Linux-Networking Digest #171, Volume #12 Tue, 10 Aug 99 06:13:31 EDT
Contents:
HELP with firewalls (thebrownhighlander)
SendPlainTextPassword for Win2000(nt5) (Frank Leprich POP)
DNS on Linux @home Box ("Hayden")
Review of Cobalt Qube 2, a Linux-based "server appliance" (LONG) (Lucius
Chiaraviglio)
Error message ("Thomas Bogdahn")
Re: HWAddress -> IP address (Thomas Kaemer)
home network (please reply) (Evan Dandrea)
Problem running blizzards diablo through firewall with nat. ("Holger Ullrich")
recover from file systems corruption ("Ng, Choon Hooi")
Re: Samba, Network Browsing (Sachin Doshisa)
Re: NIS client and X windows?...how? (David Crooke)
ISDN problem ("Paul Goodall")
Re: Sendmail & popserver (Thorsten Lau)
Re: Fetchmail at startup (Thorsten Lau)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (thebrownhighlander)
Crossposted-To: linux.redhat.misc
Subject: HELP with firewalls
Date: Tue, 10 Aug 1999 07:01:05 GMT
HI,
I have this firewall up. I got a script from somewhere and am just
modifying it. Anyway, I am ip masqing with @home using redhat 5.2. My
firewall is ok for everything else except for the mail and news servers.
On my win box, when I try to connect to nntp server as "news" ("news" is
how @home describes their news server) it won't let me. But when I log on
using the ip address of the nntp server it works fine. This is the
following for the firewall script
# NNTP NEWS client (119)
# ----------------------
ipfwadm -I -a accept -P tcp -k -W $EXTERNAL_INTERFACE \
-S $NEWS_SERVER 119 \
-D $IPADDR $UNPRIVPORTS
ipfwadm -O -a accept -P tcp -W $EXTERNAL_INTERFACE \
-S $IPADDR $UNPRIVPORTS \
-D $NEWS_SERVER 119
where NEWS_SERVER = "news"
EXTERNAL_INTERFACE = "eth1"
UNPRIVPORTS = "1024:65535"
now I have tried changing NEWS_SERVER to its corresponding ip address but
that did not seem to work. It is only when I explicitly say my nntp news
server is "news"
However on my linux box when I ping "news" it pings fine (this is how I
got ip address)
Likewise it is the same for my POP3_SERVER and SMTP_SERVER
Anyway I created this firewall from this place:
http://rlz.ne.mediaone.net/linux/firewall/
Please respond to this query.
Thank you
------------------------------
From: Frank Leprich POP <[EMAIL PROTECTED]>
Subject: SendPlainTextPassword for Win2000(nt5)
Date: Tue, 10 Aug 1999 10:37:51 +0200
high all,
who know=B4s where to put the entry into the registry of win2000 for
SendPlainTextPassword ?
thank=B4s a lot
-- =
_____________________________________________
FRANK LEPRICH at POP Point of Presence
mail: [EMAIL PROTECTED] Wendenstra=DFe 375
tel.: 040/25 19 200 20537 Hamburg
------------------------------
From: "Hayden" <[EMAIL PROTECTED]>
Subject: DNS on Linux @home Box
Date: Tue, 10 Aug 1999 08:43:58 GMT
DNS on Linux @home Box
Hi all:
I have a linux box here that is set up as a poxy server for my internal
network. It has two network cards, 1 connected to the cable modem and one
to the internal network. I want to register a domain for my linux box so
that i can play with mail services along with some other things....it's also
nice to be able to host my own web server with a real domain name.....
but when i am trying to register for a .on.ca domain, i was asked to provide
the address of the ns server... or ns lookup.... then i realize that i gotta
configure a DNS server so to help resolve my domain (or so i think...)
so is this the best solution? To configure a DNS server on my linux
box....and then i can register my domain and it will work? And if so, how
does a DNS server work and how do you configure a domain server?
Help....
Thanks in advance!
Hayden
------------------------------
From: [EMAIL PROTECTED] (Lucius Chiaraviglio)
Subject: Review of Cobalt Qube 2, a Linux-based "server appliance" (LONG)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 10 Aug 1999 08:51:33 GMT
"alainq" <[EMAIL PROTECTED]> wrote:
>Someone has experience with the cobalt Cube2 ?
