Linux-Networking Digest #329, Volume #12 Mon, 23 Aug 99 00:13:41 EDT
Contents:
Re: cable modem cant ping gate way or DNS server ("Michael S. Kerry")
Re: Networking between linux and win98 ("Todd Keller")
Re: Problem with Nics (haze)
HylaFAX and Page Chopping ("Kevin Loughrey")
Re: cable modem cant ping gate way or DNS server (Mark Post)
BIOS Date Change Disrupts IP Masquerading (Erik Jensen)
Re: Netgear FA310TX ("Jim E.")
Re: cable modem cant ping gate way or DNS server ("Michael S. Kerry")
Re: Seeking Linux UDP broadcast forwarding solution ("Curtis Maurand")
DHCP and DNS (Martin Lemenu)
Q: Tunnel TCP/IP over telnet? HOW? (Reece Kimball Hart)
Re: Limit services to one network interface ("Steve Cowles")
----------------------------------------------------------------------------
From: "Michael S. Kerry" <[EMAIL PROTECTED]>
Subject: Re: cable modem cant ping gate way or DNS server
Date: Mon, 23 Aug 1999 01:52:20 GMT
Mark Post wrote:
>
> Michael,
>
> Your problem looks fairly straightforward. Hopefully, you're using
> LILO to boot your linux machine. If so, add the following line to
> the config section you're currently using:
> append = "ether=0,0,eth1"
>
Ah, my bad...I should have mentioned that I already have this line in my
/etc/lilo.conf! Again, the mini-howto on multiple NICs said this. It
was this that allowed the machine to see the second card in the first
place.
Here's my lilo.conf:
append = "ether=0,0,eth1"
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
image=/boot/vmlinuz-2.0.36-0.7
label=linux
root=/dev/hda1
read-only
Again, both cards are found at boot with the correct io and IRQs, and
eth1 works, while the eth0 used to work before I setup eth1. Now, while
I can ping the card itself, I can't ping my gateway.
> are assigned appropriately during startup. I would take the
> 'options ne io=0x300,0x220' line out of your modules.conf file.
If I do that, it doesn't recognize either card...says something on boot
about delaying eth0 initialization (same for eth1). These addresses
were set when I ran the NIC's setup program from DOS (to remove PnP).
> Also, make sure the default gateway route is being assigned to
> the correct eth0/eth1, otherwise you will still not be able to
> get to your gateway.
>
Based on my routing table from below, can you give me an idea of what it
should look like?
Thank you for the help!
> Mark Post
>
> On Sun, 22 Aug 1999 18:18:34 GMT, "Michael S. Kerry" <[EMAIL PROTECTED]>
> wrote:
>
> >I am not the original poster of this thread, but I have a similar
> >problem, but with a twist...
> >
> >I installed two NE2000 NICs (Accton EN166X PnP) in my machine, and then
> >ran the setup utility to remove the PnP. I then installed RedHat 5.2,
> >and configured the first (eth0) NIC during the installation (it didn't
> >find the second). I configured it for my cable modem environment. Upon
> >booting, my connection to the net was fine. I could ping my @home
> >gateway, or anywhere else, surf the net, whatever. eth1 still wasn't
> >recongnized (via ifconfig or the boot messages), which is not
> >surprising.
> >
> >The next morning, I added the lines in /etc/conf.modules as per the
> >Multiple Etherenet Mini HowTo, and suddenly, linux saw both cards (I
> >could see this via the boot messages). I configured the second card (in
> >netcfg) for my local net, and it worked -- I could ping my other
> >machine.
> >
> >However, I suddenly could no longer ping my @home gateway -- something I
> >had been able to do the night before. Curious... Note that I can still
> >use my @home account when I switch back to my Win98 machine.
> >
> >Any ideas?? Thanks!
> >
> >Here are some details:
> >
> >/etc/conf.modules
> >-----------------
> >alias eth0 ne
> >alias eth1 ne
> >options ne io=0x300,0x220
> >
> >/etc/resolv.conf
> >----------------
> >search hwrd1.md.home.com
> >nameserver 24.3.0.33
> >nameserver 24.3.0.34
> >
> >/etc/host.conf
> >---------
> >order hosts,bind
> >multi on
> >
> >/etc/hosts
> >-----
> >127.0.0.1 localhost localhost.localdomain
> >24.6.138.195 cc745410-a.hwrd1.md.home.com cc745410-a
> >
> >route -F
> >--------
> >Destination Gateway Genmask Flags Metric Ref Use Iface
> >24.6.138.0 * 255.255.255.0 U 0 0 8 eth0
> >192.168.1.0 * 255.255.255.0 U 0 0 3 eth1
> >127.0.0.1 * 255.0.0.0 U 0 0 4 lo
> >default * 24.6.138.1 UG 0 0 31 eth0
> >
> >[the last line of route -F took a long time to return...]
