Linux-Networking Digest #504, Volume #12 Tue, 7 Sep 99 23:14:23 EDT
Contents:
Re: Linux firewall issue (blackrose)
Re: 'ls' not updated in NFS dir? (Ding-Jung Han)
Re: IP forwarding (Chris)
Re: Masquerading and Hub (Rod Smith)
Re: Linux firewall issue (Rod Smith)
Re: HELP FTP won't UnShut! (Coredump)
Re: external ISDN adapter setup (David Cooley)
Purchasing public subnets? ("LightningCrash")
Re: IP MASQ works - How secure is it? ("MikeH")
ppp died (RICHARD BEATON)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (blackrose)
Subject: Re: Linux firewall issue
Date: Tue, 07 Sep 1999 22:03:30 GMT
On Mon, 06 Sep 1999 23:33:52 +1700, sensei <[EMAIL PROTECTED]>
said:
>try using the ipfwadm (IP Firewall Administraion) program to
>grant access to the machines on the intranet.
Well, I'm using ipchains, not ipfwadm.
>Best to read the IP Masqurade HOWTO in /usr/dco/HOWTO/mini.
Mine's empty. I did a "man ipchains" and it seems like you can write a
rule that will do what I'm looking for - but I can't make any sense
out of it, there are very few examples and none that ask this
question.
A copy of someone's rc.local who is doing this sort of thing would
REALLY be helpful.
br
@-}-
------------------------------
From: Ding-Jung Han <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: 'ls' not updated in NFS dir?
Date: Tue, 07 Sep 1999 18:41:42 -0400
Someone pointed out that there's a discussion on Kernel Traffic:
http://www.kt.opensrc.org/kt19990819_31.html#10
Looks like what I have here is exactly from this 'bug'.
Ben
Ding-Jung Han wrote:
>
> Ding-Jung Han wrote:
> >
> > Hi all
> >
> > I'm new to NFS (actually I just set it up the first time today). I found
> > a strange prob.: everytime after I create some files in a NFS-mounted
> > dir on a NFS client box, 'ls' didn't show an updated list of files in
> > the dir. I've tried shutting down both NFS server and client and restart
> > them, but the problem remains. Here are my /etc/exports on server and
> > /etc/fstab on client:
>
> Additional notes:
>
> 1. when I know there's some file under a NFS dir, say, 'testfile', I can
> 'ls testfile' and get the info of that file. But plain 'ls' won't show
> anything (!).
>
> 2. System: Redhat 6.0 with Kernel 2.2.12
>
> >
> > ---
> > * andante:/etc/exports
> >
> > /data0 legarto(rw,no_root_squash)
> > /data1 legarto(rw,no_root_squash)
> >
> > * legarto:/etc/fstab
> >
> > andante:/data0 /nfs/data0 nfs
> > defaults,nosuid,nodev,hard,intr 0 0
> > andante:/data1 /nfs/data1 nfs
> > defaults,nosuid,nodev,hard,intr 0 0
> > andante:/mnt/win98 /nfs/win98 nfs
> > defaults,nosuid,nodev,hard,intr 0 0
> >
> > ---
> >
> > Could it be because the time on two machines aren't sync?
> >
> > TIA,
> >
> > Ben
------------------------------
From: [EMAIL PROTECTED] (Chris)
Subject: Re: IP forwarding
Date: Wed, 08 Sep 1999 01:40:48 GMT
On Tue, 07 Sep 1999 20:55:50 GMT, "John Roberts" <[EMAIL PROTECTED]>
wrote in comp.os.linux.networking:
>I'm trying to setup a Redhat Linux box (Redhat 5.2) as a gateway machine. I
>have 2 ethernet cards installed, each configured with separate network
>addresses. Much of the documentation on this subject I've read states that
>this is easy, just configure both interfaces separately and give them their
>respective IP addresses and off you go. Unfortunately its not working for
>me.
It's not enough to simply configure the two interfaces because Linux won't
forward packets (data or pings) from one subnet to another unless you
install and configure network forwarding. In most cases, you will have to
configure and compile a kernel from scratch to include that option.