>We might get it at work and i need some impressions.
Well, we have 2 of them at the offices of the companies that I
work for: one in San Luis Obispo, CA, and one in Emeryville, CA,
configured nearly identically (32 Mbytes of RAM, 5.9 Gbytes of hard
disk -- cost about $1200 -- currently running Cobalt OS 4.0 with
Update Patch 1).
The Cobalt Qube 2 is designed for small businesses who have no
one who knows much (if anything) about Linux and who do not have the
time to set up a Linux box, but nevertheless need services (see below)
best provided by Linux or a similar operating system quickly
(compounding the time constraint) and inexpensively. That's us.
Although some of us are computer geeks in our desires, we are tripped
up in performance. So read on.
The services that we have needed (at both sites except as
noted), and how well they work for us, are:
1. E-mail server. We need and currently use this in both
locations, but we had an emergency need for this in
Emeryville due to service failure and denial from our mail-
and web- hosting service provider AceWeb.Net (** may they
be forever more mired in infamy **). In San Luis Obispo,
which was serving as a test bed for Emeryville, we had to
get Patch 1 for Cobalt OS 4.0 to get e-mail to work
properly; the Qube in Emeryville came with this already
installed. We had no problems getting e-mail itself to
work on the Emeryville machine, but see below about
router/NAT service. Once we got e-mail working, it has
worked flawlessly. The inclusion of IMAP4 service (in
addition to POP3 and SMTP) is a major advantage.
2. Network Address Translator. In Emeryville, we had a
horrible time with (apparently -- still haven't really
figured this out) some self-misconfiguration of the
Alcatel DSL 1000 interface which caused the Qube to shut
off its secondary ethernet interface with no explanatory
message (just claimed that it was "not connected"),
causing us to have to go through 2 units, 2 days, and
several hours on the phone with Cobalt technical support
before achieving success. Earlier, in San Luis Obispo,
we did not have to call Cobalt Networks technical support,
but we still had a struggle due to some non-obvious
ethernet cable mis-wiring (we have a rats' nest). The
basic problem is that although the Cobalt Qube 2 provides
good functionality for the most part, the diagnostics and
documentation really leave something to be desired.
(Instead of just disconnecting the secondary ethernet
interface, it should give messages indicating a miswired
connection -- the light on the interface isn't good
enough for this -- or a static IP address conflict; but
what it actually does is pull the interface off-line,
hide all information relevant to it in the web interface,
and in some cases lose the configuration information.)
Once we got through the configuration nightmares, the
Network Address Translation itself works flawlessly (to
give our client machines access to the internet while
hiding them from the internet), but the packet filtering
doesn't seem to work properly (we haven't had time to
figure this out -- this may just be a documentation
problem), so be careful where you browse. Note that
information on configuration of network parameters is
really spotty, both in the on-line help in the web-based
configuration interface and in the minimal printed
documentation. More and better information is needed
for inexperienced users, who -- even if they have basic
knowledge about networking -- may not think of all of
the common things that can go wrong.
3. Web server (currently needed as such only in Emeryville).
Once you get your client machines and the Qube configured
to talk to each other, this works with no problem (we
haven't tried CGI yet, though). All normal configuration
of the machine is done through a web-based interface
which requires JavaScript to work. This is fine for most
purposes, but in light of the above problems, Cobalt
Networks should really provide a way to get a PPP session
(or at least a terminal session) in through the serial
port for diagnostic purposes, if you aren't using this
port for an external modem (we aren't -- no need). Note
that for minimal configuration (before the web server is
functioning, an LCD console with 7 buttons is provided
for setting a few very basic network parameters, as well
as shutting down or rebooting the machine, or resetting a
forgotten administrator (=root) password (if you need to
keep unauthorized people from doing this, keep this
machine in a locked room).
4. DNS and WINS server. The DNS part of this seems to work
fine -- we are running our own primary DNS service in
both locations. On the other hand, unless one directly
messes with Bind(?) configuration and log files, no
method is provided for configuring anything beyond what
names the Qube responds to and where to find the next 2
DNS servers, and the diagnostics for this function are
really minimal. We have never been able to give the WINS
service a fair test because our Windows computers never
seem to work properly with WINS enabled (except that the
"use DHCP for WINS resolution" setting sometimes seems
not to interfere with anything, but not help anything
either).
