Linux-Networking Digest #496, Volume #12 Tue, 7 Sep 99 10:14:47 EDT
Contents:
Re: Gateway setup ( need help)! ([EMAIL PROTECTED])
Re: Browsers and Linux (Dave Seyster)
Re: IP MASQ works - How secure is it? (Jeff Silverman)
rtl8139 drivers ([EMAIL PROTECTED])
Re: how to get all linked pages ? ([EMAIL PROTECTED])
Re: how to get all linked pages ? (Chris)
How secure is socks? ("Gene Heskett")
Re: pppd and earthlink :-( ("Gene Heskett")
Re: 'ls' not updated in NFS dir? (Ding-Jung Han)
IP masquerading (Anders Peterson)
NFS automounting problem, RH5.2 (Ilkka Karasalo)
Re: dhcp and multiple interfaces ("Brian Evans")
How can I setup a Remote Access Service on Linux ([EMAIL PROTECTED])
Re: Anyone can help with NIS Slave? (Marco Ciafalone)
Re: IP MASQ works - How secure is it? (Anders Peterson)
Re: Samba and Sharing a connection between linux and windows 98 (a)
Re: color telnet client ("T.E.Dickey")
Re: IP masquerading (Marton Lorand)
Re: setup linux lan (Marton Lorand)
setup linux lan (andreas)
Re: pppd and earthlink :-( (Clifford Kite)
Re: Win98 -> Linux -> Internet ("kozmos")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Gateway setup ( need help)!
Date: 7 Sep 1999 10:51:13 GMT
This sounds like you're needing masquerading. Remember that 172.16.x.x is *not*
routed !
------------------------------
From: [EMAIL PROTECTED] (Dave Seyster)
Crossposted-To: alt.os.linux,comp.os.linux.setup
Subject: Re: Browsers and Linux
Reply-To: [EMAIL PROTECTED]
Date: Tue, 07 Sep 1999 10:58:33 GMT
On Sun, 05 Sep 1999 21:57:47 -0400, Norman Levin <[EMAIL PROTECTED]> wrote:
>I wonder where the 'custom' of answering after the
>question comes from? I've just be going thru some of
>my offline usergroups, and I've gone through a dozen
>appends that start with ">" and the same original
>question ... and I have to scroll down to see
>new stuff. If I'm really interested in the
>original append (and I can't remember if from
>the subject line), I can do that.
That "custom" derives from the fact that most humans are not psychic.
We need to know the question before we can respond.
Dave Seyster
------------------------------
From: Jeff Silverman <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions,comp.os.linux.security
Subject: Re: IP MASQ works - How secure is it?
Date: 7 Sep 1999 10:59:31 GMT
Roger wrote:
>
> Hi... I have just got IP MASQ setup on my small home lan. Now my 3
> machines can share a single phone connection.
>
> I was wondering though.. How secure is IP MASQ???
>
> On the linux machine that acts as a gateway I have the following in my
> hosts.deny
>
> ALL:ALL
> ALL:PARANOID
>
> so I feel that the gateway machine is at least semi-secure, portmap and
> other unnessary daemons not running. However in order to get IP masq to
> work I have these lines in my rc.local that seem to worry me...
>
> ipchains -P forward DENY
> ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
>
> These ipchain rules kinda worry me..
>
> Is there any place where I can read up and familirizae<<sp>> myself with
> IP Masq security hazards?
>
> Thanks!!!!
IP Masquerading does not secure the gateway machine; IP masquerading secures the
machines on the
192.168.0.x side. One of the RFCs says that 192.168. is a special, private network.
Therefore
routers don't route it. Therefore, no outsider can get to your 192.168.0.x network,
nor to any
machine on it. So your IP masquerading is working at protecting your inside machines.
HOWEVER, your gateway machine needs protecting and that is a different matter. There
are lots and
lots of resources out there on How To Secure Linux. Your gateway machine will not be
as secure as
the machines behind it - because bad guys can launch denial of service attacks and
pings of death at
it (which I guess is a denial of service attack). So the more functionality you get
off of it, the
better off you will be. You can't be entirely successful doing that because (for
example) your web
server and your mail server and your nameserver have to be at a fixed IP address
(although these
functions could be delegated to your ISP).
I hope this helps,
Jeff
--
Jeff Silverman, PC guy, Linux wannabe, Java wannabe, Software engineer, husband,
father etc.
