date:19990119

Re: [masq] Setting up Masq behind Dynamic PPP

1999-01-19 Thread David A. Ranch



>How do I set up Masquerading to use Dynamic PPP?
>would it be 
>ipfwadm -F -a m -S 192.168.123.0/24 -D ppp0   ???

No, from the TrinityOS doc, you would want -D to point
to 0.0.0.0/0.  From here the default route created by PPP
will do everything for you.

--David
..
|  David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED]  |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -'
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] rc.firewall from Trinity

1999-01-19 Thread Fuzzy Fox

Justin S. Cooksey <[EMAIL PROTECTED]> wrote:
>
> RedHat 5.2
> Dial-up PPP account
> Dynamically assign IP address

I don't run RedHat, and my ipchains rules are hand-cobbled (and I like
them) so I can't offer any specific suggestions.  However...

> 1) The rc.firewall is called from ip-up and uses a command to get the
>ppp0 IP from ifconfig.  However I have read that IPs etc are passed
>as command line arguments to ip-up, couldn't these be passed to
>rc.firewall?

Indeed, both ip-up and ip-down are called with the following parameters:

#!/bin/sh

ifname=$1   # Interface being brought up (e.g. ppp0)
ttydev=$2   # TTY device being used (/dev/modem)
speed=$3# Terminal speed (115200)
localip=$4  # IP address of my PPP interface
remoteip=$5 # IP address of the P-t-P link

> 2) I can't find the reference that I read the above in :-(.  Can
>anyone provide me with the details?

It's in "man pppd".  :)

-- 
   [EMAIL PROTECTED] (Fuzzy Fox)  || "Nothing takes the taste out of peanut
sometimes known as David DeSimone  ||  butter quite like unrequited love."
  http://www.dallas.net/~fox/  ||   -- Charlie Brown
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] [masq] Red Hat 5.2 and ipmasquerading

1999-01-19 Thread Daniel Barron


>Actually, you can just "make up" IP addresses if you want to, but the
>size of the Internet guarantees that eventually, at some point, you will
>run across another IP address in the same subnet range, and you won't be
>able to talk to them, because your local routers will think it is a
>local IP, not a remote IP, and won't route the packets correctly.

How likely is it that the range we used to use became used on the internet
in the few weeks it took to build a new server?

I just tried a reverse lookup and could find no domain or machine
registered to our old set of ips.  I wonder where the change was?
-- 
Daniel Barron - Senior Technical AssistantPC and Network Support Dept
Beebug, 117 Hatfield Road, St Albans, AL1 4JS  Tel:01727 840303/fax860263

***
   I work with PCs so I can afford an Acorn.
If I worked on Acorns I could only afford a PC.
***
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] large e-mail failures

1999-01-19 Thread Brian R Tuley


Good morning...

asyncmap 0  is and was in the /etc/ppp/options file.
I am not using diald.
adding debug to the /etc/ppp/options file creates the following lines in 
/var/adm/messages file.

