Linux-Networking Digest #460, Volume #12 Fri, 3 Sep 99 10:13:37 EDT
Contents:
All working but root telnet (Pam Luchini)
Re: gateway and eth0 must be in the same class c? ("the MC")
Compaq linux etc... ("the MC")
Re: Two PPP connections at once (Simon Green)
Re: All working but root telnet (Doug & Cathy Bryant)
Re: diald problems (Mike Jagdis)
Re: All working but root telnet (Simon Green)
Re: ?? Altavista Tunnel 98 & IP MASQ (norm rubin)
Re: PPPD and proxyarp (Clifford Kite)
Linux under Novell (Claudio Martinez)
Re: Browsers and Linux (David Lane)
Re: Linux under Novell ("Pythias")
Re: Linux under Novell (Claudio Martinez)
ICMP source quench - what's that? (Thomas Zajic)
Re: My Dissapointment to find Linux not a viable solution ([EMAIL PROTECTED])
Re: What on earth is 'bing'? ("Robert (Bob) McGwier")
ethernetcard not found (De Vries)
Re: What domain do I use? ("Robert (Bob) McGwier")
SupraExpress 56i modem not working ("Michael And Nicole Hulen")
Re: SAMBA? What else? ("Robert (Bob) McGwier")
----------------------------------------------------------------------------
From: Pam Luchini <[EMAIL PROTECTED]>
Subject: All working but root telnet
Date: Fri, 3 Sep 1999 04:14:58 -0700
I can telnet to linux machine with regular user name but not root. Also
cannot su from user name telnet session. Root logon message is that the
password is incorrect?
Thanks for the help
Pam
------------------------------
From: "the MC" <[EMAIL PROTECTED]>
Subject: Re: gateway and eth0 must be in the same class c?
Date: Sat, 4 Sep 1999 00:40:50 +0100
nah mate, sorr but.... because of the way Ip works, the Gateway must be on
the same network as the machine.
if you send us some more info about what your trying to achive, i'll see
shat i can do.
the MC
ezzi <[EMAIL PROTECTED]> wrote in message
news:o%Dz3.695$[EMAIL PROTECTED]...
> hello:
> 2.0.36 kernal, how can i have eth0's ip address on a different class C
than
> the gateway for those class's?,five class C's for one gateway. when i
tried
> to add the gateway ip address to the route table, route said the ip
address
> was unreachable. is there away around it?
> thankx for help
>
>
------------------------------
From: "the MC" <[EMAIL PROTECTED]>
Subject: Compaq linux etc...
Date: Sat, 4 Sep 1999 00:47:10 +0100
Dedes!
I'n trying to build MY FIRST LINUX BOX, but....
can anyone help with getting compaq (PCI) token ring cards to work, or will
i have to step down to a dodgy old ISA IBM card.
This is very important, i'm trying to build a Q2 server on our lan so the
network manager types can't see it :)
cheers
the MC
------------------------------
From: Simon Green <[EMAIL PROTECTED]>
Subject: Re: Two PPP connections at once
Date: Fri, 03 Sep 1999 21:58:55 +1000
Jim:
Firstly, the firewalling/routing admin program is now ipchains, but it's
virtually identical to ipfwadm.
1) Enable forwarding. If you have RedHat, this can be done by editing the
file /etc/sysconfig/network. Alternatively, (and I'm remembering this off
the top of my head, but I think I'm close):
echo "1" > /proc/sys/net/ipv4/ip_forwarding
2) Then, suppose your local network is 192.168.50.0 (which is a private
range that cannot be used on the internet), you need to do:
ipchains -P forward DENY #Safety!
ipchains -A forward -s 192.168.50.0/24 -j MASQ
This makes any box on your local net look like it's actually your Linux box.
If you're interested in firewalling, then you may find the -y option to
ipchains useful -- this only matches SYN packets, which means that
connection requests can be blocked without blocking connections already in
progress.
