Linux-Networking Digest #270, Volume #12 Wed, 18 Aug 99 12:13:48 EDT
Contents:
Re: Linux Internet Access Through Proxy Server ("Doug Thews")
Apache setup with 2 NICs, an NT box and a Linux box (Nick Ringo)
Re: DSL IP-address question (Greg Leblanc)
Re: Cracks for Linux? that's unfortunate ("Abhishek Srivastava")
Re: Sizing a server and other things (Greg Leblanc)
easier way? (Marc Ohmann)
Re: ppp-isp-dns--Help! (Clifford Kite)
Netscape hangs if not connected to network (Tom Georges)
Traffic monitoring solution wanted (Ken Rachynski)
Re: Who has diald working really? (Mike Jagdis)
Re: Modem Dial-in (W.G. Unruh)
Re: DHCP to other WAN sites from one server. ([EMAIL PROTECTED])
Re: Linux and MS Proxy ("Michael")
mgetty respawning too fast (David Akins)
Re: KDE for Redhat 6.0 - problems installing ([EMAIL PROTECTED])
netatalk and asantetalk ([EMAIL PROTECTED])
Re: mount AIX directory to Linux (Eric)
Re: Leafnode not posting messages (Greg Weeks)
Linux and MSExchange Mail ([EMAIL PROTECTED])
Re: Token Ring NIC not recognized ([EMAIL PROTECTED])
Re: DSL on One Box -- Do I Need to Do Anything About Security ("Michael Faurot")
Leafnode not posting messages (Chris Severn)
----------------------------------------------------------------------------
From: "Doug Thews" <[EMAIL PROTECTED]>
Subject: Re: Linux Internet Access Through Proxy Server
Date: Wed, 18 Aug 1999 08:45:08 -0500
OK. How do I do it? Does it replace the SOCK service on the Proxy Server
or is a Linux client thing? Additional information would be appreciated.
--
Doug Thews
Director, Client Solutions
D&D Consulting Services
Phil <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I sent the message below to someone on another news group today but it
works
> here, too.
>
> MS Proxy Server 2.0 has Socks Proxy for non-Windows hosts. MS uses
> SOCKS ver. 4.3a.
>
> The MS SOCKS proxy will support Telnet, FTP, HTTP, and Gopher. It will
not
> support apps that use UDP - Real Audio, VDOLive, MS Netshow, Quake, .....
> other fun stuff. The Winsock Proxy does do UDP.
>
> More info on SOCKS - www.socks.nec.com
> www.socks.nec.com/socks4.protocol
------------------------------
From: Nick Ringo <[EMAIL PROTECTED]>
Subject: Apache setup with 2 NICs, an NT box and a Linux box
Date: Wed, 18 Aug 1999 12:43:11 GMT
I'm sorry if the answer to this question is obvious but I guess I'm
looking too hard because I can't seem to see it. Here's what I have.
My main web server is my RH Linux 6.0 box, 132Mbyte RAM, several Gigs
hard storage. I have two NICs; one attached to my cable modem complete
with a static IP address and the second one linked to my NT 4.0
Workstation. I have a web site on the NT workstation and also a few on
the Linux box. I'm using the NT box because I can't seem to get both
the FrontPage 2000 extensions and PHP3 to work on the Linux box
simultaneously. (BTW, PHP3 Rocks!!!!).
I've read through the Apache documentation on virtual hosts and have no
problems with name virtual hosts, provided they're all on the Linux
box. But getting over to the NT box seems to be a problem. The NT
site, www.ntbox.com is on a local network 192.168.1.0 and the other
site(s), www.linuxbox1.com, www.linuxbox2.com, etc. are all on the
linux box being resolved from the same static IP address.
How does one set up the server so calls from the outside world to
www.ntbox.com get routed properly? Can someone point me in the right
direction or give me a URL or something where I can figure this out?
Should I be aliasing my eth1 device? As usual, I'm clueless.
Many thanks in advance for any help you can provide. Please either post
responses to this newsgroup or you can email me at:
[EMAIL PROTECTED]
Nick Ringo
------------------------------
From: Greg Leblanc <[EMAIL PROTECTED]>
Subject: Re: DSL IP-address question
Date: Wed, 18 Aug 1999 15:01:34 GMT
You don't need to do ANYTHING with dhcpD, but you may need either pump,
or dhcp. Try man dhcp or man pump, those should get you set up, but
before you go messing around with that try using caldera's network
config tool. dhcpD is the Daemon for dhcp, which gives our dhcp
addresses. I have a Cisco 675, but I have public 1 IP address for my
machines. I'm not using the cisco to do NAT, but I will be using the
linux kernel so that I have some accountability.
