Linux-Networking Digest #200, Volume #12 Thu, 12 Aug 99 09:13:31 EDT
Contents:
Logging Application Messages to Console ([EMAIL PROTECTED])
Re: setting up local bnc home network.. ? ("Gary W. Sandvik")
Re: firewall question ("Seth" together.net>)
Some developing this? (Johan S�rensen)
unknown services by inetd after RH6 upgrade ([EMAIL PROTECTED])
Re: telnet question (Mihaly Gyulai)
Re: Internal PCI Modem (Abdullah Ramazanoglu)
Re: Modem current connection rate? (Abdullah Ramazanoglu)
ipchains Newbie Q ("David Eno")
Re: Changing computer name in Mandrake... ("Ferdinand V. Mendoza")
setting alarm conditions ([EMAIL PROTECTED])
Open letter to DiamondMM, HomeFree wireless network for LINUX (Dirk Lison)
Re: ppp problem - ISP does not respond to configure requests ("Amir J. Katz")
mail to internet from lan (Oswald Jaskolla)
Re: Kostenabrechnung der Internetnutzung f�r Intranet ("Manfred Constapel")
Re: network neightborhood for linux? (G. Oskamp)
Re: firewall question (Marco van Berkel)
Connecting Ethernet and EQL/PPP on the same system (Keith Harris)
Re: IP Forwarding/Redirecting to a Proxy? ("D.Krivitsky")
Re: Linux Webserver Security (Duncan Simpson)
Re: ftp usernames/passwds (Duncan Simpson)
Re: telnet question ("Andy Coy")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Logging Application Messages to Console
Date: Thu, 12 Aug 1999 10:44:23 GMT
Reply-To: [EMAIL PROTECTED]
I have a PC which is periodically making a connection via modem to a
paging service, and I'd like to take the messages that are going
to /var/log/messages for that specific application alone, and put it to
a console, say tty3. I'd like to have this for troubleshooting
purposes. Can anyone tell me how to do this?
Thanks,
Brian Seppanen
[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Gary W. Sandvik" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.networking.misc
Subject: Re: setting up local bnc home network.. ?
Date: Thu, 12 Aug 1999 05:53:35 -0500
Reply-To: "Gary W. Sandvik" <[EMAIL PROTECTED]>
Hi,
It is a rather easy network to setup. The repeater is not necessary but it
will help with signal quality. I've a small network in my home, 7 node. I
use a Telisyn 8 port repeater with my network, signal is clean for a
10baseT2. Just remeber to terminate correctly and minimize short radius
bends for the cable.
Hope this helps!
--
Regards and God Speed,
Gary
Gary W. Sandvik
[EMAIL PROTECTED]
309-676-0224 (fax)
Heinz Barnowski <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Just connect your Computers together and add a 50 ohm Resistor at each end
> like follows:
>
> 50 Ohm 50 Ohm
> ==T--------------------T---------------------T==
> ! ! !
> PC PC PC
>
> (T mean T-connector)
>
>
>
> System User wrote:
>
> > Hi everyone.. here's the scoop:
> >
> > At home I have about 3 computers.. one a linux/win95(variable), the
other
> > win3.1, the other win95.. I have a whole lot of BNC ethernet cards, and
an
> > old(but working) 8-port BNC repeater.. I am wanting to network them
> > together, so I can share resources..(access files/printers on each
other,
> > etc.. share internet line as well).. how exactly would I set that up?
> > Plug each BNC to the repeater on it's own port? should I run a crappy
> > linux computer as a router? I'm familiar with 10/100BaseT setups, but
not
> > the old BNC style :)
> >
> > Please reply to [EMAIL PROTECTED] thanks :)
> >
> > Jeff
>
------------------------------
From: "Seth" <smanley< no spam >together.net>
Subject: Re: firewall question
Date: Thu, 12 Aug 1999 06:16:43 -0400
This setup *might* be technically possible with ipportfw, but you may be
better off upgrading to the 2.2.x kernel which has a whole new firewalling
setup (ipchains) that uses true masquerading (w/ ipmasqadm). It's another
learning curve from ipfwadm, but IMO, it's worth it.
