Linux-Networking Digest #335, Volume #12 Mon, 23 Aug 99 14:13:45 EDT
Contents:
"Vacation" program w/out log in shell? (Fr�d�ric Faure)
Re: SubNets (QuestionExchange)
Mod_ssl and Apache Headache (Chuck)
DOS Characters (Luiz Guilherme B Damiano)
Re: How to configure a Gateway on Redhat5.2? (Rudolf Potucek)
Re: Resolving IPs (II) (Thomas/Shurflo)
apache and root user (Guido Dolci)
Programs on Port (Johann Volz)
Re: mount AIX directory to Linux (Jan Just Keijser)
Re: Redhat cannot find DE204 (John Doe)
Re: mgetty respawning too fast (W.G. Unruh)
Re: Programs on Port ("Robert_Glover")
Re: How does linuxconf conn/disconnect from ppp0? ("Robert_Glover")
IP forwarding/masquarading (Jolse Maginnis)
Re: Help with PPP (W.G. Unruh)
Re: Help with PPP ("Jon Ellis")
Kernel 2.2.11 and TCP_NO_DELAY (Justin Georgeson)
LAN ("Andreas Vester")
Re: Fetchmail at startup (tomislav)
collisions, frame and carrier errors..normal? ("Matthew J. Hellman")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Fr�d�ric Faure)
Subject: "Vacation" program w/out log in shell?
Date: Mon, 23 Aug 1999 15:46:27 GMT
Reply-To: [EMAIL PROTECTED]
All,
I d'loaded and set up the vacation program to work on a RH 5.2 +
sendmail 8.x server, but when sending test e-mails to a dummy user account :
----- Transcript of session follows -----
550 /home/jdoe2/.forward: line 1: "|/usr/bin/vacation -a jdoe2"... User
[EMAIL PROTECTED] doesn't have a valid shell for mailing to programs
[root@mail jdoe2]# cat .forward
\jdoe2, "|/usr/bin/vacation -a jdoe2 John Doe"
[root@mail jdoe2]# cat .vacation.msg
From: [EMAIL PROTECTED] (John Doe2)
Subject: I am on vacation
Delivered-by: The Vacation Program
Precedence: bulk
I am on vacation.
=> Any way to get this working w/out providing a log in shell, for users
connecting with Windows POP clients?
Thx
FF.
------------------------------
From: QuestionExchange <[EMAIL PROTECTED]>
Subject: Re: SubNets
Date: 23 Aug 1999 15:29:29 GMT
Yes, you can yse Linux as either router or bridge. The question
is what's better.
There are several possible solutions.
If these subnets are not on the same physical ethernet (I
assume u use ethernet) then the choice is to either route
packets between subnets or setup a bridge between two
ethernets, which will make them appear as a single ethernet.
If you want to set up a router, take a look at
http://www.linuxrouter.org/. That will give you some ideas.
More information on setting up linux box as a bridge is here:
http://albali.aquanet.com.br/howtos/Bridge+Firewall-3.html
If you have two IP subnets on the same ethernet finally
(probably connected by some bridge), then all you have to do to
make hosts from A and B to see each other is to properly set up
routing table on each and every host. It's going to be quite
tiresome unless you have just a few hosts.
To set up proper routing use on B
'route add -net A netmask A.netmask dev eth0'
and 'route add -net B netmask B.netmask dev eth0' on hosts on
A.
This way, IP stack will know that A and B are on the same
physical net and it will pass outgoing packets to these subnets
directly.
--
This answer is courtesy of QuestionExchange.com
http://www.questionexchange.com/servlet1/showUsenetGuest?ans_id=2924&cus_id=USENET&qtn_id=2232
------------------------------
From: Chuck <[EMAIL PROTECTED]>
Crossposted-To: redhat.config,redhat.networking.general
Subject: Mod_ssl and Apache Headache
Date: Mon, 23 Aug 1999 14:30:53 GMT
Hello,
Can anyone provide some insight as to what I may be doing wrong?
I've compiled Mod_ssl-2.4, RSAref-2.0, OpenSSL-0.9.3<?> and Apache 1.3.9
and everything seemd to work relatively ok (it NEVER works perfectly does
it?). I created a test certificate and encrypted it.
When I start Apache as normal (apachectl start) it starts and I can
connect.
When I start with ssl (apachectl startssl) it asks for my passphrase to
start the httpd daemon, but I don't see it in the process list as normal,
as if it never started. The console and the logs both show a successful
start ..?? Also, the SSLEngine log is created, so one would think that IT
started.
