Linux-Networking Digest #451, Volume #12 Thu, 2 Sep 99 14:13:58 EDT
Contents:
Re: I've gotten on, but how do I get off???? ("Robert_Glover")
Re: Browsers and Linux ("Robert_Glover")
Suddenly no ICQ access through ipfwadm packet filter (dave)
Re: SMC EtherEZ(8416) (Mircea)
Re: Q: DNS server via PPP? (Omar Dedovic)
Re: Linux friendly ISPs ([EMAIL PROTECTED])
Re: New kernel, 2.2.12, causing diald to stay open (Chris Sherman)
Firewall rules for neophyte... ([EMAIL PROTECTED])
Re: NewBie!! help with Make (Tony Green)
Re: Internet-Router Probleme (Thomas Kaemer)
Re: Vmware and Linux (Anders =?iso-8859-1?Q?=D6stling?=)
teste ("Remington Inform�tica")
Re: Diskless Stations using RPL bootproms (Thomas Kaemer)
Re: Netscape hangs if not connected to network (Steve Weiss)
samba and dhcp with NO wins server?...(sort of long) ("Oo.et.oO")
Re: UDP pkts on port 2348 ("Robert_Glover")
Re: Can an ISP detect masquerading? ("John Hardin")
Re: NFS+NIS problem (Stephane Galland)
?? Altavista Tunnel 98 & IP MASQ (Ron Vissers)
Re: Win98 newsreader through IP MASQ (Rick Matthews)
----------------------------------------------------------------------------
From: "Robert_Glover" <Please_reply_to@newsgroup>
Subject: Re: I've gotten on, but how do I get off????
Date: Thu, 2 Sep 1999 12:49:25 -0000
There are several things you could try:
1. If you include AT&D1 in your modem init string it should obey the
DTR signal and disconnect when minicom tells it to.
2. You might have a "wierd" modem. If so, then try this procedure:
a. Wait for at least one second
b. Type +++
c. Wait for at least one second
(This should put you in command mode)
d. Type ATH0
(This should make you hang up).
Scott wrote in message <7qkrnq$1mok$[EMAIL PROTECTED]>...
>I'm using minicom and pppd to access my provider, but after I'm done
I can't
>disconnect. I've tried hanging up and quitting and resetting on
minicom.
>Only way I can disconnect is by rebooting!!!!
Rebooting? Oh come on!
>There must be a better way.
What about reaching around to the modem and disconnecting it from the
phone line?
------------------------------
From: "Robert_Glover" <Please_reply_to@newsgroup>
Subject: Re: Browsers and Linux
Date: Thu, 2 Sep 1999 12:27:28 -0000
>Not really.
>I've noticed anything with a memory leak can hang the entire system.
>The KDE icon editor does this often.
>So can other apps.
>Jim
You need to set your ulimits so that doesn't happen. When anything
(usually Netscape) takes to much memory, it now just stops Netscape
and leaves X running.
------------------------------
From: dave <[EMAIL PROTECTED]>
Subject: Suddenly no ICQ access through ipfwadm packet filter
Date: Thu, 02 Sep 1999 09:48:31 CDT
Reply-To: [EMAIL PROTECTED]
I've been using ICQ on NT through an IP masquerading Linux box for over
six months, with the following settings in my firewall script:
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -I -p deny
/sbin/ipfwadm -O -p deny
#
# Allow masquerading from my internal network:
#
/sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
# Bunch of stuff omitted
# Forward ICQ packets
/sbin/ipautofw -F
/sbin/ipautofw -A -r tcp 3000 4000 -c udp 4000 -u
I occasionally have problems for a day or so when I can't get
connected, and I've attributed that to ICQ network problems. But this
has been going on all week. I've rechecked my ICQ settings, and all
seems well. I've even rebooted the Linux box. But I can't connect to
ICQ unless I drop the firewall. If I do that I can connect and use ICQ
for a few minutes after the firewall goes back up, then I lose the
connection.
Any ideas? How can I go about tracking down the problem?
