Linux-Networking Digest #278, Volume #12 Wed, 18 Aug 99 21:13:37 EDT
Contents:
Caching only nameserver for internal network (Michiel Kreutzer)
Re: eth0 in promiscuous mode ("Gary")
RAM Recommendations ("steve epstein")
linux 2.2.10 and IPNAT -- Urgent -- ("Bernard Varaine")
DSL router? (Marc Ohmann)
Re: newbie ifconfig/eth question ("Cowles, Steve")
Re: DNS caching only name server (Michiel Kreutzer)
Re: Samba and NT4 SP3 ("Cowles, Steve")
Re: DSL router? (John Hovell)
Re: tulip.c recognizes Macronix MX98715AEC but brings link down (Rod Smith)
Samba and shares on a Win98 partition (Paolo Cova)
SSH (Paolo Cova)
Re: eth0 in promiscuous mode (Scott McEachern)
----------------------------------------------------------------------------
From: Michiel Kreutzer <[EMAIL PROTECTED]>
Subject: Caching only nameserver for internal network
Date: Wed, 18 Aug 1999 23:05:18 GMT
Hi,
I have a local, internal network (ip# 192.168.*.*) behind a firewall
running linux (RH 5.2). My ISP's nameserver is painstakingly slow, so I
have managed to set up a caching only nameserver on the firewall, and
have made the neccesary changes to both /etc/named.conf (uncomment the
"any port" line, forward first; forwarders {my_ISP_nameservers;}) and my
firewall script (allow dns communication with my ISP nameservers on port
53). It works wonderfully on the firewall itself (giving the
non-authorative ip#'s on second nslookup, and succesful ip#-to-hostname
lookups).
Now I want to use the firewall caching-only nameservers for all boxes
behind the firewall. These boxes have hostnames (host1, host2, etc.),
which are setup in /etc/hosts on the firewall, and I don't need, nor
want the firewall-nameserver for resolving names inside the intranet, as
I am quite happy with the way this is working now. I have not set up a
domainname for my intranet, and I wonder if I need to. Also, to what
domainnames am I restricted? I can guess linux.org would not be a good
choice, but I wonder if I can use something like home.intranet.
The problem I face now is that if I use firewall's ip-number as the only
nameserver for the other boxes, I cannot resolve any names. At least
nslookup does not work, both in ip#-to-hostname and hostname-to-ip#
mode.
I searched deja.com for help, but did not find any, except from setting
up a nameserver on a second, internal box. This I can nor want to do.
So, my basic question is: I want to use the caching-only nameserver on
my firewall to reduce the dns-traffic to the outside world as much as I
can, and use this nameserver not only for the firewall itself, but also
for the other boxes on the intranet. How can I set this up? I have read
the DNS-HOWTO, but that did not help me succeed.
Thanks beforehand for any input.
Michiel Kreutzer
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: Re: eth0 in promiscuous mode
Date: Wed, 18 Aug 99 22:37:50 GMT
Reply-To: [EMAIL PROTECTED]
promiscous mode means that the card will capture every frame on the network
& pass it up to a higher layer, where it willl be discarded. This mode is
normally only useful for running network sniffer programs, so disabling it
may improve your performance.
As for the address, Linux runs as a DHCP server/client by default in some
installations, so may have given this out.
If you only lease 1 address, they'll ignore the other, but ill NOT be happy
about it, as that address probably does exist elsewhere.
------------------------------
From: "steve epstein" <[EMAIL PROTECTED]>
Subject: RAM Recommendations
Date: Wed, 18 Aug 1999 18:52:13 -0500
I am running a RH 5.1 server with 3 Win98 clients (samba) & 2 TCP/IP
printers. The print queues are in the server. Everything works, but large
print jobs stall in the queue. Originally this happend with print jobs
larger than 20MB. At the time, the server had 32MB of RAM +32MB of swap
space. I have doubled the RAM to 64MB and increased swap space to 128MB. I
can now print jobs up to 40MB, but larger jobs stall the queue same as
before. How much RAM is really needed?
How does Samba/RH print mechanism handle memory? There is no limit on the
print job size in etc/printcap. The machine seems to start thrashing the
drives and then later the print queue stalls.
