Linux-Networking Digest #364, Volume #12 Wed, 25 Aug 99 22:13:39 EDT
Contents:
Re: Resolving hostnames problems!!! (David Goldstein)
IP traffic acounting on multiple interfaces (Emmanuel CHILAUD)
TLI for Linux? ("Bruce W. Bigby")
IP masquerading prob/question (luke)
Re: nfs mount problem (David C.)
Re: Is routing between these subnets okay? (dmalcolm)
Re: Cracks for Linux? ("Anthony W. Youngman")
Network security ("Devin Palmer")
Re: collisions (newbie) (David C.)
Can an ISP detect masquerading? (Tom Verbeure)
Re: 2 boxes 1 IP (Christopher Allen)
Re: Compiling kernel ("Daniel N.")
Re: IP Forwarding with ipchains - FIXED (Mark Price)
Re: collisions (newbie) (David C.)
Re: eth0/ASDL and Kppp internet connection (Clifford Kite)
Re: Would Linux be good for this? (Duskrunner)
----------------------------------------------------------------------------
From: David Goldstein <[EMAIL PROTECTED]>
Subject: Re: Resolving hostnames problems!!!
Date: Thu, 26 Aug 1999 00:47:56 +0200
cecco wrote:
>
> I have Redhat 6.0 that can connect to my ISP but it cant resolv host
> names. I mean that ping works correctly with the IP adress, but doesnt
> work with the hostnames. Netscape doesnt work too of course.
> I have written in the /etc/resolv.conf files a line like
> nameserver 192.106.104.1
> (i'm not sure if i must write the word nameserver or the actual name of
> the server, i mean in my case tirreno or tirreno.it???)
> in this file there is another string that is 'search', what does it
> mean?
You need to fix your resolv.conf file--usually found in /etc. This
has been covered many times. Add the following:
search domain.name
nameserver ip.address.of.provider
David G
------------------------------
From: Emmanuel CHILAUD <[EMAIL PROTECTED]>
Crossposted-To: comp.linux.misc,comp.linux.setup,comp.linux.development.system
Subject: IP traffic acounting on multiple interfaces
Date: Thu, 26 Aug 1999 00:57:29 +0200
Reply-To: [EMAIL PROTECTED]
Second posting ....
Hi all !
I'm using a linux RedHat 5.2 server with IP-aliasing on a class C range
of adresses.
I need to have a traffic report by ip every day or week or month.
Are there any free products for that or did someone developped a such
utility ?
Thanks in advance,
Manu
------------------------------
From: "Bruce W. Bigby" <[EMAIL PROTECTED]>
Subject: TLI for Linux?
Date: Wed, 25 Aug 1999 20:21:37 -0400
Does anyone know when Linux is going to support TLI, if ever?
--
Bruce W. Bigby
http://home.rochester.rr.com/bigbyofrocny
Do for others what you would want others to do for you.
------------------------------
From: luke <[EMAIL PROTECTED]>
Subject: IP masquerading prob/question
Date: Thu, 26 Aug 1999 01:00:09 GMT
I have it setup, my cable connection is working with linux, and my win
machine is connected to the linux through a hub, and i can use most of
the net through the windows machine, i can use IRC, ftp, mail, www, etc.
But I cant host any servers on the win machine, like Quake or other
games that allow gaming through TCP/IP. Is there a way to allow the win
machine, to host such server?
thanks
--
"Punk rock?!?!?! Isn't that the type of music where kids cut
each other with razor blades and knives?"
------------------------------
From: [EMAIL PROTECTED] (David C.)
Subject: Re: nfs mount problem
Date: 25 Aug 1999 20:26:35 -0400
<[EMAIL PROTECTED]> writes:
> David C. <[EMAIL PROTECTED]> wrote:
>> "F.B.Quinn" <[EMAIL PROTECTED]> writes:
>>>
>>> I'm running 4 nfs servers (slakware, kernel 2.0.30). 3 servers work
>>> great! Fourth server, configuration identical to other 3, won't mount.
>>> message: "mount <servername> failed; reason given by server: permission
>>> denied"
>>> I've checked permissions, ownership, on server and on clients, and
>>> find no differences. I'm baffled!
