Linux-Networking Digest #311, Volume #12 Sat, 21 Aug 99 06:13:46 EDT
Contents:
Questions ("Christopher Lu")
setting up email with virtual hosts ("]\\")
PPPD and Point-to-Point Compression? (yongtao)
Re: 3com ISA cards and linux (William Park)
Win98 / Linux hardware ("Timothy Muir")
Linux & Lan ("Rudolf Traunm�ller")
Forwarding with ipchains (Calum Lawler)
Re: NT - Linux Newbie ("Zbigniew M. Strzempa")
"Unknown interrupt" hang (Paul McQuesten)
Re: Problem with kppp after RH6 install (Andrew Williams)
Re: Fax Server ("Peter Marks")
Samba--Who am I? ("Hiawatha Bray")
Re: 3com ISA cards and linux (Ronald Benedik)
Tulip driver for chipset MX98715 (SOHOware) (Timothy Bowers)
apache (haze)
Fax Server ("Thomas Lee")
Re: proftpd and binding (r wessels)
Re: Can't quit Gnome (Bob Surenko)
Re: Disallowing telnet access for one specific account (DanH)
Re: IMAP clients for linux ("Kelly L. Fulks")
Re: DSL router? (Marc Ohmann)
Re: NFS for streaming video | is there a better solution? (David Crooke)
Re: apache (Bill Pitz)
Re: Disallowing telnet access for one specific account ("withheld")
----------------------------------------------------------------------------
From: "Christopher Lu" <[EMAIL PROTECTED]>
Crossposted-To:
alt.os.linux.mandrake,athome.users-unix,comp.os.linux.help,comp.os.linux.misc,comp.os.linux.questions,comp.os.linux.setup
Subject: Questions
Date: Sat, 21 Aug 1999 06:48:56 GMT
1. Linux tells me that my eth0 is in "promiscuous mode." What does that
mean?
2. I tried to download the kicq rpm from linuxberg. When I try to install
the rpm I'm told that kdesupport-rh5x is missing or not found. Where can I
find it? And after the rpm installs, do I just type install-kicq? Typing
kicq should load the program, right?
3. I'm using @home cable service. When I use a windows email/news program
(MS Outlook, Netscape Communicator, etc), I just need to type "news" in the
news server/NNTP configuration. When I tried "news" in Linux under either
Netscape or the KDE news client it doesn't work. Can someone help me out
please?
Thanks a lot!!!
PS. using Mandrake 6 distribution
------------------------------
From: "]\\" <[EMAIL PROTECTED]>
Subject: setting up email with virtual hosts
Date: Fri, 20 Aug 1999 12:21:01 -0400
can somebody point me to some info on how to set up pop mail accounts. i've
got several virtual hosts and need many different email addresses. or if you
want to help me out with it personally, that acceptable :)
i checked linuxhelp.org, couldn't find anything there
thanks
-Clay Mitchell
------------------------------
From: yongtao <[EMAIL PROTECTED]>
Subject: PPPD and Point-to-Point Compression?
Date: Fri, 20 Aug 1999 23:56:54 +1700
In article <[EMAIL PROTECTED]>,
yongtao <[EMAIL PROTECTED]> wrote:
>Hi Everyone,
>
>After over a week of hard work, I finally made PPTP-Linux
>logon to the NT PPTP server. But only to find out that NT
>PPTP Server insists on using the so called "Microsoft
Point-
>to-Point Compression" (MPPC), which my PPPD (version 2.3.9-
>1) does not support. :(
>
>So I would really like to know:
>
>1. Is there a version of PPPD that supports MPPC?
>2. If not, is there an implementation of MPPC available on
>Linux that I can "integrate" (with little coding) into
PPPD?
>3. If not, is there a way to stop NT PPTP server from
>insisting on MPPC?
>
>You help is greatly appreciated.
>
>Yongtao
>[EMAIL PROTECTED]
>
Correction: NT does not insist on MPPC. It insists on
Microsoft Point-to-Point Encryption (MPPE). So I guess I
still have the above three questions, except that I am
looking for MPPE instead of MPPC. Sorry about that.
