Linux-Networking Digest #487, Volume #12 Mon, 6 Sep 99 14:13:36 EDT
Contents:
Re: PPP (Clifford Kite)
Re: IP Masquerading Challenge (Byron A Jeff)
MASQ and certain web sites. (David Eagen)
Re: Can you send e-mail to an IP address? ("Steve Cowles")
Re: ip_masq ("salmon")
Re: What is the right solution for a small company (Bill Unruh)
Re: funky ip behavior: ping eth1, and eth0 responds! ("Bruce Bantos")
Re: funky ip behavior: ping eth1, and eth0 responds! (Thomas Kaemer)
Re: RH 5.2 IP Masq Not Working ([EMAIL PROTECTED])
Re: Netgear FA310TX (Charles E. Taylor IV)
Can't get Win98 clients to logon to Samba (Stone)
RH6.0 not resolving names ("Clyde Davidson")
Correction,Re: Using timbuktu to access PC thru linux ([EMAIL PROTECTED])
Using timbuktu to access PC thru linux ([EMAIL PROTECTED])
Re: newbie Q: connecting mac and pc? (claire)
----------------------------------------------------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: PPP
Date: 6 Sep 1999 09:26:51 -0500
Josh Thompson ([EMAIL PROTECTED]) wrote:
: Sep 6 01:39:43 pokey pppd[1004]: rcvd [LCP ConfReq id=0x1 < 00 04 00
: 00> <mru 1 524> <asyncmap 0xa0000> <auth pap> <pcomp> <accomp> < 11 04 05 f4> < 13
: 0b 01 52 61 6c 53 74 61 63 6b>]
: Sep 6 01:39:43 pokey pppd[1004]: sent [LCP ConfRej id=0x1 < 00 04 00
: 00> <auth pap> < 11 04 05 f4> < 13 0b 01 52 61 6c 53 74 61 63 6b>]
It means that you rejected a peer request to authenticate yourself with
PAP and that the peer didn't like it and hungup. The <> enclosing numbers
means that pppd doesn't recognize these options none of which is needed
for the PPP connection to complete. One is a quality control option and
the other two are Multilink options.
You can try reading the man pages to figure it out what's needed for
PAP authentication on your own, search for pap-secrets. Here's another
reference you might try:
"http://axion.physics.ubc.ca/ppp-linux.html
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Create a PPP debug log: Add the line " daemon.* /var/log/ppp-log "
(may need Tab field separators) to /etc/syslog.conf, create the file,
" touch /var/log/ppp-log ", and do " kill -HUP `pidof syslogd` ". */
------------------------------
From: [EMAIL PROTECTED] (Byron A Jeff)
Subject: Re: IP Masquerading Challenge
Date: 6 Sep 1999 10:29:47 -0400
In article <7ps3c3$ep1$[EMAIL PROTECTED]>,
agent seven <[EMAIL PROTECTED]> wrote:
-Greetings!
-
-I know that the IP Masquerading issue has been beaten to a pulp, but
-after browsing the newsgroups all weekend long and having no fewer than
-four people over to my house to try and help me figure things out - all
-to no avail, I am acquiescing and posting here, in hopes that you guys
-can help me out.
-
-Here's my situation:
-
-I'm running RedHat 6 at home as a firewall running IP Masquerading.
-Until this weekend, I had only one other machine on this network, a
-Windows 95 box set to 192.168.1.2. My little network has worked
-flawlessly for quite a few months this way.
-
-I want to start learning how to use NT (it will help my situation at
-work), so this weekend I installed NT on a machine, configured it to
-192.168.1.3 and hooked it up. It didn't work. After a number of hours
-of struggling, I decided to hook up my one other machine (another
-Windows 95 box), figuring maybe I just didn't know what I was doing
-with NT.
-
-I configured the fourth machine at 192.168.1.4 (all other settings
-identical to the 1.2 box, which is working). It didn't work either.
-
-All of my Windows machines (including the NT box) can ping each other.
-Only one machine, however, can ping the Linux box - the 1.2 machine
-that is working. I'm at my wits end. HELP!
-
First of all this isn't a masquerading problem. It's a local network problem.
Question? What can the Linux box ping in your network? If you can't ping a
box, then you need to work out the basic network connectivity before
dealing with masquerading, which in all likelyhood is configured correctly.
Another test. Install Linux on your test box and see if it connects...
But it's not a masquearding problem, at least not yet...