Dave Harms
[EMAIL PROTECTED]
------------------------------
From: Mircea <[EMAIL PROTECTED]>
Subject: Re: SMC EtherEZ(8416)
Date: Thu, 02 Sep 1999 10:20:00 -0400
Wade C wrote:
>
> Hi.. I was just wondering if anyone is using the SMC EtherEZ (8416) card
> with any version of Linux and has it running properly. In a number of
> documents, I have read that I need to install the 8390.o module and the
> smc-ultra.o module. The 8390 works fine, but the other gives me an error
> that there is no Ultra card found, io=(0x0) or something to that effect. So
> if anyone has had any experiences with this card that they would like to
> share, it would be hugely appreciated!
>
> Thanks!
>
> Wade
I do, and it works just fine. Your problem, I think, is due to the Ultra
card being Plug'n'Pray, i.e. you have to use isapnptools (pnpdump and
isapnp) to set up the hardware resources it uses, before trying to have
the ultra module detect it. See the man pages for pnpdump, isapnp,
isapnp.conf, asa well as the PnP-HOWTO.
MST
------------------------------
From: Omar Dedovic <[EMAIL PROTECTED]>
Subject: Re: Q: DNS server via PPP?
Date: Thu, 02 Sep 1999 15:59:23 +0200
Check your /etc/resolv.conf
/od
Gerhard Fuernkranz wrote:
>
> Some ISPs dynamically assign the DNS server address,
> when the PPP connection gets established.
>
> How can I configure Linux to retrieve the name
> serve address via PPP?
>
> Or at least - how can I find out the assigned name
> server address after the PPP connection has been
> established? I did not find any pppd or ipppd
> configuration options to accept the DNS server
> address from the PPP peer.
>
> Thanks,
> Gerhard
--
/\
\\ \ Omar Dedovic
\ \\ / Internet Pro
/ \/ / /
/ / \//\ [EMAIL PROTECTED]
\//\ / / 046-2862524
/ / /\ / 070-9490890
/ \\ \
\ \\ PGP:
\/ pentagon.nu/pgp
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Linux friendly ISPs
Date: Thu, 02 Sep 1999 09:36:41 -0500
I take it all back. There is such a thing as a "Linux Friendly ISP". I am now
one ;^)
I connected to my routers for the first time in years with ppp!!! Yeah!!!. The
router was set to use interactive mode so techs could troubleshoot users.
Setting routers to dedicated, with default routing did the trick. Then simply
using the default script created by pppsetup. Here is the pppscript:
TIMEOUT 60
ABORT ERROR
ABORT BUSY
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
"" "AT&FH0"
OK "atdt5551212"
TIMEOUT 75
CONNECT
That's it. Then off to PAP authentication. Here is the options script:
lock
defaultroute
noipdefault
modem
/dev/ttyS1
38400
crtscts
debug
noauth
passive
asyncmap 0
name "username"
Now to test this and try to determine if it had to do with slowing up the modem
also. This solves the problem on the Cisco Access routers. Now on to the 3com
Total Control Hubs....
Thanks all for the input.
TKT
"Todd K. Tuttle" wrote:
> I have been trying to get a Linux PPP connection to go for 3 days straight
> now. Probably well over 30 hours of fruitless trial and error. It seems like
> it should be simple connect, but trying every combination, trick and stupid
> trick, it just sits there. Of course I can configure a connection with a
> Windows or Mac in under a minute. Probably most ISPs can connect up a Linux
> PPP, except it soooooooooooooo @#$%@#^&^ ridiculously hard that it's not
> worth the effort.
>
> The connection behaves exactly this way with minicom or a terminal program
> (without the quotes and commas of course):
>
> I Dial in,
> Get "Connect 2X000/ARQ/V34/LAPM/V42BIS",
> I hit <Enter>,
> I get "Username:",
> I enter my username and hit <enter>,
> I get "Password:",
> I enter my password and hit <enter>,
> I get a ">" prompt,
> I enter the command "ppp",
> I get PPP characters,
>
> Now this doesn't seem complicated. But whatever I try to put in, it hangs at
> the "Connect" part and just sits. And I just sits...I've tried going through
> every chat options, from the chat man page. All the suggestions in the How
> To PPP guide. The how to hook up PPP by W.G Unruh. Absolutely nothing works.