Be aware that if you want to block specific services (e.g., telnet) then you
must block by destination port, as the source port can be anything:
ipchains -P input ACCEPT #Not safe
ipchains -A input -s ! 192.168.50.0/24 --dport telnet -p tcp -j DENY
#Give us some security.
That should block incoming telnet packets from anything except your local
net (that's what the ! is for).
3) To get it basically working, the above is all you need. Firewalling is
tricky; it's very easy to block stuff you didn't intend to. But at least
that keeps you on the safe side.
I also recommend you get SOCKS, and use it on the Linux box as a web proxy.
My sister (who uses this setup through my Linux box from my old computer in
her bedroom) reports that pages like Hotmail don't work too well with just
the "normal" connection. SOCKS works well though.
Cheers
Simon
jim wrote:
> Hi all,
>
> I wish to set two separate dial up connections. One is for web browsing
> traffic, the other for specific mail pickups to another ISP. I am not
> very familiar with linux, but have got the single connection going ok.
>
> question:
> 1) How do I go about routing the different traffic from my local network
> ?
>
> 2) what do i do on the firewall config (using Ipfwadm) ?
>
> 3)Has anybody done this sort of thing and can give me example scripts ?
>
> cheers.
------------------------------
From: Doug & Cathy Bryant <[EMAIL PROTECTED]>
Subject: Re: All working but root telnet
Date: Fri, 03 Sep 1999 11:25:25 GMT
You have to telnet to a regular user account then become superuser from
that account. To do that do an "su" command and supply the password.
Telnet access to root is a security issue.
doug
Pam Luchini wrote:
> I can telnet to linux machine with regular user name but not root. Also
> cannot su from user name telnet session. Root logon message is that the
> password is incorrect?
>
> Thanks for the help
> Pam
------------------------------
From: [EMAIL PROTECTED] (Mike Jagdis)
Subject: Re: diald problems
Date: 3 Sep 1999 12:00:00 GMT
Reply-To: [EMAIL PROTECTED]
In article <21Nz3.4399$C7.97204@wards>, Howard Soper wrote:
>Sorry Mike - as you can guess this is *REALLY* bugging me now....
>
>I am using an unmodified version of phone.filter that came with diald. The
>first rule in the file is "accept tcp 20 tcp.syn" the first udp rule is as
>you suggest ignore udp udp.dest=udp.who
In that case although there are who packets around they are matching
the filter rules properly and are not the actual cause of the link
coming up.
>I have narrowed the problem down to named - if I kill DNS everything works
>fine - except none of the PC's can see th outside world anymore 8^<
That's partly *good* news :-). It implies you have a name server
running locally and everything points at that rather than directly
over the link. What you do now is to "kill -WINCH named" which
turns query logging on, then watch wherever syslog messages go
on your system to see what queries are being made.
Invariably some requests come from systems where someone has made
a typo in some config file :-).
You will probably also find all kinds of strange, dodgy, and
completely dumb queries happening (especially if you have some old
or MS systems on the network). The trick is to make your local name
server a master (aka primary) for any bogus domains - the zone
file can contain nothing but an SOA record - so that it knows
to fail such requests immediately rather than asking other
DNS servers on the other side of dialled links.
Mike
--
A train stops at a train station, a bus stops at a bus station.
On my desk I have a work station...
.----------------------------------------------------------------------.
| Mike Jagdis | Internet: mailto:[EMAIL PROTECTED] |
| Roan Technology Ltd. | |
| 2 Markham Mews, Broad Street | Telephone: +44 118 989 0403 |
| Wokingham ENGLAND | Fax: +44 118 989 1195 |
`----------------------------------------------------------------------'
------------------------------
From: Simon Green <[EMAIL PROTECTED]>
Subject: Re: All working but root telnet
Date: Fri, 03 Sep 1999 22:19:06 +1000
Yes, edit the file /etc/securetty to determine which ttys allow root logins.
By default, Linux distributions disable root logins via telnet/rlogin using
this file.
