Linux-Networking Digest #388, Volume #12 Fri, 27 Aug 99 19:13:44 EDT
Contents:
ipchains firewall for citrix ICA ([EMAIL PROTECTED])
1 Routable address and NAT HELP!! ([EMAIL PROTECTED])
Re: Token Ring 16/4 Speed Problem ([EMAIL PROTECTED])
Re: VMware - wow! (steve mcadams)
Fetchmail and Netscape ([EMAIL PROTECTED])
Re: samba (David Bruce)
Re: VMware - wow! (steve mcadams)
2nd Ethernet Card (Wolfgang Scherer)
Re:
=?iso-8859-1?Q?=A6w=B8=CB=A7=B9PowerLinux=A1A=B5w=BA=D0=B8=EA=AE=C6=A5=FE=A4=A3=A8=A3=A1I=A1I=A1I?=
(Vilmos Soti)
Re: Newbie - Networking RH6 & Win98SE (Cliff)
Re: Linux / DHCP / DNS /WINS ("Benedikt Hochstrasser")
Re: VMware - wow! (Jason Pell)
Re: SambA security problem or bug?! ("Benedikt Hochstrasser")
watching mail-server acting (Philipp von dem Bussche-H�nnefeld)
Re: Can an ISP detect masquerading? ("tinman555")
Re: Linux / DHCP / DNS /WINS (whoami)
Re: shutdown ppp on demand ("Robert_Glover")
Re: diskless workstations and boot problem (Martin Schager)
Re: Samba server with floppy distro? ("Benedikt Hochstrasser")
linux packet scheduler (Anshul Kothari)
Re: 1 Routable address and NAT HELP!! ("Kyle Maxwell")
Re: linux box vs switched hub ("Graham Fountain")
Re: Can an ISP detect masquerading? (W.G. Unruh)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: ipchains firewall for citrix ICA
Date: Fri, 27 Aug 1999 18:51:32 GMT
Greetings.
I have a small in-house network set-up with a linux server. The server
is connected to a cable modem and it has an ethernet card (eth1) for the
external connection and one (eth0) for the internal network.
Originally I had the server setup to do strictly IP Masqerading. Here's
what my original setup looked like:
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -F forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -j MASQ -s 192.168.3.0/24 -d 0/0
/sbin/ipchains -M -S 7200 120 900
I have a Win95 machine on the network that run the Citrix MetaFrame
client using the ICA protocol and with this setup it worked just fine.
I also have the metaframe client loaded on the server and it worked as
well under the original setup.
Recently I decided to add firewalling code to my setup. I went to
http://rlz.ne.mediaone.net/linux/firewall/ and used this excellent
resource to develop the basics of my firewall script and then modified
it a bit to suit my network.
Everything worked fine until I tried to start up the Citrix ICA client
on the Win95 machine. It wouldn't connect to the server. I checked the
client on the Linux server and it works fine. They're both configured
exactly the same.
Here's the ICA portion of my firewall script:
EXTERNAL_INTERFACE="eth1"
UNPRIVPORTS="1024:65535"
ANYWHERE="any/0"
IPADDR=<IP Address of external interface as defined by DHCP>
ipchains -A input -i $EXTERNAL_INTERFACE -p UDP \
-s $ANYWHERE $UNPRIVPORTS \
-d $IPADDR 1604 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p UDP \
-s $IPADDR 1604 \
-d $ANYWHERE $UNPRIVPORTS -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p TCP -y \
-s $ANYWHERE 1494 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p TCP \
-s $IPADDR $UNPRIVPORTS \
-d $ANYWHERE 1494 -j ACCEPT
Information about the ICA protocol can be found in RFC 1700. I'd
appreciate any suggestions.
Jason.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: 1 Routable address and NAT HELP!!
Date: Fri, 27 Aug 1999 20:15:35 GMT
Hi all- I am new to NAT and I was wondering if what I want to do is
possible.
I have DSL and 1 address. I want to use NAT so that my other systems
can get onto the net. The thing is I want to use one of my other
systems that is using a translated address to act as a mail server. Is
that possible? Do I need to implement DNS on the Linux box and then
point the MX record to the non-routable address??