>
> So I'm asking, begging actually, if you where using a Linux PPP connection
> using pppd to connect to the above connection, what would your script look
> like?
>
> Again, I don't think it's ISP being Linux "Friendly", it's the crappy chat
> scripts that are ridiculously hard. Any help would be greatly appreciated.
>
> Thanks,
> Sorry for the soap-box...
>
> Bayee <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > ksvenbak wrote:
> > >
> > > Does anyone know where I can find a list of Internet Service Providers
> > > that support dial-in using linux?
> > >
> > > K
> >
> > As far as I know, as long as Window can dial-in, Linux can too (using
> > PPP or KPPP). I am now using my Linux dial-in to reply this to you.
------------------------------
From: [EMAIL PROTECTED] (Chris Sherman)
Subject: Re: New kernel, 2.2.12, causing diald to stay open
Date: Thu, 2 Sep 1999 15:27:48 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Chris Sherman) writes:
> I just installed a new kernel, 2.2.12, on my machine (Red Hat
> V6 installation, was running 2.2.5-15), and now the diald
> running on the hub box (running 2.2.5-15 RH V6 installation)
> won't hang up.
Figured out what was wrong... For some reason, the new kernel
woke up named, and it was squawking to the name servers at
my ISP. I shut up named, and diald on the hub closed the
connection a minute later.
BTW, to permanently shut up named, I moved the named config
file to an archive directory. What is the official way
of permanently stopping a "service"?
Thanx...
--
____/ / / __ / _ _/ ____/
/ / / / / / / Chris Sherman
/ ___ / _/ / /
_____/ __/ __/ __/ _\ _____/ _____/ [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Firewall rules for neophyte...
Date: Thu, 02 Sep 1999 16:14:03 GMT
Have a quick question,
if anyone could help me....
I just purchased a new machine to be setup
as a firewall. It has been set up with Slakware
4.0 w/kernel 2.2.6, all the firewall and masq stuff
has been compiled in. It has two nics, one going to
a cable modem and the other to a hub for three other
machines to connect.
My question is..
JUST FOR STARTERS so I can get the other machines out
how would I set my rules on the firewall to let EVERYTHING
in and EVERYTHING out? Do have to do one set of rules
or a set of rules for each nic (eth0 & eth1), I read the
IPCHAINS HOWTO and the IP MASQ HOWTO but am still unclear
on how to do this
/sbin/ipchains -A input -s 0/0 -d 0/0 -p ??? -j ACCEPT
/sbin/ipchains -A output -s 0/0 -d 0/0 -p ??? -j ACCEPT
/sbin/ipchains -A forward -s 0/0 -d 0/0 -p ??? -j ACCEPT
and thats it?
or would I do one for each device like this:
/sbin/ipchains -A -i eth0 input -s 0/0 -d 0/0 -p ??? -j ACCEPT
/sbin/ipchains -A -i eth0 output -s 0/0 -d 0/0 -p ??? -j ACCEPT
/sbin/ipchains -A -i eth0 forward -s 0/0 -d 0/0 -p ??? -j ACCEPT
/sbin/ipchains -A -i eth1 input -s 0/0 -d 0/0 -p ??? -j ACCEPT
/sbin/ipchains -A -i eth1 output -s 0/0 -d 0/0 -p ??? -j ACCEPT
/sbin/ipchains -A -1 eth1 forward -s 0/0 -d 0/0 -p ??? -j ACCEPT
Do I not put in a "-p xxx" if I want to accept any protocol?
and when and where do I utilize the -j MASQ option to masq my
inside ip's?
I do plan on stepping up my rules, but I cant do anything behind the
firewall until I can at least get out.and work from there.
I also know that the answers to these questions are out there
and I tried reading the apprepriate HOWTO's but couldnt find anything
specific, especially on masquerading...