Jan 18 07:31:53 linbad pppd[3519]: pppd 2.2.0 started by briant, uid 0
Jan 18 07:31:55 linbad chat[3520]: timeout set to 60 seconds
Jan 18 07:31:55 linbad chat[3520]: abort on (ERROR) 
Jan 18 07:31:55 linbad chat[3520]: abort on (BUSY) 
Jan 18 07:31:55 linbad chat[3520]: abort on (NO CARRIER) 
Jan 18 07:31:55 linbad chat[3520]: abort on (NO DIALTONE) 
Jan 18 07:31:55 linbad chat[3520]: send (AT&FH0^M) 
Jan 18 07:31:55 linbad chat[3520]: expect (OK) 
Jan 18 07:31:55 linbad chat[3520]: AT&FH0^M^M 
Jan 18 07:31:55 linbad chat[3520]: OK -- got it 
Jan 18 07:31:55 linbad chat[3520]: send (atdt###^M) 
Jan 18 07:31:55 linbad chat[3520]: timeout set to 75 seconds
Jan 18 07:31:55 linbad chat[3520]: expect (CONNECT) 
Jan 18 07:32:22 linbad chat[3520]: atdt###^M^M 
Jan 18 07:32:22 linbad chat[3520]: CONNECT -- got it 
Jan 18 07:32:22 linbad chat[3520]: send (^M) 
Jan 18 07:32:22 linbad chat[3520]: expect (login:) 
Jan 18 07:32:22 linbad chat[3520]:  50666 V42bis^M 
Jan 18 07:32:23 linbad chat[3520]: Welcome to 3Com Total Control HiPer ARC (TM)^M 
Jan 18 07:32:23 linbad chat[3520]: Networks That Go The Distance (TM)^M 
Jan 18 07:32:23 linbad chat[3520]: login: -- got it 
Jan 18 07:32:23 linbad chat[3520]: send (username^M) 
Jan 18 07:32:23 linbad chat[3520]: expect (word:) 
Jan 18 07:32:23 linbad chat[3520]:  password^M 
Jan 18 07:32:23 linbad chat[3520]: Password: -- got it 
Jan 18 07:32:23 linbad chat[3520]: send (password^M) 
Jan 18 07:32:24 linbad pppd[3519]: Serial connection established.
Jan 18 07:32:25 linbad pppd[3519]: Using interface ppp0
Jan 18 07:32:25 linbad pppd[3519]: Connect: ppp0 <--> /dev/cua3
Jan 18 07:32:27 linbad pppd[3519]: local  IP address 216.16.2.4
Jan 18 07:32:27 linbad pppd[3519]: remote IP address 216.16.2.2
Jan 18 07:41:11 linbad identd[3547]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61201, 25
Jan 18 07:41:11 linbad identd[3547]: Returned: 61201 , 25 : NO-USER
Jan 18 07:55:24 linbad identd[3563]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61247, 25
Jan 18 07:55:24 linbad identd[3563]: Returned: 61247 , 25 : NO-USER
Jan 18 07:59:21 linbad identd[3565]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61252, 25
Jan 18 07:59:21 linbad identd[3565]: Returned: 61252 , 25 : NO-USER
Jan 18 08:16:42 linbad identd[3581]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61272, 25
Jan 18 08:16:42 linbad identd[3581]: Returned: 61272 , 25 : NO-USER
Jan 18 08:29:17 linbad identd[3589]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61288, 25
Jan 18 08:29:18 linbad identd[3589]: Returned: 61288 , 25 : NO-USER
Jan 18 08:30:17 linbad identd[3592]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61299, 25
Jan 18 08:30:17 linbad identd[3592]: Returned: 61299 , 25 : NO-USER
Jan 18 08:45:14 linbad -- MARK --
Jan 18 09:05:14 linbad -- MARK --
Jan 18 09:17:13 linbad identd[3636]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61374, 25
Jan 18 09:17:13 linbad identd[3636]: Returned: 61374 , 25 : NO-USER
Jan 18 09:42:40 linbad pppd[3519]: Modem hangup
Jan 18 09:42:40 linbad pppd[3519]: Connection terminated.
Jan 18 09:42:40 linbad pppd[3519]: Exit.

again, this was during the transfer of a large outgoing e-mail attachement.
What is comming from my ISP?  Is the connection being terminated by my ISP, and if so, 
why during large e-mails?

any insights would be great.  thanks  (Sorry if this is a repost, my PC is acting up & 
I can't tell if it went)

-Brian


-Original Message-
From:   David A. Ranch [SMTP:[EMAIL PROTECTED]]
Sent:   Friday, January 15, 1999 8:03 PM
To: [EMAIL PROTECTED]; NEWS IP_MASQ (E-mail)
Subject:Re:  [masq] large e-mail failures


First thing that strikes me, do you have "asyncmap 0" in your
/etc/ppp/options?  You NEED it.

Next, I would recommend to put "debug" into the /etc/ppp/options
file and then monitor the messages log file.  From here, you
will get a better idea what is going on.