BAJ
------------------------------
From: David Eagen <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: MASQ and certain web sites.
Date: Mon, 06 Sep 1999 10:25:03 -0500
I can't seem to access certain web sites from my masqueraded windows
box. Suretrade (www.suretrade.com) and Norwest Banks (www.norwest.com)
can't be opened by the windows browser. I also can't open any ssl
(https) sites.
I'm using very simple masquerading rules. In a startup file, I have:
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i ppp0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
Any ideas?
-Dave
------------------------------
From: "Steve Cowles" <[EMAIL PROTECTED]>
Subject: Re: Can you send e-mail to an IP address?
Date: Mon, 06 Sep 1999 14:37:31 GMT
David,
Try: user@[xxx.xxx.xxx.xxx] for your email address (note the brackets). That
should
work.
Steve Cowles
SWCowles at gte dot net
David Henry <[EMAIL PROTECTED]> wrote in message
news:7qvu3r$h7o$[EMAIL PROTECTED]...
> RFC822 states that
>
> address = localpart@domain.
>
> domain = sub_domain *(.subdomain)
>
> sub-domain = domain-ref / domain-literal
>
> domain-ref = atom
>
> atom = 1*<any CHAR except specials, SPACE and CTLs>
>
> Does all this mean that an dotted quad IP address (which could fit the
> above diagram) can be considered as a domain and therefore a legal e-mail
> address.
>
> To confuse the picture, The post.office server on my SunOS accepts
> name@IPaddress but
> sendmail on Linux doesn't.
>
>
------------------------------
From: "salmon" <[EMAIL PROTECTED]>
Subject: Re: ip_masq
Date: Mon, 6 Sep 1999 23:35:06 +1000
Some possibilities to explore :
1) Are the machines configured cor rectly in regard to their IP addresses ?
They have to be in the same network (check netmasks too) to talk to each
other
2) Are the NIC's working properly ? Are the right drivers installed ?
I just used SuSE Linux to install a firewall and it's simple. Also turned
on masquerading too. Just had to edit a few lines in the /etc/rc.config
file. Got RedHat 6 too but didn't have time to play with it.
Per-Johan Wiberg wrote in message <7r0893$27og$[EMAIL PROTECTED]>...
>Hi.
>I have tried connect a NT-machine to a Linux-machine, using the
>linux-machine as a firewall to the Internet. I read the ip-masq HOWTO and
>followed the instructions but with no luck. The linux-machine is runing Red
>Hat 6.0 and got to networkcards. I have ip-forwarding enabled and I use the
>192-series for my "local" network, but I am unable to ping both machines.
>They are connected with a twisted TP-cable and hte networkcards indicate
>that there is a connection. I don't know what I may have don wrong. If You
>do, please help me or at least give me some advices for de_bugging. Thanks
>/PJ
>
>
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: What is the right solution for a small company
Date: 6 Sep 1999 16:57:32 GMT
In <[EMAIL PROTECTED]> jim <[EMAIL PROTECTED]> writes:
>I am looking at the pro&cons of using a linux gateway for internet
>services on a
>small company PC network.
>There are a profusion of "off the shelf" boxes to provide a network
>connection to an ISP. Some may indeed be based on linux pcs.
>questions:
>3) Can linux support FAX ? Is there an email to fax server available ?
hylafax will do it. It tends to be in conflict with mgetty if you also
want to provide incoming telephone support.
There is also sendfax which comes with the mgetty package, but it will
really onlyhandle Class 2 fax machines ( and many of the cheaper modems
just support class 1).
>6) Can i convince my boss that linux is the best solution ? in terms of
>security, simplicity and cost ?
We do not know your boss. Security: You will have to make sure that you
keep up with the security patches and that you impliment the security
properly. But it will be in your court-- ie, youwill not have to rely on
the unknown competence of your supplier (which may of course be greater
than yours, but may also be less, believe it or not).
Simplicity-- probably not. Linux is not turnkey. You will have to spend
some time learning.
Cost-- probably cheaper
Expandability-- probably much greater. You can replace parts as they
need it rather than relying on your supplier. You can upgrade parts
yourself. And you can use the linux machine for other things as well.
>cheers.
------------------------------
From: "Bruce Bantos" <[EMAIL PROTECTED]>
Subject: Re: funky ip behavior: ping eth1, and eth0 responds!