Any help is greatly appreciated
Thanks in advance
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tony Green <[EMAIL PROTECTED]>
Subject: Re: NewBie!! help with Make
Date: Thu, 02 Sep 1999 15:20:19 +0100
This got me when I had just started out too......
When you download a source code version of software you have to compile it. To
do this you have to 'make' the software.
Before this can happen - you have to configure it. Most of the time you can
just follow these steps
./configure
make
(as root)make install
This should configure, compile and install the software in the default
locations.
Hope this helps.
"A.PADMANARAYANAN" wrote:
> hey friends! i am a linux newbie in fact just a week old :)
> i know this is really stupid but it would be great if someone told me this!!
> could anyone tell me please how to install a software if it says i have to
> generate something called "make" , "makefile" i know it has to do with
> compiling a C program or a C++ one but i dunno how to install all these nice
> packages i downloaded for linux from the net!
> please help ! whatz up with make, makeconfig could any one tell me more
> about it pleaz!
> thanks in advance
> vijay
------------------------------
From: Thomas Kaemer <[EMAIL PROTECTED]>
Subject: Re: Internet-Router Probleme
Date: Thu, 02 Sep 1999 18:46:16 +0200
Kamil Kube schrieb:
> =
> Hallo,
> =
> ich habe Probleme beim Einrichten unseres Linux-Routers. Wir verwenden =
die
> Suse Linux-Version 6.1. Das funktioniert bereits:
> =
> - der Linux-Rechner kann sich bereits mit dem Internet verbinden. Der A=
uf-
> und Abbau klappt sehr gut.
> - der Linux-Rechner ist bereits in unser Lan integriert. Ich kann ihn o=
hne
> Probleme anpingen, ebenso erreicht der Linux-Rechner schon die anderen
> Clients mit ping.
> - Das Suse Kernal-Update f=FCrs Masquerading ist bereits eingespielt.
> =
> Der Linux-Rechner hat die folgenden Interfaces:
> =
> eth0 192.168.10.50 255.255.255.0
> ippp0 192.168.0.99 255.255.255.255
> =
> Hier der Auszug des "route -n" Befehles:
> =
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use=
> Iface
> 192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0=
> ippp0
> 192.168.10.50 0.0.0.0 255.255.255.255 UH 1 0 0=
> dummy0
> 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0=
eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0=
lo
> 0.0.0.0 192.168.0.99 0.0.0.0 UG 0 0 0=
> ippp0
> =
> Das Problem welches sich jetzt ergibt ist folgendes: Wenn ich an einem =
der
> Clients versuche in das Internet hineinzukommen, baut der Linux-Recher =
zwar
> eine Verbindung zum Internet auf, jedoch erh=E4lt der entsprechende Cli=
ent
> keine Daten (wir verwenden Windows 98 Clients).
> =
> Vielleicht liegt es daran, da=DF ich beim starten des Linux-Rechners fo=
lgende
> Fehlermeldung erhalte:
> =
> /sbin/init.d/masquerade: /sbin/ipchains: No such file or directory
> =
> F=FCr Eure Hilfe schon jetzt Danke.
> =
> Gru=DF,
> =
> Kamil
Kamil. Du hast Dir die falsche Newsgroup ausgesucht.
Das war ne englischspachige.
Nun zu Deinem Problem:
ipchains ist in der Tat notwendig fuer Masquerading.
such es mal mit "find / -name ipchains
Wenn nicht, hast Du ein Problem, da ich auch nicht weiss, in welchem
Paket es versteckt ist.
hast Du auch einen neuen Kernel fuer masq. gebacken ?
CU Thomas
------------------------------
From: Anders =?iso-8859-1?Q?=D6stling?= <[EMAIL PROTECTED]>
Subject: Re: Vmware and Linux
Date: Thu, 02 Sep 1999 16:11:54 +0200
bill davidsen wrote:
> On the vmware topic, could a Linux machine be set up to run Win
> applications for a bunch of people accessing it through low powered
> access being used as X terminals? After watching them boot several times
> a day, losing work each time, it seems a desirable thing to try.
