[gentoo-user] remote boot
Hi All, Does any one know how to boot diskless client from linux server? Also how to create boot image in linux! TnR Hiren
Re: [gentoo-user] another iptables question...
Hi, please post the output of iptables -vnL. We're talking about users on that PC, not those using it as a gateway/router/bridge/whatever, correct? YES Output of iptables -nvL is: #iptables -nvLChain INPUT (policy ACCEPT 24 packets, 1440 bytes)pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 15 packets, 900 bytes)pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 OWNER UID match 0 9 540 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 TnR Hiren On 3/28/06, Hans-Werner Hilse [EMAIL PROTECTED] wrote: Hi,On Tue, 28 Mar 2006 19:44:07 +0530 Hiren Dave [EMAIL PROTECTED]wrote: I did this: [...] #iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT #iptables -A OUTPUT -j DROP [...] Still other users including root can ping other PCs. Why is this not working?please post the output of iptables -vnL. We're talking about users onthat PC, not those using it as a gateway/router/bridge/whatever,correct? Also I have some diffulties understanding Connection Tracking(NEW, ESTABLISHED, RELATED, INVALID) concept.Those are protocol dependant. I really think that those are welldescribed even in iptables man page. Basically, you'll want sth likethis:iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT and maybe the same for FORWARD. Of course, for FORWARD, you'll want tomatch NEW,ESTABLISHED,RELATED for outgoing connections (well, or evendon't impose any restrictions for outgoing connections). Any practical guide available on internet for iptables??? Lots. That practical depends on the problem faced which you didn'tdescribe at all. So del.icio.us would be my first hint, Google follows: http://del.icio.us/tag/netfilterhttp://www.google.com/search?q=netfilter(note that the concept is usually referred to as netfilter) -hwh--gentoo-user@gentoo.org mailing list
[gentoo-user] iptables question
Hi, I want to configure firewall such that network 192.168.1.0/24 canonly access http server from server1(192.168.0.2/24) andnetwork 192.168.0.0/24 can not access http server. So I tried this: #service iptables stop#iptables -P INPUT DROP#iptables -t filter -A INPUT -s 192.168.1.0/24 --dport 80 -j ACCEPT But this command sends error that Unknown arg: --dport HOW CAN I ACHIEVE THIS? ALSO IS THEREANY BOOKS OR ONLINE DOCUMENTS FOR PRACTICALLY LEARNING OF IPTABLES? TnRHiren
[gentoo-user] dhcp server
Hi,
I have configured dhcp server for 192.168.0.0/24 network. But when win2k pc is trying to get ip address from dhcp(192.168.0.2) server, it is getting
192.168.205.1
While in dhcpd.conf file, the configured lease addresses are 192.168.0.10/24 to 192.168.0.20/24
Here is the dhcpd.conf file.##authoritative;ddns-updates on;ddns-update-style interim;ignore client-updates;
key rndckey {algorithm hmac-md5; secret OhoyIvQSE0MULVwlAXJom24RnpFUMhXdwihJHkECEBUQd9MKz0qcHKMphT8o;}
zone guru.com. {primary 192.168.0.2;key rndckey;}
zone 0.168.192.in-addr.arpa. {primary 192.168.0.2;key rndckey;}
subnet 192.168.0.0 netmask 255.255.255.0 {option routers192.168.0.2;option subnet-mask
255.255.255.0;option nis-domainguru;option domain-nameguru.com;option domain-name-servers192.168.0.2;option time-offset-18000;# Eastern Standard Time
range dynamic-bootp 192.168.0.10 192.168.0.20;default-lease-time 43200;max-lease-time 43200;}
/var/log/messages###Mar 27 17:53:46 server1 dhcpd: DHCPDISCOVER from 00:50:56:c0:00:01 (win2k) via eth0Mar 27 17:53:46 server1 dhcpd: DHCPOFFER on
192.168.0.18 to 00:50:56:c0:00:01 (win2k) via eth0Mar 27 17:53:46 server1 dhcpd: DHCPREQUEST for 192.168.205.1 (192.168.205.254) from 00:50:56:c0:00:01 via eth0: wrong network.
Mar 27 17:53:46 server1 dhcpd: DHCPNAK on 192.168.205.1 to 00:50:56:c0:00:01 via eth0
Why is this win2k pc is getting wrong network ipaddress.
TnR,Hiren
[gentoo-user] another iptables question...
