Linux-Networking Digest #348, Volume #12 Tue, 24 Aug 99 18:13:42 EDT
Contents:
FTP and POP3 connection delays (William Halfond)
Re: Samba--Who am I? ("Gary W. Sandvik")
qos vs. ecm (Guenther Starnberger)
Re: Help for IPCHAINS ("Marvin (Georg Ortmanns)")
Re: Help for IPCHAINS ("Marvin (Georg Ortmanns)")
File transfers grind to a halt. (Patrick E. Donohue)
Telnet from Win98 to Linux doesn't work (Yury Donskoy)
Re: Linux Cookbook Project Officially begins! ("W.A. Scheer")
Re: Help setting up an SSL web server
Re: Sendmail & popserver
ipfwadm and command line ftp problem (L Hill)
Re: pop/imap over forwarded/masqued connection (dmalcolm)
Help: Fujitsu network device module problem?? (Avijit Purkayastha)
"Packet log" analysis (bill davidsen)
Re: Need help w/ firewall rule for SSL (https) (Lee Allen)
Re: IP Masquerading Challenge
Re: collisions (newbie) (Stuart R. Fuller)
Re: ppp problem with wvdial (Eric Z)
PPTP Routing and IPCHAINS. (Jeff Maki)
----------------------------------------------------------------------------
From: William Halfond <[EMAIL PROTECTED]>
Subject: FTP and POP3 connection delays
Date: Wed, 11 Aug 1999 10:29:50 -0400
Hello,
I have a redhat linux box running on our lan. It's setup as a mail ,
ftp and http server. However when the Win clients on the lan try to
connect to the POP3 port it takes about 2-3 minutes to negotiate the
transfer and then download messages. The same thing happens when I try
to connect using ftp. Locally (at the console) the connections function
at normal speed. Both of these services are controlled by the inetd and
are using tcpd to launch them. My httpd which is running standalone
responds in normal time (1-2 sec) to client requests. I am using
in.qpopper and wu-ftp.
Does anyone know of something I might be overlooking in my setup of
these services, or is this something I should not be bothered about?
Thanks in advance, William
------------------------------
From: "Gary W. Sandvik" <[EMAIL PROTECTED]>
Subject: Re: Samba--Who am I?
Date: Tue, 24 Aug 1999 14:29:50 -0500
Reply-To: "Gary W. Sandvik" <[EMAIL PROTECTED]>
Hi,
Once your system is logged then the shares are set to that relative login.
If you want to change the shares for a particulair user then the easiest is
too log off the windows machine and then login as that desired user for that
profile (assuming you set up different profiles).
If your win machine is a multi based user system then this is the way to go.
That way the desktop will be for each user, then the shares will be
established.
--
Regards and God Speed,
Gary
Gary W. Sandvik
[EMAIL PROTECTED]
309-676-0224 (fax)
Hiawatha Bray <[EMAIL PROTECTED]> wrote in message
news:7pla6l$[EMAIL PROTECTED]...
> Thanks for all the help in getting Samba to work. I still have more
> questions, though.
>
> I'm signed onto the Linux box with the same user name I assigned to the
> Windows computer. Can I sign onto Samba using the same Windows computer
but
> a different username, such as root? If so, how is this done? Thanks.
>
>
------------------------------
From: Guenther Starnberger <[EMAIL PROTECTED]>
Subject: qos vs. ecm
Date: Tue, 24 Aug 1999 20:17:23 GMT
what is the better option for using multiple lines between two hosts ?
ecm (equal cost multipath) or tle (true link equalizer) ...
anybody who is familiar with this and knows the advantages and
disadvantages ?
my situation is, that i have two hosts connected with 3 lines each 512
kbit ...
cu&tnx
-guenther
--
http://www.gst.priv.at/
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Tue, 24 Aug 1999 14:00:39 +0200
From: "Marvin (Georg Ortmanns)" <[EMAIL PROTECTED]>
Subject: Re: Help for IPCHAINS
Thank's , I'll try these...
[EMAIL PROTECTED] wrote:
> Try these...I haven't used them in a long time but they might still be
> useful...