>
> Yes, the Linux box has ample power for five users doing word processing
> (dual P-II/450).
> --
> bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
> "So let it be written, so let it be dumb." Pharaoh Dufus the last...
Well, I just did an installation of Windows NT TErminal Server on vmware
for Linux, and it works just fine (including Metaframe). The published
applications are visible to external Citrix clients, even the Java client
running
in another process on the same box :-). So it seems that, provided you have
enough memory and CPU, you can do want you describe (w/o X terminals, just
use an old Linux PC with a Citrix client. All for free !). Should work fine
/Anders
------------------------------
From: "Remington Inform�tica" <[EMAIL PROTECTED]>
Subject: teste
Date: Wed, 1 Sep 1999 11:47:13 -0300
Esta � uma mensagem de teste.
------------------------------
From: Thomas Kaemer <[EMAIL PROTECTED]>
Subject: Re: Diskless Stations using RPL bootproms
Date: Thu, 02 Sep 1999 18:38:34 +0200
"Andrew J. Norman" schrieb:
>
> As a stop gap measure, I am currently booting the NE2000 compatible cards
> using a floppy and the "netboot" package. This works, but is not as
> elegant or as robust I would like for a large number of machines (and it
> requires floppy driver in each machine)
>
> Any suggestions and/or links to resources would be appreciated.
>
look at :
http://www.slug.org.au/etherboot/
CU Thomas
------------------------------
From: Steve Weiss <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.x
Subject: Re: Netscape hangs if not connected to network
Date: Wed, 01 Sep 1999 21:06:44 -0400
The problem is netscape trying to connect to your mail server. You can
minimize this (though I don't think eliminate it completely) by changing
your mail server preferences- disable "Check for mail every x minutes".
I use this occasionally, when I want to leave Netscape open and I'm not
connected, but if you open your mail window, even with these settings I
think it will still hang.
-S
Tom Georges wrote:
>
> Juergen Heinzl wrote:
> >
> > In article <[EMAIL PROTECTED]>, Tom Georges wrote:
> > >I'm running Netscape 4.6 on linux 2.2.5-22, Pentium box, RedHat 6.0
> > >distribution.
> > >
> > >Whenever I start Netscape and I have not yet dialed into my ISP,
> > >Netscape hangs (perhaps 10 minutes? Seems like forever!) with
> > >an inactive X display, then eventually comes to life, whereupon
> > >I can browse local pages. I have an ethernet connection that is
> > >frequently active when I do this (via ISDN), so it's presence does
> > >not seem to help. If I dial in before bringing up Netscape, all
> > >is well and no delay.
> > [...]
> >
> > Name server lookup timeouts are pretty long for good reasons and
> > you might disable the default start page and add entries for which
> > you do not want a proxy (all NS).
>
> Thanks for the fast reply!
>
> Because of potential timeouts due to DNS lookups, I have my home page
> set to blank (it used to be set to a local page). This had no effect
> and the delay still has been there. In terms of proxy, I have Netscape
> configured to Direct Connect to Internet rather than use a proxy - is
> this
> what you meant?
>
> Tom
> --
> Thomas L. Georges, SMTS BellSouth Telecommunications S&T
> 675 W. Peachtree St. 41B50 Atlanta, GA 30375
> Office:(404)927-4099 - F:(404)420-8202 - P:(404)672-2784 #1030090
>
> "A government that robs Peter to pay Paul can
> always count on the support of Paul" - GBS
> (ALL OPINIONS ARE MINE and not my employers - but they should be :)
--
"If you watch TV news, you know less about the world than if you just
drank
gin straight from the bottle." - Garrison Keillor
------------------------------
From: "Oo.et.oO" <[EMAIL PROTECTED]>
Subject: samba and dhcp with NO wins server?...(sort of long)
Date: Thu, 02 Sep 1999 13:01:31 -0400
hello-
i have been struggling with this for the past few months... I gave
up a while back but decided to try it again on my own network... I
can't get samba to work is basically my problem... tried all sorts of
stuff...
i just want the funcitonality that comes out of the box in windows....
to start with then i can muck with adding more stuff after i get it to
work...