See my website: http://www.commercialventvac.com/~jeffs
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: rtl8139 drivers
Date: Tue, 07 Sep 1999 10:56:14 GMT
Hello,
Does anyone have any practical experience of using the rtl8139.o
precompiled kernel modules (redhat 5.1)? I very new to networking so I
don't know that I have even got the driver installed and set up
correctly. Information on the following would be useful:
-How to isntall the module
-Once installed, how to check its funcionality / configure it
-A good place to look for information on the set up required on a win95
machine (dlink card) / linux box regarding ip addresses, hosts.conf
files etc.
Thanks
Ben Smither
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: how to get all linked pages ?
Date: 7 Sep 1999 11:00:29 GMT
Have you looked at wget ? It sounds like the solution to your problem.
------------------------------
From: [EMAIL PROTECTED] (Chris)
Subject: Re: how to get all linked pages ?
Date: Tue, 07 Sep 1999 11:48:42 GMT
On Tue, 7 Sep 1999 01:33:14 -0500, "Bert Douglas"
<[EMAIL PROTECTED]> wrote in comp.os.linux.networking:
>I just got my first linux mandrake box 3 days ago.
>Linux email is not yet working. So don't blast me, please.
>
>I want to make some kind of fairly simple script that will get all the linked pages
>of a given URL.
>
>I strongly suspect there is something already available to do this. I just don't
>know the right terminology, so it is difficult to
>find.
HTGET is a file grabber that will get files from HTTP servers. The aim
behind this program is to create a downloader that you can leave running
in the background - one that's totally reliable and can cope with just
about any problem, and won't stop downloading unless it's forced to.
Wget [formerly known as Geturl] is a freely available network utility to
retrieve files from the World Wide Web using HTTP and FTP, the two most
widely used Internet protocols. It works non-interactively, thus enabling
work in the background, after having logged off. The recursive retrieval
of HTML pages, as well as FTP sites is supported -- you can use Wget to
make mirrors of archives and home pages, or traverse the web like a WWW
robot (Wget understands /robots.txt).
------------------------------
Date: 07 Sep 99 07:49:42 -0500
From: "Gene Heskett" <[EMAIL PROTECTED]>
Subject: How secure is socks?
Unrot13 this;
Reply to: <[EMAIL PROTECTED]>
Hi guru's;
With a linux box, currently at 5.2, serving 30 other machines the
internet via socks, the middle of the 3 releases, 1.16 I think, it all
seems to work reasonably well.
The question is: How secure is this at protecting the machines other
than the linux box, from unwanted access from the outside?
Cheers, Gene
------------------------------
Date: 07 Sep 99 07:43:58 -0500
From: "Gene Heskett" <[EMAIL PROTECTED]>
Subject: Re: pppd and earthlink :-(
Unrot13 this;
Reply to: <[EMAIL PROTECTED]>
Gene Heskett sends Greetings to Clifford Kite;
CK> Gene Heskett ([EMAIL PROTECTED]) wrote:
CK>: Here, I have just found that while the 0x000a0000 setting
CK>: escapes the xon (0x11) and xoff (0x13) characters, I get a lot
CK>: less 'stalls' while browseing or downloading, if I also escape
CK>: the 0x1d character by using
CK>: 0x2000a0000 for that. This will probably be highly dependant on
CK>: the
CK> You need one less zero for this: 0x200a0000 . Bitmaps are a
CK> pain. :)
And we both know where I suspect. Thanks for pointing out that obvious
typo.
Cheers, Gene
--
Gene Heskett, CET, UHK |Amiga A2k Zeus040 50 megs fast/2 megs chip
Ch. Eng. @ WDTV-5 |A2091,GuruRom,1g Seagate,CDROM,Multiface III
|Buddha + 4 gig WDC drive, 525 meg tape
|Stylus Pro, EnPrint, Picasso-II, 17" vga
RC5-Moo! 690kkeys/sec isn't much, but it all helps
email gene underscore heskett at iolinc dot net
--
------------------------------
From: Ding-Jung Han <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: 'ls' not updated in NFS dir?