Date: Mon, 06 Sep 1999 15:31:53 GMT
Thomas Kaemer <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Bruce Bantos schrieb:
> >
> > install, but I have disabled it in the /etc/sysconfig/network file
> > (FORWARD_IPV4 = "no"). I configured eth0 to use ip = 192.168.0.100, and
eth1
> > to use 192.168.0.101. There are no errors on boot, and eth0 and eth1
come up
> > ok. The correct i/o addresses and interrupts are assigned, as shown in
> > As you can see, eth1 is getting the ping packets, but then eth0 is
> > responding. My friends, what is up?
> >
>
> It's seeems that your problem is that the both cards are in the same
> subnet. Try 2 different:
> eth0 192.168.0.100 netmask 255.255.255.128
> eth1 192.168.0.200 netmask 255.255.255.128
> what do you want to do with this cards?
I intend to use this box as a firewall / ip router. When I first set
everything up, I got the appearance
that both cards where working (they appeared to respond to pings...I did not
realize then that it was only one card doing the responding for both IP's).
However, when I set one card to receive an IP address from a dhcp provider
(a cable modem), I got a series of packet collisions and never got an ip
lease from dhcp. If I disable eth1, eth0 is able to get a lease. So I backed
off and set both with a static ip on the same network. It was then that I
observed this odd response to ping.
I am pinging from a completely different box on the same network. When I
ping either the ip associated with eth0, or the different ip associated with
eth1, it is always eth0 that
replies. And if I remove the ethernet line from eth0, eth1 (with ip
192.168.000.101) will not respond to a ping. This is not the expected
behavior. Both cards should respond independently to a ping from another box
on the same network. And there are no submetting issues involved here,
everything is on the same network segment.
>
> CU Thomas
------------------------------
From: Thomas Kaemer <[EMAIL PROTECTED]>
Subject: Re: funky ip behavior: ping eth1, and eth0 responds!
Date: Mon, 06 Sep 1999 18:32:00 +0200
Bruce Bantos schrieb:
>
> I intend to use this box as a firewall / ip router. When I first set
> everything up, I got the appearance
> that both cards where working (they appeared to respond to pings...I did not
> realize then that it was only one card doing the responding for both IP's).
> However, when I set one card to receive an IP address from a dhcp provider
> (a cable modem), I got a series of packet collisions and never got an ip
> lease from dhcp. If I disable eth1, eth0 is able to get a lease. So I backed
Please post the output from ifconfig and route -n during a working
internet connection (with eth1 disabled).
> off and set both with a static ip on the same network. It was then that I
> observed this odd response to ping.
>
> I am pinging from a completely different box on the same network. When I
> ping either the ip associated with eth0, or the different ip associated with
> eth1, it is always eth0 that
> replies.
This is absolutely correct because your routing table looks like this
192.168.0.0 0.0.0.0 255.255.255.0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 eth1
0.0.0.0 .....
eth0 and eth1 are using the same subnet !
If another box connected with eth1 pings your firewall the first correct
choice on the routing table is eth0.
> And if I remove the ethernet line from eth0, eth1 (with ip
> 192.168.000.101) will not respond to a ping. This is not the expected
> behavior. Both cards should respond independently to a ping from another box
> on the same network. And there are no submetting issues involved here,
> everything is on the same network segment.
And this is the problem. look above.
CU Thomas
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RH 5.2 IP Masq Not Working
Date: Mon, 06 Sep 1999 16:31:46 GMT
I have the *exact* same problem as the original poster below.
I tried setting up the simple masquerading like the IP Masq
howto says, but I cannot ping external IP addresses from any
private IP addresses.
I added this to rc.local:
# Load up IP masq modules
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/ipfwadm -F -f
/sbin/ipfwadm -O -f
/sbin/ipfwadm -I -f
/sbin/ipfwadm -M -s 7200 10 160
/sbin/ipfwadm -F -p deny
# Add zen, rosebud, and k9
/sbin/ipfwadm -F -i acc -m -S 192.168.1.0/24 -D 0.0.0.0/0 -o
When I run lsmod I get:
#. /etc/rc.d/rc.firewall
[root@holly eric]# lsmod
Module Pages Used by
ip_masq_irc 1 0
ip_masq_raudio 1 0
ip_masq_ftp 1 0
I tried adding some IP accounting stuff, and I get:
[root@holly eric]# ipfwadm -A -l
IP accounting rules
pkts bytes dir prot source destination ports
660 435K i/o all anywhere anywhere n/a
I'm quite sure Masquerading is all working in the Kernel.