Hi, I have configurediptables server on server1 (192.168.0.1/24).Now I want to allow user root on server1 to be connected to networkand all other users on server1 will not be able to ping other PCs. So I did this:#iptables -F#service iptables stop#iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT#iptables -A OUTPUT -j DROP#iptables -L Chain INPUT (policy ACCEPT)target prot opt source destination Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination ACCEPT all -- anywhere anywhere OWNER UID match root DROP all -- anywhere anywhere Still other users including root can ping other PCs. Why is this notworking? Also I have some diffulties understanding Connection Tracking(NEW, ESTABLISHED, RELATED, INVALID) concept.Can any one help me? Any practical guide available on internet for iptables??? TnR,Hiren
[gentoo-user] DNS Expert Required
Hi,
There are two DNS server in my local network.
server1.guru.com (192.168.0.2)Primary DNS Serverserver2.guru.com (192.168.0.3
)Secondary DNS Server
= Here is my configuration file for server1.guru.com machine.
###/etc/resolve.conf##domain guru.comsearch server1.guru.com
server2.guru.comnameserver 192.168.0.2nameserver 192.168.0.3##/var/named/chroot/etc/named.conf##
options {directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;allow-transfer {
192.168.0.3; 192.168.0.1; };allow-query { 192.168.0.0/24; localhost; };allow-recursion { 192.168.0.0/24
; localhost; };};
controls {inet 127.0.0.1 allow { localhost; } keys { rndckey; };};
logging {category dnssec{ security_log; };category update{ security_log; };category security{ security_log; };
channel security_log {file /var/named/dns-security.log versions 5 size 20m;print-time yes;print-category yes;print-severity yes;severity info;};};
//Root server hintszone . IN { type hint;file named.ca;};
zone localhost IN {type master;file localhost.zone;};
zone 0.0.127.in-addr.arpa IN {type master;file 127.0.0.zone;};
acl dhcp-clients {192.168.0/24;};
key rndckey {algorithm hmac-md5; secret OhoyIvQSE0MULVwlAXJom24RnpFUMhXdwihJHkECEBUQd9MKz0qcHKMphT8o;};
zone server1.guru.com IN {type master;file server1.guru.com.zone;allow-query { any; };allow-update { key rndckey; };};
zone 0.168.192.in-addr.arpa IN {type master;file 0.168.192.zone;allow-query { any; };allow-update { key rndckey; };};
#include /etc/rndc.key;#/var/named/chroot/var/named/server1.guru.com.zone##$TTL 86400@INSOA
server1.guru.com. root.server1.guru.com. (1 ; serial300 ; refresh (5 minutes)10 ; retry (10 seconds)86400 ; expire (1 day)
600 ; minimum (10 minutes))
@INNSserver1.guru.com.@INMX10 server1.guru.com.
server1.guru.com.INA192.168.0.2server2.guru.com.INA192.168.0.3
win2k.guru.com.INA192.168.0.1
www1CNAMEserver1.guru.com.www2CNAMEserver2.guru.com.www3CNAMEwin2k.guru.com.
server2INMX0server1.guru.com.win2kINMX0server1.guru.com.##
###/var/named/chroot/var/named/0.168.192.zone#$TTL 86400@INSOAserver1.guru.com. root.server1.guru.com
. (0 ; serial300 ; refresh (5 minutes)60 ; retry (1 minute)86400 ; expire (1 day)600 ; minimum (10 minutes))
@IN NSserver1.guru.com.
2.0.168.192.in-addr.apra.INPTRserver1.guru.com.1.0.168.192.in-addr.arpa.INPTRwin2k.guru.com.3.0.168.192.in-addr.arpa.INPTR
server2.guru.com.##
= Here is my configuration file for server2.guru.com machine.
###/etc/resolve.conf##domain guru.comsearch server1.guru.com
server2.guru.comnameserver 192.168.0.2nameserver 192.168.0.3##/var/named/chroot/etc/named.conf##
options {directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;allow-transfer { none; };allow-query {
192.168.0.0/24; localhost; };allow-recursion { 192.168.0.0/24; localhost; };};
controls {inet 127.0.0.1 allow { localhost; } keys { rndckey; };};
//Root server hintszone . IN { type hint;file named.ca;};
zone localhost IN {type master;file localhost.zone;};
zone 0.0.127.in-addr.arpa IN {type master;file 127.0.0.zone;};
zone server1.guru.com IN {type slave;file server1.guru.com.zone;masters { 192.168.0.2; };allow-query { any; };
};
zone 0.168.192.in-addr.arpa IN {type slave;file 0.168.192.zone;masters { 192.168.0.2; };allow-query { any; };};
#include /etc/rndc.key;#/var/named/chroot/var/named/server1.guru.com.zone##$ORIGIN
guru.com.$TTL 86400; 1 dayserver1IN SOAserver1 root.server1 (1 ; serial300 ; refresh (5 minutes)10 ; retry (10 seconds)86400 ; expire (1 day)
600 ; minimum (10 minutes))NSserver1A192.168.0.2MX0 server1MX10 server1$ORIGIN server1.guru.com
.server1MX0 server1.guru.com.server2MX0 server1.guru.com.win2kMX0 server1.guru.com.