I've checked and re-checked my httpd.conf and everything seems ok (listen
443, virtual host www.name.com:443, etc).
Any ideas?
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
From: Luiz Guilherme B Damiano <[EMAIL PROTECTED]>
Subject: DOS Characters
Date: Mon, 23 Aug 1999 12:29:03 -0300
I'm running old Clipper programs using the dos emulator but the ASCII
characters above 127 do not show ok. Is there any command that I can
issue to solve this? Can I change the code page as in MS-DOS?
------------------------------
From: [EMAIL PROTECTED] (Rudolf Potucek)
Subject: Re: How to configure a Gateway on Redhat5.2?
Date: 23 Aug 1999 15:18:02 GMT
This looks like a FAQ to me so here's just a rough guideline:
No matter what, the gateway should have 2 NICs, one for inside, one for
outside.
a) Assuming you have only one *real* IP address with your ISP you need to
use masquerading (see the HOWTO), which is a hard to grasp concept but
actually easier to implement. In this case you need to choose a set of
private addresses (see NET-x-HOWTO) for you local network, use "ipfwadm"
to masquerade all traffic and then be paranoid about setting up a
firewall that blocks out all the stuff you don't want (tons o' posts at
www.dejanews.com).
b) assuming you have a *real* address for each machine in the LAN, you
have to be more careful and set up forwarding rules to the individual
machines and (depending on the ISP policy) a nameserver for your own
domain (see 'bind' manpage), and again a firewall.
When all that is done, the gate is running and you can http to th ereal
world, then you need to config samba ('/etc/smb.conf'), careful here about
encrypted and non-encrypted passwords from the MS world (I found it
easiest to go for non-encrypted on all machines) and set the gate machine
up so it loads all the ip_masq_xxx (/lib/modules/<OS-VERSION>/ipv4/)
modules if you need them.
And just a word of caution: Be paranoid. Be paranoid. Be paranoid!
Rudolf
Parag ([EMAIL PROTECTED]) wrote:
: Hi,
: We have a 25 m/c network with Linux RH5.2 being the samba server m/c and
: other m/cs are Win95/NT. Linux box is directly connected to internet
: via ISP. I want to setup a gateway on Linux m/c so that all other
: Win95/Nt m/c will have direct access to Internet. How should this be
: done? I need detail description. Please reply this post or directly mail
: me on [EMAIL PROTECTED]
: Thanks.
: Parag.
--
------------------------------
From: Thomas/Shurflo <[EMAIL PROTECTED]>
Subject: Re: Resolving IPs (II)
Date: Mon, 23 Aug 1999 08:48:28 -0700
Thanks.
I tried whois before I posted, but using the whois server you suggested
worked great.
Thanks again.
Cliff wrote:
> nslookup and traceroute are handy. Another one is whois. Try
> man whois or man fwhois for details. Here's a couple of handy
> whois servers; whois.arin.net (IP to domain), whois.ripe.net
> (Europe), whois.apnic.net (Asia & Pacific rim). whois x.x.x.x
> gets a default lookup on Internic if I recall correctly. If you
> want a particular server use whois [EMAIL PROTECTED]
>
> HTH
>
> --
> -Cliff
> Views expressed are my own and not necessarily those of my
> employer
> Concordia Net, Inc. When replying via email please use; cwheat at
> concordia dot net not
>
> Thomas wrote in message <[EMAIL PROTECTED]>...
> >
> >Does anyone know how to resolve the domain for an IP that does
> not
> >resolve?
> >I work in IS and have been trying to resolve IPs, but many of
> them do
> >not return any significant information using nslookup or dig.
> >
> >Using traceroute, I can see which network(ISP) they're on, but
> that's
> >about it. Is there any reason why the next to last hops would not
> be
> >their ISP?
> >
------------------------------
From: Guido Dolci <[EMAIL PROTECTED]>
Subject: apache and root user
Date: Mon, 23 Aug 1999 17:41:31 +0200
I have to run a CGI script that can read and write a file owned by
root... I'll be using apache on a linux box, but of course I won't run
apache as root. Any other (more secure) solutions??
Thanks
Guido
------------------------------
From: Johann Volz <[EMAIL PROTECTED]>
Subject: Programs on Port
Date: Mon, 23 Aug 1999 16:50:43 +0200
How can you choose which program you want to run on a port?
