Linux-Networking Digest #365, Volume #12 Wed, 25 Aug 99 23:13:59 EDT
Contents:
Re: Can an ISP detect masquerading? (Tom Eastep)
Ethernet won't ping, can't figure out problem (Sam Walton)
Re: ipchains -P forward DENY ? (Bob Surenko)
Re: Linux VPN Masquerade and LAN access ("Christopher Hatty")
Re: Help: Samba and Printing (Wes McClain)
Re: Compaq Onboard Ethernet (Tom Eastep)
ipfwadm and irc? should work but how? (JG)
Compatiblity between 2.2.0 and 2.2.9 ([EMAIL PROTECTED])
remote lp printing disappearing in bit bucket (Wes McClain)
Re: Ethernet won't ping, can't figure out problem ([EMAIL PROTECTED])
Re: Need help on Linux and Win98 ([EMAIL PROTECTED])
Re: Help with 2 NICs (Chetan Patil)
IP reverse Addressing..Help on Virtual email domain config..anybody ("Tim Pickard")
root ownership randomly (Gilbert Soucy)
Re: Linux vs. Wingate
Re: nfs mount problem
Help with 2 NICs ("Mike Murray")
----------------------------------------------------------------------------
From: Tom Eastep <[EMAIL PROTECTED]>
Subject: Re: Can an ISP detect masquerading?
Date: Thu, 26 Aug 1999 01:36:22 +0000
Tom
Tom Verbeure wrote:
>
> Hello All,
>
> a tech-guy of my ISP claims that they are able to detect a host running
> Linux IP masquerading (and, of course, that it is forbidden by their
> policy to use this.) Is this true? Are there network expert here who can
> comment on this?
>
> Thanks,
> Tom
While I don't claim to be a network export, lots of TCP/UDP traffic
to/from your gateway's IP with port numbers in the range of 61000 -
65096 would certainly be a hint to your ISP that you are masquerading.
-Tom
--
Tom Eastep | Opinions expressed here
[EMAIL PROTECTED] | are my own and not
Work: [EMAIL PROTECTED] | those of my employer
Shoreline, Washington USA |
------------------------------
From: Sam Walton <[EMAIL PROTECTED]>
Subject: Ethernet won't ping, can't figure out problem
Date: Wed, 25 Aug 1999 19:59:53 -0400
Reply-To: [EMAIL PROTECTED]
I'll try again. RedHat 5.0, kernel 2.0.32 on a 586 clone with 24 megs
of RAM. Ethernet is D-Link 220E (NE2000 compatible and plug and play is
disabled) and is finally recognized by kernel as eth0.
ifconfig says:
inet addr:192.0.0.3 Bcast:255.255.255.255 Mask:0.0.0.0
UP BROADCAST Running Multicast MTU:15000 Metric:1
RX packets:52 errors:0 dropped:0 overuns:0
TX Packets:170 errors;0 dropped:0 overruns:0
Inerrupt:9 Base address:0x300
I set up Network Configurator so that, one day I'll use it for IP Masq,
but right now, I just want to see it on my LAN populated with Macs and
tied to a hub that works for the Macs. I also want to install Netatalk
so I can use it over the network.
So I've set it at 192.0.0.3 (see above) and it is active. I don't know
my netmask because I just want to make sure it works locally first. The
other macs are set at 192.0.0.1, etc.
I have tried pingin from the Macs and from the linux box. Nothing shows
up in scans. Linux is just hitting against something.
Its probably something simple. I've visited the HOWTO which helped me
overcome the plug and play problem. Now I can't get out on the network.
please email, sam
------------------------------
From: Bob Surenko <[EMAIL PROTECTED]>
Subject: Re: ipchains -P forward DENY ?