Pointers Please-
Thanks
Gammo
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.hardware
Subject: Re: Token Ring 16/4 Speed Problem
Date: Fri, 27 Aug 1999 18:29:58 GMT
Yep, you need to use lanaid to set the ring speed. ibmtr gets its
information from the card, i.e. ringspeed or autosense mode. It doesn't
allow you to specify the ringspeed as a parameter, although the pci
driver (olympic) does. For the latest isa cards, this is probably a
limit of the driver rather than the card.
Mike
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: steve mcadams <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: VMware - wow!
Date: Fri, 27 Aug 1999 13:58:54 -0600
Eric deRiel wrote:
> steve mcadams wrote:
>
> > It is my understanding that the Intel x86 architecture lacks a couple of
> > instructions that make TOTAL TRANSPARENCY impossible. This is why I was
> > initially skeptical.
>
> If being a true virtual machine implies hardware-supported
> transparency, then your objection is reasonable. But if a software
> layer makes up for the missing functionality, such that the OS running
> on the vm still ends up with no knowledge of its circumstances, what's
> the difference?
If the OS running can't tell the difference, then the only disadvantage is
performance.
> As for the issue of "full processor speed" in VM/ESA, those systems
> were certainly subject to slowdowns if loaded enough. I know little
> about the architecture at work, but experienced it enough as a user
> to be quite sure on that point. :)
I suspect it depended on configuration and hardware. I certainly used systems
that were supporting over 2000 interactive users and response was fine; but
these were true big-iron systems with enough power that they had to be
water-cooled.
I always thought it was goofy as hell when they had to shut down the computer
center and call a plumber because of a cooling system problem :-)
------------------------------
From: [EMAIL PROTECTED]
Subject: Fetchmail and Netscape
Date: Fri, 27 Aug 1999 18:36:19 GMT
I've been trying to set up Fetchmail off and on for a little while with
no luck. Everytime I have to go back to Netscape's normal POP mail
setting.
I have Fetchmail working okay. It's the easy part obviously. One
question regarding it is "where" does it store messages ?
Netscape is the one being the pain in the butt. I have
chosen "Movemail", external app being "fetchmail" as the mail server
type. Back to my question above, where do I point as my local mail
location ? Also, back to the incoming mail setup, what user name do I
use ? My username on my Linux box or my username for my ISP (that's
what fetchmail uses).
I've searched here on Dejanews for answers with no luck. One guy was
able to do it by creating links from /var/spool/mail/username to
~/nsmail/Local. I tried that with no luck... At this point, with the
setup above, Netscape hangs up when checking for new mail. "ps" shows
two fetchmail processes running (??).
Thanks in advance for any help or ideas !!
Hall Stevenson
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: David Bruce <[EMAIL PROTECTED]>
Subject: Re: samba
Date: Fri, 27 Aug 1999 19:09:14 +0000
An alternative would be to set Samba to accetpt encrypted passwords. This may
be more desirable in the setting of a university or corparate network where
you don't want plain text passwords flying around the network.
Do this by setting the encrypt passwords = yes in the smb.conf file, ussually
found in /etc
Read the ENCRIPTION.txt in the Samba docs to learn how to create a smbpasswd
file with the correct encrypted passwords.
Also note that a user can change their samba password once logged on to the
linux box with the smbpasswd command.
"Richard A. Hall" wrote:
> Charles,
>
> I'm having the same problem using Red Hat 5.2. Did you ever get the problem
> solved?
>
> Linux can sure make one feel stupid! I'm still lost.
>
> Any thoughts?
>
> Richard Hall
>
> On Sun, 8 Aug 1999 01:06:27 +0100, "Charles Blackburn"
> <[EMAIL PROTECTED]> wrote:
>
> >hi all
> >
> >I am running the samba that is supplied under Suse linux 61
> >
> >when I try to log in from my win98 box it keeps asking me for a password.
> >the problem is that I have tried all the passwods assigned on the system
> >(linux & win98) but none of them work.