>>> Help would be appreciated. I suspect it's a problem of the same order
>>> as the one I have with remote printing: "waiting for queue to be
>>> enabled on <remote printer name>"
>>
>> Check /var/log/messages
>>
>> If you see a line like:
>>
>> ... mountd[####]: mount request from unknown host ##.##.##.##
>>
>> then try adding the client's addresses to /etc/hosts.
>>
>> I haven't yet figured out how to turn off this particular security feature.
>>
>> -- David
>
> Is the nfs server checking access by domain
>
> eg /etc/exports
>
> /myshare *.mydomain.com (ro)
>
> If so, ensure that all the clients know that they belong to mydomain.com.
Doesn't do any good.
In my system, /etc/exports contains:
/myshare (rw)
In other words, full access is being granted to everybody.
Nevertheless, the connecting hosts have to be listed in /etc/hosts.
It's a "feature" of mountd, given the line in /var/log/messages. I
thought it might have been TCP Wrappers, but it's not. (If I play with
hosts.deny and hosts.allow, I can get the initial IP connection to be
blocked, which results in a different error.)
-- David
------------------------------
From: dmalcolm <[EMAIL PROTECTED]>
Subject: Re: Is routing between these subnets okay?
Date: Wed, 25 Aug 1999 16:57:37 -0500
David Pereira wrote:
> Hi all,
>
> Is it possible to properly route between the following subnets as long as I
> keep the IP addresses on the correct side? If so, could this configuration
> lead to any potential security issues?
>
> Subnet A: 192.168.111.36/30 (that's a netmask of 255.255.255.252)
> Subnet B: 192.168.111.36/27 (that's a netmask of 255.255.255.224)
>
> My firewall would be setup as follows:
> /sbin/ifconfig eth0 192.168.111.38 broadcast 192.168.111.39 netmask
> 255.255.255.252
> /sbin/ifconfig eth1 192.168.111.40 broadcast 192.168.111.63 netmask
> 255.255.255.224
> /sbin/route add -net 192.168.111.36 netmask 255.255.255.252 gw
> 192.168.111.38
> /sbin/route add -net 192.168.111.36 netmask 255.255.255.224 gw
> 192.168.111.40
>
> TIA,
> ->David
I don't believe that will work. I have it on good authority (and some of my
own experience) that firewalls need the netmask delineate networks at the class
boundary level, not the subnetted level. The router will probably work fine
but I have my doughts about the firewall.
Dan
[EMAIL PROTECTED]
------------------------------
From: "Anthony W. Youngman" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.misc
Subject: Re: Cracks for Linux?
Date: Wed, 25 Aug 1999 20:44:57 +0100
Reply-To: "Anthony W. Youngman" <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>, Oleg Letsinsky
<[EMAIL PROTECTED]> writes
>[EMAIL PROTECTED] (Kaz Kylheku) writes:
>
>> I tried the 4Front technologies driver for my sound card. It locked up my
>> kernel hard so I never looked back at the crap again. That is just lousy
>> programming.
>>
>> I wish that a hole in the ground would open up and swallow up these guys. Not
>> only do their drivers suck, but they are also getting in the way of free sound
>> development by getting into bed with manufacturers who then don't want to
>> release specs.
>I'd second that. The fact that there is a company which signs NDA and
>releases closed-source drivers for soundcards disturbs me. Look at
>Aureal's WWW site, 'Drivers' page. There are drivers for Windows 9x
>(of cause :-/), Windows NT, Win 3.1 (what?!), OS/2(err... I'm not
>sure, what these letters mean? :-))... There are no fscking drivers
>for Linux, only link to www.opensound.com. 'OpenSound', my ass!
>Why is it 'open'? Is it a joke?
>$20 for soundcard, which itself costs < $20, and *no sources*? Sorry -
>no source - no love. But the problem is that Aureal doesn't seem to
>care about releasing specs on their hardware, since 'drivers' for
>Linux already 'exist'.
