Linux-Networking Digest #216, Volume #12 Fri, 13 Aug 99 20:13:49 EDT
Contents:
Re: Firewall on same subnet? (Cornel Popescu)
Re: pppd on demand problem (W.G. Unruh)
Re: How to setup subdomain? ("Dennis M. Ott")
Re: FTP - I don't want an anonymous account (W.G. Unruh)
IPSec (Jen-Chieh Tang)
Re: Samba 2.03 and Microsoft Cobol (Abner Graham Jacobsen)
nfs and Caldera OL 2.2 (Steve Riley)
Re: PPP module problems, part 2 (W.G. Unruh)
Need Help with Netgear NIC and Red Hat ("TJBJr1")
Re: Linux as a file server ("Donald E. Stidwell")
Re: FTP - I don't want an anonymous account (Frank v Waveren)
Re: 2 ethernet cards for my IP MASQ server? (Frank v Waveren)
----------------------------------------------------------------------------
From: Cornel Popescu <[EMAIL PROTECTED]>
Subject: Re: Firewall on same subnet?
Date: Fri, 13 Aug 1999 21:55:06 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> As far as I know, that is not possible. The problem arises with
routing.
> You cannot have the same subnet/subnet mask on 2 separate cards on a
> machine. The only real way to do this with the same "subnet" is to
fix the
> subnet mask such that each side of your firewall "looks" like a
different
> network. Do the IPs on the LAN need to remain exactly what they are,
or
> can you change them, such that if you changed the subnet mask, you
could
> have 2 separate lans. BTW, I am not sure what the subnet mask itself
would
> have to be.
> Kyle Page wrote:
>
> > I'm not sure if this is even possible (thus the post) but...
> > I'm trying to setup a Linux Firewall (using Red Hat v5.2) between my
DSL
> > router and my local LAN. It goes something like this:
> >
> > ------ ----------- ---------- -----
> > | WAN | -- | My router | ------- | Firewall | ------------ | LAN |
> > ------ ----------- ---------- -----
> > x.x.86.161 x.x.86.162 x.x.86.163
> >
> > Subnet: 255.255.255.240
> > Network: x.x.86.160
> >
> > As you can see from the above, I'm trying to place the Firewall on
the
> > same subnet as the network for which I'd like to protect. That is,
> > between my router and LAN. It seems like this would be possible
> > somehow??? The problem I'm having now is that when I activate both
> > cards on the firewall, only the last card to be activated is
reachable..
> > that is ping'able from the firewall machine. For example, if eth0
and
> > eth1 are configured as x.x.86.162 and x.x.86.163 respectively, then
I
> > can only ping x.x.86.163 (assuming it is activated last). If I
activate
> > eth0 last, then only eth0 is reachable. However, if I configure
them so
> > they are on separate networks, let's say eth0 = x.x.85.122, and eth1
=
> > x.x.86.163 and activate them both, they are both reachable. It is
only
> > when both NICs are configured to be on the same network that I have
this
> > problem. Therefore, I have ruled out any hardware problems. Would
this
> > "routing" issue be handled by "ipfwadm"? I've looked many places
for a
> > solution and I'm starting to lose gumption (sited "Zen and the Art
of
> > Motorcycle Maintenance") :) My DSL router does have Firewall
software
> > but I'd rather not spend the extra cash.. and I'd rather do it
myself.
Well, a couple of questions arise here: why would you like to use your
routable addresses for internal network and not use non-routable IP's
for internal network and masquerading on the firewall ? This would make
a nice firewall, with the drawback that the computers from the internal
network won't be accesible from outside (except if you forward ports on
the linux box, see masquerading docs).
Then if you really want to use your solution you would have to split
your IP adresses in 2 in order to create 2 separate networks and change
the routes on the router as well. This would limit the number of
computers you can use for internal network to 8 (as a matter of fact 6,
since you will use 2 addresses for network addy and broadcast). The
routes would be like follows:
router:
route add -net x.x.86.160 netmask 255.255.255.252
linux eth0 (to router)
route add -net x.x.86.160 netmask 255.255.255.252 dev eth0
linux eth1 (to internal net)
route add -net x.x.86.164 netmask 255.255.255.248 dev eth1
Of course default route on linux = 161, and computers in internal
network will have IP's from 165 (linux eth1) to 171, with mask 248,
default gw 165, and you will loose many of your 16 addresses...