------------------------------
From: [EMAIL PROTECTED] (Jan Just Keijser)
Subject: Re: mount AIX directory to Linux
Date: Mon, 23 Aug 1999 16:07:45 GMT
First, verify that the AIX share is exported properly.
1. Type in on the AIX host:
lsnfsexp
You should see the directory you're trying to share
2. If possible, mount the shared directory from another AIX host
mount AIX-host:/<remote-dir> <local-dir>
Secondly, verify that the Linux host is known to the AIX host:
ping <linux-host-name>
Finally, make sure that the permissions for the directory you are trying to
mount are set correctly; some UNIX flavours will not let you mount an NFS
directory if the underlying mount point does not exist or has the wrong
permissions. On Linux:
mkdir -p <local-mount-point>
chmod 755 <local-mount-point>
should solve this problem in most cases.
HTH,
JJ
In article <[EMAIL PROTECTED]>, Eric <[EMAIL PROTECTED]> wrote:
>when I try to mount a public drive that has been set up on the AIX box, I
>get a permission denied error when I try to mount it from the linux box.
>We have even set a (insecure) flag inside of the etc/exports file on the
>AIX box for the exported folder.
>
>Thanks for the help,
>Eric
>
>Phil wrote:
>>
>> To mount accross the network you need nfs, /etc/exports setup, and you
>just
>> mount as if it were a local drive - mount hostname:/dir/name /mnt or
>mount
>> ip:/dir/name /mnt.
>>
>> You can enter it in your /etc/fstab and mount everytime you boot.
>>
>> man nfsd
>> man nfs
>> man exports
>> man fstab
>>
==========================================================
*NOTE*
My Email return address is not correct
in order to avoid mass mailings...
These are the correct addresses
(but with dashes between all letters):
Jan Just (JJ) Keijser
Unix Support Engineer / Configuration Manager
Logica Inc. - Lexington MA
SMTP: [EMAIL PROTECTED]
Just to confuse some of those junkmailers:
[EMAIL PROTECTED]
Your mouse has moved. Windows must be restarted for
the change to take effect. Reboot now? [OK]
My views are my own...
flames > /dev/null 2>&1
==========================================================
------------------------------
From: [EMAIL PROTECTED] (John Doe)
Subject: Re: Redhat cannot find DE204
Reply-To: [EMAIL PROTECTED]
Date: 22 Aug 1999 09:51:57 -0500
On Sun, 22 Aug 1999 04:41:29 GMT, rem <[EMAIL PROTECTED]> wrote:
>Forgot to mention.... I am trying to run FTP install
>
>rem <[EMAIL PROTECTED]> wrote in message
>news:M8Lv3.24377$[EMAIL PROTECTED]...
>> I have a prob with the above Digital's EtherWORKS 3 card.
>> RedHat 6 Linux can not recognize it automatically or on probe.
>> When I select manual configuration, I am left with a one line
>> prompt for module options. I tried to enter the following:
>> ewrk io=0x300 irq=5
>> ewrk=0x300,5
>>
>> Neither option has helped. Any idea?
>>
>> Thanks
>>
>>
>>
>
>
It is broken with 6.0 install program. It used to work with 5.2.
I now have to install with cd-rom and then configure
the card with linuxconf. You might want to try with a different
card.
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: mgetty respawning too fast
Date: 23 Aug 99 17:10:55 GMT
QuestionExchange <[EMAIL PROTECTED]> writes:
>b)there is an error in mgetty config file.
>Check mgetty's log file to see what actually happens. You may
>want to enable debugging using '-x N' command line option
So, as he says run mgetty from the command line ( taking it out of
/etc/inittab for now) with the -x 9 option. In addition, change all of the
debug 4
lines in /etc/mgetty*/mgetty.config
to
debug 9
>(0<=N<=9). Log file is usually in /tmp/log_mg.<device>
Depends on your distro, but usually
/var/log/mgetty.<device>-- eg /var/log/mgetty.ttyS1
------------------------------
From: "Robert_Glover" <Please_reply_to@newsgroup>
Subject: Re: Programs on Port
Date: Mon, 23 Aug 1999 16:23:51 -0000
If you're running inetd, then have a look at /etc/inetd.conf
Johann Volz wrote in message <[EMAIL PROTECTED]>...
>How can you choose which program you want to run on a port?
------------------------------
From: "Robert_Glover" <Please_reply_to@newsgroup>
Subject: Re: How does linuxconf conn/disconnect from ppp0?
