Linux-Setup Digest #399, Volume #19 Mon, 14 Aug 00 17:13:12 EDT
Contents:
Strange IP chains behavior (El Bunzo)
Re: Linux on AMD (Bob Hauck)
Re: Caldera and SCO, was Linux on AMD (blowfish)
Re: Are there any that will work with the Intel i810? ("Ingemar Lundin")
Re: Booting from a different kernel image ([EMAIL PROTECTED])
Re: LRP vs. squid ipchains socks (Greg Horne)
Re: pcmcia include file clash 2.4.0-test6 & pcmcia-3.1.19 (David Hinds)
Re: Booting from a different kernel image (Akira Yamanita)
Re: Linux on AMD (blowfish)
Re: HOWTO: Customize the login banner? ("bluster")
Re: Linux on AMD (David C.)
Re: Linux on AMD (David C.)
----------------------------------------------------------------------------
From: El Bunzo <[EMAIL PROTECTED]>
Subject: Strange IP chains behavior
Date: Mon, 14 Aug 2000 19:05:10 GMT
Hi,
My logfile says:
Aug 14 16:09:56 mail kernel: Packet log: input DENY eth0 PROTO=6
195.122.229.201:65535 212.203.216.100:65535 L=52 S=0x00 I=10292 F=0x00B5
T=121
When I want to simulate this using "ipchains -v -C input -s
195.122.229.201 65535 -d 212.203.216.100 65535 -p 6 -i eth0"
Every thing seems OK, the rules accept the input:
tcp opt ------ tos 0xFF 0x00 via eth0 195.122.229.201 ->
212.203.216.100 65535 -> 65535
accepted
What is wrong??? How can I simulate it?
I want to accept the connections on port 65535!
Any ideas?
Thanx.
ipchains -L:
Chain input (policy ACCEPT):
target prot opt source destination
ports
ACCEPT all ------ anywhere anywhere n/a
ACCEPT tcp !y---- anywhere 212.203.216.0/24 any
-> any
DENY all ------ 10.0.0.0/8 212.203.216.0/24 n/a
DENY all ------ 127.0.0.0/8 212.203.216.0/24 n/a
DENY all ------ 172.16.0.0/12 212.203.216.0/24 n/a
DENY all ------ 192.168.0.0/16 212.203.216.0/24 n/a
DENY tcp ----l- anywhere 212.203.216.0/24 any
-> 31337
DENY udp ----l- anywhere 212.203.216.0/24 any
-> 31337
DENY tcp ----l- anywhere 212.203.216.0/24 any
-> 12345:12346
DENY udp ----l- anywhere 212.203.216.0/24 any
-> 12345:12346
DENY tcp ----l- anywhere 212.203.216.0/24 any
-> ingreslock
DENY tcp ----l- anywhere 212.203.216.0/24 any
-> 27665
DENY udp ----l- anywhere 212.203.216.0/24 any
-> 27444
DENY udp ----l- anywhere 212.203.216.0/24 any
-> 31335
DENY all ------ BASE-ADDRESS.MCAST.NET/8 anywhere n/a
DENY all ------ anywhere BASE-ADDRESS.MCAST.NET/8
n/a
DENY udp ------ anywhere anywhere any
-> bootps:bootpc
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> ftp-data
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> ftp
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> ssh
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> smtp
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> domain
ACCEPT udp ------ anywhere 212.203.216.0/24 any
-> domain
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> www
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> pop-3
REJECT tcp ------ anywhere 212.203.216.0/24 any
-> auth
REJECT udp ------ anywhere 212.203.216.0/24 any
-> 113
DENY tcp ------ anywhere anywhere any
-> netbios-ns:netbios-ssn
DENY udp ------ anywhere anywhere any
-> netbios-ns:netbios-ssn
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> https
REJECT udp ------ anywhere anywhere any
-> route
DENY tcp ----l- anywhere anywhere any
-> 2049
DENY udp ----l- anywhere anywhere any
-> 2049
DENY tcp ------ anywhere anywhere any
-> 5999:6003
DENY udp ------ anywhere anywhere any
-> 5999:6003
ACCEPT icmp ------ anywhere 212.203.216.0/24 any
-> any
ACCEPT tcp ------ anywhere 212.203.216.0/24 any
-> 1023:65535
ACCEPT udp ------ anywhere 212.203.216.0/24 any
-> 1023:65535
DENY all ----l- anywhere anywhere n/a
Chain forward (policy DENY):
Chain output (policy ACCEPT):
target prot opt source destination
ports
ACCEPT all ------ anywhere anywhere n/a
ACCEPT icmp ------ 212.203.216.0/24 anywhere any
-> any
ACCEPT all ------ anywhere anywhere n/a
------------------------------
From: [EMAIL PROTECTED] (Bob Hauck)
Crossposted-To: comp.os.linux.hardware,comp.os.linux.misc
Subject: Re: Linux on AMD
Reply-To: hauck[at]codem{dot}com
Date: Mon, 14 Aug 2000 19:18:58 GMT
On Mon, 14 Aug 2000 11:06:45 -0700, blowfish
<[EMAIL PROTECTED]> wrote:
>Do you think Linux distro like Redhat really any better than Windoz?
