Linux-Setup Digest #790, Volume #20 Fri, 9 Mar 01 08:13:06 EST
Contents:
Re: IPCHAINS - (John Winters)
Re: kernel panic : VFS : can not mount root fs (Stephan Beal)
Re: howto enlarge linux partition (Joris Roefs)
Re: LILl02ll02ll02ll02ll02ll02ll02ll02ll02ll02ll02ll02l ("Pavan")
How to creat a sound process in the /proc directory? (OrangeDino)
Re: sb 64 pci and timidity (OrangeDino)
Re: IPCHAINS - (Joe Bloggs)
Re: IPCHAINS - (John Winters)
Re: IPCHAINS - (Joe Bloggs)
Re: No sound when not root ??? (Laurent Cortier)
Re: IPCHAINS - (Joe Bloggs)
Re: kernel panic : VFS : can not mount root fs (ingo korndoerfer)
Re: Something to chew on.. (Olli Rajala)
Frequent crashes (Bernard DEBREIL)
Re: IPCHAINS - (John Winters)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Winters)
Crossposted-To: uk.comp.os.linux
Subject: Re: IPCHAINS -
Date: 9 Mar 2001 11:05:00 -0000
In article <[EMAIL PROTECTED]>,
Joe Bloggs <[EMAIL PROTECTED]> wrote:
>Morgen,
>
> OK. Linux Mand 6. Ipchains... I put in my first line...
>
>ipchains -A input -i eth0 -p tsp -s 10.0.0.1 ftp -j ACCEPT
>
>Wonderful! She loves it and swallows. I do ipchains -L and there it is!
>Excellent I'm cooking now! I ftp to my baby and she takes me...
>
>I then go...
>
>ipchains -P input DENY
>
>I hit enter and this is also is swallowed without complain...
>
>I then do my ipchains -L and she stops dead... well she at least
>displays a single line then stops without displaying any of my policy.
Your DNS isn't set up right. Use "ipchains -L -n" to see the rules.
ipchains is trying to convert numeric IP addresses into names and
failing (or timeing out).
>I control-C and type ipchains-save.... I get a lovely message that
>reassures me everything was saved as it was supposed to.. but she
>lies...
What makes you think she lies? All ipchains-save does is dump the
rules to stdout. Do you get them or not?
John
--
John Winters. Wallingford, Oxon, England.
The Linux Emporium - the source for Linux CDs in the UK
See http://www.linuxemporium.co.uk/
------------------------------
From: Stephan Beal <[EMAIL PROTECTED]>
Subject: Re: kernel panic : VFS : can not mount root fs
Date: Fri, 9 Mar 2001 12:20:29 +0100
Eric wrote:
>
>> - prehistory : installed some new softare on my windows partition.
>> (yeah, yeah .. i don't want to hear about it,
>> but the linux version of the program
>> gave me a segmentation fault)
>> maybe the disk got a little too full there. not sure.
>> abandonned this, logged out.
>>
>> - problem : can't get into my linux partition now anymore :
>>
>> partition check hda1 hda2 <>
>> VFS : Cannot open root device 03:05
>> Kernel Panic : VFS : Unable to mount root fs on 03:05
>>
>> what could be the problem ?
>
> Your partitiontable got toasted
> And I guess you never wrote the table down on a piece of paper?
> Then start sweating
Not necessarily -
1) if you built a new kernel, you probably forgot to build the correct
filesystem support in (NOT as a module). I've found that the 2.4.0 kernel
(at least the copy I got) didn't have ext2 built in by default, which is
lame, lame, lame.
2) If you moved your partitions around, then you need to type this to fix
your kernel, then re-run lilo (just to be safe):
rdev [/dev/bootpartition] kernel_file
(maybe I have those parameters swapped.)
> <trimmed gpart messages>
All respect to gpart. It saved my buttox when I mangled my partition table
once about a year ago.
===== Stephan Beal = [EMAIL PROTECTED]
I speak for myself, not my employer.
No warranty. Slippery when wet. Your Mileage May Vary.
Contents may be hot. You Have Been Warned.