Cheers
Simon
Doug & Cathy Bryant wrote:
> You have to telnet to a regular user account then become superuser from
> that account. To do that do an "su" command and supply the password.
> Telnet access to root is a security issue.
>
> doug
>
> Pam Luchini wrote:
>
> > I can telnet to linux machine with regular user name but not root. Also
> > cannot su from user name telnet session. Root logon message is that the
> > password is incorrect?
> >
> > Thanks for the help
> > Pam
------------------------------
From: norm rubin <[EMAIL PROTECTED]>
Subject: Re: ?? Altavista Tunnel 98 & IP MASQ
Date: Thu, 02 Sep 1999 08:25:16 -0100
I'm also using av tunnel 98, linux ipmasqing - cable to internet
and everything works fine -
no special rules in the firewall scripts were required
I can mount office disks on my home machine, telent, ping etc
you might make sure that use have a valid dns server address for the
corp
network.
Ron Vissers wrote:
> Hi,
>
> My current setup:
> xdsl
> NT ---> Openlinux 2.2 ----> internet ---> corp/net
> Tunnel 98 2.2.10 kernel
> ipmasqing
> firewall
>
> Tunnel 98 appears to connect up to our corporate network.
> It sets up the DNS and WINS connections and even sends
> keep alive packets back and forth. (At least I think
> thats what it is doing.) Being on a DSL line, I don't
> need the keep alive, but it is an indicator that
> its communicating, kind of).
>
> The catch is, I cant telnet/ping/nslookup anything on
> corp/net.
>
> I thought I may have read that Altavista Tunnel 98
> encoded the return IP in the data. In which case its probably
> encoding the 168.192.x.x IP. Anyone know if there is truth to
> this?
>
> Are there workarounds? Suggestions?
>
> Ron
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: PPPD and proxyarp
Date: 3 Sep 1999 07:03:57 -0500
Oliver Lehm ([EMAIL PROTECTED]) wrote:
: But on Linux 2.2.10 and pppd 2.3.8 the arp entry is not completed. It look's
: like this
: >arp
: Address HWtype HWaddress Flags IFace
: 192.168.26.118 ether 00:50:04:32:A6:1c C eth0
: 192.168.26.82 * * MP
: eth0
You may need echo -n 1 > /proc/sys/net/ipv4/conf/ppp0/proxy_arp .
Look for proxy_arp in Documentation/proc.txt in the kernel source tree.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Better is the enemy of good enough. */
------------------------------
From: Claudio Martinez <[EMAIL PROTECTED]>
Subject: Linux under Novell
Date: Fri, 03 Sep 1999 09:37:17 -0300
Hi there, i need some advises,
I�ll have to plug, and start ,
a WebServer running linux...
BuT.., it�s gonna be under a
Novell Network, is that possible !?
do i have to buy a client licence 4
linux !?
What can i do !?
TnkZ!
--
====Cl�udio Martinez =================
CCUEC - UNICAMP - GDTEC
Ger�ncia de Desenvolvimento T�cnologico
tel. (019) 788-2287
======================================
------------------------------
From: [EMAIL PROTECTED] (David Lane)
Crossposted-To: alt.os.linux,comp.os.linux.setup
Subject: Re: Browsers and Linux
Reply-To: [EMAIL PROTECTED]
Date: 3 Sep 1999 08:55:33 -0500
Who wants linux without a GUI? Lots of folks! I don't believe I am the only
person who thinks a GUI consumes a significant amount of storage and processor
resource without adding much real value in a server environment.
I believe the RedHat5.x releases installed XFree86 by default, but was happy
to see that it is an easily de-selected option in RedHat6.0. Unfortunately,
the system configuration is getting script oriented on many linux distributions
and some of these scripts are dependent on XFree86. I would hate to see the
common linux distributions start adopting the bloated characteristics
of M$ Windows.