Date: Tue, 07 Sep 1999 08:09:15 -0400
Ding-Jung Han wrote:
>
> Hi all
>
> I'm new to NFS (actually I just set it up the first time today). I found
> a strange prob.: everytime after I create some files in a NFS-mounted
> dir on a NFS client box, 'ls' didn't show an updated list of files in
> the dir. I've tried shutting down both NFS server and client and restart
> them, but the problem remains. Here are my /etc/exports on server and
> /etc/fstab on client:
Additional notes:
1. when I know there's some file under a NFS dir, say, 'testfile', I can
'ls testfile' and get the info of that file. But plain 'ls' won't show
anything (!).
2. System: Redhat 6.0 with Kernel 2.2.12
>
> ---
> * andante:/etc/exports
>
> /data0 legarto(rw,no_root_squash)
> /data1 legarto(rw,no_root_squash)
>
> * legarto:/etc/fstab
>
> andante:/data0 /nfs/data0 nfs
> defaults,nosuid,nodev,hard,intr 0 0
> andante:/data1 /nfs/data1 nfs
> defaults,nosuid,nodev,hard,intr 0 0
> andante:/mnt/win98 /nfs/win98 nfs
> defaults,nosuid,nodev,hard,intr 0 0
>
> ---
>
> Could it be because the time on two machines aren't sync?
>
> TIA,
>
> Ben
------------------------------
From: Anders Peterson <[EMAIL PROTECTED]>
Subject: IP masquerading
Date: Tue, 07 Sep 1999 12:10:38 GMT
I (will soon) have a small network sharing an ADSL connection via a
Linux server. Can anyone point me to a description of how to set up IP
masquerading on that server?
Thank you!
--
/Anders
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Ilkka Karasalo <[EMAIL PROTECTED]>
Subject: NFS automounting problem, RH5.2
Date: Tue, 07 Sep 1999 13:38:54 +0200
I want to access remote files on a network of PC's running RH5.1
or RH 5.2 using NFS and automounting. The network also has
some HP-UX hosts. On the PC's all the relevant packages
(nfs-server, nfs-server-clients, autofs) are installed, and the
files /etc/exports and /etc/hosts.allow are edited to allow remote
mount from all other hosts on the net.
Automounting over NFS works only in part, however:
1. Automounting file systems on a 5.2 host from a remote 5.1 host works
OK
2. Automounting file systems on a 5.1 host from a remote 5.2 host does
not
work:
# cd /net/enviro3/home
gives the error message:
/net/enviro3/home: No such file or directory
3. Mounting file systems on a 5.1 host manually from a remote 5.2 host
works OK.
4. Automounting file systems on both the 5.1 and the 5.2 hosts from the
HP-UX
hosts works OK.
This looks like the automount service on the RH5.2 hosts would not be
running. However the 'autofs' package is installed on these hosts, and I
have
done
# /etc/rc.d/init.d/autofs start
to activate the aoutomount daemons.
Your help with this would be most welcome.
Ilkka Karasalo
FOA 64 KTH, MWL
Enkopingsvagen 126 Teknikringen 8
S-172 90 Stockholm S-100 44 Stockholm
Phone: +46-8-7063627 Phone: +46-8-7908017
Fax: +46-8-7063869 Fax: +46-8-7906122
Email: [EMAIL PROTECTED] Email: [EMAIL PROTECTED]
------------------------------
From: "Brian Evans" <[EMAIL PROTECTED]>
Subject: Re: dhcp and multiple interfaces
Date: Tue, 7 Sep 1999 08:25:51 -0400
Tom Eastep wrote in message <[EMAIL PROTECTED]>...
>Brian Evans wrote:
>>
>> Has anyone tried to run a dhcp server(dhcp2.0b1p16) on a machine with
>> multiple interfaces and have it respond only to requests from one of the
>> interfaces? I'd like to have it only respond to requests from eth1. Any
>> ideas?
>>
>> TIA,
>>
>> Brian
>
>If you look an "man dhcpd", you will find that you simply list the
>interfaces that you want the daemon to respond to -- the rest are
>ignored (e.g. dhcpd eth1).
>
>-Tom
>--
>Tom Eastep \ Opinions expressed here
>[EMAIL PROTECTED] \ are my own and not
>Shoreline, Washington USA \ those of my employer
>Work: [EMAIL PROTECTED] \________________________
Thanks Tom, I was so determined it could be done in the config that I never
bothered to see if it could be done on the command line.