Amir Aliabadi <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I have 2.0.36 kernel with ipfwadm and ipportfw. I need to put the
following
> firewall rules inplace (want to play age empires...)
>
> * Allow an initial outbound TCP connection on port 47624.
>
> * Allow subsequent inbound and outbound connections on TCP and UDP ports
> 2300-2400.
>
> * Additionally, to play games on the Zone, the following TCP ports on the
> firewall must be open:
> 28800 - 28912
>
> any help would be appreciated
>
>
------------------------------
From: [EMAIL PROTECTED] (Johan S�rensen)
Subject: Some developing this?
Date: Thu, 12 Aug 1999 11:15:27 GMT
Hi,
I've been looking around for two particular new protocols (still only
described in "Internet Draft" documents), and I'm wondering if there
is anyone out there working on implementing them under Linux....?
The protocols in question are:
[1] R. Troll Automatically Choosing an IP Address in an Ad-Hoc IPv4
Network draft-ietf-dhc-ipv4-autoconfig-04.txt April, 1999. A
work in progress.
[2] B. Woodcock, B. Manning Multicast Discovery of DNS Services
draft-manning-multicast-dns-01.txt December, 1998. A work in
progress.
I expect the first one to be implemented in a DHCP client, and the
other one in the DNS resolver (but I may be mistaken... :-).
Any help or pointers would be appreciated.
/Johan S�rensen
------------------------------
From: [EMAIL PROTECTED]
Subject: unknown services by inetd after RH6 upgrade
Date: Thu, 12 Aug 1999 10:23:01 GMT
I have upgraded from RH5.2 with 2.0.36 kernel to
RH6.0 with 2.2.5 kernel. Aside a few pbs with NFS
now solved, I got inetd refusing to recognize
services like auth, ntalk or linuxconf (message
"unknown service" and names absent in the output
of netstat).
My problem is that I am trying to introduce new
services required to run amanda backup and they
are refused too.
All this works fine on a machine which has not
been upgraded. I looked in the services and the
inetd.conf files which seem OK.
Is there any help around?
Bernard Legras
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mihaly Gyulai <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.admin,comp.os.linux.help,comp.os.linux.misc
Subject: Re: telnet question
Date: Thu, 12 Aug 1999 11:05:27 GMT
In article <[EMAIL PROTECTED]>,
me <[EMAIL PROTECTED]> wrote:
> Is there a way to transfer files from a computer i've telnetted to, to
> my own computer ?
Try 'man rcp' , it's for 'remote-copy' between computers...
(Ftp is another method...)
--
Mihaly Gyulai
http://www.freeyellow.com/members5/gyulai/
Do you want plus 2000 US $ for work ?
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Abdullah Ramazanoglu <[EMAIL PROTECTED]>
Subject: Re: Internal PCI Modem
Date: Wed, 11 Aug 1999 17:00:11 +0300
Tito wrote:
>
> Hi...every perfessional person, who know How can I set up PCI modem
> (internal) for Red Hat 6.0??
> By the way, could you teach me to setup PPP as well......
> Thanks...a lot...
>
> Tito
Hi Tito,
Please first visit http://www.o2.net/~gromitkc/winmodem.html to see if
yours is a hardware modem. Sorry to say this, but 99.5% of PCI modems
are winmodem, which can't work in linux.
I don't want to confuse you with "linmodems" but if you find yourself
stuck with a winmodem, there is still a -weak- possibility that a Linux
driver can be found -or under development- for it.
--
Abdullah Ramazanoglu ( aramazanoglu AT demirbank DOT com DOT tr )
------------------------------
From: Abdullah Ramazanoglu <[EMAIL PROTECTED]>
Subject: Re: Modem current connection rate?
Date: Thu, 12 Aug 1999 14:38:04 +0300
[EMAIL PROTECTED] wrote:
>
> Hi,
>
> I would like to monitor my modem's connection rate to my ISP. How can I
> fetch the current connection rate? The modem changes its speed as shown
> on the front LCD display after the connection has been made. I would
> like to poll the modem after fixed intervals and get the current rate
> it is connected at?