--David


>I am currenly running IP-Masq.  Slackware, 2.0.34, clients are Win95.  Most 
>things work great. except...  E-mail is hosted by my ISP, to which a dialup 
>from the Linux IP-masq box connects.  Often, if an e-mail attachment 
>approaches or exceeds 1 meg, my linux box disconnects from the ISP durning 
>the transfer (after a random percentage is sent).  Incomming message have 
>no problems.   The limit imposed by the ISP is 5 meg attachements.  We have 
>a drafting department that e-mails autocadd files.Are there any 
>settings on the linux box I can check, or which log files would contain a 
>clue as to what's happening?
..
|  David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED]  |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -'
---

[masq] Masquerading with bootp

1999-01-19 Thread Nicolas Bock


I have a PC running 2.0.36 connected to the internet with an ethernet card and
an NCD (Network Computing Devices) terminal connected to that PC with another
ethernet card. I can ping hosts outside of my office from the terminal, so I
guess I am not totally off with my configuration. The problem is that I can't
boot the terminal. I am not sure what the terminal is trying to do exactly,
all I know is that it is trying to use a tftp connection and use bootp to boot
from a server outside of my office. This connection apparently doesn't work,
the terminal doesn't seem to get any response from the bootp server.

I played around with the policies quite a bit, but so far I haven't found the
magic set up that lets this terminal boot. Maybe somebody has tried something
similar and could help me set this up correctly?

If there is any more information you might need, please don't hesitate to
email me.

Thanks a lot,

nick




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] [masq] FTP timeout?

1999-01-19 Thread mumford



> At 10:02 PM 1/16/99 -0800, Fred Viles wrote:
> >On 16 Jan 99, at 15:21, Charles Curley wrote about
> >"[masq] FTP timeout?":
> >
> >| I have been running ip masquerading for about a month. I have noticed a
> >| glitch which may be a timeout issue: when I transfer a large file (10+Mb)
> >| using Netscape on NT, the whole file appears to transfer. Then the little
> >| window just hangs there.
> >
> >This will happen if you are not running the ip_masq_ftp "helper" 
> >module.  As you guessed, it is probably the control connection timing 
> >out while the lengthy data connection is going on.
> >
> >Does lsmod show ip_masq_ftp running?
> 
> ip_masq_ftp is built into the kernel, not a module.

Um, I'm no expert on the masquerading helper modules, but I'm pretty sure
it's not possible (easily) to compile this in as part of the kernel.  I do
know for sure that there is no way to do it with the standard config.

You might want to double check your setup.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] Re rc.firewall from Trinity

1999-01-19 Thread Justin S. Cooksey


OK answered some of my own questions.

The reference to arguments passed to ip-up was an e-mail to this list
15-Sep-1998, and its all listed in man pppd.

Since ip-up calls ip-up.local with $* I assume all arguments are passed?

Still need some answers on the ICMP line and if the remote IP should be
used as the defualt gateway in that line?

Thanks,
Justin.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] [masq] FTP timeout?

1999-01-19 Thread Charles Curley


It may have been another problem entirely.

I compiled ip masquerading into the kernel to speed things up. What I
didn't know is that that only compiles the basic masquerading stuff into
the kernel. There is no option to make ip_masq_ftp et alia part of the
kernel. Since (having assumed otherwise) I took the modprobe statements out
of my rc.local initialization script, they weren't loaded. Since figuring
out (with the help of another member of the list) that those modules and
the modprobe statments are necessary, I loaded the modules manually. I
think that may have solved the problem, but haven't yet tested it on a
monster file.