5. DHCP server. This function works properly, except that
Windows 95 computers refuse to pick up a valid IP address
from it (have to used static IP addresses for them).
Since Windows 98 and Windows NT 4.0 computers work fine
with this, I think it is a Windows 95 problem.
6. FTP server. This works flawlessly. Cobalt OS 4.0 uses
ProFTP, and has it configured to set the "root" directory
from the user's point of view to be the user's home
directory, so that users cannot do anything to files
they are not supposed to access, or even find out about
the existence such files.
7. Windows File Sharing server. This works except for a
problem that drove us and Cobalt Networks technical
support up the wall for days before we figured it out.
Samba (the Windows File Sharing service program) keeps
its own set of passwords, and the Cobalt OS function
for updating the system password sometimes fails to
update the Samba password. Due to the fact that we
only very recently figured out this problem, we haven't
yet given this service extensive testing. Meanwhile, at
our San Luis Obispo office, our main file server has
continued to be a PC running Windows NT Server 4.0
(which despite not being entirely stable, has been in
use long before the Cobalt Qube 2, or probably even its
predecessor, was released to market); while at our
Emeryville office, file storage has been on the
individual workstation PC's (all running Windows NT
4.0), with peer-to-peer sharing for file exchange.
8. Unix (Linux) box. The Cobalt Networks documentation and
the root logon message warn that modifying any system
files through a telnet session may adversely affect your
warranty. Consult with Cobalt Networks technical support
before doing any such thing. On the other hand, due to
the AceWeb.Net emergency and other pressing work, we
didn't have time to set up and learn how to use a generic
Linux installation, so this was a reasonable tradeoff for
our situation. Some useful things can be done without
adversely affecting your warranty, such as using Unix
command-line utilities to perform operations on non-
system files. An example of this is to perform a diff on
2 huge (~500 Mbyte) files in <5 minutes -- despite the
lower clock speed (250 MHz) of the MIPS CPU in the Cobalt
Qube 2, it performs this function 4 to 6 times faster
than a 266 MHz to 300 MHz Pentium II computer using the
equivalent FC command at a Windows NT 4.0 command prompt.
Caution: Like all too many other non-PC machines today,
the Cobalt Qube 2 comes with no removable media -- not
even a CD-ROM drive for performing operating system
reinstallation if you fry the operating system -- you
have to send it in to Cobalt Networks. One can add a
short form-factor PCI SCSI card to it to add external
SCSI devices (no room is available inside the case), but
I have no idea whether one can get the Qube 2 to boot
from one of these devices. A while ago (before we
ordered, of course), Cobalt Networks claimed to be coming
out with a "product recovery" CD that would work over the
network from a client PC, but if you fry the operating
system on the Qube 2 to the point where either it won't
stay up or communicate with the network long enough, this
probably won't work. After we purchased our 2 units, no
more work seems to have been done on this. A better
solution would probably be to provide for booting from an
external SCSI device (or even a temporarily-installed
secondary IDE device, although no room is available in
the case for a permanently-installed device) under the
control of the LCD console, and to provide a bootable CD
or other removable media; adding a 5.25" front-accessible
drive bay to the top of the case for this purpose would
also be a good idea.
Considering all of the above taken together with the useful
service we have obtained out of these units, they have served our
immediate server needs, and should be able to continue to do so for
a considerable time into the future. Despite not being completely
ready to fit the "appliance" model of configuration and use, these
units have succeeded in providing us with this service in a much
shorter time than it would have taken us to learn how to do all of
this ourselves with Linux, even though we were already beginning to
do a little research into such matters. We are continuing to learn
about Linux and its utilities (and also a little about the *BSD's)
so that we can put together this kind of thing in the future on our
own, but for now, we are glad to have the Qubes.
Lucius Chiaraviglio | [EMAIL PROTECTED]
========
To reply to this message, remove the "not at" characters from in front of the
abbreviation of the company name (Advanced CMP Products, Inc.). If you are
seeing this in an e-mail message, it is because I am posting it and e-mailing
it at the same time -- normal e-mail messages from me do not have this feature.
Note: I am trying a new news server -- it seems to work well, but it has a
very short expiration time (1 week for most groups), so I will likely miss your
reply unless you send it by e-mail in addition to posting it.
