Linux-Networking Digest #144, Volume #12 Sat, 7 Aug 99 18:13:42 EDT
Contents:
Re: Linux to NT with MSCHAP v2 ("Shane Chrisp")
Troubles with SSH (ted)
Re: @Home Setup ("Wayreth")
Re: Where to get ICQ (Frank Sweetser)
Re: Real NAT on RH60 ??? (Bill Anderson)
Re: IP-Masq w/ MS Exchange ("Shane Chrisp")
Re: password protection on Apache (Bill Thorsteinson)
SDSL setup for Slakware linux-2.2.6 ("bob")
Host Name? (Internet works so should be easy solve) ("Tom")
Re: searching icq-server for linux (tomislav)
Network Security: I.P. Address With Corresponding Mac Address (B.T.)
Re: Linux to NT with MSCHAP v2 (Clifford Kite)
Re: IP Masquerading with IP Address and Mac Address Restrictions (Juergen Pabel)
Re: Which POP3 Server? (tomislav)
Re: Network Security: I.P. Address With Corresponding Mac Address (Juergen Pabel)
remote access as root? (Eric Wyles)
Intel PCMCIA card ("Mark J Cavage")
Re: Cable modem dynamic IP ([EMAIL PROTECTED])
Mandrake 6.1 and NAT ("Warren")
Re: Problem with socket closure in 2.2 kernel? (Thorsten Kuehnemann)
Re: Help with DSL and Linux ("Yousuf Khan")
----------------------------------------------------------------------------
From: "Shane Chrisp" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,redhat.networking.general
Subject: Re: Linux to NT with MSCHAP v2
Date: Sun, 8 Aug 1999 02:24:50 +0800
Check the microsoft support pages for articles on RRAS or STEELHEAD. There
is information on how to force the NT Server to use PAP or CHAP depending on
your requirements. I hope this helps.
Shane Chrisp
[EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> My company upgrade NT RAS server to use MSCHAP v2. My linux PC can connect
> to RAS server before this upgrade. But it's fail to connect now. Can
> anyone help me?
>
> I know how to rebuild the pppd to use MSCHAP.
>
> Thanks
> banny
>
> ------------------ Posted via CNET Linux Help ------------------
> http://www.searchlinux.com
------------------------------
From: ted <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security
Subject: Troubles with SSH
Date: Sat, 07 Aug 1999 14:56:50 -0400
I just built SSH 1.2.27 for my Sparc/RedHat 6.0. For some reason it
fails attempting password identification. My first though was that it
was something to do with /etc/shadow, but that appears to be handled.
Any suggestions?
Thanks in advance
Blake Meike
[EMAIL PROTECTED]
(just leave off the initiall 'xxx')
------------------------------
From: "Wayreth" <[EMAIL PROTECTED]>
Subject: Re: @Home Setup
Date: Sat, 07 Aug 1999 18:20:02 GMT
Colin;
I am in a similar boat with a DEC2104 and an Acerlan NIC. sharing @home. I
have the system working in Windoze fine. I havn't tried going to the BIOS
and setting PNP to manual and specifying resources. You have given me a hint
though. Thanks. This may be the same problem you are facing.
Bruce
Colin Hansen wrote in message <[EMAIL PROTECTED]>...
>
>With an @Home cable internet service under Caldera Linux, I believe I
>have to disable PnP mode on my 3Com network card. I have the two 3Com
>setup disks but can't find any files that allow me to turn off PnP mode
>in Windows95. Anybody know how this is done?
------------------------------
From: Frank Sweetser <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.security
Subject: Re: Where to get ICQ
Date: 07 Aug 1999 15:15:40 -0400
"c64" <[EMAIL PROTECTED]> writes:
> Does anyone know where to get ICQ for linux? I have search mirabilis but
> found nothing. tks
go through the appindex/search at freshmeat.net
--
Frank Sweetser rasmusin at wpi.edu fsweetser at blee.net | PGP key available
paramount.ind.wpi.edu RedHat 5.2 kernel 2.2.5 i586 | at public servers
It's a brave man who, when things are at their darkest, can kick back and
party!
-- Dennis Quaid, "Inner Space"
------------------------------
From: Bill Anderson <[EMAIL PROTECTED]>
Crossposted-To: redhat.kernel.general,redhat.networking.general
Subject: Re: Real NAT on RH60 ???