[root@holly eric]# ipfwadm -F -l
IP firewall forward rules, default policy: deny
type prot source destination ports
acc/m all 192.168.1.0/24 anywhere n/a
Seems to be fine.
But when I log into the Win95 machine (I set the gateway to
192.168.1.1), and try to ping the outside world, it doesn't
work.
If I ping from the Win95 machine to 192.168.1.1 and do a tcpdump
on eth1 (my private NIC), I see stuff.
If I ping from the Win95 machine to 63.194.87.253 (my public IP),
it works, but I don't see anything on tcpdump on eth0 or eth1.
So, pings to eth0 and eth1 IP addresses work. The net works fine
from the Linux machine, but I can't get to the internet from any
private machine. Masquerading doesn't seem to be doing anything.
Gah!
-Eric
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Nick Fisher) wrote:
> On Sat, 28 Aug 1999 13:13:19 +0000, Daniel Norton <[EMAIL PROTECTED]>
> wrote:
>
> Have you used "ipfwadm" to set up the masquerading?
> I have just gone through all this. If I had this problem I would .....
>
> lsmod (to ensure the ip_masq modules were loaded)
>
> ipfwadm -A -l (to see if I had masq rules in my fire wall, if so it
> would list a line with an "m" and my ip addresses)
>
> ipfwadm -A -l -e (to see if the packets were gettting through, if they
> were the numbers in at the beginning of the line would start going up)
>
> Have a bit of a play and if it doesn't work you can get back to me
> with the results of your "lsmod" and your "ipfwadm -A -l" and I'll try
> and help.
> <><
> [EMAIL PROTECTED]
>
> >Ok, I've reviewed the FAQs/HOWTOs and they basically say that my RH
5.2
> >should do IP masq out of the box, but -- you guessed it -- it's not
> >working.
> >
> >Here's what I have
> >
> > - eth0 connected to an NT 4.0 system.
> > - ppp0 connected to the network
> > - gateway set to 38.1.1.1
> > - ip forwarding enabled
> > - assigned IP address at linux box is 38.26.22.218
> > - eth0 IP address is 172.16.0.1
> > - IP address of NT system is 172.16.0.7
> > - From NT system I can ping 172.16.0.1 A-OK
> > - From NT system I can ping 38.26.22.218 A-OK
> >
> >On this last point the HOWTO says that it means that IP Masq is
working,
> >but I don't think that's correct, since nothing else works. I can't
> >ping 38.1.1.1 (or any other Internet site) from the NT system for
> >example.
> >
> >Thanks for any clues.
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Charles E. Taylor IV)
Crossposted-To: comp.os.linux.hardware
Subject: Re: Netgear FA310TX
Date: 6 Sep 1999 17:16:18 GMT
In article <[EMAIL PROTECTED]>,
"James M. Wadkins" <[EMAIL PROTECTED]> writes:
> Anyway, I have no idea how on a linux
> system to upgrade to the newer drivers everyone is talking about. Where can I
> find the info on how to install this driver and get it working
[newsgroups trimmed]
Netgear provides a replacement tulip driver on the disk that comes
with the card. It's a kernel module - copy over the old one in the
kernel source tree and build the new tulip.o module.
They may also have this driver on their website, but I haven't looked
as it was on the floppy.
--
Charles E. "Rick" Taylor, IV <[EMAIL PROTECTED]>
http://orangesherbert.ces.clemson.edu
"We got the MRxL, and you got none!"
------------------------------
From: Stone <[EMAIL PROTECTED]>
Subject: Can't get Win98 clients to logon to Samba
Date: Mon, 06 Sep 1999 13:39:09 -0400
Running Win98 Clients
Server is RedHat 6 with Samba 2.0.5a
One thing to also note...first time ever setting up Samba
Here is my smb.conf file
; smb.conf starts here
; smb.conf's global parameters section
[global]
; set the netbios machine name for the server
; server name
netbios name = REMY
; description of the server as seen from a Win client
server string = Samba %v
; set the workgroup membership
; domain name
workgroup = VEGA
; set Samba to authenticate in user mode security
security = user
smb passwd file = \usr\bin\smbpasswd
hosts allow = 192.168.10.1/255.255.255.0
encrypt passwords = yes
password level = 4
domain logons = yes
logon script = logon.bat
; makes shares automatically visible on a browse list
auto services = psmith jsmith swap
os level = 64
domain master = yes
local master = yes
preferred master = yes
browseable = yes
writeable = yes
locking = no
case sensitive = no
default case = lower
preserve case = yes
short preserve case = no
[netlogon]
comment = NETLOGON Service
path = /home/samba/logon
locking = no
public = no
writeable = no
; share name
[swap]
; text to list when browsing the share
; from a client machine
comment = Shared Drive For All Users
; absolute path to the directory
path = /home/swap
; should the drive be writeable
writeable = yes
; users allowed to connect to the share
; the @ is used to designate a unix group
valid users = @users
; enforce file locking?