Greg
--
It's pronounced "sexy" not "scuzzy"!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Abhishek Srivastava" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.misc
Subject: Re: Cracks for Linux? that's unfortunate
Date: Wed, 18 Aug 1999 12:33:28 +0530
Asking for Crack software for linux is Stupid !!
when u get *almost* all things for free. To pay
USD 20 for such a wonderfull system should hurt at all.
The linux community should support the organizations that make
Linux software.
Abhishek.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_/ Abhishek Srivastava
_/ Hewlett Packard ISO
_/_/_/ _/_/_/ -------------------
_/ _/ _/ _/ (Work) +91-80-2251554 x1190
_/ _/ _/_/_/ (Ip) 15.10.47.37
_/ (Url) http://sites.netscape.net/abhishes/homepage
_/ There's a difference between knowing the path and
walking on it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bryan <Bryan@[EMAIL PROTECTED]> wrote in message
news:JSpu3.779$[EMAIL PROTECTED]...
> $20 is nothing. you're getting a whole o/s, a windowing system, etc,
> etc, for free. so what are you complaining about?
>
> if you want the kind of features that OSS provides, you should pay for it.
>
> else, use what exists for free or ..
>
> ... WRITE YOUR OWN DAMNED SOFTWARE, DAMMIT!
>
> [...damned windowz freaks piss me off. grrr!]
>
>
> In comp.os.linux.development.apps Sean <[EMAIL PROTECTED]>
wrote:
> : Hi I think free software is the best. Especially Open Source Software.
------------------------------
From: Greg Leblanc <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: Sizing a server and other things
Date: Wed, 18 Aug 1999 15:13:56 GMT
In article <7pboie$[EMAIL PROTECTED]>,
"Lloyd Parsons" <[EMAIL PROTECTED]> wrote:
> I work for a small k-12 Education VAR in a very rural part
> of Illinois. We
> have had a request from one of the school systems to install
> a web server.
> Well, since we have wanted to start somewhere with Linux as
> part of our
> product mix, we thought this was an ideal area to begin
> with.
Good place to start!
>
> But, none of us at work are anywhere near being Linux
> experts, nor even web
> server experts, but we are willing to learn. I have a few
> questions that I
> need answers to. Direct answers preferred, but pointers to
> the right FAQ,
> readme and so on would also be nice.
You'll probably have a lot of reading to do. I would get myself a copy
of RedHat Linux. It's pretty easy to set up, and the support newsgroups
are pretty good.
>
> The plan is to have a single server serve up for about 4000
> students and
> teachers and want to be able to put up the school's website
> and allow all
> teachers and students to put up their own web pages,
> allowing about 2mb of
> disk space per person, plus some overhead for the school
> itself.
>
> Figuring out the disk space isn't an issue, and I figure
> that I will upgrade
> the machine they are willing to allow us to use to a scsi
> hd. The rest of
> the parameters on the box are P5/233, 80mb ram. Is this
> enough horsepower
> for what they want to do?
Probably good enough, just make sure to keep monitoring it. Don't stop
monitoring it, ever. This way you will know when you need to upgrade,
and can make a case for upgrading with numbers.
>
> Then to apache.
>
> 1. Will it support ASP?
> 2. Will it effectively support FrontPage? Many of the
> students and
> teachers are not very computer literate and this would
> probably be the
> program that they would choose to make their pages.
I would try to go with some other visual editor, if you can. Frontpage
is VERY nice, but it's also huge, and requires you to go back and edit
your code by hand so that people using netscape can see your pages
properly. I might look at HomeSite by alliare, or possibly Netscape
Composer.
>
> Am I missing anything here?
As for user storage, you're going to want to create a user account for
each user. I would recomend giving them each a home directory like
/home/name, or /home/students/name. Inside of this, I'd create an HTML
directory, or something similar. Then you should be able to make a
mapping with apache so that ~name gets mapped to
/home/students/name/HTML, or something very similar. You should
only have to create one mapping this way, by using a variable. I
may be wrong on this, and I'd apreciate it if somebody would correct
me if I am. This way if the functions that this server performs ever
change you'll easily be able use their user space for more functions.