>
> http://www.indyramp.com/masq/#html
> http://members.home.net/ipmasq/
> http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/ipmasq-HOWTO-1.71-3.ht
--
Regards
Georg Ortmanns (Marvin) eMail [EMAIL PROTECTED]
To get my PGP key send mail with subject "Send PGP key"
------------------------------
Date: Tue, 24 Aug 1999 13:59:50 +0200
From: "Marvin (Georg Ortmanns)" <[EMAIL PROTECTED]>
Subject: Re: Help for IPCHAINS
Thank's a lot :-)
Mark Post wrote:
>
> As far as I'm concerned, you can't do much better than the "Linux LAN &
> Internet Firewall Security Site" at http://rlz.ne.mediaone.net/linux/
> There's an automated tool there to build your rc.firewall script to set up
> your system.
>
--
Regards
Georg Ortmanns (Marvin) eMail [EMAIL PROTECTED]
To get my PGP key send mail with subject "Send PGP key"
------------------------------
From: Patrick E. Donohue <[EMAIL PROTECTED]>
Crossposted-To: redhat.networking.general,redhat.general
Subject: File transfers grind to a halt.
Date: Tue, 24 Aug 1999 16:30:57 GMT
Whenever I transfer files (by whatever method: Netscape, Iglooftp, Console
ftp,...) they start off at what I would considerr normal speeds, but within
a short time the speed decreases to nil. Netscape reports it as a stall.
I've seen 20 or so posts with simular problems, but no fixes for them.
Help Please!
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
Date: Tue, 24 Aug 1999 12:23:23 -0400
From: Yury Donskoy <[EMAIL PROTECTED]>
Subject: Telnet from Win98 to Linux doesn't work
Hi there,
I've posted about this problem before, and thought I'd post it again,
adding some more information.
Basically, the problem is that telnetting from a Win'98 box to my Linux
doesn't work, but Samba and FTP both do work. What happens during
telnetting is that a telnet process gets spawned on the Linux box, which
then prints the contents of the /etc/issue.net file and then freezes.
Eventually, the connection gets dropped. Now, I have looked a bunch of
files like nologin(doesn't exist), securetty, etc. Everything seems to
be configured correctly, though obviously not, since telnet won't
work<g>. I have multiple users set up in the system. The problem is
not that a particular user can't telnet into my Linux box, but that I am
not even given a chance to type in a user name and password.
Any help would be appreciated.
Thanks.
Yury.
------------------------------
From: "W.A. Scheer" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.advocacy,comp.os.linux.help,comp.os.linux.setup
Subject: Re: Linux Cookbook Project Officially begins!
Date: Tue, 24 Aug 1999 13:48:04 -0700
Thanks for the input Doug and John.
I agree that the command line is often a better/easier choice for many
tasks. The nature of "the project" will be to choose the easiest and most
straightforward approach from a "newbie-esque" perspective. Sometimes that
means GUI, sometimes not.
Having nearly finished the "SAMBA on RHL Cookbook" I can attest that SWAT
will be a godsend to the newer user. It's also a little less scary to pull
up a terminal window than it is to drop out of Gnome into a console. In
contrast I found adding users, creating groups and changing permissions an
exercise in frustration, futility and bug discovery when using the Gnome
tools. LinuxConf works much better, but is laid out so strangely (IMHO) that
it makes documentation a near impossibility. After a while I just said "to
hell with this" and went about explaining chmod, chown, chgrp, etc. as
clearly as possible.
Note that the focus of the project will be distro-specific to avoid
confusion over file structure, etc. I think it helps a new user to get comfy
with config files if they can find them in the first place! We'll be
'porting' the cookbooks to RedHat and Caldera first, and choose others as
demand becomes clear. There is some call for SuSE version already.
Volunteers still needed, and comments always welcome.
John Murtari wrote in message <[EMAIL PROTECTED]>...
>Douglas Bollinger wrote:
>>
>> W.A. Scheer at [EMAIL PROTECTED] says...
>>
>> > This project is tasked with creating high-quality, newbie-friendly
>> > documentation centered on specific distributions of Linux (Presently
RedHat
>> > and Caldera) and towards accomplishing specific tasks with minimal
theory
>> > and hassle. The editorial standards will decidely anti-command-line
wherever
>> > possible and applicable in order to address the widest possible
audience.