------------------------------
From: Joris Roefs <[EMAIL PROTECTED]>
Subject: Re: howto enlarge linux partition
Date: Fri, 9 Mar 2001 12:30:41 +0100
Johnny Li(Li Guang-lei 1575623) [[EMAIL PROTECTED]] uttered:
> A few days ago I also use Pqmagic4.0 to resize my partitions. I
> installed two
> operation system two,one is win98 and the other is linux.But after using
> pqmagic to enlarge my linux partition,I can't boot into linux.It seems
> that pqmagic damage the linux partition.So I have to insert the RH CD and
> choose update to reinstall my linux.Then my linux works,and all the
> settings and files are still there.
> My linux version is RH 6.2
> So be careful with pqmagic.It's powerful,and dangerous too.
Maybe you should switch to a newer version, let's say 6?
I also enlarged my Ext2-partition and it worked for me...
------------------------------
From: "Pavan" <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.install
Subject: Re: LILl02ll02ll02ll02ll02ll02ll02ll02ll02ll02ll02ll02l
Date: Fri, 9 Mar 2001 17:04:19 +0530
> Any warnings when you run lilo with more verbose
options
> /sbin/lilo -v -v -v
>
I actually ran lilo -v -v.(forgot to mention this
earlier) Absolutely no warnings.
-Pavan
------------------------------
From: OrangeDino <[EMAIL PROTECTED]>
Subject: How to creat a sound process in the /proc directory?
Date: Fri, 09 Mar 2001 18:56:42 +0800
Although I have my sound module loaded at bootup, I don't have a sound
process in the /proc directory. I think this may cause the KDE cannot
recognize the sound driver. Because in other linux box, I find there is
a sound process bootup.
How can I generate a sound process?
Thanks for help!
------------------------------
From: OrangeDino <[EMAIL PROTECTED]>
Subject: Re: sb 64 pci and timidity
Date: Fri, 09 Mar 2001 19:00:32 +0800
The kmidi and Timidity Sync of KDE are using timidity to play midi. You just
need to download more patches for different instruments sound and amend the
timidity.cfg file to set which patch correspond to which instruments' sound.
Khandha5 wrote:
> hi,
>
> can anybody help me with setting up my sb 64 pci?
> i want it to play midi, and since i has no built-in synth i have to use
> something like timidity. can anybody tell me how i have to set up timidity
> to work as a synth for my midi progs?
>
> thx for any help
------------------------------
From: Joe Bloggs <[EMAIL PROTECTED]>
Crossposted-To: uk.comp.os.linux
Subject: Re: IPCHAINS -
Date: Fri, 09 Mar 2001 12:41:41 +0100
OK... cool were getting somewhere then.. Of course!! I forgot my UDP on 53!
Thanks....
However I now have two rules in input....
Policy input (DENY)
permit tcp 10.0.0.1 eq ftp
permit udp all (for now)
Policy output (ACCEPT)
I even opened ftp-data but it made no difference - I can not ftp to her at
all... do I have to get these rules above the generic DENY? and if so how?
Regards the ipchains-save - I thought it was saving it to a kind of
netperm-table to be applied on every re-boot and not just pushed to stdout.
I might as well create my own bootup script then?
Regs,
JoB
------------------------------
From: [EMAIL PROTECTED] (John Winters)
Crossposted-To: uk.comp.os.linux
Subject: Re: IPCHAINS -
Date: 9 Mar 2001 12:00:38 -0000
In article <[EMAIL PROTECTED]>,
Joe Bloggs <[EMAIL PROTECTED]> wrote:
>OK... cool were getting somewhere then.. Of course!! I forgot my UDP on 53!
>Thanks....
>
>However I now have two rules in input....
>
>Policy input (DENY)
>permit tcp 10.0.0.1 eq ftp
>permit udp all (for now)
>
>Policy output (ACCEPT)
>
>
>I even opened ftp-data but it made no difference - I can not ftp to her at
>all... do I have to get these rules above the generic DENY? and if so how?
It's not very clear what you're trying to say but what I *think* you're
saying is that before you apply your ipchains rules you can ftp to your
box successfully but after applying some rules you can't. Is that right?
If so, show us the rules - either the script you used to set them up
or the output of "ipchains -L -n". Also tell us the IP address of both the
Linux box and the client box.
>Regards the ipchains-save - I thought it was saving it to a kind of
>netperm-table to be applied on every re-boot and not just pushed to stdout.