Yongtao
[EMAIL PROTECTED]
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: William Park <[EMAIL PROTECTED]>
Crossposted-To:
at.linux,aus.computers.linux,be.comp.os.linux,comp.os.linux,comp.os.linux.advocacy,comp.os.linux.development.system,comp.os.linux.hardware,comp.os.linux.misc
Subject: Re: 3com ISA cards and linux
Date: 21 Aug 1999 06:51:25 GMT
In comp.os.linux.advocacy Caitanya <[EMAIL PROTECTED]> wrote:
> I'm on cable as well the guys are great there and you can joing the bigpond
> linux newsgroup, read the FAQ and you'll get up and running in not time at
> all
> ----------------------------------------------------------------------------
> ---------------------------------------
> Kalkas wrote in message <[EMAIL PROTECTED]>...
> I have been seriously thinking to use Linux and stop using Windows 98. I am
> fascinated by Linux's stability and security.
> Therefore, I have seriously planing to install Linux and USE IT.
> However, it seems that it is not possible for me to use Linux, since I use
> cable modem with a 3com ISA card. More precisely, I use 3com EtherLink III
> ISA (3C509/3C509b) network interface card, and there are no drivers which
> will support my card in Linux.
> Did someone else have similar problems?
> Regards,
> Kalkas
3c509b (and most 3com cards) is supported by Linux. I'm using it
right now. To load the driver, edit /etc/rc.d/rc.modules and search
for '509'. To enable BNC port and disable PnP, download 2 disk set 'EtherDisk' from
<www.3com.com> and run '3c5x9cfg.exe' from the 2nd disk in DOS.
Yours truly,
William Park
------------------------------
From: "Timothy Muir" <[EMAIL PROTECTED]>
Subject: Win98 / Linux hardware
Date: Sat, 21 Aug 1999 13:24:56 +1000
I have a Celeron 400 dual booting with Windows 98 and Redhat Linux 5.2 and a
486 DX4 100 which I want to network together.
In the 486 I have a 3Com network card, (it has one coax and one rj45 ?
connection in the back of it)
I am looking for recommendations on the best network card to use. (should I
ditch the 3com card and get another one ?)
------------------------------
From: "Rudolf Traunm�ller" <[EMAIL PROTECTED]>
Subject: Linux & Lan
Date: Sat, 21 Aug 1999 09:17:00 +0200
I've got 2 Computers & 2 Ethernet Ne 2000 network cards. Now I've got
WinProxy on my Win98 Pc to dial in to the Internet with various network Pcs
and only one connection to the net. Winproxy works.
Now I try to set up my Linux Pc. The only thing I would need is a TcpIp
Connection between my Linux and my Win98 Pc, so does anybody know how i
configure my network card and other things to install such a TcpIp Lan??
Thanks
------------------------------
Date: Fri, 20 Aug 1999 10:28:14 -0600
From: Calum Lawler <[EMAIL PROTECTED]>
Subject: Forwarding with ipchains
I am trying to forward any website requests to another machine.
192.168.1.10 (RH6) should forward any packets arriving in port 80 to
192.168.1.41 (QNX) where the web server is... My ipchains rule was
implemented as follows:
ipchains -A forward -b -p TCP -s 0/0 www -d 192.168.1.41 www
Nothing gets forwarded. The kernel (2.2.5-15) is compiled with firewall
and /proc/sys/net/ipv4/ip_forward is set to 1.
Any ideas? What am I doing wrong?
CL
------------------------------
Date: Thu, 19 Aug 1999 14:51:36 +0200
From: "Zbigniew M. Strzempa" <[EMAIL PROTECTED]>
Subject: Re: NT - Linux Newbie
> I have an NT 4.0 server PDC and a Linux server and I cant get them to ping
> each other.
> In network neighborhood I can see the linux box but cant browse it.
looks like you have the encryption problem.