>
And then you get companies (Buslogic?) who write Open Source drivers for
their SCSI cards. And as a result I bet their doze drivers are also red
hot - there's no hiding bad drivers when everyone can see your code and
tear it apart (even if the dozers haven't a clue how).
--
Anthony W. Youngman - wol at thewolery dot demon dot co dot uk
Trousers with a single hole in their waistband are topologically equivalent
to a doughnut. These sugarcoated trousers have yet to catch on at fast-food
outlets! (SuperStrings by F. David Peat)
------------------------------
From: "Devin Palmer" <[EMAIL PROTECTED]>
Subject: Network security
Date: Wed, 25 Aug 1999 17:03:08 -0000
I have a class c network with 3 linux 5.2 servers with a bunch of Winnt
workstations behind a proxy server. I also have a server outside the class
c network (because it is running as a real audio server and it is a headache
to put it behind a proxy). If I give the outside the server an internal
class C address so that it has 2 ip addresses do I comprimise the security
of my internal servers?
Devin
------------------------------
From: [EMAIL PROTECTED] (David C.)
Subject: Re: collisions (newbie)
Date: 25 Aug 1999 20:36:14 -0400
"sham khalil" <[EMAIL PROTECTED]> writes:
> David C. <[EMAIL PROTECTED]> wrote in message
>>
>> With 10BaseT and 100BaseT, hosts are attached to hubs. Hubs
>> (especially those with full-duplex capability) will greatly reduce
>> the possibility of collisions, by buffering the data coming in on its
>> ports, but they can still happen - especially under conditions of
>> heavy load. A dumb unmanaged hub (aka a repeater) that doesn't do
>> any buffering may not do much to prevent collisions.
>
> How to differentiate the full-duplex vs half-duplex hub? is 3Com
> OfficeConnect 8 port a half-duplex hub? how about 3Com Stackable hub
> 12 port? do a switch hub have full-duplex capability?
Read your documentation. It should say somewhere. Or check the
manufacturer's web site.
Full-duplex capability is a feature that usually raises the price of a
hub, so I would expect it to be mentioned in the documentation and on
the packaging if you have it.
There's no easy way to tell otherwise. The ports will be the same, and
the status lights may also be the same.
Some NICs can auto-detect the presence of a full-duplex hub. If you
have such a card, you may be able to learn what you need from the card's
diagnostic utilities.
-- David
------------------------------
From: Tom Verbeure <[EMAIL PROTECTED]>
Subject: Can an ISP detect masquerading?
Date: Wed, 25 Aug 1999 23:31:29 GMT
Hello All,
a tech-guy of my ISP claims that they are able to detect a host running
Linux IP masquerading (and, of course, that it is forbidden by their
policy to use this.) Is this true? Are there network expert here who can
comment on this?
Thanks,
Tom
------------------------------
From: Christopher Allen <[EMAIL PROTECTED]>
Subject: Re: 2 boxes 1 IP
Date: 26 Aug 1999 00:39:20 GMT
Rusty Deschenes <[EMAIL PROTECTED]> spake:
> Hi,
> I would like to connect a linux pc to the net to use as a mud server and
> i would like to be able to connect my windows pc to the linux one to
KEYWORD: IP-Masquerade
http://metalab.unc.edu/LDP/HOWTO/mini/IP-Masquerade.html
KEYWORD: ipfwadm
- IP firewall and accounting administration
Have your linux box be infront of the windows machine adn redirect ports to other
comp's on your network
ALL information found at :
http://metalab.unc.edu/LDP/HOWTO/HOWTO-INDEX.html
-out
------------------------------
From: "Daniel N." <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.questions,comp.os.linux.setup,linux.dev.config,linux.dev.newbie
Subject: Re: Compiling kernel
Date: Thu, 26 Aug 1999 02:40:50 +0200
ds wrote:
>
> Hi there,
>
> Niether its just a second way to skin a cat. I believe (And I could be wrong
> but zlilo adds the path of your kerel image to the lilo.conf.)