> >
> >please
> >help
> >
> >replies via e-mail too
> >regards
> >charles blackburn
> >[EMAIL PROTECTED]
> >
------------------------------
From: steve mcadams <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: VMware - wow!
Date: Fri, 27 Aug 1999 14:15:52 -0600
It wouldn't surprise me if Intel has already done this and hasn't told anyone;
it also wouldn't surprise me if it was part of the next AMD processor. As you
say, it would be easy enough to do.
I'm running a PII-333 at home and it's fast enough for everything I expect to
do with it for years. A virtualizable processor is one of the few things that
would cause me to actually pay money for a new processor; I certainly don't
need a 400 or 500 for the things I do with it, but running NT, Linux, and BeOS
all on the same box at the same time would be so cool I wouldn't be able to
resist.
Doug DeJulio wrote:
>
> The point is that you *can't* do this perfectly on today's
> IA32-compatible systems.
>
> You can get close. You can fudge the parts you can't do by performing
> slight hacks on the OS you run on the virtualized machine (VMWare does
> this, eg. with its special X server or Windows display driver).
>
> You can switch things over to interpreting the machine code rather
> than running it directly, which will get you even closer (but then why
> not use PoewrPC or Alpha underneath, instead of a physical version of
> the virtual CPU you're emulating?).
>
> The part of this that's a shame is that it'd only take a few tweaks to
> IA32 to make virtualization really possible. I believe a non-Intel
> vendor (eg. AMD) could do those tweaks in a way that doesn't break
> compatability with any code that isn't aware of it, and build a truely
> virtualizable x86 box. But nobody appears to have done so.
> --
> Doug DeJulio | mailto:[EMAIL PROTECTED]
> HKS, Incorporated | http://www.hks.net/~ddj/
------------------------------
From: Wolfgang Scherer <[EMAIL PROTECTED]>
Subject: 2nd Ethernet Card
Date: Thu, 26 Aug 1999 16:07:04 +0200
I have put a second NE2000 into my linux box (SuSE 6.1, 2.2.7)
I changed conf.modules to
alias eth0 tulip
alias eth1 ne
I added append "ether=0,0,eth1" to lilo.conf
but now nothing works anymore, not even the first card which worked fine
when alone.
(it seems that linux finds the second card first (eth1) and tries to
setup that one with the tulip-driver)
What can I do? How can I tell linux which card is which?
Thanks & regards, Wolfgang
------------------------------
From: Vilmos Soti <[EMAIL PROTECTED]>
Subject: Re:
=?iso-8859-1?Q?=A6w=B8=CB=A7=B9PowerLinux=A1A=B5w=BA=D0=B8=EA=AE=C6=A5=FE=A4=A3=A8=A3=A1I=A1I=A1I?=
Date: Fri, 27 Aug 1999 19:52:02 GMT
KiKi wrote:
>
> �w�˧����ꪺPowerLinux��A���s�}���ABIOS�N�X�{
> ��Verfying DMI Pool Data........
> Not found any ��active partition��in HDD
> Disk Boot Failure �AInsert Disk And Press Enter��
> �M��ڥζ}�����}���A���M�o�{�w�Ъ���ƥ��������F�I�I�I�I�I ( �����O���n��
> )
> �аݸӦp�ϡH Please help me........
Hi,
If you don't speak English here then we cannot help you a lot. You might
try to check out the http://www.linux.org.tw site.
Vilmos
--
Looking for a job in British Columbia.
http://members.home.net/vilmossoti/resume.html
------------------------------
From: Cliff <[EMAIL PROTECTED]>
Subject: Re: Newbie - Networking RH6 & Win98SE
Date: Fri, 27 Aug 1999 13:41:23 -0700
Hello Justin,
Go to: http://www.sfu.ca/~yzhang/linux/samba/toc.html
Cliff
Justin Colson wrote:
> I've just sucessfuly setup a Linux box and attached it to my home network,
> have setup the Linux box as 192.168.0.2 and the Win98 box as 192.168.0.1 and
> setup Samba in LinuxConf to use workgroup "WORKGROUP" the same as the Win98
> box, both machines can sucessuly ping each other but the Linux box doesn't
> show up in the Win98's Network Neighbourhod and Netscape can't find the
> server when I try to get it to connect to Win98 ICS.