Date: Tue, 24 Aug 1999 20:01:02 GMT
[EMAIL PROTECTED] wrote:
: Can anyone explain ipchains -P forward DENY what for?
this sets the default chain policy to deny. That means that unless you
explicitly say, "ipchains -A ... -j ACCEPT" the packet will be denied.
so what happens is this:
A packet comes in -> an ACCEPT Rule -> another ACCEPT -> lots of ACCEPTS
-> then finnaly, at the end of the chain, if the packet hasn't gone DENY
it.
Many people say that security based on DENY except if explictly ALLOWED
is the best way to go.
Bob
: Thanks
: Jonathan
: Sent via Deja.com http://www.deja.com/
: Share what you know. Learn what you don't.
--
=============================================================================
- Bob Surenko [EMAIL PROTECTED]
- http://www.fred.net/surenko/ finger for PGP key
=============================================================================
------------------------------
Reply-To: "Christopher Hatty" <[EMAIL PROTECTED]>
From: "Christopher Hatty" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux.slackware,comp.security.firewalls
Subject: Re: Linux VPN Masquerade and LAN access
Date: Thu, 26 Aug 1999 01:24:14 GMT
Older versions of the Bay Networks VPN client restricted access to networks
other than the one accessed by the VPN, if memory serves. I had the same
problem when I started using VPN for access to my work servers. When they
upgraded the client, the problem went away. I imagine, too, that the
configuration the VPN server sends back to your PC at connect time can
restrict access to (and from) other networks, for security reasons. If
you're using the same or better client than I am (V2_02.56), check with your
security admins.
The problem I am encountering myself is that I have no idea how to set up my
Linux Masquerade IPChains firewall thing (I'm new at this ;) to allow
traffic to and from the VPN servers. So with my Linux box as my firewall,
the VPN client on my internal Windows machine does not work. In fact, I
can't even connect to the VPN server at all. Could you let me know how you
managed, or where you found the information?
Thanks,
Chris
David McMahon <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Hello,
>
> ** networking newbie alert **
>
> I just set up my new Slackware Linux box with the VPN
> masquerading patched 2.2.10 kernel, but I don't have full
> access to my local network when I'm connected to the VPN!
>
> Here's my config:
>
> A) Win98 box (using Bay Networks Extranet Access Client- VPN)
> B) Win98 box
> C) Linux Slackware 2.2.10 vpn patched kernel w/ 2 NICs
> connected via SDSL
>
> Before I connect to the VPN, I can ping all machines from all
> other machines, I can browse all machines using
> Network Neighborhood (SAMBA for the Linux box) and I have
> internet access from all boxes. Perfect.
>
> Once I connect using the VPN client on my Win98 box A),
> I can no longer ping from C) to A), from A) to C), from A) to B)
> or from B) to A). The VPN client machine being the obvious
> HOLE here.
>
> I *can* ping from B) to C) and from C) to B) and can still
> browse (via network neighborhood) and UNC between A) and B).
>
> And all machines have internet access although only the
> A) Win98 box has access to the VPN resources.
>
> So, I'm wondering what is wrong with my networking either on
> Linux (I'm assuming it's there) or on the A) win98 box?
>
> I've been reading the how-to's but can't quite find the answer(s)
> I'm looking for. The documentation on this particular setup is
> actually quite limited....VPN masquerading.
>
> Can anyone help?
>
> Also, out of curiousity, has anyone found and ran an IPSec VPN
> client on a Linux machine? I haven't found one yet, but I wonder
> if all of the machines in your LAN would then have access to the
> VPN resources because the whole setup is now masqueraded thru
> that gateway Linux machine.
>
> Thanks for any assistance.