Date: Mon, 23 Aug 1999 16:22:07 -0000
kill -HUP nnn
Where nnn is the PID of the pppd process. That's assuming that you
use pppd.
You should be able to find the PID of the pppd process by looking in
/var/run
Something like this: (I can't remember the filename, so you'll have to
figure that out)
kill -HUP $(cat /var/run/ppp0.pid)
Mike Schrauder wrote in message ...
>I tried to send this post lastnight, but I don't see it, anyway...
> Does anyone know how linuxconf connects and disconnects from
ppp0. Can
>it be duplicated from the command line? I have checked the /etc/ppp
dir for
>the script, but these do not show the updates that linuxconf must be
using
>to connect and disconnect ppp0. Any help or pointers greatly
appreciated.
>
>Mike Schrauder
>[EMAIL PROTECTED]
>
>
------------------------------
From: Jolse Maginnis <[EMAIL PROTECTED]>
Subject: IP forwarding/masquarading
Date: Mon, 23 Aug 1999 16:52:44 +0000
Hopefully someone will be able to quickly work out my mistake by looking
at these...
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:467 errors:0 dropped:0 overruns:0 frame:0
TX packets:467 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
sl0 Link encap:Serial Line IP
inet addr:192.168.0.1 P-t-P:192.168.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:203.17.184.86 P-t-P:192.168.6.5 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:1818 errors:0 dropped:0 overruns:0 frame:0
TX packets:2255 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
Memory:5bd038-5bdc04
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.0.2 * 255.255.255.255 UH 0 0 5
sl0
192.168.6.5 * 255.255.255.255 UH 0 0 0
ppp0
127.0.0.0 * 255.0.0.0 U 0 0 6
lo
default 192.168.6.5 0.0.0.0 UG 0 0 1
ppp0
IP firewall forward rules, default policy: deny
type prot source destination ports
acc/m all 192.168.0.2 anywhere n/a
ppp0 is my link to the net and sl0 is slip to my other computer, which I
know is setup correctly..
But I can't get linux to forward or masquarade any packets from my other
computer, but I can connect to my linux machine from the other computer
no problems. Can anyone see any problems with my setup?
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: Help with PPP
Date: 23 Aug 99 17:03:22 GMT
"Jon Ellis" <[EMAIL PROTECTED]> writes:
>>in /etc/syslog.conf)
>>b) The address they report is I think what your address is supposed to be.
>>instead you are somehow getting the "illegal) ie for intranet only) address
>of
>>192.168.x.y Do you try to assign your own addres in pppd?
>I am running a local net. The machine in question has the address
>192.168.0.1. Here is the debug info:
>pppd[719]: sent [LCP ConfReq id=0x1 <magic 0xc41ec3f7> <pcomp> <accomp>]
>last message repeated 9 times
>pppd[719]: rcvd [LCP ConfReq id=0x1 <mru 1524> <asyncmap 0xa0000> <pcomp>
><accomp> < 11 04 05 f4> < 13 09 03 00 c0 7b 70 78 ee>]
>pppd[719]: sent [LCP ConfRej id=0x1 < 11 04 05 f4> < 13 09 03 00 c0 7b 70 78
>ee>]
>pppd[719]: rcvd [LCP ConfAck id=0x1 <magic 0xc41ec3f7> <pcomp> <accomp>]
>pppd[719]: rcvd [LCP ConfReq id=0x2 <mru 1524> <asyncmap 0xa0000> <pcomp>
><accomp>]
>pppd[719]: sent [LCP ConfAck id=0x2 <mru 1524> <asyncmap 0xa0000> <pcomp>
><accomp>]
>pppd[719]: sent [IPCP ConfReq id=0x1 <addr 192.168.0.1> <compress VJ 0f 01>]
Bad idea. Vary bad idea. As I said, it is impossible for anything outside
your little intranet to communicate with an address of 192.168.x.y
Those addresses do not exist and cannot be communicated with on the internet.
Your ISP must either do ip masquarading for this machine (I doubt it) or you
should be waiting for it to suggest an IP address for you and not suggesting an
IP to it. Ie, put the line
noipdefault
into /etc/ppp/options. The remote system should not be allowing you to
assign your own address either, but that it another issue.
Note that your machne can have the IP address of 192.168.0 1 on your intranet
through your ethernet, and a different address wrt your ISP.