www1CNAMEserver1.guru.com.www2CNAMEserver2.guru.com.www3CNAMEwin2k.guru.com.$ORIGIN
guru.com.server2A192.168.0.3MX10 server1win2kA192.168.0.1##
###/var/named/chroot/var/named/0.168.192.zone#$ORIGIN .$TTL 86400; 1 day2.0.168.192.in-addr.apra IN PTRserver1.guru.com.0.168.192.in-addr.arpa
SOAserver1.guru.com. root.server1.guru.com. (0 ; serial300 ; refresh (5 minutes)60 ; retry (1 minute)
86400 ; expire (1 day)600 ; minimum (10
[gentoo-user] Sendmail null client
Hi, Can any body tell me how to configure client sendmail to use mail hub.I've tried to do this by nullclient feature and its also working butthe problem is that the client is first trying 127.0.0.1 which givesmessage Differed: connection refused by 127.0.0.1 and than after sometimes I receive mail from client. TnRHiren
Re: [gentoo-user] DNS Expert Required
Hi Uwe,
The main problem in my configuration was this: search server1.guru.com server2.guru.comsearch guru.com
zone server1.guru.com IN {make this: zone guru.com IN {
After changing this, my dns server is working fine. Thanks a lot dude.
Hiren
On 3/26/06, Uwe Thiem [EMAIL PROTECTED] wrote:
On 26 March 2006 10:01, Hiren Dave wrote:Alright, I'll bite. ;-)Some small errors.
server1.guru.com (192.168.0.2)Primary DNS Server server2.guru.com (192.168.0.3
)Secondary DNS Server = Here is my configuration file for server1.guru.com machine. ###/etc/resolve.conf##
domain guru.com search server1.guru.com server2.guru.comsearch guru.com
(the search string gets appended to non-qualified names) nameserver 192.168.0.2 nameserver 192.168.0.3 ##
/var/named/chroot/etc/named.conf## options {directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;
allow-transfer { 192.168.0.3; 192.168.0.1; };allow-query { 192.168.0.0/24; localhost; };allow-recursion {
192.168.0.0/24; localhost; }; };allow-tansfer: take out 192.168.0.1; it's unnecessary.[ snip ] zone
server1.guru.com IN {make this: zone guru.com IN {type master;file server1.guru.com.zone;make this: file
guru.com; (not strictly necessary)allow-query { any; };In the general options, you restrict queries to your local network. Why do younow allow queries from anywhere?allow-update { key rndckey; };
}; #include /etc/rndc.key; ## ###/var/named/chroot/var/named/server1.guru.com.zone##
make the file guru.co $TTL 86400 @ IN SOA server1.guru.com. root.server1.guru.com
. (BTW, *not* a good idea to make root the technical contact for your domain.Now most stuff below can be much easier. 1; serial 300; refresh (5 minutes)
10 ; retry (10 seconds) 86400; expire (1 day) 600; minimum (10 minutes) ) @ IN NS server1.guru.com
. @ IN MX 10 server1.guru.com. server1.guru.com. IN A 192.168.0.2
server2.guru.com. IN A 192.168.0.3 win2k.guru.com.IN A 192.168.0.1 www1 CNAME
server1.guru.com. www2 CNAME server2.guru.com. www3 CNAME win2k.guru.com. server2 IN MX 0
server1.guru.com. win2k IN MX 0 server1.guru.com.The lines above can now look this way: INNSserver1.guru.com
. INNSserver2.guru.com. INMX10server1.guru.co.*.guru.comINMX10
server1.guru.com.server1 INA 192.168.0.2server2 INA 192.168.0.3win2k INA
192.168.0.1www1CNAME server1www2CNAME server2www3CNAME win2k(Note where I put a fullstop at the end of a name and where not. It'simportant. Your MX statements above are contradictory. So I don't know
exactly which box your email server is and if you really have more than one.If so you have to adjust my two MX entries above.)Adjust server2 accordingly.I cannot guarantee that I caught all mistakes. Just try it out.