NT uses encrypted passwords, linux sends by default plain text ones.
here my (working) smb.conf file plus you shoud read ENCRYPTION.txt
from samba docs.
cheers
max
#
#======================= Global Settings
=====================================
[global]
workgroup = WORKGROUP
server string = Linux Samba Server
log file = /var/log/samba/log.%m
max log size = 50
security = user
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
username map = /etc/smbusers
socket options = TCP_NODELAY
create mode = 0644
; preserve case = no
; short preserve case = no
; default case = lower
; case sensitive = no
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
------------------------------
From: Paul McQuesten <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: "Unknown interrupt" hang
Date: Sat, 21 Aug 1999 03:23:45 -0500
I am having a similar problem: gets two "unknown interrupt"
messages, and then requires a power-off to reboot. Red Hat
51 (Kernel 2.0.34). It only seems to happen when printing to
an Apple LaserWriter via netatalk over ethernet. No
conflicts showing in /proc/interrupts or /proc/ioports.
Where does that message come from? Can I add some debug
print statements to the kernel?
> Perhaps your network card on the Linux box is sharing an interrupt (check
> /proc/interrupts) ....
>
> bencecil wrote in message <[EMAIL PROTECTED]>...
> >Howde people,
> >
> >I am receiving "unknown interrupt" messages, followed by a lock up on my
> >Red Hat 5.2 (Kernel 2.0.36) system.
> >
> >It (the Linux box) runs fine by itself, but when I boot one of the win95
> >machines and try to connect to the network, the error emerges.
>
------------------------------
From: Andrew Williams <[EMAIL PROTECTED]>
Subject: Re: Problem with kppp after RH6 install
Date: Thu, 19 Aug 1999 15:00:22 +0200
Reply-To: [EMAIL PROTECTED]
chmod +s /usr/sbin/pppd
If you look at the help-docs for kpppd, you will see this suggestion and some
alternatives. The kpppd program also needs a special bit or 2 to be set, but
yours probably is.
Jo Knight wrote:
> Hi,
>
> Can anyone help me on this small problem. I have just upgraded to RH6 from
> RH5.2. Using kppp under RH5.2 worked fine, I could dial up my ISP using my
> normal account (not root). After upgrading to RH6 when I try to connect I
> get the following error message:
>
> 'pppd not installed properly - the pppd binary must be installed with the
> SUID bit set'
>
> kppp works fine when I use root to connect with, but I understand that it is
> not advisable to be connected to the net as root. So i need to know what I
> need to change so I can get connected using any normal account.
>
> Any help is appreciated.
>
> Jo - [EMAIL PROTECTED]
--
Mielipiteet omiani - Opinions personal, facts suspect, especially on my
http://www.germanynet.de/teilnehmer/101/69082/samba.html
Simple Samba Solutions web page. ICQ 1722461
__________________________________________________________
| Fight Spam! Join EuroCAUCE: http://www.euro.cauce.org/ |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
From: "Peter Marks" <[EMAIL PROTECTED]>
Subject: Re: Fax Server
Date: Sat, 21 Aug 1999 18:43:22 +1000
go to http://www.hylafax.org it works fine and you can have multiple lines
without problems. There is even a a native client for windows.
err, it's free.
peter
Thomas Lee <[EMAIL PROTECTED]> wrote in message
news:7pl9li$63u$[EMAIL PROTECTED]...
> I want to set up a fax with 4 lines and DID function on Linux OS, what
> hardware and software should I use, how about the cost.
>
> If anyone can set it up for me, please tell me how many you charge.
> Thanks in advance.
>
>
>
------------------------------
From: "Hiawatha Bray" <[EMAIL PROTECTED]>
Subject: Samba--Who am I?
Date: 20 Aug 1999 21:33:25 PDT
Thanks for all the help in getting Samba to work. I still have more
questions, though.
I'm signed onto the Linux box with the same user name I assigned to the
Windows computer. Can I sign onto Samba using the same Windows computer but
a different username, such as root? If so, how is this done? Thanks.