>
> It is connected to my Linux box which runs cmu SNMP package. Is it
> possible to get this rate thru snmpget? What would be the OID?
>
> Thanks,
> Khurram.
Hi Khurram,
I'm not sure if there are other ways, but one way I know is capturing
modem's CONNECT message. The format of this message can be tailored
(depending on particular modem's command set), to show line speed as
well.
But this method is good only for initial connection establisment speed.
I don't know what happens when modem does retrain an settle for some
other speed later. I think the answers lie in modem's handbook, because
the modem is where you can get this info from.
BTW, if you use some good tool to dial out, it should capture and show
CONNECTion speed. kppp does this in "Details" window.
Best,
--
Abdullah Ramazanoglu ( aramazanoglu AT demirbank DOT com DOT tr )
------------------------------
From: "David Eno" <[EMAIL PROTECTED]>
Crossposted-To: alt.linux,alt.os.linux
Subject: ipchains Newbie Q
Date: Thu, 12 Aug 1999 11:12:30 GMT
I want to share a dialup connection (ppp0) on my Mandrake 6.0 machine with a
Win98 box that's logged in via Samba.
Do I use ipchains to do this? Where can I get information supplemental to
the man pages?
Any tips would be greatly appreciated.
TIA
--
Dave E.
------------------------------
From: "Ferdinand V. Mendoza" <[EMAIL PROTECTED]>
Subject: Re: Changing computer name in Mandrake...
Date: Thu, 12 Aug 1999 15:04:59 +0400
Try to change also the file /etc/sysconfig/network.
Use the fqdn to speed up the boot sequence otherwise
you'll spend a lot of time like the system
seems to hang when sendmail is started.
Ferdinand
bill davidsen wrote:
> In article <qp7k3.19082$[EMAIL PROTECTED]>,
> PerDuraBo <[EMAIL PROTECTED]> wrote:
> | I have just installed mandrake 6.0. One thing that I did not do correctly
> | was to
> | enter the computer name for DHCP.I am using a cable modem and the I.D. is
> | set by compueter name. I have run linuxconf and netcfg but they are not
> | initiating due to an "unknown error. I have not used this OS til now so the
> | language is new this NT user....sorry...I need to change the computer name
> | and I think the ID will work. any help would be greatly appreciated
>
> Usually the hostname appears in both the /etc/HOSTNAME and /etc/hosts
> file, often several times in hosts, once by itself, once as fqdn. If
> changing it there doesn't help you better find a Mandrake/Redhat guru
> because they probably have "enhanced" the process.
>
> --
> bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
> The Internet is not the fountain of youth, but some days it feels like
> the fountain of immaturity.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup,alt.os.linux
Subject: setting alarm conditions
Date: Thu, 12 Aug 1999 11:20:39 GMT
Reply-To: [EMAIL PROTECTED]
I'm trying to set up an application to log messages to a virtual
terminal. Is there a way I can setup an alarm condition, so the
speaker beeps periodically, and can be turned off when it is noticed.
I'm in the process of setting up a paging terminal/admitting terminal
at a small hospital. Two processes get spawned at boot, one for a 5250
session, and one on tty2 for a lynx session pointing to a pager
gateway. I have the paging software set to start at boot, but on
occassion things have gotten messed up for whatever reason, and I need
to make absolutely sure that the pages are going through. I'd like to
have the process messages being written to syslog, as well as to tty3.
Is there a way I can setup an alarm condition based upon system
messages such as "no answer from remote". I'd like it to beep
periodically, but not too much. Just something to let them know there
is an error condition. I'd absolutely have to allow for some way from
them to inactivate it, without getting a hold of someone.
Say have them log into a virtual terminal (We'd rather not require a
login otherwise) and have the .bash_profile test for the condition, and
if its true prompt them to turn off the alarm. I'd really appreciate
any comments.
TIA.
Brian Seppanen
[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Dirk Lison <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux
Subject: Open letter to DiamondMM, HomeFree wireless network for LINUX
Date: Thu, 12 Aug 1999 11:05:57 +0000
This is a multi-part message in MIME format.