> >
> >ifconfig
> >--------
> >lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
> > UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
> > Rx Packets:2501 errors:0 dropped:0 overruns:0 frame:0
> > Tx Packets:2501 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0
> >
> >eth0 Link encap:Ethernet HWaddr 00:00:E8:52:98:7C
> > inet addr:24.6.138.195 Bcast:24.6.138.255 Mask:255.255.255.0
> > UP BROADCAST LOOPBACK RUNNING MULTICAST MTU:1500 Metric:1
> > Rx Packets:481 errors:0 dropped:0 overruns:0 frame:0
> > Tx Packets:541 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0
> > Interrupt:3 Base address:0x300
> >
> >eth0 Link encap:Ethernet HWaddr 00:00:E8:52:96:EE
> > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> > UP BROADCAST LOOPBACK RUNNING MULTICAST MTU:1500 Metric:1
> > Rx Packets:988 errors:0 dropped:0 overruns:0 frame:0
> > Tx Packets:30 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0
> > Interrupt:9 Base address:0x220
------------------------------
From: "Todd Keller" <[EMAIL PROTECTED]>
Subject: Re: Networking between linux and win98
Date: Sun, 22 Aug 1999 21:05:59 -0400
You're completely right...I don't know why I didn't list the files..hehe..
Here they are.
The win98 machine's IP is 172.16.24.2, with DNS enabled, hostname
is todd (unoriginal I know), domain is localdomain.com and the domain
suffix search order is localdomain.com. I don't know if I should have
a name server IP set (since I rather suck at dns/bind) or if I should leave
it blank.
On the linux server, here we go:
/etc/resolv.conf:
domain localdomain.com
search localdomain.com
nameserver 172.16.24.1
/etc/hosts
127.0.0.1 localdomain.com localhost
172.16.24.1 clarion.localdomain.com clarion
172.16.24.2 todd.localdomain.com todd
And there's nothing in my lmhosts...
Thanks again for your help :)
--Todd
Jan-Albert van Ree <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Todd Keller schreef:
> >
> > Greetings,
> >
> > I'm not sure if this is in the right place but any advice is welcome.
> > I have a win98 machine with a dial-up adapter, and a D-Link 220
> > ISA adapter, both with it's own TCP/IP protocols bound to it. The
> > machine's IP is set, and it's seen by the linux box (ping comes back
> > good), and I can ftp and telnet to the linux box (through the 5 port
> > hub). However, which machine is it that I'm to tweak for dns resolving?
> > My /etc/hosts and /etc/resolv.conf both look good to me and I'm
> > wondering if I'm missing something. Thanks for any help and if it's
> > a windows problem, I'm just going to shoot myself for asking this
> > in a linux domain, hehe...
>
> If you'd list both /etc/hosts and /etc/resolv.conf as well as /etc/lmhosts
> we might be able to help. To make DNS work for me temporarily, I made a
> file lmhosts in my /etc just like the Win98 lmhosts file (check out
> c:\windows\lmhosts.sam ) And I have Samba running with the 'DNS PROXY =
> YES' option. Now I can use names instead of IP numbers. Only works for my
> local network...
> --
> Jan-Albert "Sliver" van Ree | [EMAIL PROTECTED]
> 3D Sims Archive maintainer | http://www.3dgamers.com
------------------------------
From: haze <[EMAIL PROTECTED]>
Subject: Re: Problem with Nics
Date: Mon, 23 Aug 1999 01:37:56 GMT
how about adding eth1 to conf.modules here's mine
alias eth0 ne2k-pci� (cable modem one)
alias eth1 ne������� (internal one isa one)
options ne io=0x300
alias parport_lowlevel parport_pc
pre-install pcmcia_core /etc/rc.d/init.d/pcmcia start
try this and let me know
Robert Rodent wrote:
> I got an old 486 and installed linux on it. The machine has a not better
> specified Ne2000 compatible ISA-Card (not PnP) and a D-Link 530CT-D. Now the
> problem.