Thanks, any help would be appreciated.
steve dot epstein at worldnet dot att dot net
------------------------------
From: "Bernard Varaine" <[EMAIL PROTECTED]>
Subject: linux 2.2.10 and IPNAT -- Urgent --
Date: Thu, 19 Aug 1999 12:25:36 +1200
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Hi,
I am trying to setup IPNAT on a 2.2.10 kernel.
I have recompiled the kernel with the fast Network address translation
but what/where are the tools to use it now ?
The "help" in the kernel config point to a web page that say's it is
not for this IPNAT module and I start to get lost...
Or should I masquerade each of the incoming addresses ...
Bernard
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBN7qmQCt65A7+5m/VEQK9HACfZyYh8rl525JK3u5xetx3lbqfsTYAoOXO
3Svls69pFAukk5FR49H6pzD/
=zyxb
=====END PGP SIGNATURE=====
------------------------------
From: Marc Ohmann <[EMAIL PROTECTED]>
Crossposted-To:
alt.linux.slakware,at.os.linux,alt.os.linux.slackware,comp.os.linux.misc,comp.os.linux.setup
Subject: DSL router?
Date: Wed, 18 Aug 1999 18:52:08 -0500
Can anyone refer a good how-to or any resource dealing with linux
router/firewall and a cisco 675 DSL modemm to me? I have read all of
the relevant LDP how-tos but something more case specific would help.
The kernel is recompiling right now and so far everything is going as
planned (knock on wood) but I am sure that eventually I am going to need
a good resource.
Thanks,
marc
------------------------------
From: "Cowles, Steve" <[EMAIL PROTECTED]>
Subject: Re: newbie ifconfig/eth question
Date: Wed, 18 Aug 1999 19:06:14 -0500
This is a cut/paste from /usr/src/linux/Documentation/networking/alias.txt
Hope this answers your question. To be honest, I don't know about the
'magic' term. Maybe the author was trying to be humorous!!!!
Steve Cowles
SWCowles at gte dot net
=================================
o Alias creation.
Alias creation is done by 'magic' iface naming: eg. to create a
200.1.1.1 alias for eth0 ...
# ifconfig eth0:0 200.1.1.1 etc,etc....
~~ -> request alias #0 creation (if not yet exists) for
eth0
and routing stuff also ...
# route add -host 200.1.1.1 dev eth0:0 (if same IP network as
main device)
# route add -net 200.1.1.0 dev eth0:0 (if completely new network
wanted
for eth0:0)
~~~~~~~~~~ -> will delete alias
Alias (re-)configuring
Aliases are not real devices, but programs should be able to configure and
refer to them as usual (ifconfig, route, etc).
Relationship with main device
=============================
- the main device is an alias itself like additional aliases and can
be shut down without deleting other aliases.
o Alias deletion.
Also done by shutting the interface down:
# ifconfig eth0:0 down
<[EMAIL PROTECTED]> wrote in message news:7peu0q$bd0$[EMAIL PROTECTED]...
> Question ... I'm trying to learn to talk the talk here ...
>
> My rc.local file has entries to define multiple IP interfaces on eth0.
> e.g.:
> /sbin/ifconfig eth0:3 207.44.26.132 netmask 255.255.255.128
> /sbin/route add -host 207.44.26.132 dev eth0:3
> /sbin/ifconfig eth0:4 207.44.26.133 netmask 255.255.255.128
> /sbin/route add -host 207.44.26.133 dev eth0:4
> /sbin/ifconfig eth0:5 207.44.26.134 netmask 255.255.255.128
> /sbin/route add -host 207.44.26.134 dev eth0:5
> /sbin/ifconfig eth0:6 207.44.26.135 netmask 255.255.255.128
> /sbin/route add -host 207.44.26.135 dev eth0:6
>
> My question is what exactly the number following eth0: represents
> (e.g., eth0:3, eth0:4)?? Obviously it is used to allow one to bind
> multiple IPs to a NIC. What would we call these numberings?
> Bindings? Binding instances? I'm just looking for some terminology
> here (plus any explanation).