Take a look at "man ipchains-save" and "man ipchains-restore". The idea
is you invoke ipchains-save to save an existing state of rules and then
use ipchains-restore to put them back again.
>I might as well create my own bootup script then?
You can do it that way if you want. Some distributions include startup
scripts for saving and restoring the rules.
HTH
John
--
John Winters. Wallingford, Oxon, England.
The Linux Emporium - the source for Linux CDs in the UK
See http://www.linuxemporium.co.uk/
------------------------------
From: Joe Bloggs <[EMAIL PROTECTED]>
Crossposted-To: uk.comp.os.linux
Subject: Re: IPCHAINS -
Date: Fri, 09 Mar 2001 13:04:59 +0100
And another thing.... This also seems to stop me sending out xterms.... why
should this stop me setting up sessions? The syn reply?! Can't I just say
input - permit anything etablished?
Mucho Gracias
Joe Bloggs wrote:
> OK... cool were getting somewhere then.. Of course!! I forgot my UDP on 53!
> Thanks....
>
> However I now have two rules in input....
>
> Policy input (DENY)
> permit tcp 10.0.0.1 eq ftp
> permit udp all (for now)
>
> Policy output (ACCEPT)
>
> I even opened ftp-data but it made no difference - I can not ftp to her at
> all... do I have to get these rules above the generic DENY? and if so how?
>
> Regards the ipchains-save - I thought it was saving it to a kind of
> netperm-table to be applied on every re-boot and not just pushed to stdout.
> I might as well create my own bootup script then?
>
> Regs,
>
> JoB
------------------------------
From: Laurent Cortier <[EMAIL PROTECTED]>
Subject: Re: No sound when not root ???
Date: Fri, 09 Mar 2001 12:03:29 GMT
>> I have a problem with my self-made linux "distribution". The sound is
>> working perfectly when logged as root, under KDE 2.1 and Quake 3.
>>
>> But when I log as my normal user, the sound doesn't work at all and
>> the KDE sound architecture crashes...
>> I tried the following :
>> create a group called audio
>> assign my user to that group
>> chgrp audio /dev/dsp*
>> chgrp audio /dev/audio*
>> chgrp audio /dev/mixer*
>> chgrp audio /dev/midi*
>> chgrp audio /dev/sndstat
>>
>> But it didn't help... Help :)
>
> Maybe you forgot the 'rw' permission for your group.
I tried to change it (as root) but they won't ! I just can't get chmod
to apply the same permissions for the group as the root... :(
--
Laurent Cortier
Consultant in a free world
http://www.dsimprove.be
------------------------------
From: Joe Bloggs <[EMAIL PROTECTED]>
Crossposted-To: uk.comp.os.linux
Subject: Re: IPCHAINS -
Date: Fri, 09 Mar 2001 13:18:28 +0100
OK..... This is where I am at...
:input DENY
:forward ACCEPT
:output ACCEPT
-A input -s 10.0.62.201/255.255.255.255 21:21 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j
ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 17 -j ACCEPT
-A input -s 10.0.62.201/255.255.255.255 20:20 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j
ACCEPT
-A input -s 10.0.62.201/255.255.255.255 -d 10.0.32/255.255.255.255 21:21 -i eth0
-p 6 -j ACCEPT
-A input -s 10.0.62.32/255.255.255.255 20:20 -d 10.0.62.201/255.255.255.255 -i
eth0 -p 6 -j ACCEPT
-A input -s 10.0.62.32/255.255.255.255 20:20 -d 10.0.62.201/255.255.255.255 -i
eth0 -p 6 -j ACCEPT -l
-A input -s 10.0.62.201/255.255.255.255 -d 10.0.62.32/255.255.255.255 20:20 -i
eth0 -p 6 -j ACCEPT
-A input -s 10.0.62.32/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j ACCEPT
-A output -s 10.0.62.32/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j
ACCEPT
She is now accepting ftp!! I think I was missing the ftp-data or something?
The other thing I did was put the destination address to my box. This could have
been it but I would have thought that destination anywhere would have sufficed
(but apparently not)..
The other thing is I cant send out any xterms.... i.e.
xv nakedman.jpg -display 10.0.1.62:0 &
It fails. Can't I place a rule in stating on the input accept everything that
was established by me?
