Linux-Networking Digest #387, Volume #12 Fri, 27 Aug 99 17:13:40 EDT
Contents:
Re: IP Masq. / port problem.. (luke)
Re: VMware - wow! (John Hasler)
Re: Firewall Rules (bill davidsen)
Re: NFS and GNU Linker producing corrupted executables (RHL 2.2.5-15/2.2.11 and AIX
4.2.1) (Mario Klebsch)
Re: VMware - wow! (Doug DeJulio)
Re: Mult. 3com card problem (LhD Administrator)
Re: Can/should a firewall be used as DHCP server ("Kyle Maxwell")
Re: VMware - wow! (steve mcadams)
Re: Linux / DHCP / DNS /WINS ("Jon Richardson")
Newbie - Networking RH6 & Win98SE ("Justin Colson")
INN authentication problem (bill)
Re: Direct dial-up (Wan Hing Wah)
PCMCIA ("Lonny Selinger")
EXIM on Redhat 6.0 ([EMAIL PROTECTED])
Re: Can/should a firewall be used as DHCP server (Jorge O. Martinez)
shutdown ppp on demand ([EMAIL PROTECTED])
Re:
=?iso-8859-1?Q?=A6w=B8=CB=A7=B9PowerLinux=A1A=B5w=BA=D0=B8=EA=AE=C6=A5=FE=A4=A3=A8=A3=A1I=A1I=A1I?=
(Cliff)
Detect ftp trafic! (tommy)
Re: VMware - wow! (steve mcadams)
wvdial (Philipp von dem Bussche-H�nnefeld)
----------------------------------------------------------------------------
From: luke <[EMAIL PROTECTED]>
Subject: Re: IP Masq. / port problem..
Date: Fri, 27 Aug 1999 16:42:22 GMT
Oh, hehe, sorry;
ipmasqadm is the tool. Seemed to have worked fine till just about an
hour ago, no it wont work...
Tom Gorski wrote:
>
> your keeping us all in suspense.
>
> what was it?
>
> luke wrote:
>
> > Never mind, i found it..
> >
> > luke wrote:
> > >
> > > Can some one tell me how to setup something like port forwarding,
> > > because i have ip masq. setup, so when some one tries to connect to a
> > > certain port, it forwards that to one of the machines on the LAN, i know
> > > in kernel 2.0 it was "ipautofw", but what about in the 2.2 kernel?
> > >
> > > Thanks alot
> > > --
> > > "Punk rock?!?!?! Isn't that the type of music where kids cut
> > > each other with razor blades and knives?"
> >
> > --
> > "Punk rock?!?!?! Isn't that the type of music where kids cut
> > each other with razor blades and knives?"
--
"Punk rock?!?!?! Isn't that the type of music where kids cut
each other with razor blades and knives?"
------------------------------
From: John Hasler <[EMAIL PROTECTED]>
Crossposted-To: athome.users-unix,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: VMware - wow!
Date: Thu, 26 Aug 1999 18:00:56 GMT
steve mcadams writes:
> Better than nothing but absolutely not a true virtual machine operating
> system by the definition that I'm used to.
It doesn't claim to be a virtual machine operating system. It is a virtual
machine. Different.
--
John Hasler This posting is in the public domain.
[EMAIL PROTECTED] Do with it what you will.
Dancing Horse Hill Make money from it if you can; I don't mind.
Elmwood, Wisconsin Do not send email advertisements to this address.
------------------------------
From: [EMAIL PROTECTED] (bill davidsen)
Subject: Re: Firewall Rules
Date: 27 Aug 1999 16:29:42 GMT
In article <37c4a609.187676524@news>, Mark Post <[EMAIL PROTECTED]> wrote:
| On Wed, 25 Aug 1999 15:23:48 -0000, "Robert_Glover"
| <Please_reply_to@newsgroup> wrote:
|
| -snip-
| >PS. Okay, some of that was touge-in-cheek -- I'm not really that bad,
| >but I do want to see the "paranoid" rules.
|
| Here's what I created today by using the web-based tool at
| http://rlz.ne.mediaone.net/linux/firewall/index.html
May I say that this is much more what I had in mind! I particularly like:
| ----------------------------------------------------------------------------
| # Default policy is DENY
| # Explicitly accept desired INCOMING & OUTGOING connections
|
| # Remove all existing rules belonging to this filter
| ipchains -F
|
| # Set the default policy of the filter to deny.
| ipchains -P input DENY
| ipchains -P output DENY
| ipchains -P forward DENY
What I had in mind for the original script was to DENY icmp and udp via
policy or rule, that was my main complaint about the light duty script.