------------------------------
From: "Benedikt Hochstrasser" <[EMAIL PROTECTED]>
Subject: Re: Linux / DHCP / DNS /WINS
Date: Fri, 27 Aug 1999 23:13:18 +0200
John
You must issue 'hostname <myname>' and 'dnsdomainname <mydomain>', either
manually (sigh) or via one of the various rc.nnn scripts.
To look up what's already there, just enter
"find /etc -type f -exec grep -il "hostname" {} \;"
(except the quotes ""). This will spit out the files where some host name
mangling is already taking place.
Unless you use Windows machines, forget about WINS - Linux normally
doesn't need that stuff, the name resolution is done via hosts and DNS.
The final solution would be to use DDNS (dynamic DNS) or DHCP with
reserved addresses (to make sure you always get the same, thus enabling you
to update the DNS files)
Regards, Ben (bhoc at pentagroup in ch)
John Smith <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
XQyx3.1135$[EMAIL PROTECTED]
> (THE BACKGROUND)
> I am testing redhat Linux 6.0 on my network. My Linux box currently uses
> DHCP to obtain its IP information. It successfully gets it's ip address,
> subnet mask, domain name, and dns servers from the DHCP server. I have no
> problem pinging out to other machines by name.
>
> (THE PROBLEM)
> I also get messages that the Linux box can't determine it's local host
name
> (from GNOME, etc). I can fix this temporarily by adding an entry for the
> local machine to /etc/hosts but then have to change this every time my
DHCP
> server gives me a different ip address. My DNS server can talk with my
WINS
> server so I think I could resolve this problem by having the Linux box
> register itself with the WINS server. I think the Samba package can
> register itself with WINS but I was looking for a way to do this without
> Samba.
>
> Any help would be appreciated.
>
>
------------------------------
From: Jason Pell <[EMAIL PROTECTED]>
Crossposted-To: athome.users-unix,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: VMware - wow!
Date: Fri, 27 Aug 1999 00:41:15 +1000
I installed it on my Linux 2.2.1 Redhat system and then installed Windows
95.
The OS runs nicely, although not as fast (obviously) as what it does in
its native installation. The stability of the system is _Much_ _Much_
better than Wine, probably due to the fact that vmware is a virtual machine
like :-) program while Wine is designed to provide a software API that
mimics
the one provided by Microsoft for its OS's.
I realise what you are saying about it not being truly a virtual machine,
but
the chance to have Windows 95 running where it belongs (in an X window)
is really nice.
The only problems that remain are: The license fee, Australian dollars
$160 approx (maybe more!) and the fact that I would have to throw in a new
processor to get the speed.
The other problems are the doco's that are a little sketchy/confusing. I
tried
for days to get a bridged or local host interface working so I could access
my ppp connection from Windows 95 in vmware.
Note: {Anyone with a surefire set of instructions that I could have a go at
again.}
Also I couldn't ever get the printer to work. I guess this last one makes
sense
as the /dev/lp0 is protected and only the spooler has access - vmware is
not
the spooler.
So you see, I am not of the opinion that vmware is perfect, but I like the
idea
of running another OS within my favourite platform (linux) for things like
Microsoft Word (which I need for work) and Oracle database access
(SqlNavigator sqlplus (which I also need for work.), just got to get the
network
actually working....
Cheers
Jason
steve mcadams wrote:
> Jason Pell wrote:
>
> > I was not aware that vmware was claiming to be a virtual machine _OS_,
> >
> > but just a virtual machine running _within_ an OS.
> >
> > Your thoughts.
> >
> > Jason
>
> I hope that I didn't imply that I thought it was fraudulent or
> anything. I just don't see it as very useful compared to a true virtual
> machine operating system. Its reliability will probably be on the same
> order as WINE. I'm sure there are things one could do with it, but
> personally I don't think I'd want to fiddle with it. Buying a used
> system for $300 or so would give reality and Win/Linux network easily
> enough.