>
> If I set up the cards to use the internal Network everything works fine: I
> can ping each machine in the network. The Network is a 10base2 net.
>
> When I try to set up one of the two nics to access the internet trough the
> cablemodem i have, the internal network on the other still works fine, but
> there is no way to get out trough the nic on the cablemodem. I've tried all
> the possible configurations and nothing seems to work. I even tried to
> reinstall the machine setting up only one nic (the Ne2000) and it still
> doesn't work.
>
> This is what ifconfig prints out for eth0:
> eth0
> link encap:Ethernet��� HWaddr 00:00:E8:1D:B4:50
> inet addr: 194.208.80.235 Bcast:194.208.87.255 Mask:255.255.248.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:5860 errors:0 dropped:0 overruns:0 frame:0
> TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> interrupt:10 base address:0x300
>
> route -n prints out the following:
> 194.208.80.235��� 0.0.0.0��� 255.255.255.255��� UH��� 1��� 0��� 0��� dummy0
> 194.208.80.0��� 0.0.0.0��� 255.255.248.0��� U��� 0��� 0��� 0��� eth0
> 127.0.0.0��� 0.0.0.0��� 255.0.0.0��� U��� 0��� 0��� lo
> 0.0.0.0��� 194.208.80.1��� 0.0.0.0��� UG��� 0��� 0��� 0��� eth0
>
> dmesg prints the following for the nic
> NE*000 ethercard probe at 0x300: 00 00 e8 1d b4 50
> eth0: NE2000 found at 0x300, using IRQ 10
>
> /etc/conf.modules:
> alias eth0 ne
> options ne io=0x300 irq=10
>
> /etc/route.conf
> 194.208.80.0��� 0.0.0.0��� 255.255.248.0��� eth0
> default��� 194.208.80.1
>
> Does someone know whats going on here?
------------------------------
From: "Kevin Loughrey" <[EMAIL PROTECTED]>
Subject: HylaFAX and Page Chopping
Date: Sun, 22 Aug 1999 17:57:02 +1000
Folks
We are presently experimenting with HylaFAX and find that it chops off your
page when you only send a few lines. People in the corporate arena get a
bit peeved if they don't receive a full page. We've tried setting the
config file
/var/spool/fax/etc/hyla.conf to
PageChop: none
It doesn't have any effect in preventing this unfortunate habit of HylaFAX.
We've also tried setting the page length to 12" but that hasn't been
effective either.
Can anyone shed any light on this.
Regards to all
Kevin Loughrey
A Perfect PC
------------------------------
From: [EMAIL PROTECTED] (Mark Post)
Subject: Re: cable modem cant ping gate way or DNS server
Date: Mon, 23 Aug 1999 02:33:36 GMT
Michael,
Well, the first thing I noticed before, but didn't comment on, because
I didn't know about your lilo.conf file being setup, was that both your
ethernet cards seem to be reporting back as 'eth0' and none as 'eth1.'
Now, if this is not a typo on your part, then there's something really
wrong there. Try this, write down the MAC address of both cards, and
what IP is being assigned to it, as well as what ethx number. Then,
put out your local LAN card, leaving in only the NIC to the cable modem.
Reboot linux, and do another ifconfig. See what the MAC address is
being reported. If there's a mis-match there between what works with
only one card, and what you have being reported currently, then that's
your problem. You would need to change your startup scripts to assign
the correct IP to the correct NIC, and set the default gateway to the
correct NIC.
Mark Post
On Mon, 23 Aug 1999 01:52:20 GMT, "Michael S. Kerry" <[EMAIL PROTECTED]>
wrote:
-snip-
>Again, both cards are found at boot with the correct io and IRQs, and
>eth1 works, while the eth0 used to work before I setup eth1. Now, while
>I can ping the card itself, I can't ping my gateway.
>> are assigned appropriately during startup. I would take the
>> 'options ne io=0x300,0x220' line out of your modules.conf file.
>
>If I do that, it doesn't recognize either card...says something on boot
>about delaying eth0 initialization (same for eth1). These addresses
>were set when I ran the NIC's setup program from DOS (to remove PnP).
>> Also, make sure the default gateway route is being assigned to
>> the correct eth0/eth1, otherwise you will still not be able to
>> get to your gateway.
>Based on my routing table from below, can you give me an idea of what it
>should look like?