Uwe--Why do consumers keep buying products they will live to curse?--gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Sendmail virtusertable
Hi, The sendmail configuration is as below. #sendmail.mc##divert(-1)dnlinclude(`/usr/share/sendmail-cf/m4/cf.m4')dnlVERSIONID(`setup for Red Hat Linux')dnlOSTYPE(`linux')dnldefine(`confDEF_USER_ID',``8:12'')dnl define(`confTO_CONNECT', `1m')dnldefine(`confTRY_NULL_MX_LIST',true)dnldefine(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnldefine(`ALIAS_FILE', `/etc/aliases')dnldefine(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `200')dnldefine(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnldefine(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnldefine(`confAUTH_OPTIONS', `A')dnldefine(`confTO_IDENT', `0')dnl FEATURE(`no_default_msa',`dnl')dnlFEATURE(`smrsh',`/usr/sbin/smrsh')dnlFEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnlFEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnlFEATURE(redirect)dnl FEATURE(always_add_domain)dnlFEATURE(use_cw_file)dnlFEATURE(use_ct_file)dnlFEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnlFEATURE(`access_db',`hash -TTMPF -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnlEXPOSED_USER(`root')dnlDAEMON_OPTIONS(`Port=smtp, Name=MTA')dnlFEATURE(`accept_unresolvable_domains')dnlFEATURE(promiscuous_relay)dnlMAILER(smtp)dnlMAILER(procmail)dnl #virtusertable##[EMAIL PROTECTED] [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] [EMAIL PROTECTED]@yahoo.com[EMAIL PROTECTED]@hotmail.com [EMAIL PROTECTED]@msn.com[EMAIL PROTECTED][EMAIL PROTECTED] [EMAIL PROTECTED]#local-host-names# local-host-names - include all aliases for your machine here. guru.comserver1.guru.comserver1domain.com# = Here is the command output.---#sendmail -bv [EMAIL PROTECTED] [EMAIL PROTECTED]... deliverable: mailer esmtp, host yahoo.com.guru.com., user [EMAIL PROTECTED]--- It should return [EMAIL PROTECTED]and not [EMAIL PROTECTED] also removing always_add_domain from sendmail.mc does helping. TnRHiren On 3/26/06, Hiren Dave [EMAIL PROTECTED] wrote: Hi, Thank you for your reply. Now I understant it. TnR Hiren On 3/26/06, Boyd Stephen Smith Jr. [EMAIL PROTECTED] wrote: On Saturday 25 March 2006 06:50, Hiren Dave [EMAIL PROTECTED] wroteabout 'Re: [gentoo-user] Sendmail virtusertable': Here I have used yahoo.com domain but it can be any domain lets say domain.com . My network is not connected to Internet. Still do you think that the following will not work if guru.com exists and domain.com does not exists physically. Here's how mail delivery normally works:1. Message is composed, and sending is initiatied.2. (Optional) message is handed off to a MTA, this might be local, remote via SMTP, or a separate part of the same application. 3. The domain part of each of the destination addresses is queried for anMX record from DNS; if no MX record exists the A record is used instead.4. An SMTP connection is made to the host (MX) or address (A) and the message is delivered there.5. The MDA on that server decides what to do with the message.The mayinvolve forwarding (going back to step 2), local delivery (THIS IS WHERETHE VIRTUAL USER TABLE [or equivalent] IS QUERIED), or other actions. 6. Once final delivery is made to a mailbox (or the mailboxes), therecipients use POP, IMAP, Web, mbox, maildir, and/or other methods to readthe mail.Does that help?If you are truly isolated from the internet, you can indeed make sure that the DNS MX record for yahoo.com points to your MDA and deliver [EMAIL PROTECTED] to a local mailbox, but it involves more than just yourvirtual user table. --If there's one thing we've established over the years,it's that the vast majority of our users don't have the slightest clue what's best for them in terms of package stability.-- Gentoo Developer Ciaran McCreesh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Sendmail virtusertable
Hi, Here I have used yahoo.com domain but it can be any domain lets say domain.com.My network isnot connected to Internet. Still do you think that the following will not work if guru.com exists and domain.com does not exists physically. ###virtusertable### @domain.com [EMAIL PROTECTED] TnR Hiren On 3/24/06, Jarry [EMAIL PROTECTED] wrote: Hiren Dave wrote: Yes, I have MX record. This is a virtuserable concept. [EMAIL PROTECTED][EMAIL PROTECTED] @yahoo.com[EMAIL PROTECTED] entry in there and that means mails that are sent to admin and yahoo.com should go to root. Am I right?I do not think so. At least I do not believe you own yahoo.com domain,it means you can not set up your server1.guru.com as mailserver foryahoo.com domain and redirect all yahoo.com mail to your server.Please, understand, that virtsertable concept is a way of hosting multiple mail-domains, but you need full control of that domains.Or do you really believe that if you have:@yahoo.com[EMAIL PROTECTED] it means you can steal all mail sent to all yahoo.com accounts?No offense, but you do not mean it seriously, do you?:-)You can only *redirect* your mail in yahoo.com, but only on yourown accounts, and only if yahoo.com supports it. Or you can collectyour mail from yahoo.com through pop3/imap protocols at regular intervals (again, only if yahoo.com supports it).virtusertable covers local delivering, but *not sending*.When your MTA (sendmail) gets a mail message for [EMAIL PROTECTED],it asks nameserver authorised for yahoo.com for correspondingmail-server for deliveries, and *no matter* what you have invirtusertable. But as I said, very probably you do not own yahoo.comdomain, so you can not define your server as mailserver for yahoo.com.But, this all is possible to do for your own domain, guru.com,if you really have full control of it. I think maybe it's the righttime to read something more about sendmail and bind, or some RFCabout how email works...Jarry-- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Sendmail virtusertable