Why are you here, instead of one of the advocacy groups where this crap
belongs?
--
-| Bob Hauck
-| Codem Systems, Inc.
-| http://www.codem.com/
------------------------------
From: blowfish <[EMAIL PROTECTED]>
Reply-To: ..
Crossposted-To: comp.os.linux.hardware,comp.os.linux.misc,comp.unix.sco.misc
Subject: Re: Caldera and SCO, was Linux on AMD
Date: Mon, 14 Aug 2000 12:32:36 -0700
Tony Lawrence wrote:
>
> blowfish wrote:
>
> > Don't bet too much on Caldera. It's broke, and probably will drag SCO down with
> > it.
>
> I doubt that SCO (as an OS, not necessarily the company)
> needs any assistance in reaching its own demise, at least on
> the OSR5 side anyway :-)
>
> Seriously, I doubt Caldera has any more (and probably less)
> intention than SCO had of keeping OSR5 going very long
> anyway. Unixware may be a different story, but I'm not 100%
> convinced that even that can stand the onslaught of Linux
> forever (forever as a technical computer term meaning 5
> years or so). OSR5 is, of course, a tremendous revenue
> stream, but the structure of the deal has that revenue going
> to SCO, so I don't see where Caldera has any incentive
> anyway. Not that they'll kill it; but I bet it just fades
> away into the sunset..
>
5 years in computer term is like 50 years in human years.
I think it's just a process of elimination of the competitions.
:-)
> One things for sure- this sale is NOT going to help quell
> the apprehensions of current OSR5 customers and app vendors
> who have been wondering whether to move to NT/Linux/Unixware
> or whatever- this sale increases the FUD by several hundred
> percent and will no doubt help that sunset into fast-forward
> mode.
>
Agree. Innovative ideas are worthless until they can be proven to be profitable in
the real world.
> However, I think the purchase could mean very good things
> for Caldera- they pick up a lot of engineering talent, and
> of course source code for things Linux currently doesn't
> have - though who knows how much of that can be turned into
> Open Source- much of it may be entangled by existing
> licenses and contracts, and the agreement of sale also says
> something about SCO maintaining its "intellectual property"-
> if that's source they've developed then what value is it to
> Caldera? I dunno- and yet somebody from Caldera made some
> noise to the effect that OSR5 source would be available-
> maybe talking through his hat or mis-quoted; we'll see.
>
That's for sure. SCO has a lot of good engineers working there.
And has been around, and being accepted by the mainstreams for a long time.
Propietary codes should not matter, as long as they're opensource. I have no
problwm with the way *BSD are doing at all.
In fact. I don'teven believe in GPL everything.
GPL is against the whole idea of a truely free market.
In the real world. What you see (from the press release) is not what you get (as
in from the Wall Street, where the ultimate outcome of the deal will be asserted
from.) ;-)
> One thing that's supposedly important is SCO's large network
> of dealers and distributors, but, as one very small part of
> that network, I can tell you that now that SCO is sold,
> those of us who had been moving toward Linux anyway are just
> going to move that much faster, and there's no compelling
> reason for us to pay any more attention to Caldera than
> anyone else- UNLESS they do something that makes the
> transition for our existing customers easier- but it's
> already pretty darn easy so I'm not sure that's a big
> benefit anyway.
>
Only time can tell.