>
> David McMahon
>
>
>
>
------------------------------
From: Wes McClain <[EMAIL PROTECTED]>
Crossposted-To:
tw.bbs.comp.linux,alt.linux,comp.os.linux,comp.os.linux.misc,comp.os.linux.questions,info.ncsa-telnet,hk.comp.os.linux,hk.comp.os.unix,hk.comp.pc,comp.protocols.smb
Subject: Re: Help: Samba and Printing
Date: Wed, 25 Aug 1999 21:42:59 -0400
Jimmy Lio wrote:
>
> The Windows clients can see the printer attached to the server. When
> the clients print to the Samba printer, they succesfully pass the file
> to be printed to the Linux box (in fact, I tried 'ls' continuously on
> the specified printer path... and files appear on the path once I click
> to print on the windows clients)... but the files passed to the printer
> path is gone in less than a second... and the files are not printed
> out... and the printer doesn't even response to the print request from
> the Windows clients.
>
I was having a hell of a time with the same problem on my machines with
Redhat 6.0 and after trying every possible change to the printer section
of smb.conf I changed the security setting from user to share. That did
the trick, although I've no idea why. Now, if I could only fugure out
why my RH5.2 system has to use samba in order to properly print to my
rh6.0 system, I'll be really smokin'.
wes
------------------------------
From: Tom Eastep <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: Compaq Onboard Ethernet
Date: Thu, 26 Aug 1999 01:44:29 +0000
Kyle Hargraves wrote:
>
> I'm wondering if anyone has been able to use the onboard ethernet on the Compaq
>Deskpro series.
> I believe the chipset is the same on the 590 through the 5133 - I'm using a 590.
>I've already
> tried the on-board support in 2.2.10. I'll gladly upgrade or downgrade to make this
>work - I
> just don't want to spend money on going out and buying a card (mainly because I
>don't have the
> money to spend). The kernel doesn't want to recognize that there is ethernet on the
>systemboard.
> I'd try and look through manuals, but this is a secondhand machine I managed to
>scrounge up,
> so I have none. Any help would be greatly appreciated.
>
There are two common types of onboard NICs on Compaq systems - the
system I'm sending this on uses the de4x5 driver.
a) Dec 2114x which can use either the Tulip or de4x5 drivers.
b) Netelligent adapters which use the tlan driver.
One of these drivers should work for you...
-Tom
--
Tom Eastep | Opinions expressed here
[EMAIL PROTECTED] | are my own and not
Work: [EMAIL PROTECTED] | those of my employer
Shoreline, Washington USA |
------------------------------
From: JG <[EMAIL PROTECTED]>
Subject: ipfwadm and irc? should work but how?
Date: Thu, 26 Aug 1999 02:27:23 GMT
I've got diald and ipfwadm running on a 2.0.36 kernal.
I can use netscape just fine, but when I try to use
irc or pop3/smpt, the system just spins...
I'm using the a minorly modified ruleset from the
IP-Masq mini HowTo.
------------------------------
From: [EMAIL PROTECTED]
Subject: Compatiblity between 2.2.0 and 2.2.9
Date: Thu, 26 Aug 1999 01:35:33 GMT
Hello all,
I hope someone can help me out. I have this
program that has been compiled under 2.2.0. I
am trying to run it under 2.2.9 (mandrake
linux 6.0). However while it works fine under
2.2.0 it just goes into lala land under 2.2.9.
It is an X based program and uses X11 library
as well as GNU g++ and c libraries. My question
is, is there any way to make it work on 2.2.9?
Can I download the old libraries from somewhere
and would it work? Or am I condemmed to find a
machine to install 2.2.0 on and run my program from
there?
Many thanks,
Subuddh
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Wes McClain <[EMAIL PROTECTED]>
Subject: remote lp printing disappearing in bit bucket
Date: Wed, 25 Aug 1999 22:05:35 -0400
My printer is connected to my RH6.0 machine(ganesh). Set up as follows:
lp:\
:sd=/var/spool/lpd/lp:\
:mx#0:\
:sh:\
:lp=/dev/lp0:\
:if=/var/spool/lpd/lp/filter:
Works fine locally and when accessed via samba. However, when I try to
print to it from my RH5.2 system(shiva) it goes nowhere. The lpd on
shiva kicks in and the lights on the network hub flash and the drive
light on ganesh comes on for a second, and then nothing. No left over
files or anything from the printer. Both machines have samba running,
and if I configure the priner on ganesh as an smb printer from shiva, it
works fine, so the problem doesn't appear to be on the ganesh side.