>>
>> As a relative Linux newbie myself, I found it much easier to do
>> things with the command line interface, especially when setting up
>> things like IP Chains and such. It's much easier to type along with
>> the instructions that trying to describe points & clicks in various
>> menus and selection boxes.
>>
>
> YES, YES -- may I add my sentiments also as a more senior
>linux administrator. Point & Click is nice if you do it right and
>everything
>can be guided by the GUI (like a wizard). My experience with complex
>administration in "point & click" NT server have been awful -- you have
>to go through several menu/dialog chains to accomplish a goal.
>
> At some point the command line and knowledge of the raw files
>being changes makes things easier to understand. I am afraid the
>"minimal theory and hassle" may make the task "dated" pretty quickly.
>
> Best regards!
>
>--
> John
>____________________________________________________________________
>Customer Service Software Workshop Inc.
>[EMAIL PROTECTED] (315) 635-1968(x-211) "software that fits!" (TM)
>http://www.thebook.com/
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Help setting up an SSL web server
Date: Tue, 24 Aug 1999 21:15:26 +0100
I have a friend who I think had a go but failed - due to lack
of willingness to percivere. He chose Apache and the SSL package
that runs on top of it. But having read the attached docs, easy
does not come into it!
Apache would be my choice!!
Alex
Ken <[EMAIL PROTECTED]> wrote:
: Well, "easy to setup" and "SSL web server" usually aren't used in the
: same sentence. All depends on your Linux experience.
: I just setup an Apache based SSL server on Redhat60. My first word of
: advice ... FORGET ABOUT RPMS!!!
: I tried 4 different RPM distributions (including Mandrake's Secure
: Server) ... while all worked, they were also terrible performers ...
: broken gifs and background images over a 100Mb/s LAN!
: After installing Apache, OpenSSL, and Mod_ssl from tar balls, I have a
: screaming secure server!
: Check out http://www.modssl.org and have fun!
: -Ken
: Peter wrote:
:> What is a good and easy-to-setup SSL web server, preferably a daemon
:> process. I work in Boston and have to administer a linux box in
:> california! Any mini-HOWTOs would be helpful.
:>
:> Thanks
:>
:> --
:> --Peter Eacmen
:> [EMAIL PROTECTED]
------------------------------
From: <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,comp.os.linux.misc
Subject: Re: Sendmail & popserver
Date: Tue, 24 Aug 1999 21:38:53 +0100
With sendmail, add to the script that calls fetchmail
Assuming you are running fetchmail as already suggested as a daemon.
(Brackets show example output)
eg:
fetchmail (fetchmail process at 120 awakened)
sendmail -q
This will force sendmail to process the mail queue and
send out whilst fetchmail is receiving. This could be
done in the ppp script after the connection is
established or run manually or from crontab?
The is no need to HUP sendmail!
Hope this helps
Alex
[EMAIL PROTECTED] (rm edy!)
Thorsten Lau <[EMAIL PROTECTED]> wrote:
: "H�kan Trygg" schrieb:
:> Hi all
:>
:> I am trying to setup a local mail sever. (=changing from NT to Linux :-)
:>
:> 1. We have a "multi-pop" mail account, not UUCP, from the ISP.
:> All mail that is designated to our domain is placed in this pop
:> account and a small mail reader program reads all this mail and
:> resends these mail to the local mail popserver.
:> 2. We do not have a direct line to our ISP. We uses an ISDN router
:> and for reducing call charges we want the mail program only collect
:> mail at designated times.
:> Outgoing mail are transferred from the local mail server to the ISP
:> mail server at the same time as the multipop account is read
:>
:>
:> So.....
:> 1. How to read the popmail and forward it to the local mailserver?
:> Is there any small utility program?
: I used �fetchmail� for this problem,
: its easy to configure via a resource file. This fetches mails from different
: accounts, and resends it to the local mailboxes.
: Best wishes,
: Thorsten Lau.