>
> Thanks,
> Matthias
>
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: Michiel Kreutzer <[EMAIL PROTECTED]>
Subject: Re: DNS caching only name server
Date: Thu, 19 Aug 1999 00:02:27 GMT
In article <[EMAIL PROTECTED]>,
marty <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have a small network of MS machines behind a Linux 2.2.9 firewall
> machine. I am using ipchains with masq. and everythings works great.
I
> would however like the firewall machine to act as a DNS caching only
> name server. The DNS Howto from the LDP is very helpful, but I have
run
> into a problem.
>
> According to the HOWTO, Section 3, the following line in
> /etc/named.conf.:
>
> //query-source port 53;
>
> should be uncommented if I am using a firewall.
>
> Section 8 Questions and Answers No.2 "How to use DNS from inside a
> firewall?"
> Says: A hint: forward only;, You will probably also need
> "query-source port 53;"
> inside the ''options'' part of named.conf file as suggested in the
> example caching section.
>
> Now, I am guessing that I need to add a rule in my ipchains file:
> firewall.rc to allow forwarding of the DNS queries to port 53. Is
this
> correct? If so, what syntax would you recommend?
> I am guessing the following:
> /sbin/ipchains -A forward -p all -j ACCEPT -s $local_ip -d any/0
>
> But this does not seem to work. Any help you could offer would be
> appreciated.
>
> Marty.
>
>
Hi Marty,
seems we are working on the same project at the same time. (See my
question in this group). I have a firewall under a slightly older kernel
(2.0.36), and use ipfw(adm), not ipchains. Here are some of the things I
found out:
1. Uncomment that line about port 53, so you can set up the rules,
allowing only traffic at port 53, and keep other closed.
2. Put the following in the options section of the same /etc/named.conf:
forward first;
forwarders{ your_ISP_namerserver1_IP; second_IP; };
This makes sure that if the lookup has not been cached before, it
checkes your ISP's nameserver first, before going through all the
motions of looking up from the root servers downward. (I disallowed any
dns traffic with anything else than my ISP nameservers anyway, more on
that further on).
3. In my firewall set-up script (started at boot), it have from some-one
else (Ziegler I think, he has an excellent website helping setting up
firewalls):
EXTERNAL_INTERFACE="eth0" # whichever you use
IPADDR="123.456.789.10"
UNPRIVPORTS="1024:65535"
NAMESERVER_1="aaa.bbb.ccc.ddd"
NAMESERVER_2="ppp.qqq.rrr.sss"
#
============================================================================
# DNS
# The nameserver must be configured before any rule which uses
# a host name instead of an IP address.
#
# 1-19-99: in RedHat 5.2 with the new bind-8.1.2-5, see
/etc/named.conf.
# "query-source address * port 53;" must be uncommented.
# DNS server
# ----------
# DNS forwarding, caching only nameserver (53)
# --------------------------------------------
# server to server query or response
# Caching only name server only requires UDP, not TCP
# 1-19-99: in RedHat 5.2 with the new bind-8.1.2-5,
# a caching-only nameserver seems to need these rules
# and the following client-mode rules.
ipfwadm -I -a accept -P udp -W $EXTERNAL_INTERFACE \
-S $NAMESERVER_1 53 \
-D $IPADDR 53
ipfwadm -O -a accept -P udp -W $EXTERNAL_INTERFACE \
-S $IPADDR 53 \
-D $NAMESERVER_1 53
[same for NAMESERVER_2]
# DNS client (53)
# ---------------
ipfwadm -I -a accept -P udp -W $EXTERNAL_INTERFACE \
-S $NAMESERVER_1 53 \
-D $IPADDR $UNPRIVPORTS
ipfwadm -O -a accept -P udp -W $EXTERNAL_INTERFACE \
-S $IPADDR $UNPRIVPORTS \
-D $NAMESERVER_1 53
ipfwadm -I -a accept -P tcp -k -W $EXTERNAL_INTERFACE \
-S $NAMESERVER_1 53 \
-D $IPADDR $UNPRIVPORTS
ipfwadm -O -a accept -P tcp -W $EXTERNAL_INTERFACE \
-S $IPADDR $UNPRIVPORTS \
-D $NAMESERVER_1 53
[same for NAMESERVER_2]
Hope this helps, it works for me. But than again, I have other problems
with DNS...
