Linux-Networking Digest #555, Volume #12 Sat, 11 Sep 99 20:13:22 EDT
Contents:
Re: Using redir to expose a web-server behind firewall? (David Crooke)
3com 3CSOHO100-TX Card ("Tony Enriquez")
So Close, But I can't ping my Lan (Todd Graham)
Re: 2nd NIC not recognized (Howard Mann)
NFS and rpcinfo (William B. Cattell)
XDMCP with redhat linux 6.0 to wi98se ("-=Abyss-One=-")
Re: Newbie on clustering questions (Yin-So Chen)
Re: Help: Linux Netscape can't do DNS lookups using ADSL (Hal Burgiss)
Re: Linux as a firewall ("Andrey Smirnov")
ifconfig question (Michael Starkie)
Re: So Close, But I can't ping my Lan (Bill Unruh)
Re: question about network card (chuck)
2nd NIC won't load (Peter Cioe)
Re: ADSL Ethernet Problem w/ nameserver (Roderic Tse)
----------------------------------------------------------------------------
From: David Crooke <[EMAIL PROTECTED]>
Subject: Re: Using redir to expose a web-server behind firewall?
Date: Sat, 11 Sep 1999 21:09:29 GMT
Jason Rosenberg wrote:
>
> I am just reading through some of the HOW-TO's on
> ipchaining and masquerading, etc.
>
> I am thinking of setting up a home LAN. I ony have
> 1 ip address, and I would prefer to have things
> secure, in general. I have a cable modem, based
> on the @home service. Currently, I have just 1
> NT system set up, and it is working fine with the
> cable modem.
>
> Soon, I will definitely have 2 Windows NT machines, and possibly
> a third NT labtop (which will come and go), and I want
> to start experimenting with a linux machine (probably an
> Alpha Processor system). I will have a need for one of
> the NT machines to be running IIS and be visible externally
> on the internet.
Apart from the fact that this my not be within the terms of @home's AUP
I see no technical issues.
>
> I was considering having that NT machine be my proxy-firewall
> server (using something like WinGate).
That's possible, but all advocacy and religion aside, this is one of
those things that Linux really does do better than NT ;-)
>
> Alternatively, I would like to consider using the linux
> machine as my proxy-firewall. But I wonder whether this
> is possible. Can I still have a web-server behind the
> firewall remain externally visible?
Yes, absolutely. You just need to forward the appropriate port(s) to the
NT box.
Linux makes a great low impact firewall / masq server.
>
> I still would need to have IIS server external internet
> requests. Can the redir facility be used to direct
> specific incoming requests to my NT machine?
>
> Also, how secure would files be on the fire-wall linux machine?
No more or less secure than they would be if it wasn't acting as a
firewall. This depends on the "face" it is presenting to the outside
world. For good security, set it up to block incoming connections on all
ports except the ones you actually need (like 80 for the webserver)
>
> Thanks,
>
> Jason
Enjoy
Dave
--
David Crooke, Austin TX, USA. +1 (512) 656 6102
"Open source software - with no walls and fences, who needs Windows
and Gates?"
------------------------------
From: "Tony Enriquez" <[EMAIL PROTECTED]>
Subject: 3com 3CSOHO100-TX Card
Date: Sat, 11 Sep 1999 18:04:22 -0400
Will linux support a 3com 3CSOHO100-TX Card? If so, which driver should I
use?
------------------------------
From: Todd Graham <[EMAIL PROTECTED]>
Subject: So Close, But I can't ping my Lan
Date: Sat, 11 Sep 1999 22:09:02 GMT
I've got a 486 running RH 5.1 and I'm trying to set it up as a
gateway/firewall, for a small home network. I've got two nic cards
installed and recognized.
eth0 (3c509) is active and connects to my ISP I can ping my ISP, I can
get to the net via lynx and all seems well. nslookup resolves www's,
the route table seems fine,
eth1 (Intell EtherExpress) is set to 198.162.1.1 255.255.255.0
ifconfig looks fine except the Tx and Rx Packets both say '0'
I have another box running Mandrake 6.0 with a 3c905 set to 198.162.1.2
which I should be able to ping but can't.