>
> "Ji-Haw, Foo" wrote:
>
yes ...
you are right ... make zlilo copys the kernel and the system.map to / as
/vmlinuz and /System.map ... the old one are renamed in vmlinuz.old and
system.map.old (i think) ...
then it runs lilo....
daniel
--
**************************************************
Daniel Nofftz
Student of Computerscience
University of Trier, Germany
**************************************************
Web: http://nofftz.home.pages.de
Mail: [EMAIL PROTECTED]
IRC: knuddel_ on #trier, IRCnet
Mud: alirion@avalon (avalon.mud.de 7777)
**************************************************
------------------------------
From: Mark Price <[EMAIL PROTECTED]>
Subject: Re: IP Forwarding with ipchains - FIXED
Date: Wed, 25 Aug 1999 17:54:58 -0700
> Machine A has addresses 192.168.1.10 on eth0 and an alias of 192.168.1.20.
> It is also has a tunnel setup on a tap0 device to another machine (B) with an
> IP address of 10.1.0.1.
>
> Connectivity and routing (using masquerading on Machine A) works like a charm.
>
> What I want to do is to forward all traffic (udp and tcp) destined to the alias
> 192.168.1.20 to 10.1.0.1.
>
> I can't quite see the syntax to do this with ipchains. Looks like I port forward
> to local ports, but I can't just say punt everything for 192.168.1.20 to
> 10.1.0.1.
For anyone that is interested I have solved this problem in another way.
Instead of aliasing 192.168.1.20 onto eth0:0 on machine A, I have aliased it on
tap0:0 on Machine B.
I then added a host based route to Machine A sending it out of the tunnel
device.
# /sbin/route add -host 192.168.1.20 dev tap0
I then forced Machine A to proxy arp for 192.168.1.20 using arp.
# /sbin/arp -s 192.168.1.20 00:00:05:bc:fe pub
where 00:00:05:bc:fe is the mac address of Machine A's eth0 (192.168.1.10).
It all works great :-)
Because I was also masquerading on Machine B, I have added a rule to ipchains
that says don't masquerade anything that comes from 192.168.1.20.
Cheers, Mark.
------------------------------
From: [EMAIL PROTECTED] (David C.)
Subject: Re: collisions (newbie)
Date: 25 Aug 1999 20:33:46 -0400
"Surya P Kommareddy" <[EMAIL PROTECTED]> writes:
>
> Thanks a lot for a detailed explanation. I am experiencing a lot of
> collisions as per the averages you were talking about. My system shows 54
> collisions in 42 minutes. I think there are a lot of machines on my net. May
> be I have to cut down some of them. I am worried about this because I am
> using network Distributed Computing (DCE) for my research and it needs good
> network performance.
> Which is the best network for DCE? Any pointers or material on this
> topic is welcome.
What's your physical topology? If you use 10BaseT, what kind of hubs
are used?
If you're using Thinnet, for instance, and you've got more than 5-10
computers on a single segment, then you're going to get a lot of
collisions. (Unless most of the hosts spend most of their time idle, of
course.)
In any case, the solution to collisions is always to reduce the number
of hosts on a single ethernet segment. This usually means adding
bridges or layer-2 switches at various places.
If you need peak performance, then having every host (or at least every
host that requires peak performance) connect directly to a port on a
switch will probably be necessary. Any decent switch should buffer
enough traffic to make collisions virtually nonexistant.
Also, make sure your hubs can handle full-duplex, and configure your
cards for it as well. (If you're using switches, then they should
already support full-duplex, although it might have to be configured.)
-- David
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: eth0/ASDL and Kppp internet connection
Date: 25 Aug 1999 20:18:05 -0500
apm ([EMAIL PROTECTED]) wrote:
: When I check route after bootup I get the following:
: Kernel IP routing table
: Destination Gateway Genmask Flags Metric Ref Use
: Iface
: 209.226.71.0 * 255.255.255.0 U 0 0 0
: eth0
: 127.0.0.0 * 255.0.0.0 U 0 0 0
: lo
: default HSE-TOR-ppp2271 0.0.0.0 UG 0 0 0
: eth0
: where the last line represents my ASDL connection.
Is this an ADSL (I assume you mean this rather than ASDL - I've never
heard of ASDL) connection that connects to the Internet through an ISP?