Date: Sat, 07 Aug 1999 12:46:59 -0600
Superb W wrote:
>
> I am also searching for 'Real NAT' on RH6.0. But I can't. I am thinking of
> using IP aliasing together with ipmasqadm to a work-around. In this case,
> The firewall will listen on serval IPs (193.42.1.42, 193.42.1.43), then
> using
> ipmasqadm do the forwarding to the internal IP.
By entering ?linux+nat into netscape's url box, I retrieved sme links.
About a quarter of the way down is:
http://linas.org/linux/load.html
I believe the two of you will find it useful.
Cheers.
Bill
------------------------------
From: "Shane Chrisp" <[EMAIL PROTECTED]>
Subject: Re: IP-Masq w/ MS Exchange
Date: Sun, 8 Aug 1999 02:49:26 +0800
The MS Exchange server wont have the externel IP address but rather an
internal address and what you will need to do is set up port forwarding so
that and requests coming in from the internet get forwarded onto the
exchange server via the internel IP Masquerading.
Check the IPCHAINS-HOWTO for more info.
http://www.adelaide.net.au/~rustcorp/linux/ipchains although I think they
have just changed address. So just look it up on a Linux mirror close to
you.
Shane Chrisp
[EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote in message
news:7of9ch$j8s$[EMAIL PROTECTED]...
> I am trying to implement a solution that includes
> using DSL, MS Exchange and only 1 ip address. I
> want to know if Exchange will work if the IP
> address that it is running on is masqueraded. I
> want to use rh-60 as a firewall with an exchange
> server behind it. The problem is I only have 1
> ip to work with. Will this work.
>
> Aaron Friedel
>
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Bill Thorsteinson)
Subject: Re: password protection on Apache
Date: Sat, 07 Aug 1999 19:53:01 GMT
On Wed, 09 Jun 1999 05:19:44 GMT, "George Georgakis"
<[EMAIL PROTECTED]> wrote:
>It's pretty easy. Basically, you use the htpasswd program in the support
>directory to add users, and in each directory you wish to have restricted
>access you add the following in a .htaccess file:
>
> AuthName "restricted stuff"
> AuthType Basic
> AuthUserFile /usr/local/etc/httpd/users
>
> require valid-user
>
>The /usr/local/etc/httpd/users file contains the allowed users and the
>encrypted password. With the first user you create this file with htpasswd
>-c /usr/local/etc/httpd/users <username>, subsequent users are added with
>htpasswd /usr/local/etc/httpd/users <username>
>
>to restrict an area just to certain users, make the last line
>
> require user <user1> <user2> etc...
>
>HTH
>
>George
>---------------------------------------------------------------------------
>I never reply by email as a) I don't give out my real email address freely,
>and b) it stops other NG users from reading the solutions to problems
>If necessary, however, I can be contacted thru geegs (a) linuxstart DOT com
>--------------------------------------------------------------------------
>
>John Schmidli <[EMAIL PROTECTED]> wrote in article
><7jkmjc$815$[EMAIL PROTECTED]>...
>> I'm looking for some guidance on how to password protect a directory
>> (ie restrict access to people with password) on a Linux server running
>> Apache. I have read the documentation but still find it a bit confusing.
>>
>>
>> Sent via Deja.com http://www.deja.com/
>> Share what you know. Learn what you don't.
>>
------------------------------
From: "bob" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: SDSL setup for Slakware linux-2.2.6
Date: Sat, 7 Aug 1999 12:54:34 -0700
I have a SDSL 384/384 installed by GTE. They claim to have it connected to
GTI in Texas. When a GTI person came out to set up the Internet service, he
said he didn't know anything about Slakware, only "pump" on Red Hat. He left
with the service not working because he couldn't find the Red Hat tools on
the system. I have set up the IP-Masquerading and the second NIC (eepro100
= eth1) myself as per various FAQ(s) and HowTo(s). When I do a ping from the
linux box on an IP which is not in my local net, I see the receive light on
the port box connected to the DSL modem flash periodically (about once a
second), but no indication of response (ping hangs). After Ctrl-C, doing an
ifconfig shows eth1 with 10 to 20 Tx packets but no Rx packets. I assume
this means nothing is coming back. Anyone know of a recipe to make this
work?