This is really got me stumpped - any help GREATLY appreciated
Todd
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Howard Mann <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: 2nd NIC not recognized
Date: Sat, 11 Sep 1999 22:31:15 GMT
Geert Altena wrote:
>
> "Colin Reinhardt" <[EMAIL PROTECTED]> writes:
>
> >I've got to TrendNet NE2000-compatible ISA cards set at the following:
>
> >eth0 io=0x300 irq=3
NIC's are not generally assigned this irq.
Check cat /proc/interrupts
You may need to try another irq
> >eth1 io=ox320 irq=10
>
> >In my conf.modules I added:
> >alias eth0 ne
> >alias eth1 ne
> >options ne io=0x300,0x320 irq=3,10
This format should work
>
> >I have also un-commented the line in rc.modules
> >/sbin/modprobe ne
? I do not know about this.
>
> >When El Slaucho (Slackware 4.0) boots, it detects 1 nic, the one at
io=0x300
> >and irq=3.
> >The other one doesn't show up.
>
> >I've tried passing the following parameters to LILO on boot
> >LILO reserve=0x300,64
>
> >What should I try next, oh wise and gracious ones?
>
> Put a 'append="ether=0,3,eth1"' in your lilo.conf
> This tells lilo that it should look for more than one NIC, then the
> modules will load properly i imagine.
>From the Ethernet-HOWTO:
"3.3 The ether= thing didn't do anything for me. Why?
As described above, the ether= command only works for drivers that are
compiled into the kernel. Now most distributions
use the drivers in a modular form, and so the ether= command is rarely used
anymore. (Some older documentation has yet
to be updated to reflect this change.) If you want to apply options for a
modular ethernet driver you must make changes to the
/etc/conf.modules file. "
Cheers,
Howard Mann.
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
From: William B. Cattell <[EMAIL PROTECTED]>
Subject: NFS and rpcinfo
Date: Sat, 11 Sep 1999 22:45:06 GMT
I'm having some trouble with getting an NFS mount working. If I do an 'rpcinfo
-p c659784-b' from either the NFS server or client I get the following;
[root@c659784-b init.d]# /usr/sbin/rpcinfo -p c659784-b
program vers proto port
100000 2 tcp 111 rpcbind
100000 2 udp 111 rpcbind
100005 1 udp 831 mountd
100005 1 tcp 833 mountd
100005 2 udp 836 mountd
100005 2 tcp 838 mountd
100005 3 udp 841 mountd
100005 3 tcp 843 mountd
100003 2 udp 2049 nfs
100021 1 udp 1026 nlockmgr
100021 3 udp 1026 nlockmgr
100021 1 tcp 1030 nlockmgr
100021 3 tcp 1030 nlockmgr
100024 1 udp 858 status
100024 1 tcp 860 status
100011 1 udp 861 rquotad
100011 2 udp 861 rquotad
Note that there is only one instance of nfs on udp, not two as mentioned in the
howto (one on udp, one on tcp). The messages log on the server shows that the
connection attempt has been authenticated. The mount from the client, however
just hangs. To kill it I have to issue a kill -s 9 xxxx. Any thoughts will be
appreciated.
Bill
------------------------------
From: "-=Abyss-One=-" <[EMAIL PROTECTED]>
Subject: XDMCP with redhat linux 6.0 to wi98se
Date: Sat, 11 Sep 1999 18:38:48 -0400
Does anybody here have any idea how to get XDMCP to work with redhat linux
6.0 to a windows 98 workstation.
I have some idea on how to go about it , but I am looking for a doc or
something so I can double check , if anybody has an idea let me know please.
My xclient on the windhoose box is Exeed 6.1.1.