On Wed, 1 Sep 1999 14:48:04 -0700, Chauzie <[EMAIL PROTECTED]> wrote:
>No kidding. Mine crashed all the time, bringing the X server with it too!!!
>So much for stability!!! Linux kernel may be stable, but it don't mean shit
>if the X server sucks. Who wants linux without a GUI.
>
>On Wed, 01 Sep 1999, Ian Clarke wrote:
>>> Which browser can I use with Linux?
>>
>>I use Netscape 4.6 on RedHat 6.0, however it is *very* buggy, much more
>>so than the Windows versions. Most of the Linux community is eagerly
>>awaiting Mozilla (www.mozilla.org) which you can already download, but
>>which is still a little rough around the edges. Some months ago I did
>>get sick of Netscape and started using Lynx (http://www.lynx.org/) but I
>>couldn't bear the text interface - that is not what the web is about!
>>Also, I found the usage of arrow keys in Lynx to be really irritating
>>(one minute you are using <- and -> to move around a text field, but if
>>you go too far you suddenly move to a different page).
>>
>>KFM (http://www.kde.org/) also includes a web browser, but it is not as
>>full-featured as Netscape.
>>
>>Ian.
------------------------------
From: "Pythias" <[EMAIL PROTECTED]>
Subject: Re: Linux under Novell
Date: Fri, 3 Sep 1999 20:39:38 +0800
Caldera OpenLinux can do this. It included a netware client support NDS.
The latest version is 2.2
Claudio Martinez ���g��峹 <[EMAIL PROTECTED]>...
>Hi there, i need some advises,
>I�ll have to plug, and start ,
>a WebServer running linux...
>BuT.., it�s gonna be under a
>Novell Network, is that possible !?
>do i have to buy a client licence 4
>linux !?
>What can i do !?
>
>TnkZ!
>
>--
>====Cl�udio Martinez =================
>CCUEC - UNICAMP - GDTEC
>Ger�ncia de Desenvolvimento T�cnologico
>tel. (019) 788-2287
>======================================
------------------------------
From: Claudio Martinez <[EMAIL PROTECTED]>
Subject: Re: Linux under Novell
Date: Fri, 03 Sep 1999 10:04:46 -0300
in 1st place, tnkz !
now...
do u have any idea about, if this will
work out !?
do i have 2 configure the Novell system !?
or it is just configure the linux WebSever,
and plug it into the novell netware .... !?
Tnzk
Pythias wrote:
>
> Caldera OpenLinux can do this. It included a netware client support NDS.
>
> The latest version is 2.2
>
> Claudio Martinez ���g��峹 <[EMAIL PROTECTED]>...
> >Hi there, i need some advises,
> >I�ll have to plug, and start ,
> >a WebServer running linux...
> >BuT.., it�s gonna be under a
> >Novell Network, is that possible !?
> >do i have to buy a client licence 4
> >linux !?
> >What can i do !?
> >
> >TnkZ!
> >
> >--
> >====Cl�udio Martinez =================
> >CCUEC - UNICAMP - GDTEC
> >Ger�ncia de Desenvolvimento T�cnologico
> >tel. (019) 788-2287
> >======================================
--
====Cl�udio Martinez =================
CCUEC - UNICAMP - GDTEC
Ger�ncia de Desenvolvimento T�cnologico
tel. (019) 788-2287
======================================
------------------------------
From: [EMAIL PROTECTED] (Thomas Zajic)
Subject: ICMP source quench - what's that?
Reply-To: [EMAIL PROTECTED]
Date: Fri, 03 Sep 1999 13:19:55 GMT
Hi there,
My trusty old logcheck-1.1 mailed me the following lines today:
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Sep 3 11:12:47 tk212017089010 icmplog: source quench from 193.203.0.11
Sep 3 11:14:26 tk212017089010 icmplog: source quench from 193.203.0.11
Now, the big question is - what's a "source quench"? Anything to be
concerned about, a (pre-)hacking attempt, script kiddies at work? Or
just some rare but harmless event in the wonderful world of ICMP
messages?