==============1C20B1DCE49E0BA3C8F5B0C3
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I did a quick search on http://www.deja.com on the subject "diamond
homefree wireless linux".
The amount of articles on that is overwhelming. Please have a look
yourself. The Linux community is very much interested in that product.
The average Linux user has more networking knowledge than an average
Windows user. Usually even the home user of Linux has some kind of a
network with firewall / proxy server already.
I can understand if you don't want to port your drivers to Linux
yourself. But:
Couldn't you publish the specs, protocol / initialization procedure to
the Linux world?
TIA
Dirk Lison
==============1C20B1DCE49E0BA3C8F5B0C3
Content-Type: text/x-vcard; charset=us-ascii;
name="lison.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Dirk Lison
Content-Disposition: attachment;
filename="lison.vcf"
begin:vcard
n:Lison;Dirk
tel;fax:+1 810 307 3568
x-mozilla-html:FALSE
url:http://www.lison.com
adr:;;37888 Lakeville;Harrison Township;Michigan;48045;USA
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:lison.penguinpowered.com;26144
fn:Dirk Lison
end:vcard
==============1C20B1DCE49E0BA3C8F5B0C3==
------------------------------
From: "Amir J. Katz" <[EMAIL PROTECTED]>
Subject: Re: ppp problem - ISP does not respond to configure requests
Date: Thu, 12 Aug 1999 13:39:29 +0300
This is a multi-part message in MIME format.
==============827DDEC46FAA5013135E54AD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
The saga continues...
OK, set up for PAP (/etc/ppp/options, /etc/ppp/pap-secrets) and made some progress -
got past LCP, but still no cigar.
What I did is:
Dialed in via minicom, typed user & password, got an IP address, then started pppd,
as shown in the attached file:
"Amir J. Katz" wrote:
> Thanks.
> I talked to my ISP and they claim they don't use PAP/CHAP, but since they say
> upfront that they don't support linux, I don't trust this claim %100. However,
> they told me to call them tonight when I connect and they will do a ppp trace on
> their side and hopefully we'll find the culprit.
==============827DDEC46FAA5013135E54AD
Content-Type: text/plain; charset=us-ascii;
name="Pap-log.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Pap-log.txt"
[root@localhost /root]# pppd -d -detach /dev/ttyS1 38400 &
Using interface ppp0
Connect: ppp0 <--> /dev/ttyS1
sent [LCP ConfReq id=0x1 <asyncmap 0xa0000> <magic 0xae3810c2> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0xa0000> <magic 0xae3810c2> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x5e <asyncmap 0xa0000> <auth chap MD5> <magic 0x69689e6f>
<pcomp> <accomp>]
sent [LCP ConfNak id=0x5e <auth pap>]
rcvd [LCP ConfReq id=0x5f <asyncmap 0xa0000> <auth pap> <magic 0x69689e6f> <pcomp>
<accomp>]
sent [LCP ConfAck id=0x5f <asyncmap 0xa0000> <auth pap> <magic 0x69689e6f> <pcomp>
<accomp>]
sent [PAP AuthReq id=0x1 user="amir-katz" password="******"]
rcvd [PAP AuthAck id=0x1 ""]
Remote message: ^F
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
IPCP: timeout sending Config-Requests
sent [LCP TermReq id=0x2 "No network protocols running"]
Modem hangup
Connection terminated.
Connect time 0.6 minutes.
[1]+ Done pppd -d -detach /dev/ttyS1 38400
[root@localhost /root]#
==============827DDEC46FAA5013135E54AD
Content-Type: text/x-vcard; charset=us-ascii;
name="amir_katz.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Amir J. Katz
Content-Disposition: attachment;
filename="amir_katz.vcf"
begin:vcard
n:Katz;Amir J.
tel;fax:+972-3-645-1100
tel;work:+972-3-645-1145
x-mozilla-html:FALSE
url:http://www.bmc.com
org:BMC Software, Inc.;IT Process Automation Business Unit (previously New Dimension
Software)
version:2.1
email;internet:[EMAIL PROTECTED]
title:Unix, Perl and Linux Hacker
adr;quoted-printable:;;P.O. Box 58168=0D=0A;Tel-Aviv;;61581;Israel
fn:Unix Maven
end:vcard
==============827DDEC46FAA5013135E54AD==
------------------------------
From: Oswald Jaskolla <[EMAIL PROTECTED]>
Crossposted-To: rwth.dialup
Subject: mail to internet from lan
Date: Thu, 12 Aug 1999 11:33:57 +0200
I recently had some trouble with my lan concerning email.