My setup is this...
we have a little network with a hub in our apt... three machines 1
linux (mine), 2 windows (my roommates).
the uplink of the hub goes to a toshiba cable modem supplied by time
warner and Road Runner.
We get our IPs through the dhcp server on the RR network... obviously
via DHCP
all that works fine (well fine is a relative term) First off the dhcp
server won't take the hostname argument from pump... so i get a
hostname like "cm-26-29-5-123.nycap.rr.com" or something...
oh as you may realise i am running redhat 6.0 with many fixes/tweaks and
kernel 2.2.10.
so i set the hostname manually in /etc/sysconfig/network.
my pump line in /etc/sysconfig/network-scripts/ifup is thus:
if /sbin/pump -i $DEVICE -h byzantine; then
echo " done."
which is stock other than the '-h byzantine' but it still returns a
hostname like the one above...
this is prolly just a lame attempt of keeping us from running servers...
anyway i am not sure if samba is using byzantine as my hostname/netbios
name or the other...
/bin/hostname gives me byzantine so i think i am okay..
but the other trouble is that we don't have a wins server to access on
the network... so we have to use broadcast.
even the windows roommates can't browse reliably... they have to know
the name of the computer and search for it...
so below is my /etc/smb.conf..
I want to know how to set it up so anyone can just browse read-only the
dirs i specify like i can setup in windows...
no passwords no usernames no nothing...
i can set that stuff up later.
so far i can see myself with smbclient but it always says it's going to
127.0.0.1 which i don't know if that is right or not...
[erict@byzantine bin]$ smbclient -L byzantine
Added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Password:
Domain=[PENGUIN] OS=[Unix] Server=[Samba 2.0.5a]
Sharename Type Comment
--------- ---- -------
tmp Disk Temporary file space
redcd Disk byzantine CD-Rom
IPC$ IPC IPC Service (host byzantine Version
2.0.5a for byzantine)
Server Comment
--------- -------
BYZANTINE host byzantine Version 2.0.5a for nmb
Workgroup Master
--------- -------
PENGUIN
and...
[erict@byzantine bin]$ nmblookup -B byzantine __SAMBA__
Warning: inconsistant interface 127.0.0.1
Added interface ip=127.0.0.1 bcast=127.0.0.1 nmask=169.0.0.0
Sending queries to 127.0.0.1
Got a positive name query response from 127.0.0.1 ( 127.0.0.1 )
127.0.0.1 __SAMBA__<00>
but i get that response for ANY name i put in...
i have thus in /etc/hosts:
127.0.0.1 localhost byzantine
so it may be why...
i also have no /etc/lmhosts file as of yet...
se we use dhcp so i'd rather avoid putting ips and stuff in there if
possible...
i mean it works in windows why not here?
okay so any help will be most appreciated... I may soon have a
machine to use as a router for IP MASQ so all these trouble should go
away... but for now i want to get his crap to work!
btw i've been to the following pages which help a lot but still don't
talk about dhcp or if i should get 127.0.0.1 back from nmblookup.
http://us2.samba.org/samba/docs/
home.germany.net/101/69082/samba.html <-- great page!
www.sfu.ca/~yzhang/linux/samba/index.html
www.eunuchs.org/linux/samba
thank you
very much -
eric
------------------------------
From: "Robert_Glover" <Please_reply_to@newsgroup>
Subject: Re: UDP pkts on port 2348
Date: Thu, 2 Sep 1999 13:27:50 -0000
Well, first, a little philosophy about network connections. Nobody
"out there" should be using your PPP internet address, so why not set
up an input rule to bock that.
/sbin/ipchains -A input -i ppp0 -d ! $PPP_IP -j DENY
You'll have to set PPP_IP by grepping, awking and sed'ing the output
of 'ifconfig ppp0'. I saw it here in the group not long ago. Just do
a search on "PPP_IP"
You should add this to your input rules:
/sbin/ipchains -A input -i ppp0 -s $PPP_IP -j DENY # and this stops
spoofing from outside
I also heartily recommend the following line to prevent someone from
feeding packets into your private LAN from the internet.