------------------------------
From: Ronald Benedik <[EMAIL PROTECTED]>
Crossposted-To:
at.linux,aus.computers.linux,be.comp.os.linux,comp.os.linux,comp.os.linux.advocacy,comp.os.linux.development.system,comp.os.linux.hardware,comp.os.linux.misc
Subject: Re: 3com ISA cards and linux
Date: Sat, 21 Aug 1999 10:01:30 +0200
Kalkas wrote:
>
> I have been seriously thinking to use Linux and stop using Windows 98. I am
> fascinated by Linux's stability and security.
>
> Therefore, I have seriously planing to install Linux and USE IT.
>
> However, it seems that it is not possible for me to use Linux, since I use
> cable modem with a 3com ISA card. More precisely, I use 3com EtherLink III
> ISA (3C509/3C509b) network interface card, and there are no drivers which
> will support my card in Linux.
>
> Did someone else have similar problems?
> Regards,
> Kalkas
I'm using a 3c509b COMBO (PnP/ISA). It definately does work. There may
be a problem with
the 3c509 (not the b version) in dropping ip packets becaus of its tiny
(4kb)
buffer. This problem was solved in version b (8kb buffer). My Problem
was one of dual
boot configuration. Win95 puts the card in PnP mode and Linux doesn't
like that.
So my shutdown script for windoof puts the card back in non PnP mode and
the card uses
the same irq in linux and windoof, now everything works fine.
for linux drivers check:
http://cesdis.gsfc.nasa.gov/linux/drivers/3c509.html
------------------------------
From: Timothy Bowers <[EMAIL PROTECTED]>
Subject: Tulip driver for chipset MX98715 (SOHOware)
Date: Sat, 21 Aug 1999 01:56:16 -0700
I am running RH6.0 w/ kernel 2.2.5-15. I have installed the SOHOware
SFA110A ethernet adapter w/ the MX98715 chipset on my computer, and it
works WONDERFULLY with Windows. I have downloaded and installed the
Tulip driver (v0.91g) and installed it as per instructions provided by
the manufacturer of the card (NDC), yet it will not work. When I run
netconf and set up everything as it should be, and reboot, Linux cannot
even find the adapter, eth0. The routine ifconfig cannot find eth0. Is
this a problem with the driver only being written (at the moment) for
kernel 2.0.35, or are there other problems? I plan to patch up to
kernel 2.2.8 in the hopes that that will work to resolve the problem. I
have gone through the HOWTO's and all that. Thanks.
Timothy Bowers
[EMAIL PROTECTED]
------------------------------
From: haze <[EMAIL PROTECTED]>
Subject: apache
Date: Sat, 21 Aug 1999 03:59:01 GMT
is there a way to setup apache to host a local internal site not
available to outside connections but still be able to login through
telnet and ftp from both int and ext ip's
box = rdht6.0 pent 200-64mb ram 2.4 hd hosting cable modem using ip_masq
to allow web access, samba is also being used. basically want to play
with apache and to test out sites that i make
thank you
haze
------------------------------
From: "Thomas Lee" <[EMAIL PROTECTED]>
Subject: Fax Server
Date: Sat, 21 Aug 1999 12:30:49 +0800
I want to set up a fax with 4 lines and DID function on Linux OS, what
hardware and software should I use, how about the cost.
If anyone can set it up for me, please tell me how many you charge.
Thanks in advance.
------------------------------
From: r wessels <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: proftpd and binding
Date: Fri, 20 Aug 1999 16:27:20 GMT
found it! It was in the file /etc/shutmsg.
r wessels wrote:
> yep! there was an entry. Thanks!
>
> But now another problem occurs! If i ftp into my machine it says somthing
> like this:
> 500 FTP server shutdown (going down at ....blablabla) please try again
> later!
> if I tweak the time (to before the going down at... time) of my system it
> workes fine!
> What happend?
>
> Geert Altena wrote:
>
> > r wessels <[EMAIL PROTECTED]> writes:
> >
> > >I replaced wu-ftpd with proftpd an deleted al the entries related to
> > >wu-ftpd from my system! but now when i try to start proftpd (standalone
> > >as root) it tries to bind to 0.0.0.0 port 21!! and fails to do that.