I have a lan connected to a dialup account where one of my computers is
used as a router, mail server, etc. Now, I wanted to subscribe to a
mailing list and got back some mail reading:
----- Transcript of session follows -----
... while talking to <host of mailing list>:
>>>> MAIL From:<oswald@mittelerde> SIZE=106
<<< 550 '<oswald@mittelerde>SIZE=106' sender address target 'mittelerde'
is not a valid e-mail domain.
554 <email address of mailing list>... Service unavailable
which is perfectly true, 'cause 'mittelerde' is my lan domain and not
known to the internet.
I checked the mail header and it said (I have ripped the IMHO
unimportant parts):
>From [EMAIL PROTECTED] Thu Aug 12 10:31:06 1999
Return-Path: <[EMAIL PROTECTED]>
Received: from <some other entries>
Received: from bilbo.mittelerde ([EMAIL PROTECTED]
[137.226.8.16])
by pbox.rz.rwth-aachen.de (8.9.3/8.9.3) with ESMTP id KAA29893
for <[EMAIL PROTECTED]>; Thu, 12 Aug 1999
10:33:53 +0200
Received: from silmarillion ([EMAIL PROTECTED]
[192.168.0.1])
by bilbo.mittelerde (8.8.8/8.8.8) with SMTP id KAA01512
for <[EMAIL PROTECTED]>; Thu, 12 Aug 1999
10:27:56 +0200
From: Oswald Jaskolla <[EMAIL PROTECTED]>
To: <email address of mailing list>
My question is: Is it OK that these information ( the ones concerning
mittelerde ) exist in the mail header ( the hosts and domains are,
again, not known to the internet )?
If not: How can I avoid them?
I recieved the above mentioned email perfectly well via
[EMAIL PROTECTED], so why does the other host
complain?
If you don't mind please cc to [EMAIL PROTECTED]
thanx in advance
ossi
------------------------------
From: "Manfred Constapel" <[EMAIL PROTECTED]>
Subject: Re: Kostenabrechnung der Internetnutzung f�r Intranet
Date: Thu, 12 Aug 1999 13:31:10 +0200
Lars Grenzend�rfer schrieb in Nachricht ...
>Ich habe eine Linux-Server laufen, der das Intranet mit dem Internet �ber
>ein Modem (per dial on demand) verbindet. Gibt es eine M�glichkeit die
>Verbindung mit dem Internet (bzw. meinem Provider) zu protokollieren? Da
ich
>die ganzen Internetkosten habe, m�chte ich sie auf diejenigen verteilen,
die
>das Internet nutzen. Ich mu� wissen, wann wer f�r wie lange im Internet
war,
>um eine Kostenabrechnung zu erstellen. Das Protokoll sollte nicht unbedingt
>weitere Daten enthalten, da es ansonsten un�bersichtlich werden w�rde. Gibt
>es Software die dies bew�ltigt? Falls ja, wo kann ich sie finden und wie
>konfiguriert man sie?
>
>
>Danke.
>
> Lars
>
>
Hallo hall�chen...
Hm, a German man with german language in an English News?! Nun, was solls...
Ok, unter Linux kann man doch mit IP-Messgrading �berpr�fen, wer wann was
gemacht hat (aufgrund des Logins)... allerdings kann ich da keine weiteren
Infos geben aufgrund mangelnder Erfahrung...
Alternativ k�nnte man aber doch auch einen NT-Server mit WinGate laufen
lassen, um dieses Problem zu erschlagen...
