Linux-Networking Digest #248, Volume #12 Mon, 16 Aug 99 18:13:50 EDT
Contents:
Re: Proxy Serving across Cable Modem ("Scott D. Davis")
masquerade two networks? ([EMAIL PROTECTED])
RE: Gigabyte GA-6BXE networking problems (Sid Boyce)
How to forward broadcasts using IP-Chains? (Miguel Cruz)
SATAN on Redhat Linux v6.0 ("David P. Hummel, Jr.")
Re: Help trying to setup masquerading for PPTP ("John Hardin")
Re: IP Masquerading -Step by Step using Ipchains ("Charles Stack")
Re: RedHat Linux as Mac file server (Richard Petty)
Re: Firewall + Linux (dmalcolm)
Re: pppd in 'setuid-root' mode (W.G. Unruh)
Kernel Level Proxy ("Peter Pawlowski")
Dial on Demand ("Alexander Mann")
Re: Masquerading using IP Aliasing with only one NIC? (Jerry Craker)
Re: DHCP to other WAN sites from one server. ("Steve Cowles")
ADSL ("Lou")
Re: PPP problem with 2.2 kernel (W.G. Unruh)
Re: Bus Error in Netscape ([EMAIL PROTECTED])
Samba Problems ("Frederik Meerwaldt")
Re: Networking problems (Chris)
Re: DHCP to other WAN sites from one server. (Chris)
traffic record ("Philipp Koch")
----------------------------------------------------------------------------
From: "Scott D. Davis" <[EMAIL PROTECTED]>
Crossposted-To: redhat.networking.general
Subject: Re: Proxy Serving across Cable Modem
Date: Mon, 16 Aug 1999 20:40:19 GMT
Urm... Easy. You want to do IP MASQ as you describe, nothing else. No
need to buy anything, its all there. I am doing it now.
Install IP MASQ from the Mini Howto, and then just add a firewall.
With hosts.deny, adn rc.firewall, you should be safe enough.
Scott
John Lindemuth <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I am looking to connect my home network to the internet through a TCI
> cablemodem. I have found documentation on how to connect the cable modem
> to the linux box and how to connect two network cards so that the linux
> box can serve the internet to my home Network. My questions is what type
> of connection should I use IP Masquerading, or proxy server with
> firewall. I would like to have the security of firewall since I have
> heard bad things about the security of cable modems in general. The major
> concern is that My roomate and I need to connect to the net at the same
> time. Also we are online gamers and need a connection that will support
> games like Everquest, Ultima Online, etc. for play over the internet. I
> am using the Red Hat Distribution 5.1. If anyone has done a similar setup
> I would like some giudance on which direction I should go.
>
> Thanks in advance,
> John
>
> ------------------ Posted via CNET Linux Help ------------------
> http://www.searchlinux.com
------------------------------
From: [EMAIL PROTECTED]
Subject: masquerade two networks?
Date: Mon, 16 Aug 1999 20:07:53 GMT
I have a problem. I have a network with a Linux box (2.0 kernel Red Hat
5.1) acting
a firewall to the internet.
On the inside of this firewall I have one private
network I'll call network "A" that has a direct connection to the linux
box. It's packets
are masqueraded properly and anyone on that net can surf the
internet.
I have another network I'll call network "B" that connects to network
"A" through a Novell server acting as a router. People on network "B"
can see everything
on network "A" including the linux box.
They can even reach the outside address of the linux box but they
cannot reach anything
on the internet even though I set up the same
masquerading statements for their network as I did for network "A"
(i.e. ipfwadm -F -a masq -S<network_B> -D0.0.0.0/0).
Any ideas?
Keith.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Mon, 16 Aug 1999 05:13:45 +0000
From: Sid Boyce <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: RE: Gigabyte GA-6BXE networking problems
Sometimes the answer to your own questions are inbuilt in the question,
it's also amazing how clear the mind can be at times after too little
sleep.
I changed the IRQ from 9 to 7 and BINGO! the 3c509B likes it and I
can't find anything else that uses IRQ 9.
Regards
--
... Sid Boyce...G3VBV...44-121 422 0375
-----------------------------------
------------------------------
From: [EMAIL PROTECTED] (Miguel Cruz)
Subject: How to forward broadcasts using IP-Chains?