# these will not interfere with masquerading
/sbin/ipchains -A input -i ppp0 -s 172.16.1.0/24 -j DENY
/sbin/ipchains -A input -i ppp0 -d 172.16.1.0/24 -j DENY
------------------------------
From: "John Hardin" <[EMAIL PROTECTED]>
Subject: Re: Can an ISP detect masquerading?
Date: Thu, 2 Sep 1999 09:08:29 -0700
The Dude wrote in message ...
>-If not and that's mean that the dest port get translated to 60000...
>how come it can connect to server listening only on port 80 ?
On outbound traffic the *source* port is the only one changed.
It's still destined for port 80.
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
=======================================================================
In the Lion
the Mighty Lion
the Zebra sleeps tonight...
Dee de-ee-ee-ee-ee de de de we um umma way!
------------------------------
From: Stephane Galland <[EMAIL PROTECTED]>
Subject: Re: NFS+NIS problem
Date: Thu, 02 Sep 1999 17:07:19 +0000
[EMAIL PROTECTED] wrote:
>
> I'm using NFS+NIS, the users have their home directory in a NFS server.
> When they login the following message appears in the server's console:
> fh_verify: home/username permission failure, acc=1, error=13
> where home/username is their home directory. Everything else seems to
> be right. Any idea?
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
I resolve this problem by allowing the user to mount the directory in
the NFS server configuration.
--
Stephane Galland
|-> PhD student, delegated to the committee of teaching
| "Systemes Industriels Cooperatifs" laboratory (SIC)
| Ecole Nationale Sup�rieure des Mines-Saint Etienne (EMSE-SE)
| mailto:[EMAIL PROTECTED] or mailto:[EMAIL PROTECTED]
| professional phone:(+33)0477426636
|-> (La/win)TeX development group webmaster
mailto:[EMAIL PROTECTED]
http://www.multimania.com/sgalland
------------------------------
Subject: ?? Altavista Tunnel 98 & IP MASQ
From: [EMAIL PROTECTED] (Ron Vissers)
Date: 2 Sep 1999 09:47:16 -0600
Hi,
My current setup:
xdsl
NT ---> Openlinux 2.2 ----> internet ---> corp/net
Tunnel 98 2.2.10 kernel
ipmasqing
firewall
Tunnel 98 appears to connect up to our corporate network.
It sets up the DNS and WINS connections and even sends
keep alive packets back and forth. (At least I think
thats what it is doing.) Being on a DSL line, I don't
need the keep alive, but it is an indicator that
its communicating, kind of).
The catch is, I cant telnet/ping/nslookup anything on
corp/net.
I thought I may have read that Altavista Tunnel 98
encoded the return IP in the data. In which case its probably
encoding the 168.192.x.x IP. Anyone know if there is truth to
this?
Are there workarounds? Suggestions?
Ron
------------------------------
From: [EMAIL PROTECTED] (Rick Matthews)
Subject: Re: Win98 newsreader through IP MASQ
Date: Thu, 02 Sep 1999 15:28:51 GMT
On Thu, 26 Aug 1999 00:00:11 GMT, [EMAIL PROTECTED] (Vlar Schreidlocke)
wrote:
>I have several Win98 machines connected to a Linux box running RH 6.0
>with IP Masquerade. I have http and ftp working, but I can't seem to
>figure out how to get Agent 1.5 (Win98 newsreader) to connect and get
>newsgroups through the Linux box. I have read the ip-masq-HOWTO-1.77
>several times with no results on this particular problem. What am I
>missing? Can anyone help?
>
>
Try this (default action must be DENY):
# NNTP NEWS client (119)
# ----------------------
/sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $NEWS_SERVER 119 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
/sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $NEWS_SERVER 119 -j ACCEPT
Where:
EXTERNAL_INTERFACE="eth0" # whichever you use
NEWS_SERVER="your.news.server"
IPADDR="Your IP address"
UNPRIVPORTS="1024:65535"
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