locking = yes
; default file creation permission mask
create mode = 0660
; default directory creation permission mask
directory mode = 0770
; share name
[homes]
comment = Home Drive
path = %H
writeable = yes
valid users = %S
create mode = 0600
directory mode = 0700
locking = no
; smb.conf file ends here
also to create the encrypted passwords I issued this command
cat /etc/passwd | mksmbpasswd.sh > /usr/bin/smbpasswd
which took the linux passwords and made the smbpasswd file that is
called for in this line of the smb.conf
smb passwd file = \usr\bin\smbpasswd
When I am at the client machines at the log in I type in the user name
(jdoe) password (test) and the domain (vega) and I get back the error
message stating "The domain password you supplied is not correct, or
access to your logon server has been denied"
I am stuck and confused any help appreciated and other information you
need just let me know
Thanks
Stone
------------------------------
From: "Clyde Davidson" <[EMAIL PROTECTED]>
Subject: RH6.0 not resolving names
Date: Mon, 6 Sep 1999 11:53:10 -0500
I have been upgrading my RH from 5.2 to 6.0 several times this weekend.
Everything works fine, except... I can't get it to resolve names. DHCP
seems to be working, but it doesn't seem to setting up the default gateway
or something. I can get an IP address, usually, but nslookup can't find the
DNS servers that are listed in my resolv.conf.
Any clues?
Clyde
------------------------------
From: [EMAIL PROTECTED]
Subject: Correction,Re: Using timbuktu to access PC thru linux
Date: Mon, 06 Sep 1999 17:13:24 GMT
I am actually running RH5.0 on my server not RH5.2.
In article <7r0s7p$u91$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I am interested in using TIMBUKTU to access a pc running Win95 through
a
> server running RH5.2. I am connected to COX@HOME and running ip
> masquerade. From what I have read port forwarding can be used on RH6.0
> but I have been unable to find anything written on how to do the same
> thing on RH5.2. I would like to avoid upgrading my server unless I
> absolutely have since it has been stable for quite some time now.
>
> Any help from someone with a similar configuration that has already
> solved this problem would be greatly appreciated.
>
> Jeff
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Using timbuktu to access PC thru linux
Date: Mon, 06 Sep 1999 17:05:04 GMT
I am interested in using TIMBUKTU to access a pc running Win95 through a
server running RH5.2. I am connected to COX@HOME and running ip
masquerade. From what I have read port forwarding can be used on RH6.0
but I have been unable to find anything written on how to do the same
thing on RH5.2. I would like to avoid upgrading my server unless I
absolutely have since it has been stable for quite some time now.
Any help from someone with a similar configuration that has already
solved this problem would be greatly appreciated.
Jeff
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: claire <[EMAIL PROTECTED]>
Subject: Re: newbie Q: connecting mac and pc?
Date: Mon, 06 Sep 1999 09:55:33 -0700
Reply-To: [EMAIL PROTECTED]
claire wrote:
> Hi I'm a newbie needing a bit of advice on connecting my two computers.
> can anyone help?
> I have a mac beige G3 which has macos on one partition and linux-ppc on
> the other, I also have a pc with linux/windows installed. I'd like to
> network these to exchange files, and preferrable share printer also (and
> preferrably by the cheapest way possible-- 'cause I'm a cheap-skate;-) .
>
> I'd like to know what options I have and what's a good place for
> information, besides the LDP network admin guide and the how-tos which
> I'm looking at already.
No, actually I could do with some pointers to the right howtos also, I
might be missing some that I should be reading.
> Can anybody tell me specifically where to find
> hardward compatibility info for connecting macs and pcs for either a
> linux to macos or linux-to-linux-ppc? Somebody told me I might be able
> to get by without a hub if I setup a 10TBase2 ethernet connection, but I
> wasn't sure if that might just be a windows-to-windows option.
>
> thanks for any help!
>
> --Claire
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