Once you have a kernel that is capable of forwarding, you will need to
build a set of firewall rules that describe what packets to forward. In
your case, the rules would probably be nothing more than setting the
defaults to allow forwarding.
The firewall rules use either the ipfwadm (<2.2) or ipchains (>=2.2)
commands.
The ifconfig output and route table you included look correct.
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Rod Smith)
Subject: Re: Masquerading and Hub
Date: Tue, 07 Sep 1999 23:15:45 GMT
[Posted and mailed]
In article <[EMAIL PROTECTED]>,
"D. Wade" <[EMAIL PROTECTED]> writes:
> Rod Smith wrote:
>>
>> [Posted and mailed]
>>
>> In article <[EMAIL PROTECTED]>,
>> "D. Wade" <[EMAIL PROTECTED]> writes:
>> > I'm just getting started setting up Masquerading for several machines.
>> > I have a cable modem, a couple boxes have static IP for internet, and
>> > several others I'd like to network to the internet, also.
>> > All machines share the one common 10/100 hub, including the cable
>> > modem.
>> >
>> > My Masquerading box has two ethernet cards, but both NIC's are connected
>> > to the same common hub. On the masquerading box, running 'tcpdump', I
>> > see arp's happening and windoze box responding to both NIC's.
> Thanks for the reply.
> Here is my masquerading script:
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
I don't know offhand what this echo into /proc/sys/net/ipv4/ip_dynaddr
does. Certainly I don't use it on my own system (and the value when I cat
this file is "0"). Does it have to do with dynamic IP address assignments
via DHCP? If you don't know, I suggest you look into it.
> # MASQ timeouts
> # 2 hrs timeout for TCP session timeouts
> # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
> # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec
> firewall timeout in ICQ itself)
> #
> ipchains -M -S 7200 10 60
>
> # Enable simple IP forwarding and Masquerading
> #
> # NOTE: The following is an example for an internal LAN address in the
> 192.168.0.x
> # network with a 255.255.255.0 or a "24" bit subnet mask.
> #
> # Please change this network number and subnet mask to match your
> internal LAN setup
> #
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.1.20/24 -j MASQ
I assume that this computer is on 192.168.1.20. You might try changing it
to 192.168.1.0/24. AFAIK, that shouldn't make any difference, but it's
worth a try. Also, you might want to explicitly state the destination by
adding a "-d 0/0" to tell it to masquerade everything. I used something
very much like that for a while, but mine's now a bit more complex:
$IPCHAINS -A forward -s $IntNETIP -d $IntNETIP -j ACCEPT # don't mask internal traffic
$IPCHAINS -A forward -s $ExtHostIP -d 0/0 -j ACCEPT # don't need to masq if itself
$IPCHAINS -A forward -s $IntNETIP -d 0/0 -j MASQ # masq all others
The variables are set earlier in my script.
--
Rod Smith
[EMAIL PROTECTED]
http://members.bellatlantic.net/~smithrod
Author of _Special Edition Using Corel WordPerfect 8 for Linux_, from Que
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Rod Smith)
Subject: Re: Linux firewall issue
Date: Tue, 07 Sep 1999 23:24:33 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (blackrose) writes:
>
> All of the machines behind the linux firewall (there are 3) are Wintel
> machines (I do a lot of graphics/audio work, etcetc) and have local
> IP's setup (192.168.1.1, etc). They are all working properly -
> masquerading is functioning nicely.
>
> I'm hoping some of you out there are experienced using IIS behind such
> a firewall and could point me in the right direction toward setting up
> such a system?
...
> When my Linux firewall receives a request for a domain that I would
> like to be served up from the IIS machine behind the Linux box, what
> configurations do I make so that the request is routed properly?
First, it's unclear whether you mean you want to register two domain names
to one IP address or just pass on requests at the one address to the
internal server. If the former, I don't know if what you want is possible
-- I've never looked into the matter. If the latter, you might want to
look into xinetd (http://synack.net/xinetd/). I just recently discovered
that it can be used to forward requests received on an external port on an
IP masquerading machine to the same or a different port on an internal
machine. I've not tried this with IIS specifically (or any Web browser),
but it might just do what you want. It's also good for blocking access to
servers you run on the masquerading machine for the benefit of your
internal machines.