Greg
>
> If I am undershooting with the hardware, feel free to
> suggest.
>
> Thank you
>
> Lloyd
>
>
--
It's pronounced "sexy" not "scuzzy"!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Marc Ohmann <[EMAIL PROTECTED]>
Subject: easier way?
Date: Wed, 18 Aug 1999 10:10:41 -0500
Is there an easier way, than rebooting, to see if my changes to
/etc/conf.modules have worked?
thanks,
marc
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: ppp-isp-dns--Help!
Date: 18 Aug 1999 09:58:51 -0500
Marc Warren ([EMAIL PROTECTED]) wrote:
: I have RH 6.0 installed and am trying (still) to get a "proper" internet
: connection . I have what appears to be a good ppp connection- the ISP
: accepts my PAP name and password, and gives me local and remote IP's,
: which can then be found with ifconfig. I have my ISP's dns IP addrresses
: in /etc/resolv.conf (?) as 2 lines--nameserver x.x.x.x (cr) nameserver
: y.y.y.y.
: I can even get thru to one or two sites with ftp and telnet if I use a
: good ip address. But I cant ping Anything! Nslookup hangs and eventully
: gives me a message to the effect that it cant get a response from either
: dns address, and server name not found.
This seems to imply that the syntax of /etc/resolv.conf or the nameserver
IP addresses are incorrect. Post one of the NS IP addresses and we can
tell you if they are correct, post the resolv.conf file and we can tell
you whether it's syntax is correct as well.
: Netscape hangs forever, and tends to totally lock up the system.
: Another question-- one of my configuration files (/etc/hosts.conf?) has
: a line like "order hosts,bind" -- I've got the O'reilly book "DNS and
: Bind" and I still don't quite get what bind is-- or where it is. Can't
Under Linux Bind is a set of library routines that are used by various
programs, including domain name servers.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Better is the enemy of good enough. */
------------------------------
From: Tom Georges <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.x
Subject: Netscape hangs if not connected to network
Date: Wed, 18 Aug 1999 10:40:51 -0400
I'm running Netscape 4.6 on linux 2.2.5-22, Pentium box, RedHat 6.0
distribution.
Whenever I start Netscape and I have not yet dialed into my ISP,
Netscape hangs (perhaps 10 minutes? Seems like forever!) with
an inactive X display, then eventually comes to life, whereupon
I can browse local pages. I have an ethernet connection that is
frequently active when I do this (via ISDN), so it's presence does
not seem to help. If I dial in before bringing up Netscape, all
is well and no delay.
Can anyone help me understand what's going on? And is there anything
I could set on my machine to stop this from occuring?
Many thanks in advance.
Tom
--
Thomas L. Georges, SMTS BellSouth Telecommunications S&T
675 W. Peachtree St. 41B50 Atlanta, GA 30375
Office:(404)927-4099 - F:(404)420-8202 - P:(404)672-2784 #1030090
"A government that robs Peter to pay Paul can
always count on the support of Paul" - GBS
(ALL OPINIONS ARE MINE and not my employers - but they should be :)
------------------------------
From: [EMAIL PROTECTED] (Ken Rachynski)
Subject: Traffic monitoring solution wanted
Date: Wed, 18 Aug 1999 15:16:38 GMT
Good day,
I have been asked to look into a solution for real-time and
statistical traffic monitoring for our proxy server. I did not set it
up, so I'm not sure if it is even set up for efficient monitoring.
The server is running RedHat 4.2 with Squid for HTTP caching, TIS FWTK
for FTP and SMTP services, and a couple of Real Networks services
(rtspd and ra-proxy). We're using Calamari for Squid statistics, but
otherwise, it's black hole of information.
Any suggestions? I am testing out RH6 using ipchains on a separate
network so that may be viable as a solution.
Thanks in advance,
Ken
------------------------------
From: [EMAIL PROTECTED] (Mike Jagdis)
Subject: Re: Who has diald working really?
Date: 18 Aug 1999 15:15:13 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>OK, is there anyone out there who has gotten diald to work (with no
>phantom dials from netbios et al) without making a DNS on their
>network? Assuming there is some golden child out there who has done
>this feat, I have a request...
There is no magic way to stop it happening. You either need
to install something to handle DNS queries sensibly or you
need to isolate the sources of "strange" look ups.
>By the way, I am not afraid of running my own DNS, it just doesn't
>seem right that I have to run a DNS just to get around some facist
>Gatesian packets (udp netbios) infecting my pure Linux machine.