Also, I rebuilt kernel as stated in HowTo(s) to include IP_MASQ, ..PACKETS
and socket ..FILTERS, but dhcp_client fails with a message saying
"FILTERS..." not in kernel. The .config file in /usr/src/linux says =y for
all of the referenced options and both make config and make xconfig confirm
these. Yes, I did "cp ...zImage /vmlinuz; make modules; make
modules_install; lilo. Is there a problem with linux-2.2.6??
Posted to comp.os.linux.networking but no response in 4 days.
TKSIA Bob
System:
Slakware linux-2.2.6
Dual PII/333
256MB
3c509 NIC for LAN (eth0) // LAN works fine with Samba
EtherExpress10/100 NIC (eth1)
ifconfig:
eth0 Link encap:Ethernet HWaddr 00:20:AF:11:9D:64
inet addr:192.21.41.11 Bcast:192.21.41.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14595 errors:0 dropped:0 overruns:0 frame:0
TX packets:2874 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:7 Base address:0x300
eth1 Link encap:Ethernet HWaddr 00:A0:C9:82:C1:E8
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:252 errors:0 dropped:0 overruns:46 carrier:0
collisions:0 txqueuelen:100
Interrupt:19 Base address:0xfcc0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:336 errors:0 dropped:0 overruns:0 frame:0
TX packets:336 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 * 255.255.255.0 U 0
0 0 eth1
localnet * 255.255.255.0 U 0
0 0 eth0
loopback * 255.0.0.0 U 0
0 0 lo
default bat.bda.com 0.0.0.0 UG 1 0
0 eth1
--
email - bklungle at ix dot netcom dot com
------------------------------
From: "Tom" <[EMAIL PROTECTED]>
Subject: Host Name? (Internet works so should be easy solve)
Date: Sat, 7 Aug 1999 12:28:05 -0700
Ok, I have RH 6.0 and access internet through ADSL connection, DHCP.
Internet works great. But when I login I get a message saying my host name
(a combination of letters and numbers given to me by my isp) is unreachable
on the internet and may cause Gnome not to work properly, so I should enter
my host name into the etc/hosts file. I do this, but upon bootup I get the
same message, and when I check the hosts file the line I entered is gone.
With LinuxConfig I entered my host name in the box it gives me. Should I be
entering my entire net address instead? Any ideas?
Thanks to all replies - so far you guys have been a great help :)
------------------------------
From: [EMAIL PROTECTED] (tomislav)
Subject: Re: searching icq-server for linux
Date: Sat, 7 Aug 1999 01:43:14 +0200
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Hi,
>
> where can i find software for a server on the web? I want to run a server at
> home for my own privat net.
http://www4.ncsu.edu/~cbbettin/gicqd/
------------------------------
From: [EMAIL PROTECTED] (B.T.)
Subject: Network Security: I.P. Address With Corresponding Mac Address
Date: Sat, 07 Aug 1999 19:36:31 GMT
Hi.
I have a home LAN that will soon have ADSL access. I am trying to
give only some of the users on my LAN Internet access while
prohibiting others from doing so. One method I thought of is matching
IP addresses to corresponding mac addresses. That is, my Linux server
will check to make sure that a certain computer that has been assigned
a certain IP address will have a certain mac address before access is
given. I haven't been able to locate such an option in the I.P.
Masquerading software or the IPChains software. I do not want to
modify the C++ source code to do so unless it is absolutely necessary.
Any other suggestions is welcomed.
B.T.
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Crossposted-To: comp.os.linux.setup,redhat.networking.general
Subject: Re: Linux to NT with MSCHAP v2
Date: 7 Aug 1999 14:58:22 -0500
Shane Chrisp ([EMAIL PROTECTED]) wrote:
: Do a search on microsofts support page for RRAS or Steelhead. There is
: information there on how to force the NT box to use PAP or MSCHAP password
: authentication. Sorry I cannot remember the article numbers. Hope this
: helps.
Sorry, you can't *force* the peer to use anything unless you have control
of the peer and configure it that way. If it's configured to use MSCHAP
v2 and no other authentication then, without control of the peer, you
must use it to get authenticated and connected.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* For every credibility gap, there is a gullibility fill.