At 09:31 PM 1/16/99 -0700, Charles Shoemaker wrote:
>This hasn't happened to me since upgrading to kernel 2.0.  May I 
>suggest a couple of things:  
>
>You can watch the masq action with "ipfwadm -M -l" (little el) and 
>see the port timings.  
>
>You might try a large file transfer with ftp on you NT machine, and 
>see if you have the same problem.  If you do, it's in masquerade, if 
>not, it's in Netscape.
>
>Also, activate the masq ftp module in your rc.local with 
>"/sbin/modprobe ip_masq_ftp.o".
>
>Let us know.
>Charlie Shoemaker
>PS  I spaced out your patch question.  I'll get a reply to you 
>tomorrow.  (If I remember correctly, go to /usr/src/linux and type 
>"patch -p0 -l < ../patchfile".)  Better details tomorrow morning.
>
>> Date:  Sat, 16 Jan 1999 15:21:57 -0700
>> To:[EMAIL PROTECTED]
>> From:  Charles Curley <[EMAIL PROTECTED]>
>> Subject:   [masq] FTP timeout?
>
>> I have been running ip masquerading for about a month. I have noticed a
>> glitch which may be a timeout issue: when I transfer a large file (10+Mb)
>> using Netscape on NT, the whole file appears to transfer. Then the little
>> window just hangs there. If I copy the file before hitting cancel (to
>> preserve it) it is only partially intact. I can copy the same file in with
>> a direct connection with no problem, and I only have seen this when copying
>> via the IP masquerading computer.
>> 
>> Is this an IP masquerading timeout issue? If so, how can I solve it?
>> 
>> Thanks.
>> 
>> 
>> 
>>  -- C^2
>> 
>>  I have sworn upon the altar of God eternal hostility against every form of
>> tyranny over the mind of man.
>> -- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D.
>> 
>> Thomas Jefferson, Patron Saint of the Internet:
>> http://w3.trib.com/~ccurley/Jefferson.html
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>> For daily digest info, email [EMAIL PROTECTED]
>> 
>"Some people crave baseball - I find this unfathomable - but I can
>easily understand why a person could get excited about playing a
>bassoon."  --  Frank Zappa
>-
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>For daily digest info, email [EMAIL PROTECTED]
>
>

-- C^2

I have sworn upon the altar of God eternal hostility against every form of
tyranny over the mind of man.
-- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D.

Thomas Jefferson, Patron Saint of the Internet:
http://w3.trib.com/~ccurley/Jefferson.html
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] FTP timeout?

1999-01-19 Thread Fred Viles


On 16 Jan 99, at 15:21, Charles Curley wrote about
"[masq] FTP timeout?":

| I have been running ip masquerading for about a month. I have noticed a
| glitch which may be a timeout issue: when I transfer a large file (10+Mb)
| using Netscape on NT, the whole file appears to transfer. Then the little
| window just hangs there.

This will happen if you are not running the ip_masq_ftp "helper" 
module.  As you guessed, it is probably the control connection timing 
out while the lengthy data connection is going on.

Does lsmod show ip_masq_ftp running?

|...

- Fred Viles 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] It's not masquerading

1999-01-19 Thread Longjos


I've setup the Ipfwadm the way you say to in the how to and i can get to my
HTML server (on second NIC) Unfortuatlly i cant tell if it is being
Masqueraded there but when i telnet to the second NIC (The one with the reall
address) It says I'm connected from a "fake" address? Does Masquerading only
work past the linux box or am i doing something wrong?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] IPChains MASQ/Firewall

1999-01-19 Thread Clifford Hammerschmidt


Speaking of firewalls...

This is my first real try at making an ipchains firewall, so don't expect
greatness, but it hope it helps out all the 2.2.0-pre people.

#!/bin/sh
#
# IPChains firewall and MASQ setup.
# Jan 12, 1999
#
# Version 0.9 alpha
#
# Mangled together by Clifford Hammerschmidt ([EMAIL PROTECTED]).
# Assumes eth0->internet (DHCP)
# eth1->intranet (192.168.1.x)
#
# Stolen from various HOW-TO's from around the net.
# For lots more info goto http://www.rustcorp.com/linux/ipchains/
#
# Requires: awk in the path, used to get eth0's IP.
#
# USE AT YOUR OWN RISK
#

echo "Enableing MASQ"

#(and add any other masq modules you need)
/sbin/modprobe ip_masq_ftp

# MASQ
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
/sbin/ipchains -M -S 7200 10 7200

echo "Enabling Firewall"

# Turn on Source Address Verification and get
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
   echo -n "Setting up IP spoofing protection..."
   for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
   echo 1 > $f
   done
   echo "done."
else
   echo PROBLEMS SETTING UP IP SPOOFING PROTECTION.  BE WORRIED.
fi