Ciao,
Manfred
------------------------------
From: G. Oskamp <[EMAIL PROTECTED]>
Subject: Re: network neightborhood for linux?
Date: Thu, 12 Aug 1999 11:30:44 GMT
Tero Hakala wrote:
>
> I run a linux(debian) machine connected to a big windows network. Is
there some
> nice software I could use to browse the network (smb) shares like with
network
> neightborhood tool in windows?
> I have samba installed and manually I can access those files but some
nice browsing
> utility would make life much easier..
There is this little tool, called 'LinNeighborhood', it tries to replace
the 'Network Neighborhood' function of windows. One difference is, that
it can only mount network drives, not view them. But that shouldn't be a
big problem. This is the URL of the homepage:
http://www.bnro.de/~schmidjo/
And go here for direct downloading:
http://www.bnro.de/~schmidjo/
Good luck!
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
Date: Thu, 12 Aug 1999 14:36:00 +0200
From: Marco van Berkel <[EMAIL PROTECTED]>
Subject: Re: firewall question
Amir,
I have exactly the same problem (settlers) although I am using (RH 6.0) ipchains
I can not find the correct settings for it, please let me know if you find
something that works.
Thanks in Advance,
Marco van Berkel
Amir Aliabadi wrote:
> I have 2.0.36 kernel with ipfwadm and ipportfw. I need to put the following
> firewall rules inplace (want to play age empires...)
>
> * Allow an initial outbound TCP connection on port 47624.
>
> * Allow subsequent inbound and outbound connections on TCP and UDP ports
> 2300-2400.
>
> * Additionally, to play games on the Zone, the following TCP ports on the
> firewall must be open:
> 28800 - 28912
------------------------------
From: Keith Harris <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Connecting Ethernet and EQL/PPP on the same system
Date: Thu, 12 Aug 1999 07:51:15 -0400
I'm trying have two connections to the internet. One via an ethernet
card connected through a cable tv modem and the other connect via ppp
connection. The ppp connection is how I am connected to the world
through my domain name but I want to utilize the speed of my ethernet
connection to the internet. When I do the following, my ppp/eql
interface stops working allowing only my ethernet connection to work.
Do you have any suggestions on how to make them both work on
the same computer system?
I'm running linux_2.2.5 and ppp_2.3.5-1.
For The EQL/PPP Connection I type:
ifconfig eql 123.XXX.XX.XXX netmask 255.255.255.255 mtu 1500 up
route add -net 123.XXX.XX.0 netmask 255.255.255.255 eql
route add default eql
eql_enslave eql ppp0 31200
For The ETH0 Connection I type:
ifconfig eth0 45.Y.YYY.YYY netmask 255.255.255.128 broadcast
45.Y.YYY.255 up
route add -net 45.Y.YYY.128 netmask 255.255.255.128 eth0
route add default gw 45.Y.YYY.YYY eth0
------------------------------
From: "D.Krivitsky" <[EMAIL PROTECTED]>
Subject: Re: IP Forwarding/Redirecting to a Proxy?
Date: Thu, 12 Aug 1999 07:44:55 -0400
Then you can try the following:
1. All traffic to 80 port is redirected to a local port (as if you had a
transparent proxy).
2. The local port is redirected to the remote proxy using SSH (you need to
have an account at the remote proxy machine) or any other "redirector".
That is, something like the following:
ipfwadm -F -i accept -r 12345 -P tcp -S your.network/mask -D 0.0.0.0/0 80
ssh -l your-account provider.proxy.machine -L 12345:127.0.0.1:3128
By the way, I don't think that transparent proxy is a very good thing.
And it will not handle WWW requests with non-standard port numbers, as well
as FTP requests.
[EMAIL PROTECTED] ����� � ��������� <7otlnv$fa0$[EMAIL PROTECTED]> ...
>Yes. My gateway, however, is a 486 8MB ram 100MB hd. I don't think
>squid would take that very well. I could configure it to not cache
>anything from the parent proxy but that would be silly - simply
>consuming resources, when all I really need is to redirect the packets
>to an external computer (I think).