------------------------------
From: "Thomas Bogdahn" <[EMAIL PROTECTED]>
Subject: Error message
Date: Tue, 10 Aug 1999 11:04:06 +0200
Buenos dias,
continously I get a kernel error message :" kernel: eth0 : Transmit erro, Tx
status register 82 "
Does anyone know this message or has a reason for that.
Thanks in advance - TB.
------------------------------
From: Thomas Kaemer <[EMAIL PROTECTED]>
Subject: Re: HWAddress -> IP address
Date: Tue, 10 Aug 1999 10:46:42 +0200
> How? I only have the MAC address.....
> (I need the IP address)
Hi !
Execute this line
perl -e 'for ($i = 1; $i < 256; $i++) {system("ping -c 1
<your_netsegment>.$i") }'
^^^^^ for
example :192.168.0
After this in your arp-cache should exist the mac-ip-combination of all
online computers on your netsegment and your can find what you want.
CU Thomas
------------------------------
From: Evan Dandrea <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.ibm.pc.hardware.networking,microsoft.public.win95.networking,comp.os.ms-windows.networking.windows,comp.os.ms-windows.networking.win95
Subject: home network (please reply)
Date: Tue, 10 Aug 1999 05:28:55 -0400
I am looking to start a home network, but I need help. I am rather new
to this whole thing and don't really know what I specifically need. The
setup that I hope to achieve is as follows:
486 running Win95 (120 ft max. from hub)
Pentium running Win98 (50 ft max. from hub)
AMD K6 running Win98 (50 ft max. from hub)
Pentium running Redhat 6.0 (10 ft max. from hub)
AMD K6-2 running Redhat Linux 6.0 w/ Samba (file server, 10 ft max. from
hub)
Snap Server or Cobalt Qube (web server, 10 ft max. from hub)
Print server attached to a HP Deskjet 600c (any recommendations?)
SDSL 192k (possibly in the future)
Will Cat5 PVC 4 pair work? 10mb or 100mb?
What kind of hubs, patch panels, etc. will I need?
About how many sites can 192k SDSL handle?
Are there any books/magazines that will help?
------------------------------
From: "Holger Ullrich" <[EMAIL PROTECTED]>
Subject: Problem running blizzards diablo through firewall with nat.
Date: Tue, 10 Aug 1999 08:59:55 +0200
I have configured linux (Suse 6.1) as a dial-up-router to my isp and connect
my win-98 workstation to the network-card of the linux.router. I installed
Firewall and masquerading.
Everything workes fine. I can surf from the win-98, i can telnet other hosts
and so on.
But Blizards Diablo tells me the internet connection is poor, or no
udp-traffic is allowed.
So i can chat with the other players, but not play games.
What is wrong ? How can i run diablo through my router ?
Holger
------------------------------
From: "Ng, Choon Hooi" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: recover from file systems corruption
Date: Tue, 10 Aug 1999 17:06:45 +0800
Reply-To: [EMAIL PROTECTED]
Hi,
I have a machine installed with RH 5.1. Everything runs great,
including X-windows. One day I accidentally switched off the main power
to the machine and the linux was not shut down properly. When I boot up
the linux again, it says file system /dev/hda2 (or something like that)
was not cleaned up. I managed to 'repair' that by using 'fsck xxx'. So,
that wasnt really a huge damage.
What I wanted to know is, why should this happen? This is really bad for
a newbie, or somebody who doesnt know how to fix the problem. If Windoze
95 can recover from PC reset, I think Linux should at least be able to
do that too.
Anyone has any comments on this?
ch
------------------------------
From: [EMAIL PROTECTED] (Sachin Doshisa)
Subject: Re: Samba, Network Browsing
Date: 10 Aug 1999 19:33:43 +1000
> SEND ONLY ANSWERS ENDORIGINAL Body IS:Question #1: Set
> yourself up as browse master if no one is. Use an OS level of
> 65 to beat out any other clients or servers. Keep in mind that
> being browse master means that everyone on the network (or at
> least your subnet) will request browse lists from you. This
> could be a performance hit, or may not be noticable. WINS
> support doesn't really affect browsing, and all clients will
> need to be setup to take advantage of it. Enter the following
> in your smb.conf file. [global] browse list = Yes
> browseable = Yes domain master = Yes os level = 65 lm
> announce = True preferred master = Yes Question #2: Simply
> use the smbclient command to your local server (the one running
> Samba) and use the -L option to list shares. It will list
> shares and any PC/servers in it's browse list. "smbclient -N -
> L [hostname]"
I've changed the smb.conf files as above. However, when I want to use
smbclient to browse it asks for a password.
eg. smbclient -N -L doshi (where doshi is my computer and also the server)
but no username/password combination works. Is there a way to just allow everybody
access to the browse list?