M.T. Kreutzer
kreutzer (at) bart (dot) nl
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Cowles, Steve" <[EMAIL PROTECTED]>
Subject: Re: Samba and NT4 SP3
Date: Wed, 18 Aug 1999 18:46:58 -0500
Andreas Vester <[EMAIL PROTECTED]> wrote in message
news:7pf7le$j3t$[EMAIL PROTECTED]...
> Hi,
>
> I've got a big problem. Since three days I tried to build up a network.
I've
> got two machines at home. On the machine works SuSE Linux 6.1 and on the
> other Win NT4 SP3. I want the Linux machine to become a file server. I
> installed and configured the samba package and at the NT machine I have
> access to the shares from the Linux machine.
> My first and main problem is that I don't have any write access although I
> configured my smb.conf with "read only = no" and "writeable = yes". I
tried
> everything: Read the man pages, howtos, look for information in the net,
but
> nothing work...
Even though you specified "writable=yes" in your smb.conf file, samba must
adhere to the Operating Systems permissions of the directories that the
shares point to. i.e. Does the directory your are trying to write to (on
your Linux box) grant your login ID write permissions.
> My second problem is that I don't see the Linux machine in the NT network
> neighborhood.
If you are not running a WINS server on your network, then you will need to
enable the WINS component of Samba, plus specifiy the IP address of your
Linux box as the WINS server on your NT machine. Also, the DOMIAN/WORKGROUP
designations need to match on your NT box.
The following options are critical in what you are trying to achieve.
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = YOURWORKGROUP
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
; wins support = yes
I don't know if the following three are needed if you enable the WINS Server
of nmbd. I run a MS WINS server on my network, so I have Samba configured to
be a WINS client. i.e. I do NOT enable the WINS component of nmbd. Samba
simply registers itself with the Wins server on my network at bootup. When
it registers with the WINS server, it is then browsable through network neig
hborhood.
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 33
# Cause this host to announce itself to local subnets here
remote announce = 192.168.9.255 (needs to be set to your networks
broadcast address)
Steve Cowles
SWCowles at gte dot net
>
> PLEASE HELP before I go crazy...
>
> Thanks
>
> Andi
>
> P.S.: Antworten in Deutsch w�ren sehr willkommen !?!
>
>
------------------------------
From: John Hovell <[EMAIL PROTECTED]>
Crossposted-To:
alt.linux.slakware,at.os.linux,alt.os.linux.slackware,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: DSL router?
Date: Thu, 19 Aug 1999 00:31:06 GMT
Marc --
I could be wrong, but isn't that basically just connecting a network
interface? Doesn't it just plug into an Ethernet card, and gets configured
accordingly?
It really varies depending on the ISP... I installed a DSL modem that
actually was a router (that is, you just plugged it into an Ethernet hub,
and anything on that physical network could get access with a real IP
address).
What exactly is your setup?
--John
Marc Ohmann wrote:
> Can anyone refer a good how-to or any resource dealing with linux
> router/firewall and a cisco 675 DSL modemm to me? I have read all of
> the relevant LDP how-tos but something more case specific would help.
> The kernel is recompiling right now and so far everything is going as
> planned (knock on wood) but I am sure that eventually I am going to need
> a good resource.
>
> Thanks,
> marc
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Rod Smith)
Subject: Re: tulip.c recognizes Macronix MX98715AEC but brings link down
Crossposted-To: comp.os.linux.hardware
Date: Wed, 18 Aug 1999 23:58:47 GMT
[Posted and mailed]
In article <[EMAIL PROTECTED]>,
Benjamin Kunz <[EMAIL PROTECTED]> writes:
> Hi.
> Well, the Subject says it - The MX98715AEC chip is apparently recognized
> by the tulip driver, but does not function - the link LED goes off - is
> there any chance to get these cards to operate with linux?