My redhat config is basic out of the box just with Samba turned on as my
backupp domain controller.
Thnx in advance !
------------------------------
From: Yin-So Chen <[EMAIL PROTECTED]>
Subject: Re: Newbie on clustering questions
Date: Sat, 11 Sep 1999 15:53:14 -0700
Thanks for the information, Donald.
My company is still in the mentality of one person, one computer.
Moreover, these client computers that one can buy now adays seems to be
much more powerful than the server we have (well, we have PC servers...
I guess that's why). So that's why I dreamed up the scheme to make
network transparent for the users and at the same time making the server
more powerful.
I briefly checked out MOSIX, and it seems to be a clustering solution
that will take care of the CPU & Memory but not for scalable
file-systems. And there seems to be some license dispute issues during
the last half year with the kernel hackers. Has that been an issue for
users at all?
Yin-So Chen
Donald Gordon wrote:
>
> What you want could be achieved with MOSIX.
>
> MOSIX is a set of kernel patches which allow processes to transparently move
> across the network to machines with lower load.
>
> MOSIX uses system-call redirection, so you can simply run the apps on each
> users' machine, and they will migrate themselves to other machines as
> needed; to the apps it appears as though they are running on the users'
> computer.
>
> Seriously, though, why don't you just get a heap of Xterminals / cheap boxes
> with X on, and run everything on the servers?
>
> Donald Gordon
>
> Yin-So Chen wrote in message <[EMAIL PROTECTED]>...
> >Hi,
> >
> >I am fairly new to the networking aspect of linux, so please excuse me
> >if this is in a FAQ somewhere. Here it goes:
> >
> >I am thinking of setting up a computer network that's based on
> >clustering. The rational goes like this - I have several PC's around
> >that I want to put Linux on. Linux is great for networking, but now I
> >have several stand-alone networking computers sitting around, and it
> >becomes a headache for maintenance. I realize that there are a lot of
> >sync I can do, but then it's difficult for my users to remember all
> >these different accounts and what files they have under where...
> >Moreover, my company mostly buy a computer for each individuals, so it
> >makes a lot of sense to let the users have their own account on their
> >own computer, but then the computer can login as a part of the big
> >cluster.
> >
> >So this is what I am envisioning -
> >
> >This cluster has a master computer that's in control of the cluster. It
> >provides most of the system wide files such as the /usr & /etc
> >directory. Each computer joining the cluster as a slave computer &
> >depending on its settings it can provide other parts of the file
> >system. For example the user's computer would provide the user's home
> >directory. This way while the user's computer is inside the cluster
> >they can login from any computers.
> >
> >During clustering, the master computer will gain control to the
> >resources of the slaves. Depending on the setting it would be a
> >complete or partial control (by partial I mean there are parts of the
> >resources reserved to be used solely by the user of the computer). The
> >slave computer can act as a stand-alone workstation as well, but during
> >clustering it only shares part of the file system (and the other parts
> >went into background & ready for sync if setup). If necessary we can
> >have another computer act as a backup (high availability) for the user's
> >directory so they can login to the network even if their computer is not
> >on the network.
> >
> >The advantage of this type of setup I see is that there is an
> >integration of every computer & the resources become truly shared. No
> >longer would admins need to worry about maintaining the files on every
> >computer. The network becomes transparent to them. Let's say an user
> >has a linux laptop. Then when they partipate into the clustering, they
> >will see everything else. When the do not participate their computer
> >would be stand-alone as well. Moreover, we wouldn't have the feeling
> >that the client computers are overpowering the servers :)
> >
> >So, my question then would be, is there anything similar to what I am
> >describing available? Is this a smart way of setting things up or are
> >there better solutions out there? How much energy and expertise would
> >it require for a setup like this and is it currently feasible? Any
> >thought on this subject matter is greatly appreciated.