> As to being broken, I have had contrary and in fact quite
> complimentary reports from other folks, and some industry
> mags seem to think that RH and Caldera are the ones to bet
> on, so I'm at least going to give it a whirl- S'ok if you
> are right, though, cause I've got more than one box here and
> can play with it thoroughly before I go live :-)
>
The industry's mag 's sayings is one thing. But I talked to a few who control the
vc money say otherwise.
There're more than what meets the eyes. There're more and more signs that RH is
moving into embedded appliances, and moving away from Linux OS.
Yes, I have a couple extra boxes just for that purpose too. ;-)
> --
> Tony Lawrence ([EMAIL PROTECTED])
> SCO/Linux articles, help, book reviews, tests,
> job listings and more : http://www.pcunix.com
--
- Alex / blowfish.- Just an average, whimpy, non-geek American computer user.
(Have Fun with geek's culture:-Version
2.4-pre-release99999-test-1234567.pre-beta5000.)
- If Vi is God's editor. Then, God must have too much free time on his hands,
lives a very dull and unproductive life; so he needs Vi to waste his time.
But Vi was still too fast. So God created EMACS on the 8th day - which takes
Eight Months to load, And Counting Still...
- The UN-GEEK CODE:(?What is a geek?)-#!?+++??++++|$????+++++?????+++!!!!???+++---
geek + vi | ~/emacs ==>ZZZZZZZZZZZZZZZZZZzzzzzzzzzzzzzzz!!!!!!!!!!.......:P~
newbies + Windoz | C:\LOOKOUT
EXPRESS==>_the_horrors_the_horrrrrrrroOOOOORRRRRRRRRSSSSzzzzz!!! :-|
- My SAS (Sing-A-Song) Fingerprint -v.i007.bond: Doe1(-a deer, a female deer.)
RaY2(- a drop of golden sun.)
Me3(- A name, I call myself.) FAr4(- A long, long way to run.) Sew5(-A needle
pulling thread.)
lA6(-A note to follow sew.) TeA7(-A drink with jam and bread.) That will bring
us back to DOe-oh-oh-oh.
------------------------------
From: "Ingemar Lundin" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: Are there any that will work with the Intel i810?
Date: Mon, 14 Aug 2000 19:52:51 GMT
I dont understand exactly what kind of problems that you are you're having..
could you be more specific as what kind of distro you're using and exactly
how the problems are showing?
Regards /IL
> I just purchased a MB with the i810 chipset, thinking that it would be
nice
> to have all the peripherals on the MB, and have had nothing but problems
> running X. I've tried downloading the latest release of XFree86 4.0.1 and
> still get bad results. I'm tired of wasting time trying to get the machine
> to run linux and don't want to spend anymore time downloading source
files,
> tarballs, and rpm's trying to get a windowing environment. Let's not even
> talk about recompiling the kernel for the Linksys LNE100TX ethernet card.
>
> Where can I download, or even purchase at this point, a version of linux
> that will handle the i810 onboard video correctly? MUST HAVE GOOD
DIRECTIONS
> FOR INSTALLING AND TROUBLESHOOTING.
>
> Argh.
>
>
> -----------------------------------------------------------
> Jeff D. Hamann
> 280 Peavy Hall
> Department of Forest Resources
> Oregon State University
> Corvallis, Oregon 97331-8566 USA
> 541-740-5988
> 541-737-2375
> [EMAIL PROTECTED]
>
>
>
>
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.misc,comp.os.linux
Subject: Re: Booting from a different kernel image
Date: Mon, 14 Aug 2000 19:49:01 GMT
Can I specify the kernel at the time of Lilo prompt. i didn't give the
image location in lilo.conf , but I know where the image is. Can I still
make the Lilo boot from the kernel that I wish.
I am NOT updating Lilo. It has to be a load time parameter
SSS
In article <[EMAIL PROTECTED]>,
Akira Yamanita <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> >
> > Hi,
> > Can we specify which boot image to be used at LILO Prompt?
> > Thanks in advance
> >
> > Sandy
>
> Sure. This is my /etc/lilo.conf file. Edit as necessary but you
> should get the general idea. Basically you compile the new kernel,
> move it to your boot (or root) partition, then add an entry for
> the new kernel. At the LILO prompt, I type either "old_kernel" or
> "linux". The default, if I don't choose one, is "linux" as defined
> by the "label=" line.