I really like this one ;-)
--
bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
The Internet is not the fountain of youth, but some days it feels like
the fountain of immaturity.
------------------------------
From: Mario Klebsch <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.setup,comp.os.linux.development,comp.os.linux.development.kernel,comp.unix.aix
Subject: Re: NFS and GNU Linker producing corrupted executables (RHL 2.2.5-15/2.2.11
and AIX 4.2.1)
Date: Fri, 27 Aug 1999 17:06:19 +0200
David Elder <[EMAIL PROTECTED]> writes:
> d) A byte by byte comparison of the executable files
> shows that they only differ by about 12k bytes out of
> 4Mb. The difference is that a few zeroes have
> crept into the corrupt executable image. Usually just
> one or two here and there that shift the binary
> code by a byte or two for sections of the corrupt executable.
> Most of the executable is identical and the areas where
> a zero or two have been inserted are also identical except
> for the offset.
> The whole 12k of appears to be caused by a handful
> of corruptions where these extra zeroes offset the
> executable code for a section.
I would try to compare the actions taken by the linker. First, there
are several options to make the linker show what it is doing. E.g.
there is an option to create a map file. You can compare the map files
and see wether they are different or not.
If they are not different, it is an indication, that the linker does
the same job in both situations. I would then run the linker with
truss and compare the truss output. This again should show differences,
if you are hunting a linker bug.
73, Mario
--
Mario Klebsch [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Doug DeJulio)
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: VMware - wow!
Date: 27 Aug 1999 15:23:07 -0400
In article <[EMAIL PROTECTED]>,
Eric deRiel <[EMAIL PROTECTED]> wrote:
>
>steve mcadams wrote:
>
>> It is my understanding that the Intel x86 architecture lacks a couple of
>> instructions that make TOTAL TRANSPARENCY impossible. This is why I was
>> initially skeptical.
>
>If being a true virtual machine implies hardware-supported
>transparency, then your objection is reasonable. But if a software
>layer makes up for the missing functionality, such that the OS running
>on the vm still ends up with no knowledge of its circumstances, what's
>the difference?
The point is that you *can't* do this perfectly on today's
IA32-compatible systems.
You can get close. You can fudge the parts you can't do by performing
slight hacks on the OS you run on the virtualized machine (VMWare does
this, eg. with its special X server or Windows display driver).
You can switch things over to interpreting the machine code rather
than running it directly, which will get you even closer (but then why
not use PoewrPC or Alpha underneath, instead of a physical version of
the virtual CPU you're emulating?).
The part of this that's a shame is that it'd only take a few tweaks to
IA32 to make virtualization really possible. I believe a non-Intel
vendor (eg. AMD) could do those tweaks in a way that doesn't break
compatability with any code that isn't aware of it, and build a truely
virtualizable x86 box. But nobody appears to have done so.
--
Doug DeJulio | mailto:[EMAIL PROTECTED]
HKS, Incorporated | http://www.hks.net/~ddj/
------------------------------
From: LhD Administrator <[EMAIL PROTECTED]>
Subject: Re: Mult. 3com card problem
Date: Fri, 27 Aug 1999 19:31:04 GMT
Ying Q. Li wrote:
> hello, all, can any tell me a way seting up two same NICs, for example
> 3c509. I was using modprobe, and it probes both NIC at the same time on
There may be some ideas here
http://lhd.datapower.com/db/dispproduct.cgi?DISP?87
(many are successfully using this card with Linux)
and here:
http://cesdis.gsfc.nasa.gov/linux/misc/multicard.html
LhD Administrator
LhD: Linux Hardware Database
http://lhd.datapower.com
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
From: "Kyle Maxwell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: Can/should a firewall be used as DHCP server
Date: Sat, 28 Aug 1999 14:58:01 -0500
You should be able to just tell the dhcp server to only listen on the NIC
for the internal network (e.g. "/usr/sbin/dhcpd eth1", where eth1 is the
interface for your LAN). If someone still compromises an internal box,
that's a separate issue, but it's still relatively safe.
Of course, if you happen to have some sort of internal server in each subnet
(or for that matter just one, if they're all on the same Ethernet segment),
you could always install the dhcp server on that and avoid any peace-of-mind
worries. <G>
--
Kyle Maxwell
GTE EIPS
Jorge O. Martinez <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi there Linuxeros!