>
> By all means, go for it. There are all kinds of fun things to play
> with, vmware could well be lots of fun.
--
[EMAIL PROTECTED]
http://www.geocities.com/SiliconValley/Haven/9778
------------------------------
From: "Benedikt Hochstrasser" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: SambA security problem or bug?!
Date: Fri, 27 Aug 1999 23:43:04 +0200
Raymonds.
> I have defined a service called sybase. This service uses:
> comment = Sybase development tools
> path = /opt/sybase
writable = no <- add this
> write list = @sybase
readable = no <- add this
> read list = @sybase
> oplocks = true
> force group = sybase <- yuck! you force even guests into the sybase
group?
>
You forgot to close out the 'others' - you must deny access to all and then
allow
it to certain users.
And remove the 'force group' statements.
'man smb.conf' will expain everything, and smb.conf-sample shows it as well.
Regards, Ben (bhoc at pentagroup in ch)
------------------------------
From: Philipp von dem Bussche-H�nnefeld <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: watching mail-server acting
Date: Fri, 27 Aug 1999 20:30:58 GMT
Hi,
I am using my Linux box as a mail-server running Suse Linux 6.1
I would like to watch the mail-server acting.
A friend of mine who is also running a mail-server said, he�s using a
programm called something like tail or taile.
Does anybody know more about this???
thanks,
Phil.
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
From: "tinman555" <[EMAIL PROTECTED]>
Subject: Re: Can an ISP detect masquerading?
Date: Fri, 27 Aug 1999 14:33:49 -0700
Bernd Eckenfels <[EMAIL PROTECTED]> wrote in message
news:7q4ome$c83$[EMAIL PROTECTED]...
> Tom Verbeure <[EMAIL PROTECTED]> wrote:
> > But I just want to know: HOW can they detect this?
>
> well.. u can guess it if you see a lot of outgoing connections originating
> from ports in the usual masquerading range (61000-65000). But u can change
> that port.
>
> Greetings
> Bernd
how do you change the port?
------------------------------
From: [EMAIL PROTECTED] (whoami)
Subject: Re: Linux / DHCP / DNS /WINS
Date: Fri, 27 Aug 1999 22:01:32 GMT
I added the -h hostname parameter to the pump command in one of the
scripts. I believe it was /etc/sysconfig/network-scripts/ifup.
Not the best solution but it works for me.
Lou
On Fri, 27 Aug 1999 10:16:31 -0600, "John Smith"
<[EMAIL PROTECTED]> wrote:
>(THE BACKGROUND)
>I am testing redhat Linux 6.0 on my network. My Linux box currently uses
>DHCP to obtain its IP information. It successfully gets it's ip address,
>subnet mask, domain name, and dns servers from the DHCP server. I have no
>problem pinging out to other machines by name.
>
>(THE PROBLEM)
>I also get messages that the Linux box can't determine it's local host name
>(from GNOME, etc). I can fix this temporarily by adding an entry for the
>local machine to /etc/hosts but then have to change this every time my DHCP
>server gives me a different ip address. My DNS server can talk with my WINS
>server so I think I could resolve this problem by having the Linux box
>register itself with the WINS server. I think the Samba package can
>register itself with WINS but I was looking for a way to do this without
>Samba.
>
>Any help would be appreciated.
>
------------------------------
From: "Robert_Glover" <Please_reply_to@newsgroup>
Subject: Re: shutdown ppp on demand
Date: Fri, 27 Aug 1999 20:52:32 -0000
Why destroy and re-create it? Just type:
killall -HUP pppd
------------------------------
From: Martin Schager <[EMAIL PROTECTED]>
Subject: Re: diskless workstations and boot problem
Date: Fri, 27 Aug 1999 23:36:23 +0200
�ystein Haare wrote:
> Martin Schager wrote:
>
> > Hi!
> >
> > I have a problem booting my diskless workstation(s). I boot with my boot
> > disk, everything works fine, the client gets it's IP address via bootp,
> > and then it mounts the root filesystem via nfs and stop!!!!!!!!
