Thanks for some advice, I already did running or issuing the command one by one but theres no problem occur. After running it one by one, I restart network service and try those pc behind firewall to connect the internet but those machine failed to download any site.(workstations are configured correctly).
" different versions of the iptables tools and the module resolution is different for both. " If this statement is the possible cause, please give me some steps to resolve or to do this. Again thank you very much. Message: 2 Date: Thu, 19 Jun 2003 13:00:20 +0800 From: "Horatio B. Bogbindero" <[EMAIL PROTECTED]> Subject: Re: [plug] IPtables To: Philippine Linux Users Group Mailing List <[EMAIL PROTECTED]> Cc: 'PH-Linux-Newbie' <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" try running it one command at a time. this way you can determine which line has problems. it maybe not necessary be kernel problem. it maybe that you are using different versions of the iptables tools and the module resolution is different for both. good luck! On Wed, Jun 18, 2003 at 11:17:28AM +0800, Gerald Abrigo wrote (wyy sez): > Hello everyone > > I know anybody can answer my probs regarding scripts on IPtables. > Im running RH9 kernel 2.4.20-8.IPTABLES is enable, Network service is > running but when I issue sh command or run this script manually, the system > display an error message = > > no such file or directory /proc/sys/net/upv4/ip_forward > iptables: Bad Policy Name > and so on....... > > heres the script: > > #!/bin/sh > IPTABLES=/sbin/iptables > #Enable forwarding > echo "1" > /proc/sys/net/ipv4/ip_forward > $IPTABLES -P INPUT ACCEPT > $IPTABLES -F INPUT > #The following three lines are not necessary for NAT, but provide some > security > #by blocking any connections from being initiated from outside the network. > $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT > $IPTABLES -A INPUT -j DROP > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -F OUTPUT > $IPTABLES -P FORWARD DROP > $IPTABLES -F FORWARD > $IPTABLES -t nat -F > $IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j > ACCEPT > $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT > $IPTABLES -A FORWARD -j LOG > $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > I also try this script at home using RH 7.3 but it runs smoothly > Is this error have something to do with my kernel? > > Thanks to all > > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- ------------------------------------------- William Emmanuel S. Yu Ateneo Campus Network Group (AteneoCNG) email : wyy at admu dot edu dot ph web : http://CNG.ateneo.net/wyu/ phone : +63(2)4266001-4186 GPG : http://CNG.ateneo.net/wyu/wyy.pgp War spares not the brave, but the cowardly. -- Anacreon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://mail.q-linux.com/pipermail/plug/attachments/20030619/e726eff0/attachm ent-0001.bin ------------------------------ Message: 3 Date: Thu, 19 Jun 2003 14:12:27 +0000 From: "Kelsey Hartigan Go" <[EMAIL PROTECTED]> Subject: Re: [plug] misc processes To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII ncsd -- I have a feeling the system has been hacked through bind ...and ncsd corrupted. On 18 Jun 03 at 14:20, Rick Moen wrote: > Quoting Maria Aurora de la Vega ([EMAIL PROTECTED]): > > > > Date: Tue, 18 Jun 2002 21:07:40 +0800 > ^^^^ > > Would you like to buy some stock tips? > > > we need to take off a few processes from our server > > we'd like to know what the following processes are for... > > and if we really need them hanging around... > > > > bin 208 1 0 12:41 ? 00:00:00 /sbin/portmap > > root 226 1 0 12:41 ? 00:00:00 /usr/sbin/syslogd > > root 230 1 0 12:41 ? 00:00:00 /usr/sbin/klogd -c 1 > > root 451 1 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 453 451 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 454 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 455 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 456 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 457 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 458 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 505 1 0 12:41 tty1 00:00:00 /sbin/mingetty --noclear > > tty1 > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > root 508 1 0 12:41 tty4 00:00:00 /sbin/mingetty tty4 > > root 509 1 0 12:41 tty5 00:00:00 /sbin/mingetty tty5 > > root 510 1 0 12:41 tty6 00:00:00 /sbin/mingetty tty6 > > root 558 511 0 12:50 ? 