If so then I'm not sure why you need another ISP dial-out connection,
which is how I read this.
: After I establish a dialup ppp connection I get the following:
: Kernel IP routing table
: Destination Gateway Genmask Flags Metric Ref Use
: Iface
: 205.207.249.34 * 255.255.255.255 UH 0 0 0
: ppp0
: 209.226.71.0 * 255.255.255.0 U 0 0 0
: eth0
: 127.0.0.0 * 255.0.0.0 U 0 0 0
: lo
: default 205.207.249.34 0.0.0.0 UG 0 0 0
: ppp0
: default HSE-TOR-ppp2271 0.0.0.0 UG 0 0 0
: eth0
: At this point, internet packets are still routed through eth0, but if I
: then say:
I don't understand this since the last default route to be set should
be the active default route and I would expect that to be the default
route through the PPP interface, not the one through the eth0 interface.
There is only one active default route at any given time. It's possible
for the default route through HSE-TOR-ppp2271 to be the last one set
after the call-out PPP interface is up if there is something to make
that happen configured in the /etc/ppp/ip-up file, but I don't know why
this would be so.
: ifconfig ethO down
: then the two eth0 lines disappear and traffic is routed through the
: dialup ppp connection.
: However, after I sign off the dialup ppp I can reestablish the first
: eth0 line by saying
: ifconfig eth0 up
: However, I don't know what to say to reestablish the internet gateway
: through eth0.
Just what's happening here is not at all clear to me but you *should*
be able to put
/sbin/route del default gw HSE-TOR-ppp2271 metric 0 dev eth0
in /etc/ppp/ip-up to remove that default route when the dial-out PPP
interface comes up, and then in /etc/ppp/ip-down put
/sbin/route add default gw HSE-TOR-ppp2271 metric 0 dev eth0
to set the HSE-TOR-ppp2271 default route to eth0 again after the dial-out
PPP interface goes down. This assumes that the HSE-TOR-ppp2271 is still
the active default route after the dial-out PPP connection, which seems
to be the case for whatever reason.
Post again with the "route" information before and after the dial-out
PPP connection if this doesn't work.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Speak softly and carry a +6 two-handed sword. */
------------------------------
From: Duskrunner <[EMAIL PROTECTED]>
Subject: Re: Would Linux be good for this?
Date: Thu, 26 Aug 1999 00:52:54 GMT
In article <XQWw3.22$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [Posted and mailed]
>
> In article <[EMAIL PROTECTED]>,
> Eric Sotnak <[EMAIL PROTECTED]> writes:
> > I'm wondering whether linux would be good for the following:
> >
> > Suppose I have a mac G3, an older powermac, and a PC P-III 450. I
want
> > to
> > network the three together so that all can use the same printer(s),
and
> > share
> > files (instead of putting everything on zip disks).
> >
> > If I get ahold of an older model cheap pc, would it be a decent
setup to
> > install
> > linux on it and use it exclusively as a network server for the other
3
> > computers? The 3 computers are used for a lot of
> > graphics-intensive stuff (mainly pagemaker and photoshop).
>
> Yup, Linux will work quite well in such a setup. Most Linux
distributions
> don't include Netatalk, though, so you'll need to get it and install
it
> separately. (Netatalk is the most commonly-used Linux package for Mac
> networking.) There are a couple of caveats:
>
> 1) Depending on just how old that "older model cheap pc" is and what
you
> want to do, you may find performance lacking. I wouldn't want to
run
> really massive disk-intensive stuff over a 10Mbps network
connection to
> a system with a five-year-old IDE hard disk, for instance.
> 2) Netatalk and Samba (Linux's Windows file sharing system) use
different
> methods for file locking, so having Mac and Windows users try to
access
> the same files at the same time can get ugly. Accessing the same
files
> at DIFFERENT times from these platforms isn't a problem, though.
>
> --
> Rod Smith
> [EMAIL PROTECTED]
> http://members.bellatlantic.net/~smithrod
> Author of _Special Edition Using Corel WordPerfect 8 for Linux_, from
Que
Thanks for the replies. Much appreciated.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