Regs,
JoB
------------------------------
From: ingo korndoerfer <[EMAIL PROTECTED]>
Subject: Re: kernel panic : VFS : can not mount root fs
Date: Fri, 09 Mar 2001 13:33:47 +0100
i guess i am lacking tbe hasics. so why is the partition table toast.
isn't gpart reading the partition table ? and except for the error message at
the
beginning, the big part looks sort of allright ? or is the error in the
beginning the point ? (see original post).
ingo
Stephan Beal wrote:
> Eric wrote:
>
> >
> >> - prehistory : installed some new softare on my windows partition.
> >> (yeah, yeah .. i don't want to hear about it,
> >> but the linux version of the program
> >> gave me a segmentation fault)
> >> maybe the disk got a little too full there. not sure.
> >> abandonned this, logged out.
> >>
> >> - problem : can't get into my linux partition now anymore :
> >>
> >> partition check hda1 hda2 <>
> >> VFS : Cannot open root device 03:05
> >> Kernel Panic : VFS : Unable to mount root fs on 03:05
> >>
> >> what could be the problem ?
> >
> > Your partitiontable got toasted
> > And I guess you never wrote the table down on a piece of paper?
> > Then start sweating
>
> Not necessarily -
> 1) if you built a new kernel, you probably forgot to build the correct
> filesystem support in (NOT as a module). I've found that the 2.4.0 kernel
> (at least the copy I got) didn't have ext2 built in by default, which is
> lame, lame, lame.
>
> 2) If you moved your partitions around, then you need to type this to fix
> your kernel, then re-run lilo (just to be safe):
> rdev [/dev/bootpartition] kernel_file
> (maybe I have those parameters swapped.)
>
> > <trimmed gpart messages>
>
> All respect to gpart. It saved my buttox when I mangled my partition table
> once about a year ago.
>
> ----- Stephan Beal - [EMAIL PROTECTED]
> I speak for myself, not my employer.
> No warranty. Slippery when wet. Your Mileage May Vary.
> Contents may be hot. You Have Been Warned.
------------------------------
From: [EMAIL PROTECTED] (Olli Rajala)
Crossposted-To: comp.os.linux.security
Subject: Re: Something to chew on..
Date: Fri, 09 Mar 2001 12:53:46 GMT
On Thu, 8 Mar 2001 11:54:57 +0100, "Peter T. Breuer"
<[EMAIL PROTECTED]> wrote:
>In comp.os.linux.setup Olli Rajala <[EMAIL PROTECTED]> wrote:
>> On Wed, 7 Mar 2001 02:05:39 +0100, "Markus G" <[EMAIL PROTECTED]>
>> Why 420? What's the "magic" behind that number? It's not 2^n, that's
>> why I'm asking this.
>
>What makes you think it's not 2^n?
2^8 = 256 and 2^9 = 512, but maybe I haven't thought that much enough.
Ps. Sorry my poor English. =)
--
Olli Rajala "Quite normal guy"
Bacgkround information about Linux
http://gamma.nic.fi/~h.rajala/linkit/links.php?linux
------------------------------
From: Bernard DEBREIL <[EMAIL PROTECTED]>
Subject: Frequent crashes
Date: Fri, 09 Mar 2001 13:50:28 +0100
I have installed RH 6.0, both at home and at work. At home, it works
fine on my old Fujitsu (Cyrix P200+, 133 Mhz, 32 Mb RAM, multiboot with
W3.1, W95 and Linux), without any problems so far, while I am having
problems at work, with a Compaq Deskpro, Intel 175 Mhz, 64 Mb RAM,
dualboot W98/Linux. Installations are quite similar, except for the fact
that, at home, I connect to Internet via modem and Internet provider,
while at work I am connected via a private network.
At home, my installation is more that a year old, while at work I
implemented it only three weeks ago. At the beginning, it worked fine...
but, now, various things crash very often, mostly when using StarOffice
5.1. Sometimes this is just SO that crashes ; some other times, I get
thrown out of the X server (fvwm2). SO is not likely to be the sole
problem, since the system also crashes when SO is not launched, even if
this does not happen as often as when SO is open.