# Get eth0's IP (eth0 connects to the internet.)
LOCALIP=`ifconfig eth0 | awk '/inet addr/ {print substr($2,6)}'`
ALL="0.0.0.0/0"
BCAST="255.255.255.255/32"
LOCAL="192.168.1.0/24"
DNS1="209.53.0.1/32"
DNS2="209.53.0.17/32"

# Define two eth interfaces with input and output
echo "Creating eth0 chains"
/sbin/ipchains -N eth0-in
/sbin/ipchains -A input -i eth0 -j eth0-in
/sbin/ipchains -N eth0-out
/sbin/ipchains -A output -i eth0 -j eth0-out
echo "Creating eth1 chains"
/sbin/ipchains -N eth1-in
/sbin/ipchains -A input -i eth1 -j eth1-in
/sbin/ipchains -N eth1-out
/sbin/ipchains -A output -i eth1 -j eth1-out

# Close the door
echo "Deny all external incomming packets"
/sbin/ipchains -P input DENY

echo "Allow all ICMP on eth1"
/sbin/ipchains -A input -p ICMP -s $ALL -d $LOCALIP -j ACCEPT

echo "Allow all local packets"
/sbin/ipchains -A input -i lo -j ACCEPT

echo "Allow local on eth1"
/sbin/ipchains -A eth1-in -s $LOCAL -j ACCEPT

echo "DENY local on eth0"
/sbin/ipchains -l -A eth0-in -s $LOCAL -j DENY

echo "Setup rules for output (applys to all eth's)"
/sbin/ipchains -A output -p TCP -d $ALL telnet -t 0x01 0x10
/sbin/ipchains -A output -p TCP -s $ALL ftp-data -t 0x01 0x08
/sbin/ipchains -A output -p TCP -d $ALL pop-3 -t 0x01 0x02

echo "Setup rules for eth0-in"

echo "Allow DHCP"
/sbin/ipchains -A eth0-in -p UDP -s $ALL 68 -d $BCAST 67 -j ACCEPT
/sbin/ipchains -A eth0-in -p TCP -s $ALL 68 -d $BCAST 67 -j ACCEPT

echo "Allow DNS"
# sub in your own servers
/sbin/ipchains -A eth0-in -p UDP -s $DNS1 domain -d $LOCALIP -j ACCEPT
/sbin/ipchains -A eth0-in -p TCP -s $DNS1 domain -d $LOCALIP -j ACCEPT
/sbin/ipchains -A eth0-in -p UDP -s $DNS2 domain -d $LOCALIP -j ACCEPT
/sbin/ipchains -A eth0-in -p TCP -s $DNS2 domain -d $LOCALIP -j ACCEPT

echo "Allow FTP"
/sbin/ipchains -A eth0-in -p TCP -s $ALL -d $LOCALIP ftp -j ACCEPT
/sbin/ipchains -A eth0-in -p TCP -s $ALL -d $LOCALIP ftp-data -j ACCEPT

echo "Allow telnet"
/sbin/ipchains -A eth0-in -p TCP -s $ALL -d $LOCALIP telnet -j ACCEPT

echo "Allow httpd"
/sbin/ipchains -A eth0-in -p TCP -s $ALL -d $LOCALIP http -j ACCEPT

echo "Allow smtp (sendmail)"
/sbin/ipchains -A eth0-in -p TCP -s $ALL -d $LOCALIP smtp -j ACCEPT

echo "Allow ident"
/sbin/ipchains -A eth0-in -p TCP -s $ALL -d $LOCALIP auth -j ACCEPT

echo "Allow TCP Replies"
/sbin/ipchains -A input -p TCP \! -y -d $ALL 1024: -j ACCEPT

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] Setting up Masq behind Dynamic PPP

1999-01-19 Thread Longjos


How do I set up Masquerading to use Dynamic PPP?
would it be 
ipfwadm -F -a m -S 192.168.123.0/24 -D ppp0   ???
Thanks
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] large e-mail failures

1999-01-19 Thread Brian R Tuley


Good morning...

asyncmap 0  is and was in the /etc/ppp/options file.
I am not using diald.
adding debug to the /etc/ppp/options file creates the following lines in 
/var/adm/messages file.