> > It seems that init does not want to start for me.
> > Does any one have a solution to this problem ??????????
>
> according to the NFS root howto this is a known problem, but it doesn't say
> how to fix it... just something about providing a correct /lib setup...
>
> anyways, it works fine for me... booting redhat 6.0 from another
> linux-box..
Great ! I also read the HOWTO! I copied /lib /bin /dev /etc /sbin ,... from my
server / (I didnt worrie yet about changing fstab, and the bootup scripts in
/sbin/init.d/ --------- I am happy if I get a step further than mounted root
filesystem.
MS
------------------------------
From: "Benedikt Hochstrasser" <[EMAIL PROTECTED]>
Subject: Re: Samba server with floppy distro?
Date: Fri, 27 Aug 1999 23:22:33 +0200
I run Slackware 3.6 on similar machines with 16 MB RAM and about 50 MB Disk.
However, I still have Compilers and txtutils etc installed, so there is some
room for improvement.
Hint: Boot Slackware off a suitable kernel diskette plus the rescue
diskette.
Copy all the files of the rescue diskette plus Lilo plus the kernel to a
harddisk.
Then add samba.
Or, install Slackware the traditional way and remove everything you don't
really need, make a tarball of the whole disk and distribute it to the other
machines.
Regards, Ben (bhoc at pentagroup in ch)
Jose L Gomez Dans <[EMAIL PROTECTED]> schrieb in im
Newsbeitrag: 7q64hp$k1m$[EMAIL PROTECTED]
> Hi!
> I would like to use one of this single floppy distributions to turn
> old computers into samba servers. As a first step, we have a number of 386
> which could be used as printer servers without any further problems. They
> have small hard drives, and the idea is to be able to quickly turn one of
> these computers into a printer server, and use the hard drives as a spool
> directory.
>
> I have tried mulinux, which comes with a lpr server, but it does not
> come with samba support. Has anyone done something similar? I know I could
> mount root by NFS, but the network is extremely slow, and while that
> wouldn't matter for sending stuff to the printer, it would for NFS access
> (specially if mounting root).
>
> TiA,
> Jose
>
>
>
> --
> Jose L Gomez Dans PhD student
> Radar & Communications Group
> Department of Electronic Engineering
> University of Sheffield UK
------------------------------
Crossposted-To: comp.os.linux.development.system
From: Anshul Kothari <[EMAIL PROTECTED]>
Subject: linux packet scheduler
Date: Fri, 27 Aug 1999 19:08:34 GMT
In the linux kernel source, I found code for more than one scheduler.
Now how does linux know which scheduler to invoke for a given stream of
packet. Does it depend on the device which recieves the packet or out of
all these there is some specific scheduler one which linux use. please
enlighten me..
TIA,
Anshul Kothari
------------------------------
From: "Kyle Maxwell" <[EMAIL PROTECTED]>
Subject: Re: 1 Routable address and NAT HELP!!
Date: Sat, 28 Aug 1999 16:23:23 -0500
No, you don't. All you need to do is set up a rule to forward all incoming
SMTP traffic to your mail server on the LAN.
--
Kyle Maxwell
GTE EIPS
<[EMAIL PROTECTED]> wrote in message news:7q6rku$372$[EMAIL PROTECTED]...
> Hi all- I am new to NAT and I was wondering if what I want to do is
> possible.
>
> I have DSL and 1 address. I want to use NAT so that my other systems
> can get onto the net. The thing is I want to use one of my other
> systems that is using a translated address to act as a mail server. Is
> that possible? Do I need to implement DNS on the Linux box and then
> point the MX record to the non-routable address??
>
> Pointers Please-
>
> Thanks
> Gammo
>
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: "Graham Fountain" <[EMAIL PROTECTED]>
Subject: Re: linux box vs switched hub
Date: Sat, 28 Aug 1999 07:58:57 +1000
As one other poster mentioned, a switch & a linux router/firewall are
completely different, however there is one function of a switch that can be
emulated with a linux computer.