00:00:10 kwm > > root 644 1 0 12:50 ? 00:00:00 kfm > > root 647 1 0 12:50 ? 00:00:00 krootwm > > root 653 1 0 12:50 ? 00:00:00 kbgndwm > > root 654 1 0 12:50 ? 00:00:00 kpanel > > > OK, here goes: > > "nscd" is the glibc nameservice caching daemon, used almost entirely in > NIS-based networks to ease network performance problems on account of > the nameservice overhead. Unless you're running a very > performance-sapping network nameservice such as NIS, NIS+, or LDAP, you > should turn this _off_. > > Even if you elect to leave it turned on, you should disable its caching > of DNS information, because it has a habit of caching DNS data past its > time-to-live expiration. > > "portmap" is the Sun Microsystems RPC portmapper, a network service used > primarily as a transport for NIS and NFS on the server end (only). If > your machine isn't functioning as an NFS or NIS server, then turn it > off. > > "syslogd" and "klogd" are important system logging daemons. Leave them > on. > > "mingetty" (minimum-sized get TTY service) is what provides you with > your six virtual consoles, the ones you can switch among using > Ctrl-Alt-F1, Ctrl-Alt-F2, etc. You probably don't need six, and can > save some RAM by commenting out four of the lines in /etc/inittab, the > ones that look like this: > > 1:2345:respawn:/sbin/getty 38400 tty1 > 2:23:respawn:/sbin/getty 38400 tty2 > 3:23:respawn:/sbin/getty 38400 tty3 > 4:23:respawn:/sbin/getty 38400 tty4 > 5:23:respawn:/sbin/getty 38400 tty5 > 6:23:respawn:/sbin/getty 38400 tty6 > > Put a "#" character in front of the lines starting with 3 through 6. > Next time you enter your default runlevel, you'll have only two copies > of mingetty running. > > All those processes at the end of the list starting with "k" are KDE > pieces. If I were you, I simply wouldn't run those or any X11 stuff on > a server at all. Change your configuration (using YaST2 or whatever) to > just not start up XFree86. That will save a whole lot of RAM. > > -- > Cheers, First they came for the verbs, and I said nothing, for > Rick Moen verbing weirds language. Then, they arrival for the nouns > [EMAIL PROTECTED] and I speech nothing, for I no verbs. - Peter Ellis > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > ------------------------------ Message: 4 Date: Thu, 19 Jun 2003 14:32:25 +0800 From: -JhAzEr- <[EMAIL PROTECTED]> Subject: Re: [personal] [plug] misc processes To: [EMAIL PROTECTED], Philippine Linux Users Group Mailing List <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: Text/Plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 18 June 2002 21:07, Maria Aurora de la Vega wrote: > Listers, > > we need to take off a few processes from our server > we'd like to know what the following processes are for... > and if we really need them hanging around... <snip> ... > What we basically need is a barebone system running only the basics. > We consume 300MB of RAM after startup...which I think is too much... > considering we have not started the applications yet. > OS is Suse 7.0 by the way. ;) care for an alternative? try Slackware instead! hehehe - -- - -JhAzEr- "I use Slackware at home with X and WindowMaker to play music (xmms), watch vcd's (xine), learn typing (tuxtype), play games (lbreakout2, raptor, oilwar, tux vs clippy, zsnes, etc.) on a 545MB hardisk...running on top of a Linux Monolithic Kernel 2.4.20 w/ Con Kolivas patch." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+8Vj/hHbHnwBB+SkRAoicAJ4zcnc+CORoNr31wVzXZFDNalNwmQCfXCL9 KDLkUtvTs/NGcgrVYLOLLaU= =Kvb0 -----END PGP SIGNATURE----- ------------------------------ Message: 5 Date: Thu, 19 Jun 2003 14:38:43 +0800 From: "Oliver A. Rojo" <[EMAIL PROTECTED]> Subject: [plug] autofs with ipchains problem To: <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" I've configured my machine to mount a partition from remote machine using autofs. I just had a problem on it when i installed ipchain. Everytime I use to mount the remote machine and access its directory, ipchain rejects my connection. I added the ff. lines into my ipchain rule ipchains -A input -p udp -s <ip of remote machine>/32 -d 0/0 2049 -j ACCEPT ipchains -A input -p tcp -s <ip of remote machine>/32 -d 0/0 2049 -j ACCEPT since nfs is using 2049 port but to no avail... it still didn't work... what's wrong with my rule here? Did i missed something? Best regards, Oliver ------------------------------ Message: 6 Date: 19 Jun 2003 15:13:39 +0800 From: "Gideon N. Guillen" <[EMAIL PROTECTED]> Subject: Re: [plug] Linus leaves transmeta To: [EMAIL PROTECTED], Philippine Linux Users Group Mailing List <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain On Thu, 2003-06-19 at 06:15, optimus wrote: > * o Caldera/SCO's management are delusional and acting against the > * company interest. > > This is more like it: > > Caldera/SCO's management strings are currently pulled by Microsoft FUD PR > machinery. SCO's sounding like Ballmer nowadays. Ha! I won't be surprised if some or all $CO's executives gets hired at M$ when $CO closes down due to the lo$$e$ incurred from their crazy lawsuits. The fact that one of their lawyers (forgot the name) was also one of the lawyers for M$ during the anti-trust trials, and M$ getting a Unix license a few weeks ago is very suspicious. -- ======================================================================= Gideon N. Guillen E-mail: [EMAIL PROTECTED] PGP Public Keys: DSS/Diffie-Hellman mailto:[EMAIL PROTECTED] RSA Key: mailto:[EMAIL PROTECTED] ======================================================================= ------------------------------ Message: 7 Date: Thu, 19 Jun 2003 16:22:40 +0800 From: Maria Aurora de la Vega <[EMAIL PROTECTED]> Subject: Re: [plug] misc processes To: [EMAIL PROTECTED], Philippine Linux Users Group Mailing List <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii Thanks everyone! Kelsey Hartigan Go wrote: > ncsd -- I have a feeling the system has been hacked through > bind ...and ncsd corrupted. > > On 18 Jun 03 at 14:20, Rick Moen wrote: > > > Quoting Maria Aurora de la Vega ([EMAIL PROTECTED]): > > > > > > > Date: Tue, 18 Jun 2002 21:07:40 +0800 > > ^^^^ > > > > Would you like to buy some stock tips? > > > > > we need to take off a few processes from our server > > > we'd like to know what the following processes are for... > > > and if we really need them hanging around... > > > > > > bin 208 1 0 12:41 ? 00:00:00 /sbin/portmap > > > root 226 1 0 12:41 ? 00:00:00 /usr/sbin/syslogd > > > root 230 1 0 12:41 ? 00:00:00 /usr/sbin/klogd -c 1 > > > root 451 1 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 453 451 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 454 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 455 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 456 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 457 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 458 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 505 1 0 12:41 tty1 00:00:00 /sbin/mingetty --noclear > > > tty1 > > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > > root 508 1 0 12:41 tty4 00:00:00 /sbin/mingetty tty4 > > > root 509 1 0 12:41 tty5 00:00:00 /sbin/mingetty tty5 > > > root 510 1 0 12:41 tty6 00:00:00 /sbin/mingetty tty6 > > > root 558 511 0 12:50 ? 00:00:10 kwm > > > root 644 1 0 12:50 ? 00:00:00 kfm > > > root 647 1 0 12:50 ? 00:00:00 krootwm > > > root 653 1 0 12:50 ? 00:00:00 kbgndwm > > > root 654 1 0 12:50 ? 00:00:00 kpanel > > > > > > OK, here goes: > > > > "nscd" is the glibc nameservice caching daemon, used almost entirely in > > NIS-based networks to ease network performance problems on account of > > the nameservice overhead. Unless you're running a very > > performance-sapping network nameservice such as NIS, NIS+, or LDAP, you > > should turn this _off_. > > > > Even if you elect to leave it turned on, you should disable its caching > > of DNS information, because it has a habit of caching DNS data past its > > time-to-live expiration. > > > > "portmap" is the Sun Microsystems RPC portmapper, a network service used > > primarily as a transport for NIS and NFS on the server end (only). If > > your machine isn't functioning as an NFS or NIS server, then turn it > > off. > > > > "syslogd" and "klogd" are important system logging daemons. Leave them > > on. > > > > "mingetty" (minimum-sized get TTY service) is what provides you with > > your six virtual consoles, the ones you can switch among using > > Ctrl-Alt-F1, Ctrl-Alt-F2, etc. You probably don't need six, and can > > save some RAM by commenting out four of the lines in /etc/inittab, the > > ones that look like this: > > > > 1:2345:respawn:/sbin/getty 38400 tty1 > > 2:23:respawn:/sbin/getty 38400 tty2 > > 3:23:respawn:/sbin/getty 38400 tty3 > > 4:23:respawn:/sbin/getty 38400 tty4 > > 5:23:respawn:/sbin/getty 38400 tty5 > > 6:23:respawn:/sbin/getty 38400 tty6 > > > > Put a "#" character in front of the lines starting with 3 through 6. > > Next time you enter your default runlevel, you'll have only two copies > > of mingetty running. > > > > All those processes at the end of the list starting with "k" are KDE > > pieces. If I were you, I simply wouldn't run those or any X11 stuff on > > a server at all. Change your configuration (using YaST2 or whatever) to > > just not start up XFree86. That will save a whole lot of RAM. > > > > -- > > Cheers, First they came for the verbs, and I said nothing, for > > Rick Moen verbing weirds language. Then, they arrival for the nouns > > [EMAIL PROTECTED] and I speech nothing, for I no verbs. - Peter Ellis > > -- > > Philippine Linux Users' Group (PLUG) Mailing List > > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > > Official Website: http://plug.linux.org.ph > > Searchable Archives: http://marc.free.net.ph > > . > > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > > . > > Are you a Linux newbie? To join the newbie list, go to > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie ------------------------------ Message: 8 Date: Thu, 19 Jun 2003 16:36:14 +0800 From: -JhAzEr- <[EMAIL PROTECTED]> Subject: [plug] ATX Problem To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: Text/Plain; charset="us-ascii" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any way i can boot an atx pc without using the power button? - -- - -JhAzEr- "I use Slackware at home with X and WindowMaker to play music (xmms), watch vcd's (xine), learn typing (tuxtype), play games (lbreakout2, raptor, oilwar, tux vs clippy, zsnes, etc.) on a 545MB hardisk...running on top of a Linux Monolithic Kernel 2.4.20 w/ Con Kolivas patch." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD4DBQE+8XYDhHbHnwBB+SkRArCPAJjPQZFPnUx4uN0G/ch1ogs6KkSUAKCcf0He +06+bzNNLaO206i+4zabug== =M6hs -----END PGP SIGNATURE----- ------------------------------ Message: 9 Date: Thu, 19 Jun 2003 16:46:08 +0800 From: "Aris Santillan" <[EMAIL PROTECTED]> Subject: RE: [plug] ATX Problem To: "Philippine Linux Users Group Mailing List" <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" yes, u can do it directly on the motherboard by touching the pin where the power button is connected with any conductor / (screw driver) -----Original Message----- From: -JhAzEr- [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 1:36 AM To: [EMAIL PROTECTED] Subject: [plug] ATX Problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any way i can boot an atx pc without using the power button? - -- - -JhAzEr- "I use Slackware at home with X and WindowMaker to play music (xmms), watch vcd's (xine), learn typing (tuxtype), play games (lbreakout2, raptor, oilwar, tux vs clippy, zsnes, etc.) on a 545MB hardisk...running on top of a Linux Monolithic Kernel 2.4.20 w/ Con Kolivas patch." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD4DBQE+8XYDhHbHnwBB+SkRArCPAJjPQZFPnUx4uN0G/ch1ogs6KkSUAKCcf0He +06+bzNNLaO206i+4zabug== =M6hs -----END PGP SIGNATURE----- -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie ------------------------------ _______________________________________________ plug mailing list [EMAIL PROTECTED] http://lists.q-linux.com/mailman/listinfo/plug End of plug Digest, Vol 1, Issue 2500 ************************************* -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