If I were you, I would rather go for masquerading ... You can do
interesting things (see DMZ) like that.
Maybe there are other ideas ?
Cornel
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: pppd on demand problem
Date: 13 Aug 99 22:56:22 GMT
Yes, you do have problems, but I do not think they have anything to do with
pppd.
"Sergey" <[EMAIL PROTECTED]> writes:
>RGVhciBmcmllbmRzLA0KDQpJIGhhdmUgYSBwcm9ibGVtIHdpdGggcHBwZCBjb25maWd1cmVkIHRv
>IGRpYWwgb24gZGVtYW5kIHRvIG15IElTUC4gVGhlIElTUCBoYXMgbW9kZW0gcG9vbHMgZWFjaCBj
>b25uZWN0ZWQgdG8gYWxsIHRoZSByb3V0ZXJzIGl0IGhhcy4gSW4gdGhhdCB3YXkgY29ubmVjdGlv
>biBuZXZlciBlc3RhYmxpc2hlZCB3aXRoIHRoZSBzYW1lIHJvdXRlci4gVGhhdCBtZWFucyB0aGUg
>ZGlhbGluIHNlcnZlcidzIGlwIGlzIGNoYW5naW5nIGZyb20gY29ubmVjdGlvbiB0byBjb25uZWN0
>aW9uLiBCdXQgSSBzaG91bGQgY29uZmlndXJlIHRoZSBmaXhlZCBpcCBpbiB0aGUgcHBwZCdzIHBh
>cmFtZXRlcnMgdG8gbGV0IHBwcGQgc2V0dXAgdGhlIHJvdXRpbmcgaW5mb3JtYXRpb24uIEFuZCBp
>dCdzIG5vdCB3b3JraW5nLCBvZiBjb3Vyc2UuDQoNCklzIHdoZXJlIGFyZSBhbnkgcG9zc2liaWxp
>dHkgdG8gZm9yY2UgbmVnb3RpYXRpb24gb2YgdGhlIHJlbW90ZSBpcCB3aGVuIGNvbm5lY3Rpb24g
>Y29tZXMgdXA/DQoNClRoYW5rcywNCg0KU2VyZ2V5DQoNCg0KDQo=
------------------------------
From: "Dennis M. Ott" <[EMAIL PROTECTED]>
Subject: Re: How to setup subdomain?
Date: Fri, 13 Aug 1999 18:31:02 -0400
> I want to set up a sub-domain let's say department.domain.edu where the
> machines would be addressed by machine.department.domain.edu instead of
> machine.domain.edu. What is involved in setting something like this up?
>
This is really pretty much the same as setting up domain.edu would be.
The DNS HOWTO has pretty good instructions on doing this. If you need
more, the O'Reilly book 'DNS and BIND' has all the details.
You'll need to have the administrator of the domain.edu nameserver put
the 'glue' for your subdomain into his/her nameserver's configuration.
If for some reason you can't or don't want to get them involved, you can
still set up your subdomain, but only machines that are configured with
the IP address of your subdomain's nameserver as their nameserver will
be able to resolve names for your subdomain. That's probably okay if the
machines in your department only need to be reached by each other and
not from machines outside of your department. If you have only a few
machines that need to be reached from outside your department, there is
no reason that those few could not be in the parent domain instead of
you subdomain.
If you're not glued into the parent domain, your names servers will have
to use the parent domain's nameserver as forwarders in order for the
machines using your subdomain's nameserver to be able to resolve names
outside of your subdomain. I've done this before and it works well.
dott
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: FTP - I don't want an anonymous account
Date: 13 Aug 99 22:57:49 GMT
"Suddn" <[EMAIL PROTECTED]> writes:
>How do I make sure that no anonymous users are allowed to FTP into my
>server? I want only real users to be allowed to FTP in.
Don;t have an anonymous (or an ftp) account.