Hi Jarry, Thanks a lot for your time in solving my problem. I now understand the concept of virtusertable. TnR Hiren On 3/25/06, Jarry [EMAIL PROTECTED] wrote: Hiren Dave wrote: Here I have used yahoo.com domain but it can be any domain lets say domain.com . My network is not connected to Internet. Still do you think that the following will not work if guru.com exists and domain.com does not exists physically.If your domain is NOT connected to internet, how is your MTA(sendmail) gonna find which mailserver is authorised for domain.com? domain.com does not have to exist, but thereMUST be a nameserver, authorised for domain.com... In such a case, you must be sure, that your default nameserver(in resolv.conf) is authorised for guru.com AND domain.com(because as you said, your network is not connected to internet) and that it has MX-record in zone-files for both domains pointingto server1.guru.com.I recommend that you start checking your nameserver first, withdig any domain.com, for example, or nslookup. In the answer theremust be something like domain.com. IN MX 10 server1.guru.com.If you do not get it, your nameserver is misconfigured, and your MTA (sendmail) does not know where to deliver mailfor domain.com.Once more:1. nameserver authorised for a certain domain (e.g. domain.com )defines WHERE mail for this domain should be delivered2. virtusertable maps virtual users to local mailboxes.But just adding entry in virtusertable does not mean yourmailserver will get mail for that virtual user/domain... And one more thing, there should be some entries in logs,if your mail can not be delivered. If necessary, increaselog levels for bind/sendmail to get more info...JarryBTW, could you please turn off that html-garbage? --gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Sendmail virtusertable
Hi, Thank you for your reply. Now I understant it. TnR Hiren On 3/26/06, Boyd Stephen Smith Jr. [EMAIL PROTECTED] wrote: On Saturday 25 March 2006 06:50, Hiren Dave [EMAIL PROTECTED] wroteabout 'Re: [gentoo-user] Sendmail virtusertable': Here I have used yahoo.com domain but it can be any domain lets say domain.com . My network is not connected to Internet. Still do you think that the following will not work if guru.com exists and domain.com does not exists physically. Here's how mail delivery normally works:1. Message is composed, and sending is initiatied.2. (Optional) message is handed off to a MTA, this might be local, remotevia SMTP, or a separate part of the same application. 3. The domain part of each of the destination addresses is queried for anMX record from DNS; if no MX record exists the A record is used instead.4. An SMTP connection is made to the host (MX) or address (A) and the message is delivered there.5. The MDA on that server decides what to do with the message.The mayinvolve forwarding (going back to step 2), local delivery (THIS IS WHERETHE VIRTUAL USER TABLE [or equivalent] IS QUERIED), or other actions. 6. Once final delivery is made to a mailbox (or the mailboxes), therecipients use POP, IMAP, Web, mbox, maildir, and/or other methods to readthe mail.Does that help?If you are truly isolated from the internet, you can indeed make sure that the DNS MX record for yahoo.com points to your MDA and deliver[EMAIL PROTECTED] to a local mailbox, but it involves more than just yourvirtual user table. --If there's one thing we've established over the years,it's that the vast majority of our users don't have the slightestclue what's best for them in terms of package stability.-- Gentoo Developer Ciaran McCreesh --gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Sendmail virtusertable
Hi, Yes, I have MX record. This is a virtuserable concept. [EMAIL PROTECTED] [EMAIL PROTECTED] @yahoo.com [EMAIL PROTECTED] entry in there and that means mails that are sent to admin and yahoo.com should go to root. Am I right? On 3/23/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hiren Dave [EMAIL PROTECTED] wrote: I have enter below lines in the /etc/mail/virtusertable file. [EMAIL PROTECTED][EMAIL PROTECTED] @yahoo.com[EMAIL PROTECTED] Then I run this command. # m4 virtusertable virtusertable.db # service sendmail restart # echo Nice to meet you. | mail -s Test [EMAIL PROTECTED] # echo Nice to meet you too. | mail -s Test [EMAIL PROTECTED] But all two mails are in queue and delayed since last 5 hours. Do you have corresponding MX-record?I mean, nameserver authorised for guru.com domain must haveMX record in guru.com zonefile, which says that server1.guru.comis mailserver for guru.com domain, something like (for bind):guru.com. IN MX 10 server1.guru.com.Jarry--Feel free mit GMX FreeMail!Monat für Monat 10 FreeSMS inklusive! http://www.gmx.net-- gentoo-user@gentoo.org mailing list
[gentoo-user] Sendmail virtusertable
Hi, I am running sendmail 8.13 on RHELv4WS. Now I have configured this server1 as mailhub.I have enter below lines in the /etc/mail/virtusertable file. ##/etc/mail/virtusertable[EMAIL PROTECTED][EMAIL PROTECTED]@ yahoo.com[EMAIL PROTECTED]# Then I run this command. # m4 virtusertable virtusertable.db# service sendmail restart# echo Nice to meet you. | mail -s Test [EMAIL PROTECTED]# echo Nice to meet you too. | mail -s Test [EMAIL PROTECTED] But all two mails are in queue and delayed since last 5 hours. Any idea whats wrong? TnRHiren
[gentoo-user] dovecat problem
Hi, I have installed dovecat on my RHELv4WS machine. But when I am trying telnet localhsot 110 command, I am not able to log in with my username and password. The error is saying that ERR [AUTH] Invalid login. Please help. The /etc/dovecat.conf file contains protocols = pop3 pop3s TnRHiren
[gentoo-user] sendmail with outlook
Hi, I have a setup of mail server with sendmail 8.13 and pop3/imap. Now the problem is that I can send mail from outlook via sendmail but I am not able to receive message. The error is coming that Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: ' 192.168.0.2', Server: '192.168.0.2', Protocol: POP3, Port: 110, Secure(SSL): No, Error Number: 0x800CCC0F. Any one has any idea about this problem. There is no log in /var/log/messages or /var/log/maillog.
