Re: MSIE automatic proxy config
Shachar Shemesh wrote: You will find that your solution forwards ALL outbound packets to the proxy machine. Not just those aimed at port 80. You are then left with my original problem - I don't want to penalise the entire office traffic with an extra hop (actually - extra two hops and a routing loop in your solution), just because I want to implement a transperant proxy. A much simpler solution for me is to block all communication to port 80 outbound, and force everyone to manually configure the proxy or they don't get web access. And once again I must say: "Don't think so 3rd layer, JeanLuke". I was about to explain how to build a 2d level (OSI) bridiging proxy but someone already did: http://perso.wanadoo.fr/magpie/EtherDivert.html No extra hop, no need for another subnet, batteries not included... I do suggest however, you use the new bridge patch ported from 2.4.0-testx that can be found at http://www.openrock.net/bridge and not the original 2.2.x bridiging code. Gilad. -- Gilad Ben-Yossef [EMAIL PROTECTED] http://kagoor.com | +972(9)9565333 x230 | +972(54)756701 "I've been seduced by the chocolate side of the force." = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: MSIE automatic proxy config
Gilad Ben-Yossef wrote: And once again I must say: "Don't think so 3rd layer, JeanLuke". I am not, number 1. I was about to explain how to build a 2d level (OSI) bridiging proxy but someone already did: http://perso.wanadoo.fr/magpie/EtherDivert.html No extra hop, no need for another subnet, batteries not included... Oh, but you do add an extra hop. The fact that no IP protocol is aware of that does not change the fact that you now require all your traffic to be directed through your box. The box still acts as a router (actually, a bridge, but same difference), and the performance penalties are still being payed (though I have to admit that it's probably less of a penalty). I do suggest however, you use the new bridge patch ported from 2.4.0-testx that can be found at http://www.openrock.net/bridge and not the original 2.2.x bridiging code. Gilad. Actually, I'll stick with forcing everyone to move to an explicit proxy by means of filtering. I do have access to the router. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: MSIE automatic proxy config
On Sun, 27 Aug 2000, Shachar Shemesh wrote: maybe you should start thinking then ;) . if a "regular router" = cisco - then, yes, it can do that, and much more (depending on the version of its IOS). Maybe, but not as explained in your email. actually, _exactly_ as explained in my email. this will done done with no address translation on the router - it just is told that the 'next hop' towards the target address, The "target address" is the entire internet. You are referring to the default route? no. i think what i'm refering to falls under the specification of "policy routing". is the proxy machine. that proxy machine then needs to understand (via normal routing rules) that any packet it received, targeted for port 80 and an IP that does not belogn to the local machine, should be injected into the proxy server's module. that doesn't _have_ to be implemented using NAT (althoguht it _might_ be done this way if it simplifies stuff). Yes, I agree. I have no problem with inplementing NAT on the proxy machine, BUT... _if_ at all one needs NAT for that... or NAT in _any_ classical sense of the word (according to your broad definitions, any using of a proxy server is actually an introduction of NAT, since not the original machine's addres is being shown in the FROM address of the packet being sent out, but a different one (that of the proxy). You will find that your solution forwards ALL outbound packets to the proxy machine. Not just those aimed at port 80. actually, i won't. i'm talking of something that is actually used and works as stated. i'm not sure how proficient you are with Cisco's IOS - you might want to read their documentation before you state that this cannot be done - because it is already being done. in fact, if one bothers reading IOS's docs, one can do all sorts of non-standard things with their routers. You are then left with my original problem - I don't want to penalise the entire office traffic with an extra hop (actually - extra two hops and a routing loop in your solution), just because I want to implement a transperant proxy. A much simpler solution for me is to block all communication to port 80 outbound, and force everyone to manually configure the proxy or they don't get web access. simpler to whome exactly? btw, please note that normally in our holy land, access bandwidth used to a proxy server is MUCH MUCH smaller then the capacity of the LAN on which this access is performed, so under common israely circumstances, this waiste of resources is not realy an issue. surely, things are better if all rowsers aer proeprly configured (less bandwidth waisted, about 1-3 milliseconds saved for each HTTP connection, and less router CPU cycles are waisted) but sometimes it's easier and cheaper to support transparent proxying in this way, then to support users with setting up the proxy properly. and since i think we're loosing our on-topicness by the minute here, i think that if you still question Cisco's IOS features, we'll move this discussion to private email. guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
kernel 2.2.16 and CD-ROM drives
Hi, I am using kernel 2.2.16 (plus patches to ResierFS and IDE). Recently the kernel crashed while trying to rip audio track from a CD. Now, If I remember correctly, 2.2.16 was issued after a serious security bug was found, and I think that a short time after issuing 2.2.16, Alan Cox issued a 2.2.17presomething that was supposed to fix a problem with CD-ROM drives. Does anyone on the list remembers if that was the case, and is it known that 2.2.16 has problems with some brands of CD-ROM drives? TIA, Yosi Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: MSIE automatic proxy config
guy keren wrote: _if_ at all one needs NAT for that... or NAT in _any_ classical sense of the word (according to your broad definitions, any using of a proxy server is actually an introduction of NAT, since not the original machine's addres is being shown in the FROM address of the packet being sent out, but a different one (that of the proxy). guy Actually, NAT by the classical definition is any situation in which a "router" modifies the packets it routes, but does leave the essence there. What you call "NAT", is actually called "IP Masquarading", and is a particular instance of NAT. A proxy is not a NAT. This is both because the packets are aimed at it (which is not really the reason, as this holds true also of a transparent proxy), and because it then initiates a totally different TCP connection with the real machine. Different source IP, different TCP SYN numbering, different request. Everything is brand new. As for the topic I was refering to at the begining, I will look up policy routing on CISCO, even though it is not applicable to my particular case this time. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: MSIE automatic proxy config