------------------------------
From: Jen-Chieh Tang <[EMAIL PROTECTED]>
Subject: IPSec
Date: 13 Aug 1999 23:01:05 GMT
Hello All :
I was wondering if anybody knew of IPSec
implementations besides x-kernel and S/WAN.
Thanks .
--
Tom Tang
[EMAIL PROTECTED]
------------------------------
From: Abner Graham Jacobsen <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: Samba 2.03 and Microsoft Cobol
Date: Fri, 13 Aug 1999 22:30:47 GMT
Chris Mahmood wrote:
>
> Abner Graham Jacobsen <[EMAIL PROTECTED]> writes:
>
> > I just installed Caldera 2.2 with samba. I have an application made
with
> > Microsoft Cobol 4.0
> That wouldn't be Visual Cobol++, would it?
> -ckm
No. is the traditional cobol compiler for dos.
abner
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
Date: Fri, 13 Aug 1999 12:59:02 -0600
From: Steve Riley <[EMAIL PROTECTED]>
Subject: nfs and Caldera OL 2.2
Hi,
I am running Caldera OpenLinux 2.2 on two identical machines and I'm
trying to mount a directory from machine 1 to machine 2.
I have in the exports file on machine 1:
/home/userarea machine.domain(rw)
On machine2, I mount the directory with default settings to
/home/userarea/machine1.
This seems to work in that I can read the directory from machine1 with
no problem. However, when I try to write to the machine1 directory, I
get the error, "...:read-only file system". The user and group ids are
identical on the 2 machines, so I believe I should be able to write to
the remote disk. Am I missing something?
Steve
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Crossposted-To: comp.os.linux.help,comp.os.linux.questions,comp.os.linux.setup
Subject: Re: PPP module problems, part 2
Date: 13 Aug 99 22:59:47 GMT
Wei-shi Tsai <[EMAIL PROTECTED]> writes:
>I attempted to execute pppd, but it returns that the kernel does not
>support pppd. However, I know I compiled the support in the kernel! Am
>I missing something?
That is a grab ba error message which pppd emits on any error. It usually has
nothing to do with kernel support.
If you want to check, just run the bare command
/usr/sbin/pppd
(no other options)
You should get a line of garbage lasting about 10 sec. If you do, you have
module support. It could be file permissions ( eg of the /dev/ttyS? port) or
other port problems. It could be chat problems ( eg not using the full path name
/usr/sbin/chat), etc. It would be nice if that error message were changed, either
to make it more definite, or to remove reference to "your kernel may not support pppp".
The operative word there is may.
>I am using kernel version 2.2.10 and pppd version 2.3.7. I have
>attached the output of lsmod and dmesg.
>--
>Wei-shi Tsai
>Cymbeline on #descent, Kahn, and ICQ(UIN:2801023)
>The Lost Material Defender Page:
>http://www.crosswinds.net/dallas/~perdita/index.html
>MoonieCode(1.8.11):
>SM:5+ F:sMe++>Mo+>:vZo<Bl+>:aLu+Ry+:pClR2 D:sMa<:vBe-Wi-> X:a0s|35d++
>O:d+:s?:?o?:a--:h--- P:a+:s6:w-:f?:eBrD:hBkm:t-:cAs:y---:r+|
>--------------6CE1F54307DEB8BC79F84304
>Content-Type: text/plain; charset=us-ascii;
> name="Lsmod"
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline;
> filename="Lsmod"
>perdita:~# lsmod
>Module Size Used by
>v_midi 4672 0 (unused)
>opl3 10264 0 (unused)
>mpu401 17668 0 (unused)
>sb 31528 0 (unused)
>uart401 5628 0 [sb]
>sound 55128 0 [v_midi opl3 mpu401 sb uart401]
>soundcore 2208 7 [sb sound]
>bsd_comp 3468 0 (unused)
>ppp 19412 0 [bsd_comp]
>slhc 4188 0 [ppp]
>perdita:~#
>--------------6CE1F54307DEB8BC79F84304
>Content-Type: text/plain; charset=us-ascii;
> name="Dmesg"
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline;
> filename="Dmesg"
>Linux version 2.2.10 (root@perdita) (gcc version 2.7.2.3) #7 Fri Aug 13 10:46:08 CDT
>1999
>Detected 200459351 Hz processor.