>
> boot=/dev/hda
> map=/boot/map
> install=/boot/boot.b
> prompt
> timeout=50
> default=linux
>
> image=/boot/vmlinuz-2.2.12-20
> label=old_kernel
> initrd=/boot/initrd-2.2.12-20.img
> read-only
> root=/dev/hda8
>
> image=/boot/vmlinuz-2.2.16
> label=linux
> initrd=/boot/initrd-2.2.16.img
> read-only
> root=/dev/hda8
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg Horne <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.security,linux.redhat.install,linux.redhat.misc,redhat.security.general
Subject: Re: LRP vs. squid ipchains socks
Date: Mon, 14 Aug 2000 14:55:01 -0500
LRP works as advertised. You can also try a lighter version called FreeSCO -
for Free Cisco - as an alternative router software on a diskette
(www.freesco.org).
Darren and Marla Welson wrote:
> I am trying to set up Linux as a router and a firewall when I ran across
> this Linux Router Project (LRP). I am new to this, so I do not know if it
> is as effective as using Squid/ipchains/SOCKS to do the same thing. Has
> anyone used this LRP and tested it to know whether or not it is worth my
> time, or should I just configure a Linux box with the said apps running
> instead?
>
> darren
--
Gregory D. Horne L I N U X .~.
Systems Analyst The Choice /V\
of a GNU /( )\
Generation ^^-^^
------------------------------
From: David Hinds <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.portable
Subject: Re: pcmcia include file clash 2.4.0-test6 & pcmcia-3.1.19
Date: 14 Aug 2000 20:02:19 GMT
In comp.os.linux.portable Alastair Neil <[EMAIL PROTECTED]> wrote:
: Hmm I just noticed that there is a problem building the pcmcia cardmgr
: utilities with the above mentioned sources.
Get the beta from projects.sourceforge.net in /pub/pcmcia-cs/NEW.
-- Dave
------------------------------
From: Akira Yamanita <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux
Subject: Re: Booting from a different kernel image
Date: Mon, 14 Aug 2000 20:29:59 GMT
[EMAIL PROTECTED] wrote:
>
> Can I specify the kernel at the time of Lilo prompt. i didn't give the
> image location in lilo.conf , but I know where the image is. Can I still
> make the Lilo boot from the kernel that I wish.
> I am NOT updating Lilo. It has to be a load time parameter
> SSS
hmm.. not that I know of. You can pass kernel parameters to LILO
but AFAIK, you can't specify the kernel itself without writing
the configuration. Is there a reason why you don't want to or
can't run lilo with a new configuration? I'm just curious to
know what that is.
------------------------------
From: blowfish <[EMAIL PROTECTED]>
Reply-To: ..
Crossposted-To: comp.os.linux.hardware,comp.os.linux.misc
Subject: Re: Linux on AMD
Date: Mon, 14 Aug 2000 13:29:24 -0700
Bob Hauck wrote:
>
> On Mon, 14 Aug 2000 11:06:45 -0700, blowfish
> <[EMAIL PROTECTED]> wrote:
>
> >Do you think Linux distro like Redhat really any better than Windoz?
>
> Why are you here, instead of one of the advocacy groups where this crap
> belongs?
>
Ouch. A RedHead gets hurt.
It's an open forum. Isn't it? And it's Linux related. ;-)
You're correct. Red hat's crap don't belong to anywhere.
> --
> -| Bob Hauck
> -| Codem Systems, Inc.
> -| http://www.codem.com/
--
- Alex / blowfish.- Just an average, whimpy, non-geek American computer user.
(Have Fun with geek's culture:-Version
2.4-pre-release99999-test-1234567.pre-beta5000.)
- If Vi is God's editor. Then, God must have too much free time on his hands,
lives a very dull and unproductive life; so he needs Vi to waste his time.
But Vi was still too fast. So God created EMACS on the 8th day - which takes
Eight Months to load, And Counting Still...
- The UN-GEEK CODE:(?What is a geek?)-#!?+++??++++|$????+++++?????+++!!!!???+++---
geek + vi | ~/emacs ==>ZZZZZZZZZZZZZZZZZZzzzzzzzzzzzzzzz!!!!!!!!!!.......:P~
newbies + Windoz | C:\LOOKOUT
EXPRESS==>_the_horrors_the_horrrrrrrroOOOOORRRRRRRRRSSSSzzzzz!!! :-|
- My SAS (Sing-A-Song) Fingerprint -v.i007.bond: Doe1(-a deer, a female deer.)