-snip-
>> >ifconfig
>> >--------
>> >eth0 Link encap:Ethernet HWaddr 00:00:E8:52:98:7C
>> > inet addr:24.6.138.195 Bcast:24.6.138.255 Mask:255.255.255.0
>> > UP BROADCAST LOOPBACK RUNNING MULTICAST MTU:1500 Metric:1
>> > Rx Packets:481 errors:0 dropped:0 overruns:0 frame:0
>> > Tx Packets:541 errors:0 dropped:0 overruns:0 carrier:0
>> > collisions:0
>> > Interrupt:3 Base address:0x300
>> >
>> >eth0 Link encap:Ethernet HWaddr 00:00:E8:52:96:EE
>> > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
>> > UP BROADCAST LOOPBACK RUNNING MULTICAST MTU:1500 Metric:1
>> > Rx Packets:988 errors:0 dropped:0 overruns:0 frame:0
>> > Tx Packets:30 errors:0 dropped:0 overruns:0 carrier:0
>> > collisions:0
>> > Interrupt:9 Base address:0x220
To send me email, replace 'nospam' with 'home'.
------------------------------
From: Erik Jensen <[EMAIL PROTECTED]>
Subject: BIOS Date Change Disrupts IP Masquerading
Date: Mon, 23 Aug 1999 02:39:43 GMT
About two months ago I set up a Linux Mandrake 6.0 (kernel 2.2.9-19mdk)
server and implemented IP Masquerading. It worked great. All my
workstations could connect to the my ISP without any trouble.
A few weeks ago I had to leave town for a few days and shut down
everything, including the Linux server. When I returned I turned
everything back on: no problem. Everything on the network worked fine,
including my connection to my ISP.
A day or so later I noticed that the date set on the server had changed
by exactly three months. I had no idea how. I downed the server and when
it rebooted, went into BIOS and reset the date to the correct one.
After this NO work station could connect to my ISP. Workstations are a
mintures or Linux, FreeBSD 3.2, Windows 95 and Windows NT 4.0. I tried
pinging the(internal)NIC(192.168.0.4)on my server from various
workstations. All were OK. I tried pinging the server NIC (24.1.x.x)
that connects me to the cable modem from my ISP. No problem. So the two
NICs worked. I then tried ping the cablemodem from a work station (all
workstations use 192.168.0.x as their addresses). No good: timed out.
Then I decided to work directly on the server: no problem -- I could
connect to my ISP without any difficulty. But from the workstations:
nothing.
Getting worried I down the server , reset the date via BIOS to exactly
three months ahead. Now EVERYTHING works fine.
What do you think is wrong? I can't understand how changing the BIOS
date could disable IP Masquerading.
I've checked the output of route, ifconfig and ipchains -M -I,/etc/hosts
file, ifcongig fix and even the settings in Linuxconfg. Nothing has
changed from the the original setup.
Erik Jensen
------------------------------
From: "Jim E." <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: Netgear FA310TX
Date: Sun, 22 Aug 1999 21:46:49 -0500
Robert McGwier wrote:
>
> Is there a driver for FA310TX (10/100 PCI card) in existence or development?
go to http://www.baynetworks.com/ Search for drivers. (sorry don't have
the exact URL) The v4.011 driver for this card also has the Linux driver
included. Unzip the file. Follow the included directions for compiling.
Works great :)
Good luck
Jim
------------------------------
From: "Michael S. Kerry" <[EMAIL PROTECTED]>
Subject: Re: cable modem cant ping gate way or DNS server
Date: Mon, 23 Aug 1999 03:11:17 GMT
Mark Post wrote:
>
> Michael,
>
> Well, the first thing I noticed before, but didn't comment on, because
> I didn't know about your lilo.conf file being setup, was that both your
> ethernet cards seem to be reporting back as 'eth0' and none as 'eth1.'
> Now, if this is not a typo on your part, then there's something really
> wrong there. Try this, write down the MAC address of both cards, and
<snip>
Sigh...of course, you are right. I do have a typo. My bad, yet again.
I suppose it would help if I gave accurate info! See below for the
correction.
> >> >ifconfig
> >> >--------
> >> >eth0 Link encap:Ethernet HWaddr 00:00:E8:52:98:7C
> >> > inet addr:24.6.138.195 Bcast:24.6.138.255 Mask:255.255.255.0
> >> > UP BROADCAST LOOPBACK RUNNING MULTICAST MTU:1500 Metric:1
> >> > Rx Packets:481 errors:0 dropped:0 overruns:0 frame:0
> >> > Tx Packets:541 errors:0 dropped:0 overruns:0 carrier:0
> >> > collisions:0
> >> > Interrupt:3 Base address:0x300
> >> >
Th above is correct. eth0 is the cable modem NIC, at 0x300 and irq 3.