>Console: colour VGA+ 80x25
>Calibrating delay loop... 399.77 BogoMIPS
>Memory: 30640k/32704k available (1040k kernel code, 412k reserved, 556k data, 56k
>init)
>VFS: Diskquotas version dquot_6.4.0 initialized
>CPU: Intel Pentium MMX stepping 03
>Checking 386/387 coupling... OK, FPU using exception 16 error reporting.
>Checking 'hlt' instruction... OK.
>Intel Pentium with F0 0F bug - workaround enabled.
>POSIX conformance testing by UNIFIX
>PCI: PCI BIOS revision 2.10 entry at 0xfdba1
>PCI: Using configuration type 1
>PCI: Probing PCI hardware
>Linux NET4.0 for Linux 2.2
>Based upon Swansea University Computer Society NET3.039
>NET4: Unix domain sockets 1.0 for Linux NET4.0.
>NET4: Linux TCP/IP 1.0 for NET4.0
>IP Protocols: ICMP, UDP, TCP, IGMP
>Initializing RT netlink socket
>Starting kswapd v 1.5
>parport0: PC-style at 0x3bc [SPP]
>parport0: no IEEE-1284 device present.
>parport1: PC-style at 0x378 [SPP,PS2]
>parport1: no IEEE-1284 device present.
>Serial driver version 4.27 with no serial options enabled
>ttyS00 at 0x03f8 (irq = 4) is a 16550A
>ttyS01 at 0x02f8 (irq = 3) is a 16550A
>ttyS02 at 0x03e8 (irq = 4) is a 16550A
>pty: 256 Unix98 ptys configured
>lp0: using parport0 (polling).
>lp1: using parport1 (polling).
>loop: registered device at major 7
>PIIX4: IDE controller on PCI bus 00 dev 39
>PIIX4: not 100% native mode: will probe irqs later
> ide0: BM-DMA at 0xffa0-0xffa7, BIOS settings: hda:DMA, hdb:pio
> ide1: BM-DMA at 0xffa8-0xffaf, BIOS settings: hdc:pio, hdd:pio
>hda: WDC AC34300L, ATA DISK drive
>hdb: FX240S, ATAPI CDROM drive
>ide2: ports already in use, skipping probe
>ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
>hda: WDC AC34300L, 4104MB w/256kB Cache, CHS=523/255/63, UDMA
>hdb: ATAPI 24X CD-ROM drive, 256kB Cache
>Uniform CDROM driver Revision: 2.55
>Floppy drive(s): fd0 is 1.44M
>FDC 0 is a post-1991 82077
>ppa: Version 2.03 (for Linux 2.2.x)
>WARNING - no ppa compatible devices found.
> As of 31/Aug/1998 Iomega started shipping parallel
> port ZIP drives with a different interface which is
> supported by the imm (ZIP Plus) driver. If the
> cable is marked with "AutoDetect", this is what has
> happened.
>imm: Version 2.03 (for Linux 2.0.0)
>imm: No devices found, aborting driver load.
>scsi : 0 hosts.
>scsi : detected total.
>Partition check:
> hda: hda1 hda2 hda3
>VFS: Mounted root (ext2 filesystem) readonly.
>Freeing unused kernel memory: 56k freed
>Adding Swap: 64256k swap-space (priority -1)
>CSLIP: code copyright 1989 Regents of the University of California
>PPP: version 2.3.7 (demand dialling)
>PPP line discipline registered.
>PPP BSD Compression module registered
>Soundblaster audio driver Copyright (C) by Hannu Savolainen 1993-1996
>SB 3.01 detected OK (240)
>ESS chip ES1688 detected (kernel 2.0 compatible)
>YM3812 and OPL-3 driver Copyright (C) by Hannu Savolainen, Rob Hooft 1993-1996
>MIDI Loopback device driver
>js: Version 1.2.13 using 200 MHz RDTSC timer.