Brian
------------------------------
From: [EMAIL PROTECTED]
Subject: How can I setup a Remote Access Service on Linux
Date: Tue, 07 Sep 1999 12:34:19 GMT
Is it possible to setup WinNT like RAS on Linux Box ?
Where can i find any information on how to do it ?
Pls Help.
Thanks everybody.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Marco Ciafalone <[EMAIL PROTECTED]>
Subject: Re: Anyone can help with NIS Slave?
Date: Tue, 07 Sep 1999 14:41:01 +0200
Hi,
We have the same problem ... Please tell us if you find the solution out.
Regards.
Marco
Forest Edwards wrote:
> "�mer Uyar" wrote:
>
> > I have an NIS Master and i want to add an NIS Slave. I read the HOWTO
> > document i did everything written in the document. When i executed the
> > /usr/lib/yp/ypinit -s master_hostname command i have the following error
> > message.
> >
> > Can't enumerate maps from master_host. Please check that is running.
>
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> Just wanted you to know that I'm getting the same problem. If you get an
> answer please let me know.
> [EMAIL PROTECTED]
--
=========================================================================
Ascom Autelca Phone: ++41 / 32 756-9-856
Champs-Montants 12 A Fax: ++41 / 32 756-9-800
2074 Marin / SWITZERLAND
=========================================================================
------------------------------
From: Anders Peterson <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions,comp.os.linux.security
Subject: Re: IP MASQ works - How secure is it?
Date: Tue, 07 Sep 1999 12:22:43 GMT
I can't answer your question. Instead I'd like to know how you did the
configuration. Is there a How-To for this? I have a similar problem - a
small network sharing an ADSL connection via a Linux server. I don't
know how to configure it.
/Anders
In article <[EMAIL PROTECTED]>,
Roger <[EMAIL PROTECTED]> wrote:
> Hi... I have just got IP MASQ setup on my small home lan. Now my 3
> machines can share a single phone connection.
>
> I was wondering though.. How secure is IP MASQ???
>
> On the linux machine that acts as a gateway I have the following in my
> hosts.deny
>
> ALL:ALL
> ALL:PARANOID
>
> so I feel that the gateway machine is at least semi-secure, portmap
and
> other unnessary daemons not running. However in order to get IP masq
to
> work I have these lines in my rc.local that seem to worry me...
>
> ipchains -P forward DENY
> ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
>
> These ipchain rules kinda worry me..
>
> Is there any place where I can read up and familirizae<<sp>> myself
with
> IP Masq security hazards?
>
> Thanks!!!!
>
--
/Anders
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Tue, 07 Sep 1999 21:37:32 -0700
From: a <[EMAIL PROTECTED]>
Subject: Re: Samba and Sharing a connection between linux and windows 98
pexquisite wrote:
> Hello,
>
> I am new to linux, I need to have sharing between linux and windows 98.
> Can someone give me step by step instructions on how to do this?. Also I
> am creating a linux conference on TheCityWeb website, If you have a
> website that has good linux tips (other than the commercial ones).
> Please send me a list at the email address below.
>
> Also, I am not able to get or send mail from netscape. I have entered
> the information in netscape. but get
> error that the server is unreachable or is busy. Does anyone have a
> solution for this?
>
> Thanks
> Jonathan
> [EMAIL PROTECTED]
> Dallas Premier Online Community..Check us out at www.thecityweb.com
read the man page and the samba how to, it will take you through step by
step.
Dave
------------------------------
From: "T.E.Dickey" <[EMAIL PROTECTED]>
Subject: Re: color telnet client
Date: Tue, 07 Sep 1999 13:04:03 GMT
P.Copeland <[EMAIL PROTECTED]> wrote:
> tofu wrote:
>> Is there a way to telnet into a linux machine from a Windows client and
>> get the pretty colors that ?ls -color? normally gives? I?ve been
>> searching for a telnet client that will do this but I?m wondering if
>> it?s even possible.
MS telnet doesn't do colors
>> Just point me to the correct man page and I?ll take it from there ; )
> set your term type = ANSI
> the linux termcap for ANSI is capable of generating colours codes
but (ignoring the issue of colors) it's still incorrect ('ansi', for
example, states that the terminal supports vpa, which MS telnet does not).
