I turn encryption off and
restart Samba, then the opposite is true. The 95 boxes work fine and Nt
asks for the password over and over again.. How can I set it up so that
BOTH 95 and Nt work fine?
--DavidM
------------------------------
From: "Nathan J. Underwood" <[EMAIL PROTECTED]>
Subject: RH Linux 6 behind MS Proxy (temporarily)
Date: Fri, 06 Aug 1999 13:46:30 GMT
I have just (finally) convinced my company to let me introduce Linux
into the frey, and have opted to use the box for our Intranet. We
currently have a M$ Proxy server between us and the Internet, and I
would like to use the Linux box as much as possible to familiarize
myself with what it can do. My question is, is there a way that I can
configure the machine to 'see through' the proxy. I have the M$ Proxy
Client installed on my NT laptop, and it seems to work fine. Is there a
way that I can do the same under Linux. BTW, I will soon be configuring
IPMasq to replace the Proxy, are there better options that I should look
into?
Thanks
Nathan
------------------------------
From: "G. Pollack" <[EMAIL PROTECTED]>
Subject: Re: ppp problem: linux <-> wince
Date: Fri, 06 Aug 1999 14:15:50 GMT
Clifford Kite wrote:
>
> G. Pollack ([EMAIL PROTECTED]) wrote:
>
> : Following the directions I found elsewhere on the net (can't locate the
> : url at present), I log onto the linux box on a serial port (this works
> : fine), and then issue the following command:
>
> : /usr/sbin/pppd-detach crtscts lock 192.168.55.1:192.168.55.2 /dev/ttyS0
> : 19200
>
> : This successfully starts up pppd, and I can see the "hash" characters on
> : the handheld. The problem is when I click on "continue" on the
> : handheld's network-connect program. Unfortunately I don't know much
> : (anything!) about this program, except that clicking on continue is
> : supposed to make it run in background, so that I can, e.g., start an ftp
> : server on the handheld for file transfer. When I do this, I lose the
> : connection. This is what I see in /var/log/messages:
>
> [edited]
>
> : Aug 5 08:58:12 jiminy pppd[725]: pppd 2.3.5 started by velo, uid 501
> : Aug 5 08:58:12 jiminy pppd[725]: Using interface ppp0
> : Aug 5 08:58:12 jiminy pppd[725]: Connect: ppp0 <--> /dev/ttyS0
> : Aug 5 08:58:18 jiminy pppd[725]: Hangup (SIGHUP)
> : Aug 5 08:58:18 jiminy pppd[725]: Modem hangup
>
> This isn't likely an initial LCP timeout unless the timeout is changed
> in /etc/ppp/options or perhaps a /etc/ppp/options.<ttyname> file.
> Add the debug option to the pppd argument list and look at the LCP link
> negotiation messages for clues.
>
> --
> Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
> /* 97.3% of all statistics are made up. */
Thanks for the suggestion. Here's what debug says:
sent [LCP ConfReq id=x1 <magic 0x7ec3> <pcomp> <accomp>]
last message repeated 2 times
The only entry in etc/ppp/options is lock, and there are now
tty-specific options files.
The message reported by debug doesn't mean anything to me. If it does to
you, I'd appreciate a translation.
Thanks,
--
Gerald Pollack
Dept. of Biology, McGill University
------------------------------
From: "Jordan Lee" <[EMAIL PROTECTED]>
Subject: Linux - Win Networking Help
Date: Thu, 5 Aug 1999 20:45:06 -0700
Hello,
Ok new to linux and I'm REALLY LIKIN WHAT I SEE!! Now I feel dirty using
Windows...
I've got KDE going
I've mounted our Novell server
now, windows... and I know SAMBA
OK here we go, I've got the /etc/smb.conf file all set up and running. Now
on my Win98 machine(for example 150.150.150.3) can ping the Linux
box(150.150.150.2) and when I check ifconfig I can see that eth0 has
received and transmitted data. And PING on the Win98 reported fine, so now
the problem and remember I'm new to Linux here..
Why can't I see the linux box in Network Neighborhood or Explorer?
I have the Windows client with the linux name in the workgroup field, and
SAMBA has enabled encrypted passwords(I know a potential problem with SAMBA
& Win98) WHATS WRONG?! This sounds pretty straight foward and I've been thru
too many HOWTOs.
PLEASE HELP!? Please...
Also the Window machines are primary setup to login into the Novell file
server. Could this be a problem?
Thanks,
Jordan Lee
[EMAIL PROTECTED]
------------------------------
From: Michael Jensen <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: what's required for rlogin
Date: Fri, 06 Aug 1999 07:59:58 -0600
I should note that these are the error messages I receive when trying to
rlogin or rcp to the machines:
machine_name1: Connection refused
rcmd: machine_name2: Connection reset by peer
Thanks again...
Mike
Mike Jensen wrote:
> Hello everyone,
>
> I have a Laptop on which I installed the bare minimums
>
> for running Redhat 6.0. I'd like to be able to rlogin
>
> into other machines from it and rlogin into it from other
>
> machines. What files and settings are required to do
>
> this?
>
> TIA,
>
> Mike
>
> ------------------ Posted via CNET Linux Help ------------------
> http://www.searchlinux.com
------------------------------
From: Gary Smith <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.help,comp.os.linux.setup
Subject: Re: Kill -9 won't kill a process
Date: Fri, 06 Aug 1999 09:59:32 -0400
Sound like the kernel is having trouble writing the core file. Are you out of disk
space ?
Try deleting the core file. The kernel may give up writing to it and proceed to
terminate the process.
Gene Heskett wrote:
> Unrot13 this;
> Reply to: <[EMAIL PROTECTED]>
>
> Gene Heskett sends Greetings to Saif A.;
>
> SAW> Sung Kim wrote:
>
> >> I am currently running redhat6.0 with kernel 2.2.10 on a P-400.