------------------------------
From: L Hill <[EMAIL PROTECTED]>
Subject: ipfwadm and command line ftp problem
Date: Tue, 24 Aug 1999 16:53:36 GMT
Hello,
I'm using ipfwadm to use the internet from a gateway to several
different machines. Every function works perfect, except command line
ftp, which gives me a "Port already in use" message. Can anyone please
help?
Thanks,
Luke
------------------------------
From: dmalcolm <[EMAIL PROTECTED]>
Subject: Re: pop/imap over forwarded/masqued connection
Date: Tue, 24 Aug 1999 15:55:02 -0500
Jeff Lloyd wrote:
> Hi,
>
> I have a stock redhat 6.0 linux box with the 2.2 kernel
> forwarding/masquerading for both a linux and W95 box. Under both setups
> everything seems to work fine ( the web, ftp, telnet, etc. ) but email
> clients. The clients ( I have tested Netscape pop/imap on both linux and
> W95 and eudora pop on W95 ) simply cannot retrieve email. Eudora gives up
> waiting for "UIDL Information" and Netscape hangs with the message
> "Sending Login information".
>
> My setup is simple and right out of the HOWTO. I just have the basic
> commands setup to get masquerading working, I haven't tried the more secure
> setup.
>
> Eg: This is from my script to start masquerading:
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
>
> and I have the kernel modules loaded as well. Now everything but mail
> retrieval works using this. I haven't tried to send mail yet.
>
> Also, pop/imap mail retrieval works fine from the firewall machine itself.
>
> Thanks for any help,
>
> --
> Jeff Lloyd
> jlloyd at
> algorithmics dot com
Sounds like a port is not open in spite of the fact the the rules look like
they should be. Try this:
download and install IPChains-1.6 from http://nerdherd.org/ipchains/. Note that
this is not the 'ipchains' program, but it is a set of three setup scripts,
one of which may be right for you. I installed the masquerade script and
everything ran.
Dan
[EMAIL PROTECTED]
------------------------------
From: Avijit Purkayastha <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Help: Fujitsu network device module problem??
Date: Tue, 24 Aug 1999 11:53:04 -0500
Hi All,
I am having a major problem fujitsu device driver fmv18x. I have
configured my ether card
(Eiger 10BT) to run DHCP. The config files are ok (I have set hostname,
domain, DNS and
dhcp protocol). When I boot, the `eth0' is failing with the
message (from /var/log/messages):
insmod: /lib/modules/2.2.9-19mdk/fmv18x.o: init_module: Device or
resource busy
When I checked `dmesg' the following appears:
fmv18x: register_netdev() returned non-zero
Both of these messages appear irrespective if the card is in/out of slot
and PCMCIA
recognises card correctly also..
This exact same setup worked with rh5.1, its only when I upgraded to
rh6.0 that
I am facing this problem....:-((
Anyone facing similar problems with their respective device drivers? Any
suggestions
or help is greatly appreciated.
-- Avi
------------------------------
From: [EMAIL PROTECTED] (bill davidsen)
Subject: "Packet log" analysis
Date: 24 Aug 1999 21:39:08 GMT
I have used ipchains to log a number of possible problem packet types,
and I'm getting tired of looking up the class, icmp services, etc.
Before I write a script to turn these entries into something more
rapidly human readable, is there one I've missed?
--
bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
The Internet is not the fountain of youth, but some days it feels like
the fountain of immaturity.
------------------------------
From: [EMAIL PROTECTED] (Lee Allen)
Subject: Re: Need help w/ firewall rule for SSL (https)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 24 Aug 1999 16:59:12 GMT
On Tue, 24 Aug 1999 14:42:39 GMT, [EMAIL PROTECTED] (Lee
Allen) wrote:
>Could someone provide example firewall rules that would enable me to
>access https web sites?
I probably should have mentioned, this is an old kernel and I am using
ipfwadm, not ipchains.