Date: 16 Aug 1999 21:15:55 GMT
I need a firewall to forward broadcasts from a certain machine. How can I
enable this? No matter what I try, they get swallowed up by the Linux box.
It forwards everything else fine. Thanks for any help.
miguel
------------------------------
From: "David P. Hummel, Jr." <[EMAIL PROTECTED]>
Subject: SATAN on Redhat Linux v6.0
Date: Mon, 16 Aug 1999 17:12:58 -0400
I am trying to get SATAN-1.1.1 to run on my fresh install (with all
updates) of Redhat Linux 6.0. I have found many version includding the
rpms from redhat. I have applied every patch to every versionto no
avail. I think the problem may be wit the newer version of glibc or
libc6. This is the final line I get when compileing anyy of them:
The LINUX rules are untested and may be wrong
make[1]: Entering directory `/home/dave/dnld/satan-1.1.1.clean'
cd src/misc; make "LIBS=" "XFLAGS=-DAUTH_GID_T=gid_t" "RPCGEN=rpcgen"
make[2]: Entering directory `/home/dave/dnld/satan-1.1.1.clean/src/misc'
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -c md5.c -o md5.o
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -c md5c.c -o md5c.o
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -o ../../bin/md5 md5.o md5c.o
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -o ../../bin/sys_socket sys_socket.c
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -o ../../bin/timeout timeout.c
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -o ../../bin/rcmd rcmd.c
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -o ../../bin/safe_finger
safe_finger.c
rpcgen rex.x 2>/dev/null
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -c rex.c -o rex.o
rex.c: In function `rex_command':
rex.c:178: warning: passing arg 3 from incompatible pointer type
rex.c:178: warning: passing arg 5 from incompatible pointer type
rex.c: In function `rex_exit':
rex.c:222: warning: passing arg 3 from incompatible pointer type
rex.c:222: warning: passing arg 5 from incompatible pointer type
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -c rex_xdr.c -o rex_xdr.o
rex_xdr.c: In function `xdr_rex_start':
rex_xdr.c:42: warning: assignment from incompatible pointer type
rex_xdr.c:72: warning: assignment from incompatible pointer type
cc -O2 -m486 -I. -DAUTH_GID_T=gid_t -o ../../bin/rex rex.o rex_xdr.o
make[2]: Leaving directory `/home/dave/dnld/satan-1.1.1.clean/src/misc'
cd src/boot; make "LIBS=" "XFLAGS=-DAUTH_GID_T=gid_t" "RPCGEN=rpcgen"
make[2]: Entering directory `/home/dave/dnld/satan-1.1.1.clean/src/boot'
rpcgen bootparam_prot.x 2>/dev/null
cc -I. -O2 -m486 -DAUTH_GID_T=gid_t -c boot.c -o boot.o
boot.c:24: macro `strchr' used without args
make[2]: *** [boot.o] Error 1
make[2]: Leaving directory `/home/dave/dnld/satan-1.1.1.clean/src/boot'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/home/dave/dnld/satan-1.1.1.clean'
make: *** [linux] Error 2
ANy suggestions?
Greatly appreciated.
Dave Hummel
------------------------------
From: "John Hardin" <[EMAIL PROTECTED]>
Subject: Re: Help trying to setup masquerading for PPTP
Date: Mon, 16 Aug 1999 13:20:38 -0700
Ken Szeto wrote in message ...
>I am trying to acheive the same thing over here as well and I came across
>the following article.
>ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
>
>According to the article, Windows 95 and 98 clients cannot establish PPTP
>session through IP Masquerading not because of Linux but because of
>Microsoft.... surprise, surprise!
That was confusingly worded - I've tried to clear it up, take another look.
W'95 and W'98 will work jes' fine as PPTP clients, but you cannot use them
to route your entire local network over the VPN. This means that if all you
have is W'95 and W'98 systems, each one will have to establish its own
private connection to the PPTP server.
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
=======================================================================
In the Lion
the Mighty Lion
the Zebra sleeps tonight...
Dee de-ee-ee-ee-ee de de de we um umma way!
------------------------------
From: "Charles Stack" <[EMAIL PROTECTED]>
Subject: Re: IP Masquerading -Step by Step using Ipchains
Date: Mon, 16 Aug 1999 13:57:51 -0400
There's a very good "How-To" on this subject. See www.linuxberg.com and
select the "How-To's" hyperlink.