>pppd[719]: rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr
>12.17.206.129>]
>pppd[719]: sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr
>12.17.206.129>]
>pppd[719]: rcvd [CCP ConfReq id=0x1 < 11 06 00 01 01 03>]
>pppd[719]: sent [CCP ConfReq id=0x1]
>pppd[719]: sent [CCP ConfRej id=0x1 < 11 06 00 01 01 03>]
>pppd[719]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.0.1> <compress VJ 0f 01>]
Here they accept your suggestion of this address.
They should not.
>pppd[719]: local IP address 192.168.0.1
So now your address is an "illegal" address and thus nothing in the outside
world including the DNS server, can talk to your machine.
(As I said your ISP could be carrying out IP Masquarading, but from your
symptoms I doubt it.
>pppd[719]: remote IP address 14.146.206.129
>pppd[719]: rcvd [CCP ConfRej id=0x1]
------------------------------
From: "Jon Ellis" <[EMAIL PROTECTED]>
Subject: Re: Help with PPP
Date: Mon, 23 Aug 1999 11:44:35 -0600
Thanks,
The noipdefault worked. I have had this machine connected to this ISP
before but they have gone thru some server changes recently. Within the
last week and a half. (ie.. the same time period I have been having
problems)
I will remember this one for a long while.
Thanks for your help,
Jon
------------------------------
From: Justin Georgeson <[EMAIL PROTECTED]>
Subject: Kernel 2.2.11 and TCP_NO_DELAY
Date: Mon, 23 Aug 1999 12:04:06 -0500
With the 2.2.x series you can patch the kernel for TCP_NO_DELAY and gain
considerable network performance. There is a separate patch for 2.2.10 which is
diferent from the 2.2.5 kernel. Does anyone know if 2.2.11 already has the
option to enable TCP_NO_DELAY or if there is a patch? With the 2.2.10 patch,
you 'echo 1 > /proc/<some file>' to enable it. Please CC any responses to me
directly.
--
________________________________________________________________________________
Justin Georgeson
Institute for Advanced Technology -- System Administrator
University of Texas at Austin -- Dept. of Computer Science
http://www.cs.utexas.edu/users/pyros
[EMAIL PROTECTED]
------------------------------
From: "Andreas Vester" <[EMAIL PROTECTED]>
Subject: LAN
Date: Mon, 23 Aug 1999 18:44:14 +0200
Hi!
I've got a problem:
I've got two machines at home. One with SuSE Linux 6.1 and the other one
with Win NT4 SP3. The Linux box should be a file server. I built up a LAN
with Samba. Principially I've got no problems with Samba, that means I can
access to the users home directories from the NT machine and I've got write
access, but for example I can't create a directory from the NT machine. It
appears a message 'Harddisk is full'. But theres enough space on the Linux
HD.
Another example: I can create a word document and I can edit it, but I can't
save the changes. It appears a message in form of 'There isn't enough memory
or the harddisk is full'. But that's impossible, because the NT machine has
got 96 MB memory.
So, please help me...
See you later
Andi
------------------------------
From: [EMAIL PROTECTED] (tomislav)
Subject: Re: Fetchmail at startup
Date: Tue, 10 Aug 1999 14:46:39 +0200
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> What do I need to do to get fetchmail to startup in rc.local - where
> do I put the .fetchmailrc file and with what privaledges. I can't
> find anything in the man or FAQ pages on this - is that an indication
> tht I should not be doing this, even though I hvae a cable
> connectection and am thus online all the time
If you are online the whole time you should set up a cron entry that
would check the mail every like 10 minutes. Try "man cron" for more
information.
You should place .fetchmailrc in /root if you are going to fetch mail for
more users.
------------------------------
From: "Matthew J. Hellman" <[EMAIL PROTECTED]>
Subject: collisions, frame and carrier errors..normal?
Date: Mon, 23 Aug 1999 12:46:15 -0500
Just setup a dual NIC RedHat Linux firewall. I noticed the internal
interface has some collisions and even worse, frame and carrier errors.
Here is the output today:
RX packets:165483 errors:0 dropped:0 overruns:0 frame:6
TX packets:95926 errors:0 dropped:0 overruns:0 carrier:5
collisions:2181 txqueuelen:100
Should I be overly concerned about these errors? I figure the
collisions are <1% of the total tx/rx most of the time but what about
the frame and carrier errors? Also, I noticed that the # of collisions
seem to shoot up suddenly versus gradually. Maybe a NIC spewing bad
packets? Incidentally, we have a WAN without a switch installed, so I
expect some collisions but what is acceptable?
TIA,
Matt
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