>
> I have a project (network) that I must finish within the next few days,
and
> one of this network's vital components will be a firewall between my
> private network, and an ADSL connection to the web. I got 5 static IP
> addresses from my provider, so I am going to set up 5 different firewalls
> for different 'depts.' so they are invisible to each other. Of course, the
> firewalls will be Linux based.
>
> I would like to use DHCP for the private network side, and I am wondering
> if I can/should use the same box that I will use for the firewall as a
DHCP
> server...From what I have read, as many services as possible should be
> disabled for the firewall, but I am wondering if the DHCP server would
also
> be a potential security hole...I wonder if I it can even be done as this
is
> my first firewalling project!
>
> I'll be using Suse or Mandrake for the firewall...Or any other distro that
> can get the job done! Suggestions are welcome on this issue too!
>
> Thanks in advance for any suggestions,
>
> Regards,
>
> Jorge M.
>
> ------------------ Posted via CNET Linux Help ------------------
> http://www.searchlinux.com
------------------------------
From: steve mcadams <[EMAIL PROTECTED]>
Crossposted-To: athome.users-unix,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: VMware - wow!
Date: Thu, 26 Aug 1999 07:59:31 -0600
Jason Pell wrote:
> You must have a base OS on which to run a virtual machine, thus the
> reason
> it is called a _virtual_ machine..
>From this I conclude that yes, it is in fact a crude hack.
I guess most people have no experience with true virtual machine
operating systems like IBM's VM/ESA (or whatever its latest version has
been renamed to, I've been away from it since 93).
They have an operating system they called CP (Control Program) that runs
the base hardware. Its sole purpose in life is to TRANSPARENTLY host
other operating systems. The operating systems running on top of it can
not tell they are not running natively. You can even run CP
second-level on top of CP to debug it. It runs at full processor speed,
the systems on top of it run at full processor speed except that there
are lot of interrupts happening that are processed by CP and result in
remapping of memory and hardware to allow sharing of the processor and
its associated hardware on a transparent basis.
It is my understanding that the Intel x86 architecture lacks a couple of
instructions that make TOTAL TRANSPARENCY impossible. This is why I was
initially skeptical.
If vmware is running on top of NT or on top of Linux then at best it is
acting as an interpreter. Better than nothing but absolutely not a true
virtual machine operating system by the definition that I'm used to.
------------------------------
From: "Jon Richardson" <[EMAIL PROTECTED]>
Subject: Re: Linux / DHCP / DNS /WINS
Date: Fri, 27 Aug 1999 19:42:59 +0100
Use Samba! I've been around the same path a couple of times and the only
half-reasonable solution I could figure out was Samba - whats the problem
with running it?
Jon..
>(THE PROBLEM)
>I also get messages that the Linux box can't determine it's local host name
>(from GNOME, etc). I can fix this temporarily by adding an entry for the
>local machine to /etc/hosts but then have to change this every time my DHCP
>server gives me a different ip address. My DNS server can talk with my
WINS
>server so I think I could resolve this problem by having the Linux box
>register itself with the WINS server. I think the Samba package can
>register itself with WINS but I was looking for a way to do this without
>Samba.
------------------------------
From: "Justin Colson" <[EMAIL PROTECTED]>
Subject: Newbie - Networking RH6 & Win98SE
Date: Fri, 27 Aug 1999 20:45:09 +0100
I've just sucessfuly setup a Linux box and attached it to my home network,
have setup the Linux box as 192.168.0.2 and the Win98 box as 192.168.0.1 and
setup Samba in LinuxConf to use workgroup "WORKGROUP" the same as the Win98
box, both machines can sucessuly ping each other but the Linux box doesn't
show up in the Win98's Network Neighbourhod and Netscape can't find the
server when I try to get it to connect to Win98 ICS.
------------------------------
From: bill <[EMAIL PROTECTED]>
Subject: INN authentication problem
Date: Fri, 27 Aug 1999 20:46:22 +0200
Reply-To: [EMAIL PROTECTED]
Please advice on the following:
Recently I put my old PC (running Debian GNU/Linux 2.1) in a network
with my new PC. Since that time I have been unable to post news. innd
is running, I can make contact with telnet to port 119, with ctlinnd I
can create and delete newsgroups, I can fill them with suck, and with
pine I am even able to read them; but I cannot post.
slrn gives:
Connecting to host localhost ...
Failed to initialize server
Reason: 502 You are not in my access file. Goodbye.
slrn fatal error:
Failed to initialize server.
I could not identify that access file. I've tried all kinds of things
in the config files I could find (see below), but I cannot get this to
work neither for "localhost" nor for "tompth" (my `hostname`).