I realize that whomever will read this, is not able to tell me what is
wrong. But, maybe, someone could tell me where to check, what error
messages should I search, etc... I did not find anything interresting in
/var/log/messages. True enough, my X server may have not been installed
in the rules : I couldn't find any doc for my video card and display,
so, I tried a few thing, and, in the end, got something that seemed to
work perfectly. I don't think that the problem lie within my X server
config, or, if it does, I am to wonder why it did work so well for 2
weeks or so ?
Thanks for any hint
------------------------------
From: [EMAIL PROTECTED] (John Winters)
Crossposted-To: uk.comp.os.linux
Subject: Re: IPCHAINS -
Date: 9 Mar 2001 13:01:10 -0000
In article <[EMAIL PROTECTED]>,
Joe Bloggs <[EMAIL PROTECTED]> wrote:
>
>
>
>OK..... This is where I am at...
It would be easier if you had given the material I asked for but I'll have
a go. I don't guarantee not to make any mistakes. Comments are *after*
the rules they relate to.
>:input DENY
>:forward ACCEPT
>:output ACCEPT
Default to DENY on input, ACCEPT on the others.
>-A input -s 10.0.62.201/255.255.255.255 21:21 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j
>ACCEPT
Input chain - allow any TCP traffic originating from port 21 (ftp) on
10.0.62.201. Which machine is this? I'll tentatively label it machine A.
>-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 17 -j ACCEPT
Input chain - allow any UDP traffic, regardless of source and destination.
>-A input -s 10.0.62.201/255.255.255.255 20:20 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j
>ACCEPT
Input chain - allow any TCP traffic originating from port 20 (ftp-data) on
machine A.
>-A input -s 10.0.62.201/255.255.255.255 -d 10.0.32/255.255.255.255 21:21 -i eth0
>-p 6 -j ACCEPT
Input chain - allow any TCP traffic originating from machine A and aimed
at port 21 on, hmmm, I'm not quite sure what that target address expresses.
>-A input -s 10.0.62.32/255.255.255.255 20:20 -d 10.0.62.201/255.255.255.255 -i
>eth0 -p 6 -j ACCEPT
Input chain - allow any TCP traffic originating from Machine B (not seen
up until now) port 20 and aimed at machine A.
>-A input -s 10.0.62.32/255.255.255.255 20:20 -d 10.0.62.201/255.255.255.255 -i
>eth0 -p 6 -j ACCEPT -l
This rule seems to have precisely the same criteria as the previous one and
so will have no effect.
>-A input -s 10.0.62.201/255.255.255.255 -d 10.0.62.32/255.255.255.255 20:20 -i
>eth0 -p 6 -j ACCEPT
Input chain - allow any TCP traffic from machine A and aimed at port 20 on
machine B.
>-A input -s 10.0.62.32/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j ACCEPT
Input chain - allow any TCP traffic from machine B to anywhere.
>-A output -s 10.0.62.32/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j
>ACCEPT
Output chain - allow any TCP traffic from machine B to anywhere. This one
is pointless because the output chain has a default of ACCEPT.
>She is now accepting ftp!! I think I was missing the ftp-data or something?
>The other thing I did was put the destination address to my box. This could have
>been it but I would have thought that destination anywhere would have sufficed
>(but apparently not)..
You have far too many rules and adding more by guesswork won't help. (Well,
it might coincidentally make things work but it won't add any light or
security.) Have you read the IPCHAINS-HOWTO thoroughly?
Tell us which machine is which (A and B) and we can probably give you a
minimal rule set which does what you want.
>The other thing is I cant send out any xterms.... i.e.
>
>xv nakedman.jpg -display 10.0.1.62:0 &
>
>It fails. Can't I place a rule in stating on the input accept everything that
>was established by me?
This seems to be another new machine which hasn't been mentioned up till
now. I suspect a lot of your problems arise because you're refusing responses.
ipchains works at the level of individual packets so you have to allow
through not just the connection request (from X to Y) but also the
response coming back. Take a look at the "-y" flag in the ipchains
man page.
HTH
John
--
John Winters. Wallingford, Oxon, England.
The Linux Emporium - the source for Linux CDs in the UK
See http://www.linuxemporium.co.uk/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.setup.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Setup Digest
******************************