Shachar Shemesh wrote: Gilad Ben-Yossef wrote: And once again I must say: "Don't think so 3rd layer, JeanLuke". I am not, number 1. hehehe... I think in the moviwe it was the Borg Queen that said that ;-) I was about to explain how to build a 2d level (OSI) bridiging proxy but someone already did: http://perso.wanadoo.fr/magpie/EtherDivert.html No extra hop, no need for another subnet, batteries not included... Oh, but you do add an extra hop. The fact that no IP protocol is aware of that does not change the fact that you now require all your traffic to be directed through your box. The box still acts as a router (actually, a bridge, but same difference), and the performance penalties are still being payed (though I have to admit that it's probably less of a penalty). That's not so accurate. It is an extra hop if you consider "a hop" every piece of networking equipment the packet (or Ethernet frame) passed on it's merry way. But really - do you count the switches inside your LAN as hops? for me a "hop" is really a router, something that decreases TTL. A bridge is really not much then a repeater. The work that is being done on a frame (which is not intended for the Proxy) is much smaller with a bridge. In addition, you do not have to "create" antoher subnet for the bridge, you don't have to to change the router configuration for the bridge, you can replace the bridge with a simply CAT5 cable in case of need and you can put a switch in paralel to the bridge (giving it low STP priority) and get instant hot failover solution without doing much. In short - I understand why you say it is a hop, but the situation is rather different from a "real" hop. ..which isn't quite relevant to the question wether you want to install another machine or not just so the lusers can get their pr0n faster ;-) -- Gilad Ben-Yossef [EMAIL PROTECTED] http://kagoor.com | +972(9)9565333 x230 | +972(54)756701 "I've been seduced by the chocolate side of the force." = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Syslog messages to a remote machine
Hi folks, I'm trying to set a server machine to send it's syslog messages to my machine. For that I already managed to send all messages with : *.* @my_machine I've verified that indeed I get this on my machine with "tcpdump port 514" . I can see messages poring in. But, I cant seem to configure my local syslogd to do somethings with those. I checked the documentation and found nothing about that. I also tried to add: "in.syslog : the_remote_machines_IP" line in /etc/hosts.allow, but it didnt help too. Can you tip me on how to see (and log) those messages on the remote machine ?(my machine). TIA, Boaz. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Syslog messages to a remote machine
Boaz Rymland wrote: Hi folks, I'm trying to set a server machine to send it's syslog messages to my machine. For that I already managed to send all messages with : *.* @my_machine I've verified that indeed I get this on my machine with "tcpdump port 514" . I can see messages poring in. But, I cant seem to configure my local syslogd to do somethings with those. I checked the documentation and found nothing about that. I also tried to add: "in.syslog : the_remote_machines_IP" line in /etc/hosts.allow, but it didnt help too. Can you tip me on how to see (and log) those messages on the remote machine ?(my machine). TIA, Boaz. Well, found it myself... ;-) It's not in the configuration files but rather with a -r flag to the syslogd. On a RH machine, edit /etc/rc.d/init.d/syslog file to add that flag there. Boaz. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
rpm
I have Red Hat linux (6.1). I recently decided to upgrade rpm to 3.0.5-9. Instead to do it with rpm, I decided to download the SOURCE (of rpm) and to compile it (I really like to see my computer compiling !!). So far, evrything went great. Now, since then, when I try to install some package with rpm it almost always complains that a lot of stuff are missing (i.e. dependencies). I am ready to admit that my libraries are certainly not all up to date (!!), but it often complains for instance that /bin/sh is needed by (the package I am installing) /usr/bin/perl is needed by Which I certainly do have !!!. So, something is apparently going wrong since I installed this new version of rpm. Does someone has an idea ? It is probably stupid, but I don't see it right now. Thanks in advance, Emmanuel. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Syslog messages to a remote machine
On Sun, 27 Aug 2000, Boaz Rymland wrote: syslogd -r RTFM. --Ariel Hi folks, I'm trying to set a server machine to send it's syslog messages to my machine. For that I already managed to send all messages with : *.* @my_machine I've verified that indeed I get this on my machine with "tcpdump port 514" . I can see messages poring in. But, I cant seem to configure my local syslogd to do somethings with those. I checked the documentation and found nothing about that. I also tried to add: "in.syslog : the_remote_machines_IP" line in /etc/hosts.allow, but it didnt help too. Can you tip me on how to see (and log) those messages on the remote machine ?(my machine). TIA, Boaz. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Ariel Biener e-mail: [EMAIL PROTECTED] Work phone: 03-6406086 fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: rpm
Emmanuel Lanzmann wrote: I have Red Hat linux (6.1). I recently decided to upgrade rpm to 3.0.5-9. Instead to do it with rpm, I decided to download the SOURCE (of rpm) and to compile it (I really like to see my computer compiling !!). So far, evrything went great. Now, since then, when I try to install some package with rpm it almost always complains that a lot of stuff are missing (i.e. dependencies). I am ready to admit that my libraries are certainly not all up to date (!!), but it often complains for instance that /bin/sh is needed by (the package I am installing) /usr/bin/perl is needed by Which I certainly do have !!!. So, something is apparently going wrong since I installed this new version of rpm. Does someone has an idea ? Yes, RPM keeps a database on things installed on the system. When you recompiled from sources the installation proceess deleted the previous RPM database and the RPM is not aware of anything that was installed previously to it's update. Alternativly the RPm satabase was not deleted but the new compiled RPM looks for it in a different place then the default RPM that came with the system. My suggestion? get a default RPM database from some random RH6.1 installation disk. I think it sits in a package of it's own or find where the new RPm looks for that database and link to it. Good luck, Gilad. -- Gilad Ben-Yossef [EMAIL PROTECTED] http://kagoor.com | +972(9)9565333 x230 | +972(54)756701 "I've been seduced by the chocolate side of the force." = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Does anybody knows what happened to the php support of Apache?