> >
> >Regards,
> >
> >Yin-So Chen
------------------------------
From: [EMAIL PROTECTED] (Hal Burgiss)
Crossposted-To: comp.dcom.xdsl,comp.os.linux.misc
Subject: Re: Help: Linux Netscape can't do DNS lookups using ADSL
Reply-To: [EMAIL PROTECTED]
Date: 11 Sep 1999 19:03:35 -0500
On Fri, 10 Sep 1999 16:27:51 GMT, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
wrote:
>Hi,
>
>This is a really strange problem. I've been using a stock RedHat 5.2
>system for about a year with no problems. I recently got ADSL service
>from BellSouth. It works really well, except for one (really important)
>thing: Netscape Navigator can't do DNS lookups properly. Here're the
>facts:
>
> * Doing a "nslookup hostname.com" works fine. DNS lookups also
> work fine for other software, such as lynx, ping, ssh, etc.
> * When Netscape tries to do a DNS lookup, its CPU usage goes up to
> 95%, and my other ADSL networking dies (i.e., all my telnet
> sessions are hung, ping hangs, etc.). When I hit "stop" in
> Netscape, my networking is fine (i.e., telnet connections
> weren't dropped, just hung). I have left Netscape for 10
> minutes to see what happens, and it never completes the DNS
> lookup.
> * I have tried this with Netscape versions 4.51, 4.6, and 4.07
> with the same results.
> * In desperation, I setup a caching DNS server on my machine, and
> put 127.0.0.1 in my /etc/resolv.conf. So now when I want to go
> to foo.com, I do a "nslookup foo.com", and then I can go to
> foo.com from Netscape, since foo.com will already be in named's
> cache, and Netscape will look it up quickly and proceed as
> normal. Obviously, this is a non-optimal way to browse the web.
> * I have tried a variety of different name servers, including ones
> at my company, the ones that DHCP sets up in
> /etc/resolv.conf.dhcp, and the root nameservers that my named
> uses. Same effect for all of them.
> * I never had any problems like this when I was using PPP for
> internet service.
>
With RH6, NS 4.61 and BS ADSL, I have had no problems. Which doesn't
solve your problem, but I would have to think this is not a NS problem
per se. Is NS using a proxy by any chance?
--
Hal B
[EMAIL PROTECTED]
--
Linux helps those who help themselves
------------------------------
From: "Andrey Smirnov" <[EMAIL PROTECTED]>
Subject: Re: Linux as a firewall
Date: Sat, 11 Sep 1999 16:41:45 -0700
http://www.linux.com/howto/Firewall-HOWTO.html
Stefano Rivoir <[EMAIL PROTECTED]> wrote in message
news:7raqtm$116$[EMAIL PROTECTED]...
> I need to setup Linux to act as a firewall for a LAN versus other
connected
> LAN. I have many doubts about kernel to use (now 2.0.36, Debian 2.1),
> ipchains, ipfwadmin and so on. Can anybody tell me where to find possibly
> exhaustive documentation about firewalling?
>
> Thanks for any reply.
>
>
------------------------------
From: Michael Starkie <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: ifconfig question
Date: Sat, 11 Sep 1999 19:41:33 -0400
My default route is through my ehternet device ( eth0 ). When I want
to connect to a private network using ppp, I must bring down my ehternet
device so that my ppp device ( ppp0 ) is used as a default device. Must
I do this? I can't ping any IP address inside the private network until
I issue: "/sbin/ifconfig eth0 down". After this I can ping any host
inside the private network. The ehternet device is configured with a
dynamic IP address by DHCP as is the ppp device. After I finish using
the private network by exiting ppp, I can't use the ethernet device by
simply issuing" "/sbin/ifconfig eth0 up" because this command does not
bind the original IP address that was once assigned to this device. How
to I reconfigure the eth0 device with the original IP address?
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: So Close, But I can't ping my Lan
Date: 11 Sep 1999 23:44:08 GMT
In <7rejto$pd0$[EMAIL PROTECTED]> Todd Graham <[EMAIL PROTECTED]> writes:
]I've got a 486 running RH 5.1 and I'm trying to set it up as a
]gateway/firewall, for a small home network. I've got two nic cards
]installed and recognized.