RaY2(- a drop of golden sun.)
Me3(- A name, I call myself.) FAr4(- A long, long way to run.) Sew5(-A needle
pulling thread.)
lA6(-A note to follow sew.) TeA7(-A drink with jam and bread.) That will bring
us back to DOe-oh-oh-oh.
(c)Copy Righted by Alex / blowfish - 2000. All Rights Reserved.
------------------------------
From: "bluster" <[EMAIL PROTECTED]>
Subject: Re: HOWTO: Customize the login banner?
Date: Mon, 14 Aug 2000 16:47:16 -0400
You are correct, on RedHat6.x linux the /etc/issue file is re-generated at
boot time. The script which does this is /etc/rc.d/rc.local, edit this
script
and comment out or remove the offending lines. You can then edit your
/etc/issue and the changes will stick. In the stock install the rc.local
file contains ONLY the commands which create the /etc/issue file.
FYI: this file (/etc/rc.d/rc.local) is a bash script which is the last
script run
by the init process.
Ed <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On RedHat 6.2, does anyone know how to customize the login banner? In my
> inittab, the program mingetty is called (this is the default) for
> establishing consoles. The man page for mingetty suggests that all I
> need to do is edit /etc/issue, as it uses the contents of this file to
> generate the login banner. However whenever I modify this file and then
> run telinit 1 (to force init to run again) or even reboot, I find that
> /etc/issue has returned to its unmodified state! There must be something
> generating this file dynamically but I haven't been able to discover
> what.
>
> Basically all I want to do is add
>
> /U currently signed on
>
> to the login banner to display the number of users logged in.
>
> /Ed
>
>
------------------------------
From: [EMAIL PROTECTED] (David C.)
Crossposted-To: comp.os.linux.hardware,comp.os.linux.misc
Subject: Re: Linux on AMD
Date: 14 Aug 2000 17:06:16 -0400
blowfish <[EMAIL PROTECTED]> writes:
> "David C." wrote:
>>
>> The world isn't black and white. You may find it hard to believe,
>> but there actually exist people who don't want to build everything by
>> hand, and yet don't want to run Windows.
>
> There's a very easy solution for that too. :-)
>
> Open/Free-BSD. ;-)
>
> cd to the ports tree,
> Just pick the app you want.
> eg: cd /usr/ports/mysql123.tar.gz
> make ; make install ; make clean
>
> That's it. Everything will be build from source. All dependency files
> fetched, MD5 checked, patched, build, make, install all done
> automatically, and custom tailord, configured to YOUR machine; WITHOUT
> any baby sitting.
This isn't much better than rebuilding Linux.
I don't understand why you consider it to be so evil for somebody else
to pre-compile an operating system and distribute it in binary form.
So it doesn't have every last optimization and tweak that could possibly
be installed. I, for one, really don't care that much.
> And you can CVS to updated the source everynight automatically.
Oh yeah, that takes brains. So every morning, your computer is running
a new version of the system. That's really great way to run a stable
production system.
> Or do a make world to update the whole system.
>
> No pain, no mess. Start it. Go out, go to bed. Find something else to do. ;-)
>
> .RPM sucks big time, anyway.
Unless you want to do something with your life other than maintaining
your OS.
-- David
------------------------------
From: [EMAIL PROTECTED] (David C.)
Crossposted-To: comp.os.linux.hardware,comp.os.linux.misc
Subject: Re: Linux on AMD
Date: 14 Aug 2000 17:07:40 -0400
blowfish <[EMAIL PROTECTED]> writes:
> Bob Hauck wrote:
> >
> > On Mon, 14 Aug 2000 11:06:45 -0700, blowfish
> > <[EMAIL PROTECTED]> wrote:
> >
> > >Do you think Linux distro like Redhat really any better than Windoz?
> >
> > Why are you here, instead of one of the advocacy groups where this crap
> > belongs?
> >
> Ouch. A RedHead gets hurt.
>
> It's an open forum. Isn't it? And it's Linux related. ;-)
>
> You're correct. Red hat's crap don't belong to anywhere.
*plonk*
I've got to get better at spotting these damn trolls...
-- David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.setup) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Setup Digest
******************************