-- R. Clopton */
------------------------------
From: Juergen Pabel <[EMAIL PROTECTED]>
Subject: Re: IP Masquerading with IP Address and Mac Address Restrictions
Date: Sat, 07 Aug 1999 16:34:56 -0400
ok, as long as we're clear about that....
in the /etc/dhcpd.conf file you can set host options, for more examples
check out
man dhcpd.conf
but in general like this:
host windoof
{
hardware ethernet 00:40:95:33:85:cc;
fixed-address 192.168.1.10;
}
"B. T." wrote:
>
> The Internet-enabled T3 network at my college makes sure that the mac
> address
> of the NIC and the IP address of the computer match before allowing a
> student
> to access the Internet. At the beginning of the school year, each computer
> is assigned
> an unique IP address. The server "locks" onto the mac address of the NIC
> and checks
> to make sure the mac address corresponds to the IP address before allowing
> the user to access
> the Internet. So, if the user gets a new NIC, he will not be able to access
> the Internet because
> the mac address of the new NIC is different from the one on record. The
> reason for this is that
> last year people were using other people's IP address to do bad things. I
> am trying to do
> the same thing on my private network.
>
> So, I am not trying to match the IP address to the mac address.
>
> B.T.
>
> Juergen Pabel <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > how are you planing to do that? the mac address is 48bit while ip
> > addresses are 32bit. even if you'd decide to chop off 16bit, you also
> > have to consider that all boxes *should* be in the same subnet (meaning:
> > all mac#s need to be in a very small range, unlikely to happen)
> >
> > jp
------------------------------
From: [EMAIL PROTECTED] (tomislav)
Crossposted-To: comp.os.linux.misc
Subject: Re: Which POP3 Server?
Date: Sat, 7 Aug 1999 15:14:02 +0200
In article <7oes8n$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> I'm in the initial stages of trying to setup a POP3 Server and I was
> wondering which POP server would do the job better. I'm still learning as
> I go. I'm thinking of either using qpopper or cucipop. what are the
> benefits of either of these? Can I use Sendmail to act as the POP3 Server.
> This will be setup to run on a machine running Redhat 6.0. Any good
> documentation for this out there?
A POP3 server comes with Redhat 6.0. It is in the IMAP rpm package. Just
uncomment the pop3 line in inetd.conf and it's ready to go. No
configuring needed.
------------------------------
From: Juergen Pabel <[EMAIL PROTECTED]>
Subject: Re: Network Security: I.P. Address With Corresponding Mac Address
Date: Sat, 07 Aug 1999 17:00:16 -0400
check my reply to your earlier posting...
if you setup your network wisely you can build two subnets within your
private net and restrict the access to one of those subnets...
jp
"B.T." wrote:
>
> Hi.
>
> I have a home LAN that will soon have ADSL access. I am trying to
> give only some of the users on my LAN Internet access while
> prohibiting others from doing so. One method I thought of is matching
> IP addresses to corresponding mac addresses. That is, my Linux server
> will check to make sure that a certain computer that has been assigned
> a certain IP address will have a certain mac address before access is
> given. I haven't been able to locate such an option in the I.P.
> Masquerading software or the IPChains software. I do not want to
> modify the C++ source code to do so unless it is absolutely necessary.
>
> Any other suggestions is welcomed.
>
> B.T.
------------------------------
From: Eric Wyles <[EMAIL PROTECTED]>
Subject: remote access as root?
Date: Sat, 07 Aug 1999 13:27:22 -0800
How can I set up my linux box so that I can login (both
telnet and ftp) as root? I can telnet to the box or open an
ftp connection fine, but I can't login as root.
Now, I know this generally isn't a good idea, but I have a 2
node network with no connection to the outside world. So, I
can't see how it would really hurt. The only good it is
really doing me is keeping me from having to change desks
everytime I need to do something as root on the one box.
PEACE
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Mark J Cavage" <[EMAIL PROTECTED]>
Subject: Intel PCMCIA card
Date: Sat, 7 Aug 1999 17:36:02 -0400
Hi everyone, I'm new to this group, but I don't know where else to ask about
this. I have a Dell Inspiron 3500, in which I purchased an Intel
EtherExpress Pro/100 mobile pcmcia NIC. It is the 32-bit cardbus version. I
have installed the latest pcmcia package on the stanford page. My question
is, what do I do now? Does anyone have any ideas about where there are
drivers available? I don't care if they're beta, it's still got to work
better than windows:). ANY info here would be greatly appreciated.