> > >system log:
> >
> > >Aug 19 16:01:22 CC3417-A proftpd[1060]: attempted bind to 0.0.0.0, port
> > >21
> > >Aug 19 16:01:22 CC3417-A proftpd[1060]: bind() failed in
> > >inet_create_connection(): Address already in use
> >
> > >Does anybody know what went wrong an how i can bind it to my external
> > >ip? Did i delete to much from my system?
> >
> > Looks like there still is something running on port 21, try telnetting
> > to port 21 and see what it is.
> >
> > Check your /etc/inetd.conf for the ftp entry.
> >
> > Cheers,
> > \Geert.
> > --
> > Geert Altena | [EMAIL PROTECTED] | Coffee, black, no sugar
> > Finger for PGPkey : Diffie-Hellman 2048/0xC540C550
> > Spookline (Hi there!) : FBI CIA NSA Scud ICBM VX Iraq DIA DEA EFF PGP
------------------------------
From: Bob Surenko <[EMAIL PROTECTED]>
Subject: Re: Can't quit Gnome
Date: Thu, 19 Aug 1999 13:23:49 GMT
Kelvin Dam <[EMAIL PROTECTED]> wrote:
: Hey there!
: Sometimes when I'm using Gnome in RH 6.0, and I click "log out" it don't
: work!
: Theres just no reaction, and Gnome continues......
: In such cases, how do I quit? and is there a workaround to this?
: Thx
: Kelvin "newbie" Dam
Me too. I hit ctrl-alt-backspace to kill my session. I upgraded to the
latest gnome on the redhat site and now it has only happened once. I need
to play around more to see if it really changed anything.
I noticed that I had netscape open most of the time when I had the problem.
I'm not sure if that means anything.
--
=============================================================================
- Bob Surenko [EMAIL PROTECTED]
- http://www.fred.net/surenko/ finger for PGP key
=============================================================================
------------------------------
From: DanH <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security
Subject: Re: Disallowing telnet access for one specific account
Date: Sat, 21 Aug 1999 05:05:28 -0400
YouDontKnowWho wrote:
>
> Isn't host.allow access based on the host or domain? You can
> determine what user it is, but you have to go through some gyrations
> for that, don't you?
No, you can use
in.telneted:<username>@ALL
for just disallowing telnet to that username from any source. However I
believe the original poster said 'telnet' but means 'remotly log onto
the box.' Common misuse of the word because windows only allows telnet
and does not have a rsh, rlogon, ssh, or any of the other ones.
If you just want ONE user not to be allowed, then hosts.deny is for
you. If you want NO ONE to be able to remote logon, then you really
need to look at /etc/inetd.conf and put a '#' in front of all the
services you want to not allow. Allow POP-3, auth, and that's about it,
unless you know what the other ones do and you specifically want those
to work. Then 'kill -HUP <inetd PID>'
Dan
>
> --
> Principle of Minimum Access: "That which is not explicitly permitted
> is denied."
--
UNIX - Not just for vestal virgins anymore
Linux - Choice of a GNU generation
------------------------------
From: "Kelly L. Fulks" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.x,comp.os.linux.development.apps,comp.windows.x.kde
Subject: Re: IMAP clients for linux
Date: Fri, 20 Aug 1999 22:45:11 -0500
Reply-To: [EMAIL PROTECTED]
While not free, I find the Execmail client from MessagingDirect to be
very nice. I use it extensively. I can't say for sure whether they
sell it to individuals however. I have my copies through work where we
use the Linux and Windows versions enterprise wide.
Chetan Ahuja wrote:
>
> Hi,
> Apart from huge and lumbering Netscape and text only pine, what's a
> good (preferably GUI) IMAP client for Linux.... I have long held the idea
> that open source IMAP clients for linux are very hard to find. Don't get me
> wrong, I like pine but sometimes I need to convince other people who are
> moving from windows etc and a nice spiffy looking GUI client which takes
> less than a a minute to start on most machines ( so netscape is out ) would
> really help. Also pine's way of handing attachments etc is less than perfect.