Tough. Windows does not appear to be designed to behave
reasonably when routing over demand dialled links.
Mike
--
A train stops at a train station, a bus stops at a bus station.
On my desk I have a work station...
.----------------------------------------------------------------------.
| Mike Jagdis | Internet: mailto:[EMAIL PROTECTED] |
| Roan Technology Ltd. | |
| 2 Markham Mews, Broad Street | Telephone: +44 118 989 0403 |
| Wokingham ENGLAND | Fax: +44 118 989 1195 |
`----------------------------------------------------------------------'
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: Modem Dial-in
Date: 18 Aug 99 13:25:51 GMT
Kelvin Dam <[EMAIL PROTECTED]> writes:
>I'm newbie with a RH6.0 installation.
>I've installed mgetty to collect my incomming calls, and if authorized -
>logging in.
>But my modem answers after 1 ring, so if the phone rings, I have to run
>like ...... ;)
>Is it mgetty I should configure to answer later, or is it the actual
>modem?
>And if so - how do I configure the modem?
For mgetty the modem should be set up to never answer the phone.
(ATS0=0 I tyhink it is)
You tell mgetty how many rings using the rings option
rings 5
willtell it to answer after 5 rings, etc
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DHCP to other WAN sites from one server.
Date: Wed, 18 Aug 1999 14:37:11 GMT
Thanks Steve!
So do I need to set the ip helper-address on each router to point to my
DHCP server?
On my DHCP server how would I enter the different IP numbers? I always
get this subnet does not exist on this subnet.
Example. Our DHCP server is working great on our 192.168.1.1 subnet,
but our other sites are 192.168.2.1 and 192.168.3.1... How would I add
this on the same DHCP server without giving my an error.
Thanks for all your help!
Fred
In article <v2%t3.305$[EMAIL PROTECTED]>,
"Steve Cowles" <[EMAIL PROTECTED]> wrote:
> By default, most routers do not forward DHCP packets. With Cisco
routers you
> can set the "ip helper-address" to point to the IP address of the DHCP
> server at your site. That way when a client at your remote site
> (192.168.2.0/24) issues a DHCP broadcast, the router will forward that
> packet to the IP address specified by the helper-address (the DHCP
server).
>
> The key to making this work is to be sure you have all DHCP scopes
defined
> for all subnets, especially the local scope for each subnet. ie the
default
> route for each subnet needs to be listed as local. I have actually
set this
> up using Cisco routers and it works great. Although, I eventually
installed
> a DHCP server at each site. I got tired of thinking about having all
my eggs
> in one basket. WAN circuits do go down every now and then.
>
> If you are using Cisco routers to connect your offices together over
Frame,
> Check out this site on Cisco.
>
>
http://www.cisco.com/warp/public/779/smbiz/service/knowledge/tcpip/dhcp.
htm
>
> Steve Cowles
> SWCowles at gte dot net
>
> <[EMAIL PROTECTED]> wrote in message
> news:7p98jc$6ar$[EMAIL PROTECTED]...
> > Hello.
> >
> > I have successfully enabled DHCP at one site and would like to use
DHCP
> > from the same server to our other sites. Our other sites are
connected
> > via routers / Frame-Relay and they are using a private ip number.
> >
> > Currently our subnet is
> >
> > 192.168.1.1 (our router) - 192.168.1.254
> >
> > Our other sites are
> >
> > 192.168.2.1 (our router) - 192.168.1.254
> > 192.168.3.1 (our router) - 192.168.1.254
> >
> > Please help!
> >
> > If possible please e-mail me.
> >
> > Thank you.
> >
> >
> > Sent via Deja.com http://www.deja.com/
> > Share what you know. Learn what you don't.
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Michael" <[EMAIL PROTECTED]>
Subject: Re: Linux and MS Proxy
Date: Wed, 18 Aug 1999 15:47:34 +0100
Crossposted-To: alt.linux,alt.os.linux,microsoft.public.backoffice.smallbiz
You need to use Basic Authentication, not NTLM.
In order to use Basic authentication the usernames that need access from the
Linux box need "logon locally" right on the SBS server.
--
Michael.
------------------------------
From: [EMAIL PROTECTED] (David Akins)
Subject: mgetty respawning too fast
Date: Wed, 18 Aug 1999 13:29:11 GMT
I'm trying to set up a PPP server and am getting an error from mgetty.