Can someone point me to the correct file and tell me what it should
contain?
Also I'd appreciate advice what to use as newsserver: "localhost" or
"tompth".
/etc/hostname:
tompth
/etc/hosts:
# IP name aliases
127.0.0.1 localhost loopback local
# I have an interface (eth0) to connect this IP address to:
192.168.1.2 tompth tompth.tomnet
192.168.1.1 smurf smurf.tomnet
# my fixed IP address at xs4all:
194.109.13.239 tompth.xs4all.nl
194.109.6.66 dns.xs4all.nl
# to avoid warnings about bad hosts.nntp in news syslog when offline:
194.109.6.74 news.xs4all.nl
/etc/news/server:
localhost
/etc/news/inn.conf:
server: localhost
fromhost: tompth
pathhost: tompth
/etc/news/hosts.nntp:
localhost:
tompth:
tompth.tomnet:
tompth.xs4all.nl:
news.xs4all.nl:
/etc/news/nnrp.access:
## Default is no access, no way to authentication, and no groups.
*:: -no- : -no- :!*
## Localhost and stdin gets posting access.
stdin:Read Post:::*
localhost:Read Post:::*
tompth:Read Post:::*
tompth.tomnet:Read Post:::*
tompth.xs4all.nl:Read Post:::*
127.0.0.1:Read Post:::*
192.168.1.2:Read Post:::*
194.109.13.239:Read Post:::*
## Use this to allow access to everybody else in your organization.
*.tomnet:Read Post:::*
192.168.1.*:Read Post:::*
--
#>!$!%(@^%#%*(&(#@#*$^@^$##*#@&(%)@**$!(&!^(#((#&%!)%*@)(&$($$%(@#)&*!^$)^@*^@)
Tom Peters
e-mail [EMAIL PROTECTED]
------------------------------
From: Wan Hing Wah <[EMAIL PROTECTED]>
Subject: Re: Direct dial-up
Date: Thu, 26 Aug 1999 21:37:06 +0800
Reply-To: [EMAIL PROTECTED]
how about minicom?
Chad Wesley Armstrong wrote:
> Is there a way to do a direct dial-up into a modem in Linux, similar to
> Windows Hyperterminal or Mac's Communications (under Claris/Applework)?
>
> Chad Armstrong
> [EMAIL PROTECTED]
------------------------------
From: "Lonny Selinger" <[EMAIL PROTECTED]>
Subject: PCMCIA
Date: Fri, 27 Aug 1999 12:37:15 -0600
Hello,
I have got RH 6.0 installed on my lap top and since I have done the install
I cannot get pcmcia support to work. Originally, I used a boot.img and a
supp.img to do an FTP install over my pcmcia card (Link Sys) but after I got
the install finished my computer would freeze up while trying to start
pcmcia services. I went in and removed all the packages I could find
regarding pcmcia and it booted fine. I recently installed the kernel-pcmcia
RPM for my Kernel ( 2.2.5-15 ) and it shows pcmcia [ ok ] when it boots
up but it still will not allow acces to the card. I do not even get a link
light when I patch into my hub. Are there any packages I am missing or is
there some way of manually setting up my ethernet card under 6.0. I know it
works based on the way I did my initail set up...but for some reason now, it
does not. I read thet I need to use tulip as the module but when I try to
set it up and run lsmod, it doesn't show up. Any suggestions/ideas/solutions
would be greatly appreciated.
-Lonny
------------------------------
From: [EMAIL PROTECTED]
Subject: EXIM on Redhat 6.0
Date: Fri, 27 Aug 1999 17:54:32 GMT
can the exim package be used on redhat 6.0 system ?
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Jorge O. Martinez <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,comp.os.linux.misc
Subject: Re: Can/should a firewall be used as DHCP server
Date: Fri, 27 Aug 1999 19:31:04 GMT
Jorge O. Martinez wrote:
> Hi there Linuxeros!
>
> I have a project (network) that I must finish within the next few days,
and
> one of this network's vital components will be a firewall between my
> private network, and an ADSL connection to the web. I got 5 static IP
> addresses from my provider, so I am going to set up 5 different firewalls
> for different 'depts.' so they are invisible to each other. Of course,
the
> firewalls will be Linux based.
>
> I would like to use DHCP for the private network side, and I am wondering
> if I can/should use the same box that I will use for the firewall as a
DHCP
> server...From what I have read, as many services as possible should be
> disabled for the firewall, but I am wondering if the DHCP server would
also
> be a potential security hole...I wonder if I it can even be done as this
is
> my first firewalling project!