Here's what i've tried in the printcap file on shiva:
lp:rm=ganesh
and
lp:\
:rm=ganesh\
:rp=/var/spool/lpd/lp:
both of which have exactly the same result -- aparent pass off to
ganesh, but then the print file just vanishes into the bit bucket.
Anyone have any ideas as to what's going on. According to the books and
docs I have on hand, the first try should have worked, but they are a
bit on old side...
Thanks
Wes
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Ethernet won't ping, can't figure out problem
Date: Thu, 26 Aug 1999 02:11:31 GMT
First things first, get that netmask set up. Assuming your other
machines are on the same network, ie. 192.0.0.x, set the netmask to
255.255.255.0, and try again.
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I'll try again. RedHat 5.0, kernel 2.0.32 on a 586 clone with 24 megs
> of RAM. Ethernet is D-Link 220E (NE2000 compatible and plug and play
is
> disabled) and is finally recognized by kernel as eth0.
>
> ifconfig says:
> inet addr:192.0.0.3 Bcast:255.255.255.255 Mask:0.0.0.0
> UP BROADCAST Running Multicast MTU:15000 Metric:1
> RX packets:52 errors:0 dropped:0 overuns:0
> TX Packets:170 errors;0 dropped:0 overruns:0
> Inerrupt:9 Base address:0x300
>
> I set up Network Configurator so that, one day I'll use it for IP
Masq,
> but right now, I just want to see it on my LAN populated with Macs and
> tied to a hub that works for the Macs. I also want to install Netatalk
> so I can use it over the network.
>
> So I've set it at 192.0.0.3 (see above) and it is active. I don't know
> my netmask because I just want to make sure it works locally first.
The
> other macs are set at 192.0.0.1, etc.
>
> I have tried pingin from the Macs and from the linux box. Nothing
shows
> up in scans. Linux is just hitting against something.
>
> Its probably something simple. I've visited the HOWTO which helped me
> overcome the plug and play problem. Now I can't get out on the
network.
>
> please email, sam
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Need help on Linux and Win98
Date: Thu, 26 Aug 1999 02:07:15 GMT
America Online does not support any operating systems other than
Win 3.1, Win9x, and MacOS. The reason behind this is that they use a
proprietary network interface (called AOLNet) and then tunnel into the
internet using specialized drivers.
In Windows 9x, AOL creates a special device driver in your network
configuration. It is called the "AOL Adaptor." This is the device that
AOL uses to do this tunneling. It is then bound to TCP/IP, so that you
have access to the internet.
As far as DNS setup, AOL uses dynamic IP addresses on their DNS Servers,
and without that AOL Adaptor, it is impossible to get the correct DNS
for the number you are dialing.
Until AOL either creates a client for Linux, or a device that allows us
to connect to AOLNet, Linux users will not be able to use their
connection.
My advice would be to just get a different ISP. AOL has some serious
issues, (as an ISP) other than just lacking a Linux interface. For
instance, they do not have traditional news servers, and their mail
interface is horriable. The mail is proprietary as well, opening up a
different can of worms, even if you could get connected.
Eric Jensema
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Goodmeng) wrote:
> I have Win98 and RH6.0 installed on the same hard drive.
> My ISP is AOL. The tech support told me AOL doesn't support Linux yet.
> 1) Is there a way to see the Win98 downloaded files from Linux in my
situation?
> If it works, then I can download files using AOL4.0 for Windows and
use them in
> Linux. My Win98 if partitioned as FAT.
> 2) I know most ISP supprt PPP connection. Anybody know if AOL does? If
yes,
> what is the DNS IP?
> Thank you very much.