Thank you,
Mark Cavage
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Cable modem dynamic IP
Date: Sat, 07 Aug 1999 21:30:09 GMT
In article <20773247197ED211B6590060080C4648321D98@CBS_SERVER>,
Paul Rae <[EMAIL PROTECTED]> wrote:
> Have a look at www.dynip.com - thats what i use for a similar sort of
> problem. I need to beable to access my ftp server and I too am on a
> dynamic ip. using this all i have to do know is ftp
> www.xxxxxxxx.dynip.com and it works great.
Unless you're running your own nameserver that does recursive lookups,
you're basically fucking everyone else over when you use DDNS, because
your DNS server cannot cache the lookups properly, thus resulting in
more work for the server and more traffic over the network. Let me say
this one more time: DYNAMIC DNS IS VERY VERY BAD. Pay the extra money
and get a fixed IP address, because *I* don't feel like paying for your
hacked solution via the higher rates my ISP will have to charge to
compensate for the extra bandwidth and server load consumed by people
who use DDNS.
There are a great many DNS servers in the world now that completely
ignore TTLs -- as a direct result of abuse of DDNS. Renumbering was
*NOT* meant to occur on a frequent basis, and it certainly shouldn't be
reflected in cacheable data.
-bill clark
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Warren" <[EMAIL PROTECTED]>
Subject: Mandrake 6.1 and NAT
Date: Sat, 7 Aug 1999 16:59:41 -0400
Hello All.
I am newbie at Linux, and an OLD hack at windoze software.
We have ADSL from BellAtlantic (thank god, dialup was killing me)
And I would like to bring the ADSL through the Linux box and have the
Windoze machines go through there for everything.
After Printing out 1000+ pages of Documentation on Linux, I will ask a
simple question.
Is there any GUI based software for Linux (like the ICS for Windows98SE)
to create a NAT on Linux for an internal network ?
I know, I know, but it would really help until I learned Linux better.
Thank you, and please send replies to my email, as with 20,000+ posts here,
I could get lost looking for it.....
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Thorsten Kuehnemann)
Subject: Re: Problem with socket closure in 2.2 kernel?
Date: 7 Aug 1999 22:57:30 +0200
[EMAIL PROTECTED] writes:
>I've noticed that when TCP sockets are closed (in C code) using the close()
>call in a program running under a 2.2 kernel, occasionally not all the
>remaining data is sent to the remote host. Setting the SO_LINGER option via
>setsockopt makes no difference and the only way to solve the problem is to
I have had the same problem after porting an application to LINUX.
It worked with many UNIXes including LINUX 2.0 and NT (with sone ifdefs).
Alexey Kuznetsov <[EMAIL PROTECTED]> has found the reason:
It is an error to close a socket which has _unread_ bytes in
it's _receive_ buffer. LINUX 2.2 detects this error and does
not send remaining data to the remote side.
Alexey writes:
"Well, if your program really works in any OS, you should blame loudly
and report bug to them. 8) It is well-know tcp implemenation bug."
>If I'm wrong please tell me a way around this problem because its becoming
>annoying.
The workaround is to read all unread data into the bitbucket.
Caution: If you put this reading into a central "socket close" function
you will run into trouble if your programm passes a socket in fork():
In this case it could happen that the father process eats all data
in his close-function instead of the son.
[posted & mailed]
Thorsten
P.S.: The second thing i've learned is that SO_LINGER does change
the time characteristics of the close()-call only. SO_LINGER
does not have an effect to data reliability.
------------------------------
From: "Yousuf Khan" <[EMAIL PROTECTED]>
Subject: Re: Help with DSL and Linux
Date: Sat, 07 Aug 1999 22:06:35 GMT
Dave <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> This is pretty much the situation I'm in. I've just installed Redhat 6
.0
> kernal 2.2.5-15 And I'm in the process of trying to get it to
recognize my
> second card.
>
> Both cards are ne2000 compatible, one ISA and one PCI. During
installation it
> found the PCI one but I'm trying to figure out how to get it to see my
second
> card.
>
> I've added "append=9,340,eth1" to lilo.conf (the right one), and re-run
lilo
> but
> it still doesn't seem to even try to bring it up.
It's likely that your ISA ne2000 is a newer-generation ISA PnP device, am I
right? You'll have to use the Linux ISA PnP support utilities to get that
thing to be recognized. Do a man on "isapnp", and "pnpdump".
I got two identical ISA PnP NE2000's working that way.
Yousuf Khan
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