It only takes three lines of code to get you going using IPChains.
Also, in August's Linux Magazine, there is an article on this subject as
well (complete with scripts).
Cheers,
Charles
------------------------------
From: [EMAIL PROTECTED] (Richard Petty)
Crossposted-To: comp.os.linux.setup
Subject: Re: RedHat Linux as Mac file server
Date: Mon, 16 Aug 1999 17:53:04 GMT
In article
<[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>I've got limited experience with RedHat 5.2 (kernel 2.0.36), and in the
>near future, I will be building a computer for use as a web server at
>work. I work in a small office that publishes newsletters for various
>clients, and we are exploring the possibility of publishing our
>newsletters on the web. This part is easy enough.
>
>But, I'd like to put a huge drive in the computer (12 gig minimum) and use
>the Linux box as a file server for the rest of the computers in our
>office, which are all Macs. From what I've heard, this is possible, but I
>would like to know how easy or hard this is. I know Macs forwards and
>backwards and upside down, so configuration on that end is not an issue.
I've seen my LinuxPPC box acting as an AppleShare-style file server. It
seemed plenty fast on my 100mbps LAN, but I didn't benchmark.
Are you interested in this merely for reasons of enlightenment, or is
there some practical problem with running your server under the MacOS?
Unless you're running a graphics department, even a puny 'ole PowerMac
6100 with a big disk would be more than up to the task.
--Richard
--
Spam deterent: Remove the "bogus" part for a correct address.
------------------------------
From: dmalcolm <[EMAIL PROTECTED]>
Subject: Re: Firewall + Linux
Date: Mon, 16 Aug 1999 16:37:11 -0500
This is a multi-part message in MIME format.
==============480AA1312FF7ED7D02C9B977
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Take a look at my Homepage's Firewall section. There you will find my
experiences (and I am not an expert) using FreeBSD 3.2 and Slackware Linux
4.0, along with a list of helpfull links.
Dan
Luc Luyckx wrote:
> Does anyone have real experience and/or documentation in setting up and
> maintaining a Firewall on a Linux box.
>
> 1) Which soft is the most appropriate to use
> 2) How do I have to set my expectations w/ rgds to more professional
> machines and software.
> 3) Can someone recommend a decent shareware solution?
>
> thanks,
>
> luc
==============480AA1312FF7ED7D02C9B977
Content-Type: text/x-vcard; charset=us-ascii;
name="dmalcolm.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for dmalcolm
Content-Disposition: attachment;
filename="dmalcolm.vcf"
begin:vcard
n:Malcolm;Dan
tel;fax:256-895-9934
tel;home:256-772-3109
tel;work:256-722-2840
x-mozilla-html:FALSE
org:Home
adr:;;1308 Nolan Court;Madison;AL;35758;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Software Engineer/SysAdmin
x-mozilla-cpt:;25680
fn:Dan Malcolm
end:vcard
==============480AA1312FF7ED7D02C9B977==
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Crossposted-To: comp.os.linux.misc
Subject: Re: pppd in 'setuid-root' mode
Date: 16 Aug 99 18:07:05 GMT
Richard G Brown <[EMAIL PROTECTED]> writes:
>by itself. Any ideas?
>(Of course, I could always change the group ownsership of ttyS1 to
>pppusers but then I would be giving them direct access to the port)
They need direct access to the port since that is where the date is written
to and read from. And since an suid pppd program gets rid of its root
uid as quickly as possible (it is really only needed to set up routes I think)
and since chat never has root permission, the users HAVE to be able to write
to that port.
------------------------------
From: "Peter Pawlowski" <[EMAIL PROTECTED]>
Subject: Kernel Level Proxy
Date: Mon, 16 Aug 1999 16:43:20 -0500
Is there anyway to configre linux so that every single network
operation (exluding connections to 192.168.x.x) goes through a specific
proxy and through a specific port on that proxy. Any help will be greatly
appreciated.
--
Peter Pawlowski
"The greater your knowledge, the greater your
realization of how small your knowledge is."
------------------------------
From: "Alexander Mann" <[EMAIL PROTECTED]>
Subject: Dial on Demand
Date: Mon, 16 Aug 1999 20:19:48 +0200
Hi Abdullah
Thanks for your first reply. My pppd seems to support the "demand" option
but I got helplessly lost in
the different man pages for pppd, diald and wvdial which is meant for
internet dial up in my SuSE 6.1. I can connect to the internet via kppp in
KDE but I was not able to get a connection on the command shell nor with
pppd or diald or wvdial. I wrote several scripts for chat and the diald.