> And as far as I know, Mozilla is not yet usable for the general public.
>
> A KDE client will be nice. The built in mailer for KDE doesn't handle IMAP
> (yet?). Does anybody know whether anybody is working on such a client. I will
> be willing to help with my modest skills any way I can. It may also a good idea
> create some sort of a basic open source backend for IMAP mailers which can
> then be plugged into any GUI interface that people might be using ( Xt, Qt,
> GTK etc... ) It might even be ripped from pine sources ( if license allows )
> or the ongoing Mozilla work (if it doesn't force one to ship huge libraries
> with it) Any ideas/suggestions...
>
> Chetan
>
>
>
>
> --
--
Kelly L. Fulks
HOME Account
[EMAIL PROTECTED]
------------------------------
From: Marc Ohmann <[EMAIL PROTECTED]>
Crossposted-To:
alt.linux.slakware,at.os.linux,alt.os.linux.slackware,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: DSL router?
Date: Thu, 19 Aug 1999 08:45:31 -0500
I had the cisco setup to route but with that setup I had to enable DHCP
and I want local IP addresses. I need local IP's for most of my
networking software and utilities (knetmon, vnc, etc...)
I have two linux boxes (slackware) and a wintell box.
thanks,
marc
------------------------------
From: David Crooke <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: NFS for streaming video | is there a better solution?
Date: Sat, 21 Aug 1999 09:10:17 GMT
Jeff Martin wrote:
>
> Hello,
>
> I was wondering if there is a better solution for streaming video than
> NFS with jpg refresh.
>
> We mount around ten NFS dirs with jpg files from remote servers, these
> are mounted on the webserver from all over the US -- I was wondering if
> anyone has heard of a better solution than this for posting remote (
> from different locations) video to the web, while keeping it secure from
> snoopy-folks.
>
You aren't very specific....let me make assumptions around your words:
1. You have several (up to ten) servers in geographically disparate
locations which are capturing images as JPEG's and storing them to local
disc
2. These files are exported over NFS by wide area network to your
webserver, which is the NFS client
3. Clients connect using browsers to collect the images
First off, JPEG isn't really a "video streaming" medium - at best you'll
be getting a sequence of stills. If these truly constitute a video
stream, then much better overall compression may be had using techniques
like MPEG. Have you looked into commercial technology for this (e.g.
Real Networks)?
If the web server has to output the same image many times, it will fetch
it multiple times over NFS, or at the very least have to check
timestamps against its filesystem cache - plain NFS is stateless. There
are several ways to improve on this (cacheing of various kinds) but the
way I'd suggest is to have storage on the webserver machine and have the
remote picture servers write to it (via NFS the opposite way, FTP or
whatever). That way it is local to the webserver which can serve it much
quicker.
What is this all for anyway? Sounds like a porn site to me ;-)
Dave
--
David Crooke, Austin TX, USA. +1 (512) 656 6102
"Open source software - with no walls and fences, who needs Windows
and Gates?"
------------------------------
From: Bill Pitz <[EMAIL PROTECTED]>
Subject: Re: apache
Date: Sat, 21 Aug 1999 04:36:19 GMT
haze <[EMAIL PROTECTED]> gave us the interesting posting of:
> is there a way to setup apache to host a local internal site not
> available to outside connections but still be able to login through
> telnet and ftp from both int and ext ip's
> box = rdht6.0 pent 200-64mb ram 2.4 hd hosting cable modem using ip_masq
> to allow web access, samba is also being used. basically want to play
> with apache and to test out sites that i make
> thank you
> haze
You could just setup the access config in Apache, but easier would be
(assuming eth0 is your local lan and eth1 is your cable modem; reverse
if it's the other way around of course)
/sbin/ipchains -A input -i eth0 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 -j ACCEPT
/sbin/ipchains -A input -i eth1 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 -j REJECT
This would simply allow connections on port 80 (http) from your local lan
and reject them from the outside world. I do this with several of my
firewall machines.