>joy-analog: no joysticks found
>VFS: Disk change detected on device ide0(3,64)
>--------------6CE1F54307DEB8BC79F84304--
------------------------------
From: "TJBJr1" <[EMAIL PROTECTED]>
Subject: Need Help with Netgear NIC and Red Hat
Date: Fri, 13 Aug 1999 14:59:27 -0400
Sorry to be a bother, but I've made progress. Please forgive my newbie ways
but I'd like to get this Netgear FA310 NIC working with my Red Hat 6. I
wrote an email to Netgear and I will post it below. The issue I have is the
destination they have me copy the new tulip.c file to does not exist. Nor
do any of the "make" commands work when I created the directories and copied
the file there. I'm just slightly confused. Any help would be awesome. I
knew I should have gone 3Com. :-(
=====================
Netgear Mail
We do have the help file on the driver disk and if it isn't there it is
on the new driver on our website. Also, here is some help for the
install. Unfortunately, we do not have alot of support for Linux.
Mount your floppy drive.
Execute the following commands: (%floppy and %linux and %menuconfig
%zlilomay vary)
cp /%floppy/linux/tulip.c /usr/src/%linux/drivers/net/tulip.c
cd /usr/src/%linux/
make modules
make
make %menuconfig (or config or xconfig)
choose to load the DEC Tulip family in the kernel
make dep clean modules modules_install %zlilo
shutdown -r 0
I hope this helps. This is basically the extent of our support.
------------------------------
From: "Donald E. Stidwell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: Linux as a file server
Date: Fri, 13 Aug 1999 23:05:16 GMT
Steve Grant wrote:
> I am fairly new to Linux and I would eventually like to replace our Novell
> file servers with Linux in a small office environment.
> Is there a Windows 9x client available for this purpose? Something like
> the Novell Client would be wonderful, or is it more complicated than a
> simple client to access files on a Linux server from a windows network?
> If you know of any freely available, I would like to get the URL so I
> could give them a try at home.
>
> Any help would be appreciated.
> Thanks
>
> Steve
>
> ------------------ Posted via CNET Linux Help ------------------
> http://www.searchlinux.com
There's a little tonkle called MARS-NWE that comes with RedHat/Mandrake that
allows you to use your Linux box as a Netware server as well. Caldera also
sells a NetWare Client/Server that runs on Linux.
Don
------------------------------
From: [EMAIL PROTECTED] (Frank v Waveren)
Subject: Re: FTP - I don't want an anonymous account
Date: Fri, 13 Aug 1999 20:10:17 GMT
If you're running redhat: "rpm -e anonftp"
In article <krZs3.3921$[EMAIL PROTECTED]>,
"Suddn" <[EMAIL PROTECTED]> writes:
> How do I make sure that no anonymous users are allowed to FTP into my
> server? I want only real users to be allowed to FTP in.
>
> Thanks.
>
>
--
Frank v Waveren
[EMAIL PROTECTED]
ICQ# 10074100
------------------------------
From: [EMAIL PROTECTED] (Frank v Waveren)
Subject: Re: 2 ethernet cards for my IP MASQ server?
Date: Fri, 13 Aug 1999 20:33:34 GMT
In article <[EMAIL PROTECTED]>,
brian joseph slechta <[EMAIL PROTECTED]> writes:
> Hello,
>
> First off I want to thank all the people who anser posts on this group.
> You guys ROCK. Now I just have a quick question about setting up a LAN
> with IP-Masquerading. I have a LINUX that I plan to use as the
> "gateway" (or masq-gate...i dont what exactly to call it) with the
> actual IP address. I will be using a cable modem connection to access
> the internet.
>
> Do I need to have 2 ethernet cards installed in the masq-gate machine or
> can I get by with just the one?
>
> I was hoping I could just put all the machines on the one HUB and
> connect the uplink to the cable rather than connecting the cable to one
> ethernet card and the rest of the LAN to the other card. Please let me
> know. I am fairly new to LINUX, but I am really looking forward to
> setting up my apartment. Thanks.
I assume you've got a cable modem that connects to a nic. In that case, it
probably is possible (with ip-aliassing), but it's probabably not worth the
hassle. Get an extra nic for $15, and get less hassle and probably better
performance.
--
Frank v Waveren
[EMAIL PROTECTED]
ICQ# 10074100
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