-Lee Allen again
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: IP Masquerading Challenge
Date: Tue, 24 Aug 1999 15:30:55 GMT
I use use this setting for this subnet: 255.255.255.0
ipchains -P forward DENY
ipchains -A forward -s 192.168.0.0/24 -j MASQ
eth0=my static ip
eth1=192.168.0.1 (gateway for win boxes)
add machines to that net all day long without a hitch
good luck
agent seven wrote:
>
> On Mon, 23 Aug 1999 18:54:57 GMT, Gustin Kiffney <[EMAIL PROTECTED]>
> said:
>
> >Don't get mad if this seems too elementary, but did
> >you set the network tcp/ip gateway on all those Win95/NT
> >machines to be 192.68.1.1(your Linux masquerading gateway)?
>
> Yep. As I mentioned, the Win95 setup on the 1.4 machine (the other
> Win95 box) is absolutely identical to the working Win95 box (1.2)
> which I am posting to you from as we speak - meaning, yes, gateway
> 1.1.
>
> A7
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
From: [EMAIL PROTECTED] (Stuart R. Fuller)
Subject: Re: collisions (newbie)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 24 Aug 1999 21:10:02 GMT
Surya P Kommareddy ([EMAIL PROTECTED]) wrote:
: I configured my Linux machine for networking. When I do /sbin/ifconfig I get
: the output showing that there are a lot of collisions on my NIC eth0.
: =================================================================
: lo ..........
: UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
: RX packets:140 errors:0 dropped:0 overruns:0 frame:0
: TX packets:140 errors:0 dropped:0 overruns:0 carrier:0
: collisions:0
:
: eth0 ..........
: UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
: RX packets:276045 errors:0 dropped:0 overruns:0 frame:316
: TX packets:21726 errors:0 dropped:0 overruns:0 carrier:1
: collisions:2642
: Interrupt:10 Base address:0xef40
: ===============================================================
: Can someone please tell me how to avoid these collisions. How do I trace the
: cause of the collisions?
As others have indicated, collisions are a normal thing on an Ethernet
network. A LOT of collisions is not normal. And, looking at your numbers, I
don't see a lot of collisions. The indication of excessive collisions is NOT
the number of collisions per unit of time (after all, if there's no traffic in
an eight hour period, is that good? Maybe the machines are up, and all the
people are asleep?). Instead, use the number of collisions per transmit
packets. You are running at about a 10% collision rate, which is not bad.
Not the best, but not bad.
I'd be more concerned about the >300 framing errors, and the carrier lost
event.
But, in any event, just a collision count by itself is not a good indication
of a problem. You need to post more data, such as the topology of your
network, now many nodes there are on the segment in question, some traffic
volume statistics, etc.
And, the bottom line here is: are you seeing a problem, or are you looking for
work to do?
Stu
------------------------------
From: Eric Z <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: ppp problem with wvdial
Date: Tue, 24 Aug 1999 20:58:11 GMT
In article <[EMAIL PROTECTED]>,
Bernd Schandl <[EMAIL PROTECTED]> wrote:
> I have a problem connecting to my ISP with wvdial. I seem
> to connect ok, but then I can't reach any server (Netscape,
> ftp,rlogin). I am using SuSE 6.1 and have entered a
> nameserver in Yast, which automatically updated resolv.conf.
>
> Any idea?
> Bernd
> --
> Bernd Schandl
> [EMAIL PROTECTED]
>
I would make sure that you have properly entered the nameserver. This
is the exact same symptoms that I had when I entered the nameserver's
address one number off. Also if you have further problems, I found
http://axion.physics.ubc.ca/ppp-linux.txt to be an excellent guide.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Jeff Maki <[EMAIL PROTECTED]>
Subject: PPTP Routing and IPCHAINS.
Date: Tue, 24 Aug 1999 21:10:13 GMT
I have this BIG problem. I need to make a VPN for work. I get the '95
clients to connect over PPTP to my router. They can ping the router
fine. I want the clients to be able to access my entire network, though.
I used IP chains to allow all forwarding through, and it works fine.
When I try to secure it, by just letting forwarding for the individual
workstations through, it doesn't work. �
I've tried ipchains -A forward -i ppp0 -s 192.168.1.0/255.255.255.0 -j
ACCEPT and everything inbetween. I've even used the -C option of
ipchains, and it says it would go through! It doesn't though.
I've been working on this for 3 days! Can somebody PLEASE help me?????
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