Omer Efraim wrote: Ilya Konstantinov wrote: Shlomi Fish wrote: Let me know when it is OK so I can add php support to Apache, and get the Links manager to run again. For some weird reason, both PHP3 and PHP4 keep segfaulting Apache on start. The gdb backtrace shows no hints. Two ideas come into mind: 1) check the mysql shared libraries 2) recompile Apache (weird Redhat stuff) I'll look into it later. Ideas, people? (meanwhile, PHP isn't there yet) DSO, right? Why don't you attach the backtrace anyhow. It failed somewhere in the DSO loader. Seems to be nothing special. Anyhow, I had a similar problem on a server we have here at work, and finally I resolved it. For a start, PHP included their own libmysqlclient with PHP4, probably since it's very popular and many inexperienced users cannot figure out how to install MySQL-shared. Unfortunatelly, it'll conflict and segfault if anything else would access MySQL on the same server (be DBI in mod_perl, or some mysql-based auth module). It's a known bug and you can direct ./configure --with-mysql=/usr to link against libmysqlclient.so and everything will work fine. But still, it kept crashing with mod_perl loaded. Finally it turned out DBD::mysql's mysql.so was linked against static libmysqlclient.a. Relinking against the dynamic one solved the problem. On my Debian desktop machine, everything went smoothly since it's DBD::mysql comes dynamically-linked out of the box. -- Best regards, Ilya Konstantinov = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Syslog messages to a remote machine
On Sun, 27 Aug 2000, Boaz Rymland wrote: I'm trying to set a server machine to send it's syslog messages to my machine. just for general info: remote syslog is done by sending messages using UDP, without any packet received acknowledgement or retransmission. thus, if a logging packet is lost - the log message will be lost without any sign for that. this is not recommended for a production system, if the logs are important. guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: rpm
On Sun, 27 Aug 2000, Emmanuel Lanzmann wrote: I have Red Hat linux (6.1). I recently decided to upgrade rpm to 3.0.5-9. Instead to do it with rpm, I decided to download the SOURCE (of rpm) and to compile it (I really like to see my computer compiling !!). So far, evrything went great. Why did you choose rpm? And why did you run "make install" if all you needed was to see your computer compiling ? Anyway - something like 'rpm --rebuild rpm-version.src.rpm' is the "right" way to compile your packages, and still keep package management in tact. Now, since then, when I try to install some package with rpm it almost always complains that a lot of stuff are missing (i.e. dependencies). I am ready to admit that my libraries are certainly not all up to date (!!), but it oftencomplains for instance that /bin/sh is needed by (the package I am installing) /usr/bin/perl is needed by Which I certainly do have !!!. There are two options: 1. your newly installed rpm uses a seperate database. The default rpm database for redhat (probably other distros as well) is under /var/lib/rpm There are a couple of files with ".rpm" extention. Try to see what database does rpm use (i.e. -run 'rpm -qf /bin/sh' and strace it). If it uses a seperate database - see how to confgure it to run properly. 2. The installation overwrote the exiting database. You are in some truble here, because you lost all the information about installed packages. For the shortrun you may use the --nodep switchh to skip dependenccy checks (don't use --fixed). Anyway - I can't think of anything smarter than reinstallation. I don't remeber any switch to rpm to update the database only. If such an option exists - yu may manually rebuild your rpm database by adding all packages into it. I think "rpm --rebuilddb" does something different. So, something is apparently going wrong since I installed this new version of rpm. Does someone has an idea ? It is probably stupid, but I don't see it right now. I believe what happened is #2. to verify that - check if the install script runs "rpm --initdb". Good luck -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]