Maybe you could give me some more help (maybe you have some example chat and
pppd scripts). Or maybe you know a book, a website or another guy who could
help me.
Thank you
Alexander
------------------------------
From: Jerry Craker <[EMAIL PROTECTED]>
Subject: Re: Masquerading using IP Aliasing with only one NIC?
Date: Mon, 16 Aug 1999 16:31:36 -0400
Reply-To: [EMAIL PROTECTED]
This should work fine. You must simply alias one address on top of the
other. I would suggest using one of the non-routable IPs. I am not sure
if DHCP would cause a problem or not. I don't think so.
-- Jerry --
Peter Eddy wrote:
> Is it possible to use IP aliasing to give a NIC on a Linux box two IP
> addresses and have this one NIC/box function as a gateway with IP
> Masquerading?
>
> For example, connect a local net with non-routeable addresses
> (192.168.1.x) to the net via a Linux box with a single NIC. The NIC
> would have two address, the ISP assigned address and, using IP aliasing,
> an IP address on the local net.
>
> A friend has asked me to help him set up a Linux box for this purpose
> and I'd told him he needed two NICs. He asked me if he could save some
> money using IP aliasing and I didn't have an answer for him.
>
> One more wrinkle, I don't know yet if his IP is static or if he'll get
> it via DHCP. Assuming the answer to the first question is yes, will a
> DHCP address pose any problems?
>
> Thanks in advance,
> Peter
------------------------------
From: "Steve Cowles" <[EMAIL PROTECTED]>
Subject: Re: DHCP to other WAN sites from one server.
Date: Mon, 16 Aug 1999 21:05:31 GMT
By default, most routers do not forward DHCP packets. With Cisco routers you
can set the "ip helper-address" to point to the IP address of the DHCP
server at your site. That way when a client at your remote site
(192.168.2.0/24) issues a DHCP broadcast, the router will forward that
packet to the IP address specified by the helper-address (the DHCP server).
The key to making this work is to be sure you have all DHCP scopes defined
for all subnets, especially the local scope for each subnet. ie the default
route for each subnet needs to be listed as local. I have actually set this
up using Cisco routers and it works great. Although, I eventually installed
a DHCP server at each site. I got tired of thinking about having all my eggs
in one basket. WAN circuits do go down every now and then.
If you are using Cisco routers to connect your offices together over Frame,
Check out this site on Cisco.
http://www.cisco.com/warp/public/779/smbiz/service/knowledge/tcpip/dhcp.htm
Steve Cowles
SWCowles at gte dot net
<[EMAIL PROTECTED]> wrote in message
news:7p98jc$6ar$[EMAIL PROTECTED]...
> Hello.
>
> I have successfully enabled DHCP at one site and would like to use DHCP
> from the same server to our other sites. Our other sites are connected
> via routers / Frame-Relay and they are using a private ip number.
>
> Currently our subnet is
>
> 192.168.1.1 (our router) - 192.168.1.254
>
> Our other sites are
>
> 192.168.2.1 (our router) - 192.168.1.254
> 192.168.3.1 (our router) - 192.168.1.254
>
> Please help!
>
> If possible please e-mail me.
>
> Thank you.
>
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: "Lou" <[EMAIL PROTECTED]>
Subject: ADSL
Date: Mon, 16 Aug 1999 12:23:28 -0700
Anyone have experience with efficent networks's 3060 dsl modem? Was it hard
to get working under linux?
Here is their page on the card:
http://www.efficient.com/products/dsl/3060.html
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: PPP problem with 2.2 kernel
Date: 16 Aug 99 18:16:46 GMT
"Gray McCord" <[EMAIL PROTECTED]> writes:
>I've been running a linux node successfully on various versions of the 2.0
>kernel (currently 2.0.33) and decided to update it to 2.2.11. When I did
>this , my automated ppp dialup has stopped working. I get a message is the
>syslog stating something like "setserial/setrocket blah blah is deprecated
>and then pppd exits. I also got a message indicating that using setserial
>on /dev/cua0 is obsolete and needs to be changed to /dev/ttS0
That is /dev/ttyS0. The cua ports are obsolete as the message says. It is the ttyS
tht are your serial ports.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Bus Error in Netscape
Date: Mon, 16 Aug 1999 17:23:18 GMT
the fix for java page is on this website.
http://www.redhat.com/cgi-bin/support?faq
hopefully this will fix for your problem.