--
Thomas E. Dickey
[EMAIL PROTECTED]
http://www.clark.net/pub/dickey
------------------------------
From: Marton Lorand <[EMAIL PROTECTED]>
Subject: Re: IP masquerading
Date: Tue, 07 Sep 1999 16:05:15 +0300
Anders Peterson wrote:
> I (will soon) have a small network sharing an ADSL connection via a
> Linux server. Can anyone point me to a description of how to set up IP
> masquerading on that server?
>
> Thank you!
> --
> /Anders
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
As usually read the HOWTOS :)
If You have question feel free to email me, I'll help you in personal
mail if necessary
Regards
ML.
------------------------------
From: Marton Lorand <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security
Subject: Re: setup linux lan
Date: Tue, 07 Sep 1999 15:49:16 +0300
andreas wrote:
> hi
>
> i want to setup a small lan with linux server and linux client (and/or
> win client)
> i have isdn connection and want the server modem to be shared among the
> clients as dial up connection.
> i want to ask if some can give me information or a good resource to find
> out how to config and secure the network (software, configs).?
> furthermore can i establish a secure connection to this network from the
> internet using laptop to access files, emails?
> any recommendations for a preferable distribution?
> do i need an static ip from my provider, or even more than one?
> regarding the network hardware what is a better/cheeper solution for
> cables coax or twisted pair? (distance between clients around 10-20m)
>
> that's pretty much right away...thanks for help
> Andreas
About the prices of the hardware - U can use what You want - the coax is
cheeper - UTP is better becouse it's faster :)
You don't need Static IP - howewer it's easier to set up your linux box...
Your Linux will work as an gateway - You'll need to use IP-masquerading in
order to masquerade the request behind your linux in the IP.NR of your
linux.
You will also need to use the ipchains packet for setting up some rules
dependig of the security you want to implement...
About all these things you can read in Linux HOWTOS.
Distribution? I can recommand you RH6.0. IMHO debian it's a little bit
better, but with RH you'll get wery usefull tools to get your
gateway-server to work.
Regards
ML.
------------------------------
From: andreas <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security
Subject: setup linux lan
Date: Tue, 07 Sep 1999 14:32:28 +0200
hi
i want to setup a small lan with linux server and linux client (and/or
win client)
i have isdn connection and want the server modem to be shared among the
clients as dial up connection.
i want to ask if some can give me information or a good resource to find
out how to config and secure the network (software, configs).?
furthermore can i establish a secure connection to this network from the
internet using laptop to access files, emails?
any recommendations for a preferable distribution?
do i need an static ip from my provider, or even more than one?
regarding the network hardware what is a better/cheeper solution for
cables coax or twisted pair? (distance between clients around 10-20m)
that's pretty much right away...thanks for help
Andreas
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: pppd and earthlink :-(
Date: 7 Sep 1999 08:06:10 -0500
Gene Heskett ([EMAIL PROTECTED]) wrote:
: CK> You need one less zero for this: 0x200a0000 . Bitmaps are a
: CK> pain. :)
: And we both know where I suspect. Thanks for pointing out that obvious
: typo.
As a matter of interest, I'm still pointing out to people that asyncmap
20a0000 is an error in some distribution from the far past (defined as
> 3 years) that hangs on and on and on...
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Governments should be changed like diapers - often and for the
* same reason. */
------------------------------
From: "kozmos" <[EMAIL PROTECTED]>
Subject: Re: Win98 -> Linux -> Internet
Date: Tue, 7 Sep 1999 15:09:01 +0200
Pozdrav.
I recomend Mandrake 6.0 or Redhat 6.0, since you are a newbie. Samba is used
for your win mashines to access linux through Network nighbourhood. Proxy
server: Squid. Not sure, if that also comes with distribution.
Za domovino,
Roman
Steve Graham <[EMAIL PROTECTED]> wrote in message
news:oNTA3.246$[EMAIL PROTECTED]...
> Hello,
>
> The only experience I have with Linux is reading the www.linux.com web
page.
>
> I am building a home network: 2 win9x PCs, and a server. Instead of
> upgrading my 486 machine to support Win NT4.x, and using Proxy server 2.0,
> so both PC's can access the internet via the LAN, I thought I might like
to
> give Linux a try...
>
> What products will I need
>
> Linux Version
> Samba ?
> Linux Proxy Server?
>
> Thanks for the advice.
>
> -Steve
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