At the moment I'm getting from the above command.
session setup failed: ERRSRV - ERRbadpw
------------------------------
From: David Crooke <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: NIS client and X windows?...how?
Date: Tue, 10 Aug 1999 09:36:17 GMT
Your problem is almost certainly either:
1. Problems with accessing NIS user's home directory - CDE* is
notoriously picky in this respect, but most modern X setups will fail in
some way without a writeable homedir. Make sure it is available (best
bet for a proper solution is to use the automounter, with NIS based
maps).
2. You have the X login process (XDM, gdm, etc.) linked to use local
logins only.
Option 1 is far more probable than 2, especially using RH6 standard
tools, which should all be linked with PAM (and so support config via
nsswitch.conf). I've never tried NIS with gdm, but have deployed it
successfully with normal XDM login on RH5.1 and 5.2
If you're using the + notation in /etc/passwd make sure you have
nis_compat set in nsswitch.conf
Enjoy
Dave
--
David Crooke, Austin TX, USA. +1 (512) 656 6102
"Open source software - with no walls and fences, who needs Windows
and Gates?"
------------------------------
From: "Paul Goodall" <[EMAIL PROTECTED]>
Subject: ISDN problem
Date: Tue, 10 Aug 1999 09:39:10 GMT
I am a newbie to Linux and am thrying to install ISDN. The card I am using
is a Compaq Microcom 6110 and installing it under Red Hat 6.0. I have
'isdn4k-utils' and isdn.0 and hisax.o is installed. I got 'isapnp-tools'
and did a pnpdump. Found card so passed parameters to it. I then issued
command '/sbin/modprobe hisax type=19 protocol=2 io0=380 io1=3a0 io=3c0. It
comes up with an error saying :
ISDN subsystem Rev 1.55/1.47/1.55/1.33/1.10/1.2 loaded
Compaq ISA config port 3c0 already in use
Card Compaq ISA not installed !
/lib/modules/2.2.5-15/misc/hisax.o : init_module : Device or resource busy.
ISDN-subsystem unloaded
If I try changing the io values they are always in use.
I don't know why, as I say i'm new, but if anybody could help in any way it
would be much appreciated.
Regards,
Paul
------------------------------
From: Thorsten Lau <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,comp.os.linux.misc
Subject: Re: Sendmail & popserver
Date: Tue, 10 Aug 1999 11:41:11 +0200
"H�kan Trygg" schrieb:
> Hi all
>
> I am trying to setup a local mail sever. (=changing from NT to Linux :-)
>
> 1. We have a "multi-pop" mail account, not UUCP, from the ISP.
> All mail that is designated to our domain is placed in this pop
> account and a small mail reader program reads all this mail and
> resends these mail to the local mail popserver.
> 2. We do not have a direct line to our ISP. We uses an ISDN router
> and for reducing call charges we want the mail program only collect
> mail at designated times.
> Outgoing mail are transferred from the local mail server to the ISP
> mail server at the same time as the multipop account is read
>
>
> So.....
> 1. How to read the popmail and forward it to the local mailserver?
> Is there any small utility program?
I used �fetchmail� for this problem,
its easy to configure via a resource file. This fetches mails from different
accounts, and resends it to the local mailboxes.
Best wishes,
Thorsten Lau.
------------------------------
From: Thorsten Lau <[EMAIL PROTECTED]>
Subject: Re: Fetchmail at startup
Date: Tue, 10 Aug 1999 11:45:14 +0200
Sim schrieb:
> What do I need to do to get fetchmail to startup in rc.local - where
> do I put the .fetchmailrc file and with what privaledges. I can't
> find anything in the man or FAQ pages on this - is that an indication
> tht I should not be doing this, even though I hvae a cable
> connectection and am thus online all the time
>
> Simon
You can set an option to say fetchmail, which resource file to use.
Please read the manual page.
Greetings,
Thorsten Lau.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