> >> Everything runs fine except for one exception. Especially in X when a
> >> process crashes it remains in memory and no matter what I try I can't
> >> kill it. I have tried killing them as root and nothing. Even when I
> >> reboot the machine linux can't unmount the filesystem due to the
> >> locked/linked files. Is there anyway to kill these processes or is my
> >> kernel not compiled correctly?
> >>
> >> Tx for your time.
> >>
> >> Sung Kim
>
> SAW> Hello,
>
> SAW> I have noticed the same problem with Mandrake. Whenever a program
> SAW> crashes and tries to write the core file it goes into uninterruptible
> SAW> sleep mode and no one can kill it (not even kill -9). If you look at the
> SAW> size of the core file it will remain zero bytes forever.
>
> SAW> If someone has a fix for this please post it. Perhaps someone with an
> SAW> official version of RH 6.0 could contact support and ask them the fix
> SAW> for this. It is certainly difficult to develop code when core dumps
> SAW> leave numerous sleeping processes lying around.
>
> Sleeping? In the one instance that recently happened to me, it was the
> kcdmagic (or similar named function that is part of kde's cdplayer). I
> couldn't find a wqay to close the non-functioning black box on the
> screen, even though I sent the process several kill #n commands. So I
> gave up and went to bed. Next morning the rc5 client had managed to
> check one block, at 19kkeys/sec. That box normally does 678kkeys when
> not otherwise occupied.
>
> 'top' said the dead kcdmagic thingy was using 99.8% of the cpu! I quit
> x, ran top, it was still there! shutdown -r now fixed it though.
>
> Thats with the Hedwick 6.0 release, 2.2.10-ac12 kernel. Yeah, it needs
> fixed.
>
> Cheers, Gene
> --
> Gene Heskett, CET, UHK |Amiga A2k Zeus040 50 megs fast/2 megs chip
> Ch. Eng. @ WDTV-5 |A2091,GuruRom,1g Seagate,CDROM,Multiface III
> |Buddha + 4 gig WDC drive, 525 meg tape
> |Stylus Pro, EnPrint, Picasso-II, 17" vga
> RC5-Moo! 690kkeys/sec isn't much, but it all helps
> email gene underscore heskett at iolinc dot net
> --
------------------------------
From: Ben Hatch <[EMAIL PROTECTED]>
Subject: Intel EEPro/10
Date: Thu, 05 Aug 1999 12:29:32 -0500
Reply-To: [EMAIL PROTECTED]
I have an Intel EtherExpress Pro/10 ISA, and I have the driver for the
PCI version (eepro10pci). Can it be modified, and if so, any
suggestions on how to do that? Does anyone have experience with this
card under Linux?!?! I need to get this machine running in a week or
so, and I need to know if it would be worth it to fix this driver
(preferred solution), or if it would be best to just buy a new card. I
have 20+ of these cards available, so I would rather not buy new cards.
I have a little experience in C++, so I can follow (hopefully!) the
logic if there is any adice on reprogramming the driver. I can also
send an email attachment with the driver if needed.
------------------------------
From: Cristian Mindricelu <[EMAIL PROTECTED]>
Subject: Re: route command hangs
Date: Fri, 06 Aug 1999 17:52:49 +0300
[EMAIL PROTECTED] wrote:
>
> Just trying to get a NE2000 compatible ethernet card to work. I've
> checked all the settings with ifconfig and route, and everything is
> set. There are no problems with the irqs or i/o addresses but when I
> use route the command hangs for quite some time before it responds.
Are you sure the nameserver in /etc/resolv.conf is set up properly? This
would be the case if "route" hangs then displays the routing table and
"route -n" does it without any delay.
You could also try "arp -an" and even "tcpdump -i eth0" to verify if the
NIC is working correctly.
Cristian
------------------------------
From: "Vasanth" <[EMAIL PROTECTED]>
Subject: Ccan linux and windows talk
Date: Fri, 6 Aug 1999 20:11:50 +0530
hi
Can some one suggest a way I can make Linux and Windows talk. What are the
softwares required and tell me briefly how to achive this.
Secondly, is it very hard to have X-Windows on Linux as I have been trying
from 2 months
Thanx
Vasanth
[EMAIL PROTECTED]
------------------------------
From: Dave Kristol <[EMAIL PROTECTED]>
Subject: Re: PPTP won't authenticate through ipmasq
Date: Fri, 06 Aug 1999 09:51:43 -0400
John Hardin wrote:
>
> Dave Kristol wrote in message <[EMAIL PROTECTED]>...
> >So the real question is, what incantation is necessary in the firewall
> >setup to make this work. (I fear the answer is, "can't be done without
> >as-yet written patches".)
>
> Nope, the patches are all working properly. Twiddling the firewall setup
> and getting it to work proves that.
>
> I haven't tried Robert's firewall generator to see what it generates. Are
> there any options for permitting non-TCP non-UDP protocols?
>
> Generally what I recommend (in broad strokes) is:
>
> permit whatever TCP and UDP traffic you want, then
> block all TCP and UDP traffic, then
> permit all traffic.
Robert's approach is "block everything, then selectively allow". Using
ipfwadm, you can only specify controls for UDP, TCP, and ICMP. So I
allowed all traffic from just my PPTP server, which would include PPTP
traffic.
>
> If you're running ipchains you can get it tighter than this (i.e. "permit
> proto 47" instead of "permit all"), but 2.0.x ipfwadm only supports TCP,
> UDP, ICMP and "everything else", so that's the best you can do when using
> ipfwadm.
>
> Take a look at the HOWTO. This is all described in more detail there.
Okay, thanks.
Dave Kristol
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