>
>If anybody has any idea on how to do this, share, even if you're not
>certain if it will work - worst thing is I'll try it and find out it
>doesn't work :-)
>
>m
>
> "D.Krivitsky" <[EMAIL PROTECTED]> wrote:
>> One way is to install a transparent proxy on your gateway and to
>configure
>> it to connect through the external proxy.
>>
>> >I would like to add a little 'goodie' to my setup, however. My
>network
>> >is sitting behind an http proxy, and that means that EVERY
>installation
>> >of ANY application that uses http must know about the proxy. It
>seems
>> >to me however, that it should be possible to set up my gateway to
>> >automatically ask the proxy to deliver the files without the end-user
>> >(internal computer) having to know about it.
>> >
>> >I have looked through the How-To's, but I couldn't find an answer to
>> >how to do this. There is some talk of 'transparent proxies' but it
>> >seems to me that they are talking about proxies running on the
>gateway,
>> >and not external proxies that are behind the gateway (or in front of
>> >it, if looking from outside world's perspective).
>> >
>> >Does anybody know if this is possible and if so, how to do this?
>
>
>Sent via Deja.com http://www.deja.com/
>Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: Linux Webserver Security
Date: 12 Aug 1999 11:31:39 GMT
In <7on2bs$nhr$[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>I am setting up a webserver for the first time.
>I have just installed Redhat Linux 6.0 onto a
>Dell Poweredge 1300 server and I need information
>on securing the server, anything from blocking
>unauthorized access to setting up SSL. I am
>using the most recent versions of Apache, Perl &
>MySQL. I would appreciate any information or
>point me in the right direction, as I want to
>make the security on this box tighter than a
>gnats butt.
Start with basic measures, like disabling or alarming unused
services. Be rutherless about the users and only allow shell access
via ssh (most people stick to 1.x to avoid being bitten by the
licence). After that you can get paranoid and do things like
- Run httpd in a special chroot(2) environment with only the minimum
stuff required and no /bin/sh.
- Install alarms, for example checkps (very inconspicuous on web
servers). See http://checkps.alcom.co.uk and be aware that many
crackers and not excepting it and get caught
There are also various good books on security you should be reading.
The combination of "Essential system administration" and "Pratical
UNIX security" bith by ORA will help a lot. Subscribing to a few good
security mailing lists and keeping software up to date is strongly
recommended. I subscribe to CERT-CC (low volume), linux-security
(low to moderate volume) and bugtraq (high volume).
<Just a note: bugtraq is now based at securityfocus.com.>
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Crossposted-To: redhat.networking.general,redhat.servers.general
Subject: Re: ftp usernames/passwds
Date: 12 Aug 1999 11:35:47 GMT
In <[EMAIL PROTECTED]> Jeremy McLeod <[EMAIL PROTECTED]> writes:
>Does anyone know how to setup FTP-only users, and to add them to the
>anonftp passwd/shadow files in /home/ftp/etc?
>
>I looked at the man pages for the various related files a while back, but I
>was too burned out to actually extrapolate any info from them at the time,
>and now I'm just to lazy. :)
The time honoured and well tested method is ti add a special shell to
/etc/shells that basically kicks you out when you try and login
in. Give the ftp only users this shell---when they try and log in
their shell is invoked and they get kicked off and never get any
interactive access to the machine (possibly with a bit of logging). I
am mean wnough to give them only guest ftp access, which is the same as
anonymous access except for the user name (which means they cna write to
some places anonymous people can not).
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: "Andy Coy" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.admin,comp.os.linux.help,comp.os.linux.misc,comp.os.linux.questions
Subject: Re: telnet question
Date: Thu, 12 Aug 1999 12:56:29 +0100
Have you tried to FTP into the machine, then do a "get"
--
Andy Coy
Cablecom Investments Ltd
me <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> hello
>
> Is there a way to transfer files from a computer i've telnetted to, to
> my own computer ?
>
> eg. if i telnetted to server abc.com, is there a way to copy files
> directly from that computer (ie. abc.com) to my computer (ie localhost)?
>
> thanx (in advance)
> ali ([EMAIL PROTECTED])
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