Have you upgraded your Linux tulip.c kernel driver? Up through kernel
2.2.9, at least (maybe higher), the kernel came with a version of tulip.c
that didn't work well with many Tulip clone boards. I've got a SOHOware
Macronix-based board that's working fine on my system with the updated
driver. You can obtain the source from:
http://cesdis.gsfc.nasa.gov/linux/drivers/tulip-devel.html
You'll need to replace the original file in your Linux kernel source tree
and recompile the kernel and/or kernel modules.
--
Rod Smith
[EMAIL PROTECTED]
http://members.bellatlantic.net/~smithrod
Author of _Special Edition Using Corel WordPerfect 8 for Linux_, from Que
------------------------------
From: Paolo Cova <[EMAIL PROTECTED]>
Subject: Samba and shares on a Win98 partition
Date: Thu, 19 Aug 1999 02:03:06 +0200
Hi,
I would like to make a few shares available from a Win98 fat32 partition
on my box through Samba. The partition is mounted vfat, to preserve long
file names. The problem is: I want to give write access for those shares
to certain users on. Users can read fine, but not write. In fact all the
files on the mounted partition are set as belonging to user and group
root, and it seems that I cannot change permissions on existing files
and directories there (chmod has no effect). I thought of mounting the
partition with a group id for the users I want to give write access, but
the files only have write access for user, not group, and I can't get
around this.
I have a feeling that this has a simple solution, but it eludes me at
the moment. Do I have to use umsdos and lose long file names, or is
there an alternative?
Thanks,
Paolo
P.S. The shares are writable for the valid users on smb.conf
------------------------------
From: Paolo Cova <[EMAIL PROTECTED]>
Subject: SSH
Date: Thu, 19 Aug 1999 02:03:11 +0200
Greetings,
I am using my linux box as a firewall for a masqueraded local network. I
implemented a relatively strong filtering ruleset with ipchains and all
works fine, but for some reason I can't login into a remote machine
using the ssh client on the linux box. In fact I can ssh from machines
on the local network both into the firewall box and remote machines on
the internet, and it works fine. I think that all is fine in the ruleset
to make ssh data pass through (I can even login into the firewall box
with ssh from a remote machine on the internet), so right now I have
exhausted ideas on the issue. I checked the config file for the ssh
client but don't see anything that appears to prevent connections.
Any helpful ideas? :-)
Thanks,
Paolo
------------------------------
From: Scott McEachern <[EMAIL PROTECTED]>
Subject: Re: eth0 in promiscuous mode
Date: Thu, 19 Aug 1999 00:13:12 GMT
thebrownhighlander wrote:
> Hi, (pardon my lack of CAPS)
>
> i have my linux box with 2 ethernet cards with eth0 on a cable modem with
> dhcp and eth1 as my gateway device.
>
> when i look at the logs it says that eth0 is initialized in promiscuous
> mode. also when i booted up my win box without changing the settings (eg:
> obtain ip address automatically) it got its OWN ip address. this should
> not happen at all. This has not happened before. It is freaking me out.
Do you mean it got the same IP addy as your Win box? I have a similar
setup, but with xDSL, and the same thing happens to me. I have a dual boot
machine, and if I don't turn off the modem and boot into win (and back and
forth) my gateway keeps the address. I've even found that if I turn off the
modem for a couple minutes I still get the same IP. Fairly simplistically
(and not entirely true, but..) DCHP keeps "leases", and when it goes looking
for it's IP addy, it usually tries for the last one it had. As far as
I understand, if the last addy you had hasn't been taken by another
subscriber, chances are you will get it again.
> a few questions:
> -why is eth0 philandering about?
> -what does it mean?
I believe that's the state that DHCP leaves your modem in while it is
requesting an address. It should exit horny mode when one is assigned.
> -how do I fix it?
Nothing to fix.
> -what will my cable modem people say when there are two requests for two
> different ip address while one ip address is still alive (by which i mean
> that it is still under lease)
Not sure about that one, I think it's something that DHCP will clean up
itself.
>
>
> thanks a lot.
> (yes i am also a newbie <silly grin>)
--
mailto:[EMAIL PROTECTED]
http://www3.sympatico.ca/scott.mceachern
On the side of the software box, in the "System requirements section",
it said "Requires Windows 95 or better." So I installed Linux.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