]eth0 (3c509) is active and connects to my ISP I can ping my ISP, I can
]get to the net via lynx and all seems well. nslookup resolves www's,
]the route table seems fine,
]eth1 (Intell EtherExpress) is set to 198.162.1.1 255.255.255.0
]ifconfig looks fine except the Tx and Rx Packets both say '0'
]I have another box running Mandrake 6.0 with a 3c905 set to 198.162.1.2
]which I should be able to ping but can't.
a) route-- our first box needs a route to the second card (eth1?) to
tell it to send packets destined for the 192.168 net to that card not
the first.
route add -net 192.168.0.0 eth1
should do I think
Then if you want that net to get to the real net, youalso need
IPForwarding and IP Masquarading on the first machine.
------------------------------
From: [EMAIL PROTECTED] (chuck)
Crossposted-To: alt.os.linux,comp.os.linux.questions
Subject: Re: question about network card
Reply-To: [EMAIL PROTECTED]
Date: Sat, 11 Sep 1999 23:56:21 GMT
Greetings,
Have you tried telneting out using just the IP number of the host
you want to connect to? From what you have shown it seems like your DNS
isn't set correctly.
Chuck
On 11 Sep 1999 23:33:55 GMT, Pete <[EMAIL PROTECTED]> wrote:
>
>when i try to telnet to a remote host, the tx/rx light on the dsl splitter
>blinks off and on, but the telnet 'hangs' till i control-c out of it.
>
>when i try to telnet to myself (telnet 216.102.106.76), it works. i can
>log into my machine and everything.
>
>does this mean that my ethernet card is absolutely configured ok and the
>problem lies in networking configuration? or is there still the
>possibility that my card isn't configured correctly?
------------------------------
From: Peter Cioe <[EMAIL PROTECTED]>
Subject: 2nd NIC won't load
Date: Sat, 11 Sep 1999 23:39:31 GMT
Hello,
I am trying to install a 2nd and 3rd NIC card in two my Redhat 5.0 box.
I have 3 NE2000 compatible cards.
eth0 loads fine by itself, eth1 will not load unless I type:
modprobe eth1
the conf.modules file looks like this:
alias eth0 ne
alias eth1 ne
options eth0 -o ne-0 io=0x240 irq=9
options eth1 -o ne-1 io=0x220 irq=5
I tried modifying lilo.conf adding:
append="ether=9,0x240,eth0 ether=5,0x220,eth1"
and I also tried changing that to:
append="ether=0,0,eth1"
Saw that in another posting.
Nothing will get the 2nd NIC card to load by itself, eventually I want
to get a 3rd NIC up and working.
Any hints?
Thanks in advance
Peter
------------------------------
From: Roderic Tse <[EMAIL PROTECTED]>
Subject: Re: ADSL Ethernet Problem w/ nameserver
Date: Sun, 12 Sep 1999 03:53:39 +0800
Kevin wrote:
> In linux, I don't even know if my card is working. I can ping my own
> address 127.0.0.1, but I don't know if I am connected to the network. When
> I try to run netscape, it says something about a $SOHO nameserver problem.
> My ISP gives me no information about nameservers, masks, hosts or
> addresses, and I didn't need this info to connect under win98.
> 1. How can I find out if my ethernet card is being properly detected
> and initialized in linux?
> 2. I have checked many of the howto's and they all seemed to be telling me
> to put in IP addresses for all these different servers. How do I get
> connect to internet without knowing any addresses?
your ISP probably uses DHCP to configure client machines. DHCP automatically
configures all your settings without you having to specify anything, and it
works for you in windows. it will work under linux as well, but you will need to
set up 'dhclient' to run at boot. that should take care of all your interface
configuration.
--
Sig? Oh yeah... here ya go:
^C
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