One thing that is achieved with switches is the ability to allow 10MBit and
100Mbit clients on the same network, that can communicate with each other.
With a normal 10/100 Hub the 100 clients can see each other, and the 10
clients can see each other, but the 10's can't see the 100's & vice versa.
A Linux computer can be set up with both 10 and 100 MBit cards in it to
provide the link between your 10MBit and 100MBit networks. This allows you
to save on the expense of buying a big switch, allowing you to use the much
cheaper hubs. This still won't give you as much bandwith as a hub, and it
will impact on the performance of the linux computer, although I can't give
you any figures of how much it will impact it. I use a P133 and it doesn't
seem to hurt it too much.
You can set up the linux box two ways - either as a router or a bridge.
There are some subtle differences between each.
A router will only route TCP/IP packets over the network. You set up your
10MBit clients on one subnet (say 192.168.1.0/24) and your 100MBit clients
on another subnet (say 192.168.2.0/24). Given this, you would then set the
net cards up in the linux box as 192.168.1.1 for the 10MBit and 192.168.2.1
for the 100Mbit. You would then use ipchains to get it to route data to and
from the 192.168.1.0 and 192.168.2.0 networks. Each workstation will need
to be told that the relevant ip address in the linux box is its "gateway"
address. If you want Windows Networking browsing available to you, you will
also need to set up a "WINS" server on your network. Routing also has the
advantage that you can have some level of control over the packets. For
example you can stop certain types of packets traversing the network.
A bridge operates a little differently, in that it makes the two different
network topologies to appear as one physical network. Instead of looking at
the destination IP addresses, the linux computer looks at the Ethernet
address of each packet and routes it accordingly. All of your computers,
both 10's and 100's would be on the same subnet, because as far as each is
concerned, it thinks it is communicating direct to the other. One advantage
of a bridge is that it can also route Netbeui, IPX/SPX, and any other
ethernet protocols. In this respect it functions almost the same as the
ability of a switch to link 10 and 100 networks. I'm not 100% sure, but I
think a bridge configuration would require more CPU power on the Linux
machine than a router configuration.
Another circumstance where you may want to use a switch or a linux router is
if you have a few departments (eg CAD, accounting, typing). Each of these
departments shifts a lot of data within itself, and doesn't shift a lot of
data to other departments (the assumption is that each department has its
own server). All departments also need a low level of shared access to some
other common resources. In this circumstance if you had everyone connected
to a normal hub, the 10 or 100MBit bandwith would be shared between
everyone, so someone saving a big CAD file to a server, would hog bandwith
from every user. The better way would be to set this type of department up
as follows:
TYPING
| | |
HUB
|
Common Resources-----SWITCH -------HUB====Accounting
|
HUB
| | |
CAD
I hope the ASCII "art" lines up, but if not, all hubs are linked to the
switch. If you used a Linux Router or Bridge instead of the switch in this
configuration, you would set it up with 4 network cards. In this type of
enterprise, if you wanted to use only one server (either linux or NT) you
would put it in the central position with four network cards, and set up
with routing.
I'm starting to get a bit long winded - there are a zillion different
configurations and many aspects to be taken into account when determining
the best solution. Hope this helps you.
chas <[EMAIL PROTECTED]> wrote in message news:7q6ebg$pcn$[EMAIL PROTECTED]...
>
>
> Preparing for a discussion with our network administrator...
>
> What are the advantages (if any) of a switched hub over a linux
> router/firewall?
>
> --
> ===============================
> Charles Lewis ([EMAIL PROTECTED])
> Director of IS (SWAU)
> ===============================
>
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (W.G. Unruh)
Subject: Re: Can an ISP detect masquerading?
Date: 27 Aug 99 22:10:19 GMT
"Chris L" <[EMAIL PROTECTED]> writes:
> If you are paying for 56k of bandwidth you should be able to use it any
>way you choose. If one computer uses the bandwidth or 5 computers use it
>it's the same total amount.
Well, of course you might feel that way, but tht may not be the contract
that the ISP requires you to sign. Best advice is-- Get a new ISP.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