> Joe
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Chetan Patil <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions
Subject: Re: Help with 2 NICs
Date: Thu, 26 Aug 1999 02:37:21 GMT
Are you sure that the cards are configured for different IRQ's and IO
addresses?
And I am assuming that you get lilo to detect the second card at startup
by using
append="ether=0,0,eth1"
Further, I have the folling in my /etc/conf.modules
alias eth0 ne2k-pci
alias eth1 ne
options ne2k io=0x280
Hope this helps.
Chetan
Mike Murray wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can someone out there help me???
>
> I'm trying to configure an old 486 as a linux router with Redhat
> 6.0... I have 2 3Com 3c509 ethernet cards installed, one configured to
> use a 192.168.x.x address, the other configured to use bootproto
> dhcpcd...
>
> Everytime I boot the machine, it brings up both eth0 and eth1
> OK... however, when I run an ifconfig, only eth0 is up. If I try to
> bring up eth1, it says "resource not available". However, if I take
> down eth0, and bring up eth1, it works (but eth1 has the same IRQ and
> IO port as eth0 did).
>
> I've been messing with this for 2 weeks, and it's driving me
> insane...
>
> Any ideas, anyone?
>
> Mike
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 5.5.5
>
> iQA/AwUBN8TLU/5WqcMdbVvFEQLBKQCg2RBt6g0ZjKSaXXXSla0zCvfimakAoOve
> Xw3zDNb7MRH5Idwo04gYxi4k
> =er1L
> -----END PGP SIGNATURE-----
------------------------------
From: "Tim Pickard" <[EMAIL PROTECTED]>
Subject: IP reverse Addressing..Help on Virtual email domain config..anybody
Date: Wed, 25 Aug 1999 21:55:24 -0400
Redhat version 5.2..we have The updated version of Sendmail....we ant to
have virtual email domains....so..my question if your (bold to accept
it)..is the setting up a DNS server..does anyone know how to set up the IP
alias's so that nslookup will se the host virtual domains//.....do I need to
install a reverse.db or does the gnome build that automatically....we
basically want to have 3 virtual domains...can anyone help?....serious Linux
convert
------------------------------
From: Gilbert Soucy <[EMAIL PROTECTED]>
Subject: root ownership randomly
Date: Thu, 26 Aug 1999 02:41:25 GMT
We have a few linux systems running redhat 5.2 in a
net composed also of SGI and SUN workstation. The linux
boxes export their files to every machines on the net.
When working on a remote system, a normal user has created
a few times files or directories owned by root (this
user does not know the super user password) on the
filesystems managed by linux.
I have no idea why this is happening and how this
can be fixed. Is it linked to the way I export
the filesystems? I don't think this has
happened when working locally on the linux box. Any idea?
I am exporting with no_root_squash and this is fine
on our trusted network. The user in question is not superuser
and is well-intentionned. I suspect a bug in NFS. Maybe
I did not search well enough but all the nfs packages
I find are beta (2.2beta)? Where can I find a non-beta
package (or why isn't there a non-beta package) ?
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Linux vs. Wingate
Date: Tue, 24 Aug 1999 21:10:43 +0100
Re the 486 Issue:
I have a dedicated 486 DX-2 80 Linux Box running
Slackware and it easily handles the load that i put on it
with five clients - no problem. Also if you don't want to
spend hours playing with diald - use MasqDialer from
Charles Wright. It is of course free and you can download
the source. It works really well from Windows / Linux / NT
/ OS 2 and a webpage. There are only a very few os's that
there is not a client for!
I tried installing Wingate before I had a Linux box - rubbish.
IP Masquerading easily beats it on speed and configurability
(if that's a word!). It is also far more secure. How many times
have you seen a hacker site with "NEW EXPLOIT FOR WINGATE
PROXY" - answer quite often. In my opinion Linux is far more
stable and secure.
These are of course my own views based on hard experience.
Hope this is of some use to you!
Alex Harrington
[EMAIL PROTECTED] (rm edy!)