S1 respawning too fast: disabled for 5 minutes.
my /etc/inittab entry is as follows:
S1:2345:respawn:/sbin/mgetty -D -s 115200 -n 1 /dev/ttyS1
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.development.system,redhat.servers.general
Subject: Re: KDE for Redhat 6.0 - problems installing
Date: Wed, 18 Aug 1999 14:48:52 GMT
I have all those files on the CD for 6.0
problem is, I chose to upgrade this great desktop that my wife is very
familiar with now when I upgraded the system.
Now, kde doesn't work.
I can't install the old version cuz it won't install on 6.0 (old meaning
1.1.1). I can't install the new version (being 1.1.1pre2) cuz it says
that kde is already installed.
So, what to do now?
I tried a forced install with rpm, didn't work.
I did delete the old /opt/kde dir. too, didn't work. (what's with
installing the 1.1.1pre2 in /usr/ where it says it wants to go?!). :-)
Thanks.
CMR
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: netatalk and asantetalk
Date: Wed, 18 Aug 1999 14:49:35 GMT
I'm trying to mix a very old Mac using localtalk with a linux box
running netatalk.
+-----+
| Mac +=-@ @=PhoneNET localtalk node
+-----+ |
| +------------+
@-=+ AsanteTalk |
+-------+----+
|
+-------+ \--=+
| Linux +=-------------=+ Hub
+-------+ /--=+
| to other stuff
I'm trying to get the Linux box to show up in the Chooser window.
Using a packet sniffer on the Linux box, I can see the Mac (via the
bridge) broadcasting packets on the ethernet segment, but nothing is
responding. I suspect I have a config problem, but I don't know what
to try next.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Eric <[EMAIL PROTECTED]>
Crossposted-To: redhat.networking.general,redhat.config
Subject: Re: mount AIX directory to Linux
Date: Wed, 18 Aug 1999 13:30:50 GMT
when I try to mount a public drive that has been set up on the AIX box, I
get a permission denied error when I try to mount it from the linux box.
We have even set a (insecure) flag inside of the etc/exports file on the
AIX box for the exported folder.
Thanks for the help,
Eric
Phil wrote:
>
> To mount accross the network you need nfs, /etc/exports setup, and you
just
> mount as if it were a local drive - mount hostname:/dir/name /mnt or
mount
> ip:/dir/name /mnt.
>
> You can enter it in your /etc/fstab and mount everytime you boot.
>
> man nfsd
> man nfs
> man exports
> man fstab
>
> Hope this helps,
>
> Phil
>
> Eric <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Is it possible to mount an AIX directory to a directory on a Redhat 5.2
> > machine? What steps do I need to take to get this setup correctly.
> >
> > Thanks
> > Eric
> >
> > ------------------ Posted via CNET Linux Help ------------------
> > http://www.searchlinux.com
>
>
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Greg Weeks)
Subject: Re: Leafnode not posting messages
Date: Wed, 18 Aug 1999 10:24:58 -0500
In article <7pec5a$q41$[EMAIL PROTECTED]>,
Chris Severn <[EMAIL PROTECTED]> writes:
> I'm running leafnode on our small company's server.
>
> I can read news without a problem, but I can't post messages.
>
> The client program sends the message to leafnode without a
> problem, but leafnode just doesn't send it onto the upstream
> server.
>
> The debug from "fetch" claims that it doesn't send it because
> the upstream server already has that message.
> But of course, this isn't possible.
>
> I'm thinking that either leafnode is making up article numbers
> which are very coincidently repeats of existing ones on the
> upstream server, or there's just something funny going on.
>
> The following is debug output of leafnode:
>
> root> fetch -vvvv
> 1.9: verbosity level is 4
> Trying to connect to news.upstream.net.au ... connected.
> 9754-934970872-1 already available upstream
> Getting new newsgroups from news.upstream.net.au
> Read server info from /var/spool/news/leaf.node/news.upstream.net.au
> sci.geo.satellite-nav: no new articles
> comp.os.linux.networking: no new articles
> aus.test: no new articles
> aus.electronics: no new articles
> sci.electronics.design: no new articles
> Disconnected from news.upstream.net.au.
>
Something looks odd about this, but I can't put my finger on it. What
does your out.going and failed.postings directories look like before
and after? Is the group you're trying to post to in your
interesting.groups directory? Is this a cross posting, or just to a
single group?
> What's causing it to think that the article is already sent ?