Re: [gentoo-user] Bind Problem
Hi, Thanks for the solution. Now I can see MX entry in dig command. Now the command telnet server1.guru.com 25 or telnet 192.168.0.2 25 is not working. The error is coming that the is connection refused. But the command telnet 127.0.0.1 25 is working correctly. Why is this happening? Thanks, Hiren On 3/17/06, Martin Hudec [EMAIL PROTECTED] wrote: Hello,Hiren Dave wrote: Hi, I have one problem with bind. I am getting answer from dns server for dig command but there is no MX entry. Any idea whats wrong? Below is the configuration file for master zone and dig command ouput is also given.That is not the issue with bind.Dig is also working fine, he returned everything required. For MX to pop up you have to use -t mx, like:# dig -t mx guru.comCheers,Martin--gentoo-user@gentoo.org mailing list
[gentoo-user] Bind Problem
Hi, I have one problem with bind. I am getting answer from dns server for dig command but there is no MX entry. Any idea whats wrong? Below is the configuration file for master zone and dig command ouput is also given. ###server1.guru.com.zone##$TTL 86400@INSOAserver1.guru.com. root.server1.guru.com . (0 ; serial300 ; refresh (5 minutes)10 ; retry (10 seconds)86400 ; expire (1 day)600 ; minimum (10 minutes)) @INNSserver1.guru.com.@INMX10 server1.guru.com. server1.guru.com.INA192.168.0.2server2.guru.com.INA192.168.0.3 win2k.guru.com.INA192.168.0.1 www1CNAMEserver1.guru.com.www2CNAMEserver2.guru.com.www3CNAMEwin2k.guru.com. @INMX0server1.guru.com.server1INMX0server1.guru.com.server2INMX0server1.guru.com. win2kINMX0server1.guru.com.#END### Dig[EMAIL PROTECTED] ~]#dig server1.guru.com; DiG 9.2.4 server1.guru.com;; global options: printcmd;; Got answer:;; -HEADER- opcode: QUERY, status: NOERROR, id: 12985;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION:;server1.guru.com.INA ;; ANSWER SECTION:server1.guru.com.86400INA192.168.0.2 ;; AUTHORITY SECTION:server1.guru.com.86400INNSserver1.guru.com. ;; Query time: 1 msec;; SERVER: 192.168.0.2#53(192.168.0.2);; WHEN: Fri Mar 17 21:16:03 2006;; MSG SIZE rcvd: 64### Thanks,Hiren
[gentoo-user] DDNS Problem
Hi All,
I am facing problems in configuring DDNS with dhcpd. When i'm rebooting linux machine, it is getting dynamically ip address from linux server but no dynamic dns updates are there. Also when i renew ip address of windows 2000 prof, it not getting ip address from linux dhcp server. Following is the configuration that might help you solving my problem. Both Master DNS and dhcp server are on the same server
server1.guru.com
#guru.com.zone#$TTL 86400$ORIGIN guru.com.@1D IN SOA@ root.guru.com. (00;Serial10;Refresh
1M;Retry1W;Expiry1M );Minimum TTL
1D IN NS@
server1 1D IN A192.168.0.2server2 1D IN A192.168.0.3win2k2D IN A192.168.0.1
www1INCNAMEserver1.guru.com.www2INCNAMEserver2.guru.com.www3INCNAMEwin2k.guru.com.#END
##0.168.192.zone$TTL 86400@INSOAguru.com.root.guru.com.(00;Serial10;Refresh1M;Retry
1W;Expiry1M );Minimum TTL
INNSguru.com.