Just curious ...
TIA,
Thomas
--
=-------------------------------------------------------------------------=
- Thomas Zajic <thomasDOTzajicATtelewebDOTat> Linux-2.0.37/slrn-0.9.5.7 -
- "It is not easy to cut through a human head with a hacksaw." (M. C.) -
=-------------------------------------------------------------------------=
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.advocacy,comp.security.firewalls
Subject: Re: My Dissapointment to find Linux not a viable solution
Date: Fri, 03 Sep 1999 13:03:22 GMT
SO, if your so hot for a "Free" UNIX, buy a Nokia box, it has free BSD
on it!
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Watchguard makes a firewall called a Firebox that is a red box
basically
> running linux. The interface to setup runs completely on windows and
is very
> simple to manage. It has 3 10/100 interfaces. One trusted, one
outside, and
> one optional which is still behind the firewall. The optional is
where you can
> put web servers and such with their own security and if someone
manages to
> break it because you tend to have to leave web/ftp servers more open,
they
> still can't jump into the trusted side.
>
> What you could do, is put a PC running MimeSweeper (e-mail virus
scanner) on
> the optional side. This becomes your smtp mailer, it's basically a
relay, mail
> goes to it, gets unpacked, scanned, filtered, whatever, and then
thrown to your
> real mailer behind the firewall. Outgoing goes from your internal
mailer to
> the Mimesweeper box to the rest of the world. Seems like a good
solution.
> check out http://www.watchguard.com for info on the firebox.
>
> Patrick Farrell
>
> Tam McLaughlin wrote:
>
> > I love Linux and have been using it for the last year as our email
> > and internet server but have found we cannot consider Linux as a
> > serious option as a firewall, email/internet server and a virus
> > checker for all incomming emails.
> >
> > I may be wrong and hope to be proved wrong but the companies in
> > Glasgow/Edinburgh I have spoken to cannot support our requirements
> > with Linux. I will explain our setup and what I would like to see
> > and hope that someone can give me some suggestions or point me
> > in the direction of some company that can help.
> >
> > We have ~ 150 PCs running win95
> > 4 servers running SCO
> > about to install a router between 2 offices using a leased
line
> > and a card to allow remote access from laptops.
> > linux box running delegate proxy and qmail connected to a
direct
> > telephone line to a single dial up account.
> >
> > We would like to allow laptop users in to our network for email
access and
> > server access. I believe the cisco router will allow us to specify
which IP
> > addresses are allowed in and which are not. We wish to protect our
LAN from
> > the outside.
> >
> > So, I have been informed that the linux server is not secure and we
need a
> > proper
> > firewall. We also need a better method of virus scanning rather than
> > updating
> > each PC each month. I believe we could use samba for this with some
type of
> > network AV software.
> >
> > I know hat I could go out and buy an NT server with MSProxy or
whatever and
> > some
> > email package, firewall-1 and mime-sweeper. But this would cost a
hell of a
> > lot
> > or money which I dont know our company would be willing to pay for
(ok, i
> > know all
> > about the importance how much is our data worth etc etc...).
> >
> > So, why is there Linux based solution. Why is there no AV scanning
software
> > that can
> > run on Linux? If there is , does anyone know of a local company that
can
> > help us?
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Robert (Bob) McGwier" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.protocols.tcp-ip
Subject: Re: What on earth is 'bing'?
Date: Fri, 03 Sep 1999 13:13:31 GMT
The links in the page to the source do not resolve.
Don Heffernan wrote:
> On Mon, 30 Aug 1999 00:30:35 GMT, [EMAIL PROTECTED] (Frank v Waveren)
> wrote:
>
> >In article <7q9saj$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] (Ramon F Herrera) writes:
> >> 'bing' stands for "bandwidth ping". It is a tool that allows
> >> you to measure the bandwidth between any 2 routers. Probably
> >> the most important feature is that you can be at a point A
> >> on the Internet and from there you can measure the BW between
> >> points B and C.