Monte Phillips <[EMAIL PROTECTED]> wrote:
: The REAL question, of course, is: Do you want stability. Wingate,
: Sysgate etc all are dependent upon windows, hence when windows goes
: gen'l fault error on you, or simply freezes, guess what so does your
: network. As for Colins remark that Wingate was faster that simply
: isn't true. As he mentioned he put linux on a 486 and ran the
: network, he certainly didn't run Wingate on that machine and run a
: network.
: As for linux being 'hairy', thats bs. It si only as hairy as you
: want it to be. You can have a linux server (once linux is loaded) and
: a windows group samba'd and running smoothly in a short afternoon.
: There are several sites with step by step instructions for networking
: linux<->WinX
: g'Luk
: Colin Wong <[EMAIL PROTECTED]> wrote:
:>Hello
:>If you are not planning to expand beyond 5 computers, wingate is much
:>faster.... at least it was for me.... considering my Linux machine is a
:>486!!
:>
:>Wingate is simple to manage, whereas Linux can get hairy if you don't know
:>what you
:>are doing..
:>Colin
:>Dusko Nikolic wrote:
:>> In my company we have 5 computers with NT Workstation 4 operating
:>> system connected in to peer to peer network. One of them has modem. We
:>> installed Wingate on that machine so that other can share internet
:>> (www, email, news, ftp) access.
:>>
:>> I suppose that same thing can be achieved by purchasing another
:>> computer on which we will install linux so that machine can play role
:>> of server.
:>>
:>> By doing that, what kind of improvements we can expect regarding
:>> security and performance issues?
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: nfs mount problem
Date: Tue, 24 Aug 1999 21:46:52 +0100
Is the nfs server checking access by domain
eg /etc/exports
/myshare *.mydomain.com (ro)
If so, ensure that all the clients know that they belong to mydomain.com.
Alex H
[EMAIL PROTECTED] (rm edy!)
David C. <[EMAIL PROTECTED]> wrote:
: "F.B.Quinn" <[EMAIL PROTECTED]> writes:
:>
:> I'm running 4 nfs servers (slakware, kernel 2.0.30). 3 servers work
:> great! Fourth server, configuration identical to other 3, won't mount.
:> message: "mount <servername> failed; reason given by server: permission
:> denied"
:> I've checked permissions, ownership, on server and on clients, and
:> find no differences. I'm baffled!
:> Help would be appreciated. I suspect it's a problem of the same order
:> as the one I have with remote printing: "waiting for queue to be
:> enabled on <remote printer name>"
: Check /var/log/messages
: If you see a line like:
: ... mountd[####]: mount request from unknown host ##.##.##.##
: then try adding the client's addresses to /etc/hosts.
: I haven't yet figured out how to turn off this particular security feature.
: -- David
------------------------------
From: "Mike Murray" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions
Subject: Help with 2 NICs
Date: Thu, 26 Aug 1999 02:03:33 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Can someone out there help me???
I'm trying to configure an old 486 as a linux router with Redhat
6.0... I have 2 3Com 3c509 ethernet cards installed, one configured to
use a 192.168.x.x address, the other configured to use bootproto
dhcpcd...
Everytime I boot the machine, it brings up both eth0 and eth1
OK... however, when I run an ifconfig, only eth0 is up. If I try to
bring up eth1, it says "resource not available". However, if I take
down eth0, and bring up eth1, it works (but eth1 has the same IRQ and
IO port as eth0 did).
I've been messing with this for 2 weeks, and it's driving me
insane...
Any ideas, anyone?
Mike
=====BEGIN PGP SIGNATURE=====
Version: PGP 5.5.5
iQA/AwUBN8TLU/5WqcMdbVvFEQLBKQCg2RBt6g0ZjKSaXXXSla0zCvfimakAoOve
Xw3zDNb7MRH5Idwo04gYxi4k
=er1L
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