2INPTRserver1.guru.com.1INPTRwin2k.guru.com.3INPTRserver2.guru.com.#END
###dhcpd.conf###ddns-updates on;ddns-update-style interim;#ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gatewayoption routers192.168.0.2;option subnet-mask255.255.255.0;
#option nis-domaindomain.org;option domain-nameguru.org;option domain-name-servers192.168.0.2
;
option time-offset-18000;# Eastern Standard Time#option ntp-servers192.168.0.1;#option netbios-name-servers192.168.0.1;# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well#option netbios-node-type 2;
range dynamic-bootp 192.168.0.128 192.168.0.254;default-lease-time 43200;max-lease-time 43200;
# we want the nameserver to appear at a fixed address#host ns {#next-server server1.redhat.com;#hardware ethernet 12:34:56:78:AB:CD;#fixed-address
207.175.42.254;#}}#END##/var/log/messages#server1.guru.com log file##Mar 15 15:29:36 server1 dhcpd: Listening on LPF/eth0/00:0c:29:9f:6e:55/192.168.0.0/24
Mar 15 15:29:36 server1 dhcpd: Listening on LPF/eth0/00:0c:29:9f:6e:55/192.168.0.0/24Mar 15 15:29:36 server1 dhcpd: Sending on LPF/eth0/00:0c:29:9f:6e:55/192.168.0.0/24Mar 15 15:29:36 server1 dhcpd: Sending on Socket/fallback/fallback-net
Mar 15 15:29:36 server1 dhcpd: Mar 15 15:29:36 server1 dhcpd: Sending on LPF/eth0/00:0c:29:9f:6e:55/192.168.0.0/24Mar 15 15:29:36 server1 dhcpd: Sending on Socket/fallback/fallback-netMar 15 15:29:36 server1 dhcpd: dhcpd startup succeeded
Mar 15 15:37:57 server1 dhcpd: dhcpd shutdown succeededMar 15 15:37:57 server1 dhcpd: Internet Software Consortium DHCP Server V3.0pl2Mar 15 15:37:57 server1 dhcpd: Copyright 1995-2003 Internet Software Consortium.
Mar 15 15:37:57 server1 dhcpd: All rights reserved.Mar 15 15:37:57 server1 dhcpd: For info, please visit http://www.isc.org/products/DHCPMar 15 15:37:57 server1 dhcpd: Wrote 1 leases to leases file.
Mar 15 15:37:57 server1 dhcpd: Internet Software Consortium DHCP Server V3.0pl2Mar 15 15:37:57 server1 dhcpd: Copyright 1995-2003 Internet Software Consortium.Mar 15 15:37:57 server1 dhcpd: All rights reserved.
Mar 15 15:37:57 server1 dhcpd: For info, please visit http://www.isc.org/products/DHCPMar 15 15:37:57 server1 dhcpd: Wrote 1 leases to leases file.Mar 15 15:37:57 server1 dhcpd: Listening on LPF/eth0/00:0c:29:9f:6e:55/192.168.0.0/24
Mar 15 15:37:57 server1 dhcpd: Listening on LPF/eth0/00:0c:29:9f:6e:55/192.168.0.0/24Mar 15 15:37:57 server1 dhcpd: Sending on LPF/eth0/00:0c:29:9f:6e:55/192.168.0.0/24Mar 15 15:37:57 server1 dhcpd: Sending on Socket/fallback/fallback-net
Mar 15 15:37:57 server1 dhcpd: Mar 15 15:37:57 server1 dhcpd: Sending on LPF/eth0/00:0c:29:9f:6e:55/192.168.0.0/24Mar 15 15:37:57 server1 dhcpd: Sending on Socket/fallback/fallback-netMar 15 15:37:57 server1 dhcpd: dhcpd startup succeeded
Mar 15 15:45:12 server1 named[31429]: query logging is now onMar 15 15:47:10 server1 dhcpd: DHCPREQUEST for 192.168.0.254 from 00:0c:29:db:9c:0d via eth0Mar 15 15:47:10 server1 dhcpd: DHCPACK on
192.168.0.254 to 00:0c:29:db:9c:0d via eth0#END#
Thanks Regards,
Hiren Dave
Re: [gentoo-user] DDNS Problem
Hi,
I think you must allow dynamic updates by allow-update or update-policy in bind's zone-files...