>
> Lots of info at: http://web.cnam.fr/reseau/bing.html
>
> Don Heffernan
> heffernan.cais.net
------------------------------
From: De Vries <[EMAIL PROTECTED]>
Subject: ethernetcard not found
Date: Fri, 03 Sep 1999 15:12:16 +0200
Hello
LinuX can't find my ethernet card, it's a plug and play card:
10/100Base-TX Fast ethernet card for PCI. Does someone know how to
install the
card??
dvs
------------------------------
From: "Robert (Bob) McGwier" <[EMAIL PROTECTED]>
Subject: Re: What domain do I use?
Date: Fri, 03 Sep 1999 13:24:48 GMT
SOME PEOPLE!
I can't believe the answers you got.
192.168.0.X is reserved for local network use as well as some in the
10.0 range, etc. My network is quite similar to yours.
Bob
Robert Inskeep wrote:
> people. I have only a small network. One win98, One NT and trying One
> Linux. I had not set the system up with a domain. I set it up with
> workgroups. What do I use for the domain in the adapter setup?
> --
> Robert Inskeep
> [EMAIL PROTECTED]
------------------------------
From: "Michael And Nicole Hulen" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: SupraExpress 56i modem not working
Date: Fri, 3 Sep 1999 09:25:49 -0400
Hello Linux Community!
I have a question that is more for peace of mind than anything else, and
wondered if anyone else had a different take on it, or more info.
I have been using Mandrake Linux, version 6.0 for a few months now, with no
more than the normal newbie problems. I even managed to get my SB Live! to
work, a major victory for me :-)
I had been using a Zoom modem, a 56k model, though sadly line conditions
around here limit me to a maximum of 36000. I can live with that. However,
any of you that have used Zoom modems know of thier distressing tendancy to
drop connections randomly. So I upgraded by buying a SupraExpress 56i v.90
modem from a friend who also uses linux, foolishly assuming it would work
with Linux. However, RedHats site tells me it won't, as its a PCI Memory
Mapped Modem (whatever that is).
Now, I am wondering if anyone else out there has ever managed to get this
modem to work? I have tried all the /dev devices in the Kppp setup list,
and some say initializing modem, then say modem not responding, or it just
says could not find a modem.
I would appreciate any feedback as to how to get this dog to hunt, or if I
should just shoot it.
For what its worth, the modem words fine under Windoze, I haven't
disconnected (without wanting to anyway) at all since replaceing the modem.
It seems to be working just fine.
If you could e-mail me at [EMAIL PROTECTED] I would appreciate it. I don't
often have a chance to get to the newsgroups.
Thx
Phroggy
------------------------------
From: "Robert (Bob) McGwier" <[EMAIL PROTECTED]>
Subject: Re: SAMBA? What else?
Date: Fri, 03 Sep 1999 13:18:23 GMT
http://www.sfu.ca/~yzhang/linux/samba/toc.html
Is a truly step by step, including setting up the WINDOZE box.
http://www.ping.be/linux-and-samba/
is less step by step but more in depth and has more resources html linked.
The first is probably sufficient to meet your needs. When you get ready
to mount the Win98 drives on the linux file system, go to the second link.
Bob
Gregory Kraft wrote:
> Maybe someone can help me. I have Win98 on a pc downstairs. My pc is
> upstairs and is running win95/redhat linux 2.2.9. I can network via cat5 cable
> and two ne2000 comp. ethernet cards with ipx driver win95/win98 But I would
> like to see if I can connect to the win98 system downstairs via linux. Do I
> use Samba for this? What would be the steps to do this. I looked at the ipx
> howtoo and the samba howtoo but there not clear to me what to do in this
> peticular situation.
>
> I'm not looking for a step by step...but if you could generally point me or
> tell me the direction to go, it would be greatly appreciated!!
>
> regards
> Greg
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