It's possible that ipchains could be programmed to do the same thing, but
I've never tried it.
--
Rod Smith
[EMAIL PROTECTED]
http://members.bellatlantic.net/~smithrod
Author of _Special Edition Using Corel WordPerfect 8 for Linux_, from Que
------------------------------
From: [EMAIL PROTECTED] (Coredump)
Subject: Re: HELP FTP won't UnShut!
Date: Wed, 08 Sep 1999 02:39:40 GMT
:On Tue, 07 Sep 1999 19:02:15 -0700, "Christopher R. Thompson"
:<[EMAIL PROTECTED]> wrote:
>Help! I ftpshut my sever and now I can't get it started again. What do I
>do?
>
>I tried running ftpd, in.ftpd with various options... as root but
>nothing happens.
>
>There is no ftpstart command that I can find on my system. It is
>apparently started automatically via connetion to inetd port.
>
>/etc/inetd.conf =
>ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -dvlLio -a
>
>/etc/services =
>ftp 21/tcp
>
>I tried stop and starting /etc/rc.d/init.d/inetd stop/start but no luck.
>
>ftp TfJC.Com
>Connected to TfJC.
>500 Sally FTP server shut down -- please try again later.
>
>How the heck do I get it restarted again?
Look in /etc for a file named ftpaccess.
cat that file and look for a line that starts "shutdown". It will point
to a file (probably something like /etc/shutmsg).
Find that file and delete (rm) it.
Core
--
[EMAIL PROTECTED]
http://www.enteract.com/~coredump
A Roadside Stand on the Information Superhighway
------------------------------
From: David Cooley <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware,comp.os.linux.setup
Subject: Re: external ISDN adapter setup
Date: Tue, 07 Sep 1999 21:22:45 -0400
scott wrote:
>
> I've just picked up a 3Com Impact IQ (external) ISDN adapter and am
> having trouble connecting to
> a NT ras server using XISP.
>
> I can connect every time with an analog modem to the same NT server.
>
Double check the modem setup string... Some ISDN defaults to 56K and
others 64K... depends on the provider of the line and their
equipment... The ISDN TA will have a command to set either 64K or 56K,
and also several other params such as chap. The TA does a little bit
more with the negotiation of the connection than a modem.
------------------------------
From: "LightningCrash" <[EMAIL PROTECTED]>
Subject: Purchasing public subnets?
Date: Tue, 7 Sep 1999 21:51:10 -0500
Is there any way to accomplish this other than through my ISP?
I would like to obtain an internet-range class C subnet (for example,
something like 209.7.144.0-255), and be able to address each of the machines
on my lan with an address from this subnet.
Any ideas?
e-mail me at [EMAIL PROTECTED]
-LC
------------------------------
From: "MikeH" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions,comp.os.linux.security
Subject: Re: IP MASQ works - How secure is it?
Date: Wed, 08 Sep 1999 00:51:31 GMT
Anders Peterson wrote in message <7r302a$chh$[EMAIL PROTECTED]>...
>I can't answer your question. Instead I'd like to know how you did the
>configuration. Is there a How-To for this? I have a similar problem - a
>small network sharing an ADSL connection via a Linux server. I don't
>know how to configure it.
>
Start with the How-To's
------------------------------
Date: Wed, 8 Sep 1999 12:21:15 +1000
From: RICHARD BEATON <[EMAIL PROTECTED]>
Subject: ppp died
hey Im a Linux Grommit (Newbie) getting frustrated by PPP
I had PPP working nicely, but since I set up SAMBA and an ethernet card,
I havent been able to get PPP up and running.
when i .ppp-on i get somthing like NO ppp support in kernal or module not
loaded.
Ive recompiled many times, trying to
1) include ppp as part of kernal
2) include ppp as a module
3) exclude the ethernet card from the kernal
after this ive done the usual make dep make clean make zimage make modules
make modulesinstall and copied the zImage to boot..
but i still cant get PPP working, now i cant even get my new kernals to
load, the machine either hangs or reboots..
any ideas to
[EMAIL PROTECTED]
thanx in advance
Rich B.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