Here is my named.conf file which may help you solving my problem
named.conf on server1.guru.com
# Configured by Hiren Dave on 07th March 2006options {directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;
allow-transfer { 192.168.0.3; };allow-query { 192.168.0.0/24; localhost; };allow-recursion { 192.168.0.0/24
; localhost; };};
controls {inet 127.0.0.1 allow { localhost; } keys { rndckey; };};
logging {category dnssec{ security_log; };category update{ security_log; };category security{ security_log; };
channel security_log {file /var/named/dns-security.log versions 5 size 20m;print-time yes;print-category yes;print-severity yes;severity info;};};
//Root server hintszone . IN { type hint;file named.ca;};
zone localhost IN {type master;file localhost.zone;};
zone 0.0.127.in-addr.arpa IN {type master;file 127.0.0.zone;};
acl dhcp-server {192.168.0.2;};
acl dhcp-clients {192.168.0/24;};
zone guru.com IN {type master;file guru.com.zone;allow-query { any; };allow-update { dhcp-clients; };};
zone 0.168.192.in-addr.arpa IN {type master;file 0.168.192.zone;allow-query { any; };allow-update { dhcp-clients; };};
#include /etc/rndc.key;
##END#
Hiren Dave
On 3/15/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hiren Dave [EMAIL PROTECTED] wrote: I am facing problems in configuring DDNS with dhcpd. When i'm rebooting
linux machine, it is getting dynamically ip address from linux server but no dynamic dns updates are there.I think you must allow dynamic updates by allow-update or update-policy
in bind's zone-files...And one more thing: for every ip from your dyn-ip pool I wouldset very short ttl/expire in your zone-files. Otherwise caching-clientswould get know too late, that there was a change in ip/dn assignment...
Jarry--Echte DSL-Flatrate dauerhaft für 0,- Euro*!Feel free mit GMX DSL! http://www.gmx.net/de/go/dsl--
gentoo-user@gentoo.org mailing list
[gentoo-user] Bind Questions...
[2881]: transfer of 'guru.com/IN' from 192.168.0.2#53: end of transfer
Mar 12 15:40:51 server2 kernel: audit(1142158251.528:0): avc: denied { write } for pid=2882 exe=/usr/sbin/named name=named dev=dm-0 ino=622131 scontext=root:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir
Mar 12 15:40:53 server2 named[2881]: dumping master file: tmp-jkjuJv: open: permission denied
Mar 12 15:40:53 server2 named[2881]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.2#53: failed while receiving responses: permission denied
Mar 12 15:40:53 server2 named[2881]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.2#53: end of transfer
Mar 12 15:40:53 server2 kernel: audit(1142158253.519:0): avc: denied { write } for pid=2882 exe=/usr/sbin/named name=named dev=dm-0 ino=622131 scontext=root:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir
Mar 12 15:43:58 server2 named[2881]: dumping master file: tmp-ilsgjw: open: permission denied
Mar 12 15:43:58 server2 named[2881]: transfer of 'guru.com/IN' from 192.168.0.2#53: failed while receiving responses: permission denied
Mar 12 15:43:58 server2 named[2881]: transfer of 'guru.com/IN' from 192.168.0.2#53: end of transfer
Mar 12 15:43:58 server2 kernel: audit(1142158438.527:0): avc: denied { write } for pid=2882 exe=/usr/sbin/named name=named dev=dm-0 ino=622131 scontext=root:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir
Mar 12 15:44:44 server2 named[2881]: dumping master file: tmp-BCugxM: open: permission denied
Mar 12 15:44:44 server2 named[2881]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.2#53: failed while receiving responses: permission denied
Mar 12 15:44:44 server2 named[2881]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.2#53: end of transfer
Mar 12 15:44:44 server2 kernel: audit(1142158484.528:0): avc: denied { write } for pid=2882 exe=/usr/sbin/named name=named dev=dm-0 ino=622131 scontext=root:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir
=END
Any help/suggestions will be appreciated
Hiren Dave
[gentoo-user] Bind Questions
Hi, I am learning Linux DNS server (named) and I found that the host hostname command worksonly if there is an entry in the corresponding domain zone file(i.e. localhost.zone) and the dig -x ip command works only if there is an entry in the corresponding reverse domain zone file(i.e. 0.0.127.in-addr.arpa.zone). And itis not necessary to enter hostname in hosts file. Also in the same network there are many linux and windows clients but the Linuz DNS server (named) is not giving any response to the host or dig command by its own. Can any one tell me how the Named/DNS server works? Howit discovers neighboorhood(local LAN) hosts? Also can we check/list all the hosts/ip addresses thatare cached by dns server? If yes, then HOW? Any answers/suggestions will be appreciated. Hiren Dave
Re: [gentoo-user] Bind Questions
On 3/12/06, Alexander Kirillov [EMAIL PROTECTED] wrote: Also in the same network there are many linux and windows clients but the Linuz DNS server (named) is not giving any response to the host or dig command by its own. Can any one tell me how the Named/DNS server works? How it discovers neighboorhood(local LAN) hosts?I don't think it does. But you may get something similar with dhcp and dynamic dns updates. Also can we check/list all the hosts/ip addresses that are cached by dns server? If yes, then HOW?# rndc dumpdb -cacheHTH-- gentoo-user@gentoo.org mailing list Hi, Thanks for reply. Can you brief your answer about dhcp and dynamic dns updates pls? Also after using the given command for dumpdb, how to check this db file? Can we check it by simple cat command? Hiren Dave