-Bill
------------------------------
From: "withheld" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security
Subject: Re: Disallowing telnet access for one specific account
Date: Sat, 21 Aug 1999 10:18:09 +0100
But in a situation where IP is allocated to specific machines, and where
users sit at specific machines, blocking the machine based on IP has the
same effect as blocking the user
Dave Lugo <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> yan seiner wrote:
> >
> > Firewalls have no idea who the user is. They only know where a packet
> > came from, which way it came in, and where it is heading.
> >
> > You could block a specific IP, but that user could come in on a
> > different IP.
> >
> > Yan
> >
> > withheld wrote:
> > >
> > > how about using a firewall?/
> > > Cornel Popescu <[EMAIL PROTECTED]> wrote in message
> > > news:7p22do$grn$[EMAIL PROTECTED]...
> > > > In article <[EMAIL PROTECTED]>,
> > > > [EMAIL PROTECTED] (Robert Nichols) wrote:
> > > > > In article <[EMAIL PROTECTED]>,
> > > > > David <[EMAIL PROTECTED]> wrote:
> > > > > :We have a linux machine that acts as a gateway with a DSL and an
FTP
> > > > > :server. There is ne specific account that only some folks have
> > > > access
> > > > > :to. This account is obviously a generic account but in order to
have
> > > > > :ftp access the shell has to be something such as bash. Due to
the
> > > > > :generic nature of the account and the fact that it has a shell, I
> > > > would
> > > > > :like to disable telnet access for just that one account without
> > > > > :disabling telnet. Does anyone know how or if this is possible?
> > > > >
> > > > > Pick an innocuous program like /bin/true and use that as the
account's
> > > > > shell. Add /bin/true to the list of valid shells in /etc/shells
to
> > > > make
> > > > > it acceptable to FTP. Anyone who logs into this account, either
from
> > > > a
> > > > > terminal or via telnet, will just get logged right back out again
when
> > > > > /bin/true exits.
> > > > How about using the following script as /bin/noshell:
> > > > #!/bin/sh
> > > > exec /usr/bin/passwd
> > > > --------
> > > > and add this to /etc/shells ? This would also allow them to telnet
to
> > > > that host enter their old pass and change it ...
> > > >
> > > >
> > > >
> > > > Sent via Deja.com http://www.deja.com/
> > > > Share what you know. Learn what you don't.
>
>
> On a RedHat 5.1 box I have, I use pam_access.so (or such)
>
> I've got this in /etc/pam.d/login:
>
> account required /lib/security/pam_access.so
>
>
> And here are the comments in /etc/security/access.conf:
>
>
> # Login access control table.
> #
> # When someone logs in, the table is scanned for the first entry that
> # matches the (user, host) combination, or, in case of non-networked
> # logins, the first entry that matches the (user, tty) combination. The
> # permissions field of that table entry determines whether the login
> will
> # be accepted or refused.
> #
> # Format of the login access control table is three fields separated by
> a
> # ":" character:
> #
> # permission : users : origins
> #
> # The first field should be a "+" (access granted) or "-" (access
> denied)
> # character.
> #
> # The second field should be a list of one or more login names, group
> # names, or ALL (always matches). A pattern of the form user@host is
> # matched when the login name matches the "user" part, and when the
> # "host" part matches the local machine name.
> #
> # The third field should be a list of one or more tty names (for
> # non-networked logins), host names, domain names (begin with "."), host
> # addresses, internet network numbers (end with "."), ALL (always
> # matches) or LOCAL (matches any string that does not contain a "."
> # character).
> #
> # If you run NIS you can use @netgroupname in host or user patterns;
> this
> # even works for @usergroup@@hostgroup patterns. Weird.
> #
> # The EXCEPT operator makes it possible to write very compact rules.
> #
> # The group file is searched only when a name does not match that of the
> # logged-in user. Both the user's primary group is matched, as well as
> # groups in which users are explicitly listed.
> #
> #
>
>
> You can set things up to do exactly what you want.
>
> --
> --------------------------------------------------------
> Dave Lugo [EMAIL PROTECTED] LC Unit #260 TINLC
> Have you hugged your firewall today? No spam, thanks.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