>
> By the way, I can definately send emails directly from my news
> client to the news.upstream.net.au server successfully every
> time, and I cannot sent anything through leafnode (tried 10
> messages).
>
> Is there better documentation on leafnode than the README
> which comes with leafnode, or the NEWS-Leafsite mini-howto ?
I haven't seen anything else.
Greg Weeks
--
http://durendal.tzo.com/greg/
------------------------------
From: [EMAIL PROTECTED]
Subject: Linux and MSExchange Mail
Date: Wed, 18 Aug 1999 15:53:35 GMT
i was wondering if there were any packages which would allow me to
receive our internal e-mail which is handled by Exchange server. I can
receive internet mail, however. Any help would be appreciated.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: redhat.networking.general
Subject: Re: Token Ring NIC not recognized
Date: Wed, 18 Aug 1999 15:46:07 GMT
The turbo card is supported, but you will have to use Lanaid to put the
card into Auto mode (/FAST=AUTO16).
Mike
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Michael Faurot" <[EMAIL PROTECTED]>
Subject: Re: DSL on One Box -- Do I Need to Do Anything About Security
Date: 18 Aug 1999 15:17:03 GMT
Terrence Coccoli <[EMAIL PROTECTED]> wrote:
: Hi everyone. I'll be going up on DSL starting next week and my ISP is
: giving me a static ip number. I've been researching linux security
: documents, newsgroups, FAQ's, etc. to try to get an idea about what I'll
: need to do to protect myself from all the crackers and wannabe's out
: there. I only have one computer at home right now so I won't be doing
: any internal networking. Do I need to do anything more than shutdown
: the services that I don't want visible to the world in the inetd.conf
: file ?
That's a good start. However if your distribution also installed
other networking services that don't run out of inetd.conf you've got
some more work to do. For example, you may well have NFS running, and
you probably don't need this exposed to the world.
Two good ways of getting a picture of what network ports are being
used is by doing "netstat -a" and "lsof -i". Kill off any daemons
you're not going to use and adjust their rc start-up scripts so that
they don't get restarted at boot time.
: It seems to me that setting up a firewall for a one computer
: operation would be overkill.
Yes, it would be overkill to setup a dedicated firewall machine in
front of your current machine. But it wouldn't be overkill to use the
firewalling capabilities within the kernel on that one machine.
Look over this site for a HOWTO for using ipchains:
http://www.rustcorp.com/linux/ipchains/HOWTO.html
Look over this site for info on firewalling:
http://rlz.ne.mediaone.net/linux/
In answer to the question you pose in the subject: Do I need to do
anything about security? Definitely. There's all sorts of twits out
there running port scanners and other cracking tools to find machines
that can be exploited.
--
==============================================================================
Michael | mfaurot | Disease can be cured; fate is incurable.
Faurot | atww.net | -- Chinese proverb
------------------------------
From: Chris Severn <[EMAIL PROTECTED]>
Subject: Leafnode not posting messages
Date: 18 Aug 1999 21:23:54 +0800
I'm running leafnode on our small company's server.
I can read news without a problem, but I can't post messages.
The client program sends the message to leafnode without a
problem, but leafnode just doesn't send it onto the upstream
server.
The debug from "fetch" claims that it doesn't send it because
the upstream server already has that message.
But of course, this isn't possible.
I'm thinking that either leafnode is making up article numbers
which are very coincidently repeats of existing ones on the
upstream server, or there's just something funny going on.
The following is debug output of leafnode:
root> fetch -vvvv
1.9: verbosity level is 4
Trying to connect to news.upstream.net.au ... connected.
9754-934970872-1 already available upstream
Getting new newsgroups from news.upstream.net.au
Read server info from /var/spool/news/leaf.node/news.upstream.net.au
sci.geo.satellite-nav: no new articles
comp.os.linux.networking: no new articles
aus.test: no new articles
aus.electronics: no new articles
sci.electronics.design: no new articles
Disconnected from news.upstream.net.au.
What's causing it to think that the article is already sent ?
By the way, I can definately send emails directly from my news
client to the news.upstream.net.au server successfully every
time, and I cannot sent anything through leafnode (tried 10
messages).
Is there better documentation on leafnode than the README
which comes with leafnode, or the NEWS-Leafsite mini-howto ?
Chris Severn
--
Delete the 'x' to remove the spamblock
Except spammers, for whom my email address is abuse@localhost
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