>
> I'll be using Suse or Mandrake for the firewall...Or any other distro
that
> can get the job done! Suggestions are welcome on this issue too!
>
> Thanks in advance for any suggestions,
>
> Regards,
>
> Jorge M.
>
> ------------------ Posted via CNET Linux Help ------------------
> http://www.searchlinux.com
**** Thanks for the prompt answer **** I really appreciate it :) ****
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
From: [EMAIL PROTECTED]
Subject: shutdown ppp on demand
Date: Fri, 27 Aug 1999 18:14:20 GMT
I installed ppp on demand, works great !
Anyway sometimes it doesn't connect. I'd like to remove
the device and add it again but then it creates a new ppp device
ifconfig doesn't show it but ifconfig -a shows:
ppp0
ppp1
ppp2
I type ifconfig ppp0 down. I also remove the route.
How could I shutdown this device and restart it again ?
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Cliff <[EMAIL PROTECTED]>
Subject: Re:
=?iso-8859-1?Q?=A6w=B8=CB=A7=B9PowerLinux=A1A=B5w=BA=D0=B8=EA=AE=C6=A5=FE=A4=A3=A8=A3=A1I=A1I=A1I?=
Date: Fri, 27 Aug 1999 13:39:30 -0700
Hello,
�j�n�O�A���w���s��cable�P��A�]�\�O������~�Ӥw�C�A�٨S�w��Powerlinux�e�O�_��win98?
�w�����h�j�H�A����_�w�A��powerlinux�w�˵{�ǧ������Φ��\�H
Cliff
Vilmos Soti wrote:
> KiKi wrote:
> >
> > �w�˧����ꪺPowerLinux��A���s�}���ABIOS�N�X�{
> > ��Verfying DMI Pool Data........
> > Not found any ��active partition��in HDD
> > Disk Boot Failure �AInsert Disk And Press Enter��
> > �M��ڥζ}�����}���A���M�o�{�w�Ъ���ƥ��������F�I�I�I�I�I ( �����O���n��
> > )
> > �аݸӦp�ϡH Please help me........
>
> Hi,
>
> If you don't speak English here then we cannot help you a lot. You might
> try to check out the http://www.linux.org.tw site.
>
> Vilmos
>
> --
> Looking for a job in British Columbia.
> http://members.home.net/vilmossoti/resume.html
------------------------------
Date: Thu, 26 Aug 1999 15:15:07 +0200
From: tommy <[EMAIL PROTECTED]>
Subject: Detect ftp trafic!
Hi!
I have question about how I can detect ftp trafic.
I know that ftp use port 21 and port 20 for datatransfer as standard.
But a lot of ftp server (most with mp3, warez and stuff like that) dosen't
use port 21 and 20. And I like to have some why to detect trafic to and
from ftp server on diffrent port then 21,20 without adding a long list
with a port from every new none-standard ftp server I found.
Does ftp as standard make use of ToS (Type Of Services) in the TCP/IP
header?
Is the only why to detect ftp trafic to analyize the data in every ftp
packet to detect if it is ftp,mail,www trafic? If you can't go on the port
number?
I hope you understand that I mean. I know that you can simply detect ftp
trafic on port 20,21 but I need to do it on all port. How do I do it?
Thanks
Kind regards
//TOmmy
------------------------------
From: steve mcadams <[EMAIL PROTECTED]>
Crossposted-To: athome.users-unix,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: VMware - wow!
Date: Thu, 26 Aug 1999 08:15:32 -0600
Jason Pell wrote:
> I was not aware that vmware was claiming to be a virtual machine _OS_,
>
> but just a virtual machine running _within_ an OS.
>
> Your thoughts.
>
> Jason
I hope that I didn't imply that I thought it was fraudulent or
anything. I just don't see it as very useful compared to a true virtual
machine operating system. Its reliability will probably be on the same
order as WINE. I'm sure there are things one could do with it, but
personally I don't think I'd want to fiddle with it. Buying a used
system for $300 or so would give reality and Win/Linux network easily
enough.
By all means, go for it. There are all kinds of fun things to play
with, vmware could well be lots of fun.
------------------------------
From: Philipp von dem Bussche-H�nnefeld <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: wvdial
Date: Fri, 27 Aug 1999 20:30:58 GMT
hi,
I am using wvial to start my ppp and I want to it to act automatically.
So I added wvdial to my crontab.
Who knows the right command to quit the wvdial connection after about 5
minutes or after executing sendmail which I can add to crontab as well???
thanks,
Phil
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