What follows is eth1, not eth0, and is the local net card, at 0x220 and
irq 9. This is the card that is working. Sorry for the confusion.
> >> >eth0 Link encap:Ethernet HWaddr 00:00:E8:52:96:EE
> >> > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> >> > UP BROADCAST LOOPBACK RUNNING MULTICAST MTU:1500 Metric:1
> >> > Rx Packets:988 errors:0 dropped:0 overruns:0 frame:0
> >> > Tx Packets:30 errors:0 dropped:0 overruns:0 carrier:0
> >> > collisions:0
> >> > Interrupt:9 Base address:0x220
>
> To send me email, replace 'nospam' with 'home'.
------------------------------
From: "Curtis Maurand" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: Seeking Linux UDP broadcast forwarding solution
Date: Sun, 22 Aug 1999 23:31:26 -0400
I had trouble with udprelay, too. then I stubled on a port of udprelay for
linux. try ftp2.lamere.net/pub/LINUX/udprelay-linux.tgz.
Curtis
[EMAIL PROTECTED] wrote in message <7p3q4p$8gf$[EMAIL PROTECTED]>...
>In comp.os.linux.networking epadin <[EMAIL PROTECTED]> wrote:
>> The Cisco router has a 'udp forward' command whereby you specify the
>> UDP port and it will forward all UDP broadcast traffic seen on the
>
>You're probably looking for udprelay, which can be found at
>ftp://coast.cs.purdue.edu/pub/tools/unix/udprelay-0.2.tar.gz
>
>Unfortunately, it doesn't compile on my box (RH6), but the following
>patch seems to work (disclaimer: I didn't test it much).
>
> -Daz.
>
>
>diff -C2 udprelay-0.2.orig/Makefile udprelay-0.2/Makefile
>*** udprelay-0.2.orig/Makefile Sat Oct 30 12:40:46 1993
>--- udprelay-0.2/Makefile Sat Aug 14 22:54:33 1999
>***************
>*** 11,16 ****
> # for ODT 2.0
> CC=gcc
>! OPTS=-DSYSV
>! LIBS=-lsocket
> # for AIX
> # OPTS=-DAIX
>--- 11,17 ----
> # for ODT 2.0
> CC=gcc
>! OPTS=-DLINUX
>! #OPTS=-DSYSV
>! #LIBS=-lsocket
> # for AIX
> # OPTS=-DAIX
>diff -C2 udprelay-0.2.orig/udprelay.c udprelay-0.2/udprelay.c
>*** udprelay-0.2.orig/udprelay.c Sat Oct 30 12:12:51 1993
>--- udprelay-0.2/udprelay.c Sat Aug 14 22:59:46 1999
>***************
>*** 78,81 ****
>--- 78,85 ----
> #include <sys/ioctl.h>
> #endif
>+ #ifdef LINUX
>+ #include <fcntl.h>
>+ #define FIONBIO O_NONBLOCK
>+ #endif
> #include <pwd.h>
> #include "udprelay.h"
>--
>Darren Tucker. (dtucker at the domain zip dot com dot au)
>A programmer is a device for converting caffeine into source code.
------------------------------
From: Martin Lemenu <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: DHCP and DNS
Date: Sun, 22 Aug 1999 23:34:59 -0400
Hi,
I'm currently connected to the net by a cable modem wich uses DHCP. My
IP is changed from time to time by my ISP or when I reboot. I use dhcpcd
on the client side to get my configuration.
Is there a way that I can get my IP as soon as it changes so I can
update my DNS server? I could always use a script to check every few
hours, but there must be a better way. FAQs and HOWTOs have not revealed
any information on this.
Any help, tips, links or refrences would be greatly appreciated!
Martin
------------------------------
Subject: Q: Tunnel TCP/IP over telnet? HOW?
Reply-To: Reece <[EMAIL PROTECTED]>
From: Reece Kimball Hart <[EMAIL PROTECTED]>
Date: Mon, 23 Aug 1999 03:42:06 GMT
Cheers.
I'd like to establish a TCP/IP connection through a firewall. The
firewall has socks 4 & 5 servers which allow telnet, http, and ftp packets
through, and I can make all of that work. TCP/IP over telnet must be
possible and there are claims of success on the net, but there's very
little telling exactly /how/ to achieve this.