In article <[EMAIL PROTECTED]>,
Spathi <[EMAIL PROTECTED]> wrote:
> I am now experiencing the same problems, it is happening whenever java
is
> started (if you look down the bottom in the status bar it says
Starting
> Java... then it dumps) If i find any information on this i will let
you
> know, i would appreciate if you could do the same. I am also using rh
6
>
> Spathi
>
> Daniel Carlsson wrote:
> > Hello,
> >
> > When I visit some websites netscape just die's and "Bus Error" is
> > printed on the teriminal from where it was started.
> > This always happens on the same websites, example: www.mico.org
> > I've tested both netscape 4.51 and 4.6 and the same thing.
> > The pages work in lynx.
> > I am using RedHat 6.0
> >
> > I would be greatful for any tips on how to fix it.
> >
> > Daniel Carlsson <[EMAIL PROTECTED]>
>
> ------------------ Posted via CNET Linux Help ------------------
> http://www.searchlinux.com
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Frederik Meerwaldt" <[EMAIL PROTECTED]>
Subject: Samba Problems
Date: Mon, 16 Aug 1999 23:43:03 +0200
Hi all,
after I installed Kernel 2.2.11 on my SuSE 6.0 Linux box (was 2.0.39)
everything but SMBMOUNT works fine.
If I try to smbmount a network device with the parameters which worked
in the last kernel version, I get a error message Invalid Argument. After
looking to Virtual Console 10 (CTRL+ALT+F10) (Console Log, I think) with
every try a line is added:
Aug 15 02:46:23 linuxbox kernel: SMBFS: need mount version 6.
After that I downloaded SAMBA 2.0.5 and installed it (./configure.sh, make
install)
The same problem still appears.
Regards,
Freddy
=====================================================================
$ ON F$ERROR("LANGUAGE","ENGLISH","IN_MESSAGE").GT.F$ERROR("NORMAL") -
THEN EXCUSE/OBJECT=ME
=====================================================================
------------------------------
From: [EMAIL PROTECTED] (Chris)
Subject: Re: Networking problems
Date: Mon, 16 Aug 1999 18:21:01 GMT
On Mon, 16 Aug 1999 16:48:15 GMT, [EMAIL PROTECTED] wrote in
comp.os.linux.networking:
>But I can't seem to ping out of or into this machine. When I ping to
>another machine, "netstat -i" shows that there are 25 TRX-OK but 0
>RV-OK.
Do you have a firewall installed? If so, have you opened the door for
ICMP packets?
------------------------------
From: [EMAIL PROTECTED] (Chris)
Subject: Re: DHCP to other WAN sites from one server.
Date: Mon, 16 Aug 1999 18:17:41 GMT
On Mon, 16 Aug 1999 14:52:32 GMT, [EMAIL PROTECTED] wrote in
comp.os.linux.networking:
>I have successfully enabled DHCP at one site and would like to use DHCP
>from the same server to our other sites. Our other sites are connected
>via routers / Frame-Relay and they are using a private ip number.
>
>Currently our subnet is
>
>192.168.1.1 (our router) - 192.168.1.254
>
>Our other sites are
>
>192.168.2.1 (our router) - 192.168.1.254
>192.168.3.1 (our router) - 192.168.1.254
DHCP uses broadcast packets (255.255.255.255 since the subnet broadcast
address is unknown at machine boot) to find a server and negotiate a
lease. Normally you can't serve a remote subnet because routers don't
forward broadcasts. If the 2.1 and 3.1 gateways are also running Linux,
you can install the dhcp-relay package on both of those machines so they
will forward dhcp requests to the appropriate server while maintaining the
normal block on broadcast forwarding for all other packets.
------------------------------
From: "Philipp Koch" <[EMAIL PROTECTED]>
Subject: traffic record
Date: Mon, 16 Aug 1999 17:46:05 -0400
Hello,
I'm using a linux pc as a router (ip masquerading) to access the internet
and webserver. I'm looking for a tool that records the traffic for each
domain I've hosting. May somebody help me?
Greetings
Phil
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