The characters
==============
W -- my home machine, with 2 NICs, one connected to ADSL
S -- a laptop
T -- the box at work (9.2.x.x subnet)
All run RH6.0/linux 2.2.11. W, S, T all have 9.2. static IPs. W has a
static IP for DSL. I use 10.0. for home Ethernet between W and S. That
is:
behind
firewall home DSL
9.2. 10.0. 151.202
W 10.2 0.1 .2.3
S 10.1 0.2
T 10.4
What presently works
====================
1. W DSL connection
2. S connection to W when at home
S connection inside firewall when at work (S is a laptop)
3. T inside FW, and telnet through FW to W
4. telnet, http, and ftp from T, through firewall, to W
What I want
===========
1. W "appears" on the 9.2. subnet, using T as a gateway for 9.2. packets.
10.1 packets stay internal, all others go out DSL.
2. S masquerades behind W, accessing both 9.2 and non-9.2 networks
transparently
9.2.
subnet (ppp over
\ FW 9.2. telnet?)
T - -||- - - -========== W ---------- S
/ eth0 eth1
/ (DSL) (home net)
/
the rest of
of the world
What I've tried
===============
I think what I want is ppp over telnet (but I'm open to any solution).
However, there's conflicting (and probably obsolete) info on the 'net
about the feasibility of ppp over telnet.
I wrote an expect script to telnet from T to W, log in, start pppd on W,
start pppd locally, and connect the telnet and pppd processes with
'interact -u'. (WARNING: I'm an expect neophyte.)
This seems to almost work. The best indication I have of info on one side
getting to the other is asyncmap negotiation. After about 30 seconds, I
get IPCP Config timeouts.
The problem could be simple, like improper pppd options, or more
complicated like a line that's not 8-bit clean or bad asyncmap.
I haven't tackled the masquerading problem yet.
Questions
=========
1. Who has such a beast working? A /detailed/ HOWTO would be very
appreciated. Existing documentation that I've seen is very vague.
2. Solutions other than ppp+telnet? I know slirp and TIA do functionally
similar things, but have the impression those were obviated by newer
pppd versions. Where do L2TP and IPSec fit in?
3. I'm using rtelnet from the socks5 reference distribution
(http://www.socks.nec.com/socks5.html), with the -8E flags. Is that
sufficient to establish an 8-bit, escape-ignored connection? Is this
easily verifiable? Can I get away with 'asyncmap 0' then?
4. Security pointers?
If I get this working, I intend to collect your tips into a mini HOWTO.
Thanks!
Reece
------------------------------
From: "Steve Cowles" <[EMAIL PROTECTED]>
Subject: Re: Limit services to one network interface
Date: Mon, 23 Aug 1999 03:03:07 GMT
This is the basic stuff. You can use ipchains to further limit access.
SMTP:
Make sure you only allow your internal network address to "relay" off of your
Linux box. With RH6.0, this is done by adding your internal network address to
/etc/mail/access
Telnet and FTP:
In /etc/hosts.allow add your internal network address i.e. ALL: 192.168.0.
In /etc/hosts.deny deny access to all others (internet) i.e. ALL: ALL
DHCP: Straight from the man pages...
SYNOPSIS
dhcpd [ -p port ] [ -f ] [ -d ] [ -q ] [ -cf config-file ] [ -lf
lease-
file ] [ if0 [ ...ifN ] ]
The names of the network interfaces on which dhcpd should listen
for
broadcasts may be specified on the command line. This should be done
on
systems where dhcpd is unable to identify non-broadcast interfaces,
but
should not be required on other systems. If no interface names are
speci-
fied on the command line dhcpd will identify all network interfaces
which
are up, elimininating non-broadcast interfaces if possible, and listen
for
DHCP broadcasts on each interface.
Steve Cowles
SWCowles at gte dot net
David A. Ferguson <[EMAIL PROTECTED]> wrote in message
news:x%Yv3.3782$[EMAIL PROTECTED]...
> I have a newbie question for you: In my RH6.0 machine I have one NIC
> connected to a DSL modem and one NIC connected to an internal network. I
> want the RH6.0 machine to provide SMTP, FTP, telnet, and DHCP servers to the
> interal network. I have everything working correctly, but how do I NOT
> offer these services to the rest of the Internet (i.e. how do I force these
> services to bind only to the NIC connected to the internal network??)
>
> Thanks,
> David Ferguson
>
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