Jan 18 07:31:53 linbad pppd[3519]: pppd 2.2.0 started by briant, uid 0
Jan 18 07:31:55 linbad chat[3520]: timeout set to 60 seconds
Jan 18 07:31:55 linbad chat[3520]: abort on (ERROR) 
Jan 18 07:31:55 linbad chat[3520]: abort on (BUSY) 
Jan 18 07:31:55 linbad chat[3520]: abort on (NO CARRIER) 
Jan 18 07:31:55 linbad chat[3520]: abort on (NO DIALTONE) 
Jan 18 07:31:55 linbad chat[3520]: send (AT&FH0^M) 
Jan 18 07:31:55 linbad chat[3520]: expect (OK) 
Jan 18 07:31:55 linbad chat[3520]: AT&FH0^M^M 
Jan 18 07:31:55 linbad chat[3520]: OK -- got it 
Jan 18 07:31:55 linbad chat[3520]: send (atdt###^M) 
Jan 18 07:31:55 linbad chat[3520]: timeout set to 75 seconds
Jan 18 07:31:55 linbad chat[3520]: expect (CONNECT) 
Jan 18 07:32:22 linbad chat[3520]: atdt###^M^M 
Jan 18 07:32:22 linbad chat[3520]: CONNECT -- got it 
Jan 18 07:32:22 linbad chat[3520]: send (^M) 
Jan 18 07:32:22 linbad chat[3520]: expect (login:) 
Jan 18 07:32:22 linbad chat[3520]:  50666 V42bis^M 
Jan 18 07:32:23 linbad chat[3520]: Welcome to 3Com Total Control HiPer ARC (TM)^M 
Jan 18 07:32:23 linbad chat[3520]: Networks That Go The Distance (TM)^M 
Jan 18 07:32:23 linbad chat[3520]: login: -- got it 
Jan 18 07:32:23 linbad chat[3520]: send (username^M) 
Jan 18 07:32:23 linbad chat[3520]: expect (word:) 
Jan 18 07:32:23 linbad chat[3520]:  password^M 
Jan 18 07:32:23 linbad chat[3520]: Password: -- got it 
Jan 18 07:32:23 linbad chat[3520]: send (password^M) 
Jan 18 07:32:24 linbad pppd[3519]: Serial connection established.
Jan 18 07:32:25 linbad pppd[3519]: Using interface ppp0
Jan 18 07:32:25 linbad pppd[3519]: Connect: ppp0 <--> /dev/cua3
Jan 18 07:32:27 linbad pppd[3519]: local  IP address 216.16.2.4
Jan 18 07:32:27 linbad pppd[3519]: remote IP address 216.16.2.2
Jan 18 07:41:11 linbad identd[3547]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61201, 25
Jan 18 07:41:11 linbad identd[3547]: Returned: 61201 , 25 : NO-USER
Jan 18 07:55:24 linbad identd[3563]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61247, 25
Jan 18 07:55:24 linbad identd[3563]: Returned: 61247 , 25 : NO-USER
Jan 18 07:59:21 linbad identd[3565]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61252, 25
Jan 18 07:59:21 linbad identd[3565]: Returned: 61252 , 25 : NO-USER
Jan 18 08:16:42 linbad identd[3581]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61272, 25
Jan 18 08:16:42 linbad identd[3581]: Returned: 61272 , 25 : NO-USER
Jan 18 08:29:17 linbad identd[3589]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61288, 25
Jan 18 08:29:18 linbad identd[3589]: Returned: 61288 , 25 : NO-USER
Jan 18 08:30:17 linbad identd[3592]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61299, 25
Jan 18 08:30:17 linbad identd[3592]: Returned: 61299 , 25 : NO-USER
Jan 18 08:45:14 linbad -- MARK --
Jan 18 09:05:14 linbad -- MARK --
Jan 18 09:17:13 linbad identd[3636]: from: 216.16.0.2 ( 216.16.0.2 ) for: 61374, 25
Jan 18 09:17:13 linbad identd[3636]: Returned: 61374 , 25 : NO-USER
Jan 18 09:42:40 linbad pppd[3519]: Modem hangup
Jan 18 09:42:40 linbad pppd[3519]: Connection terminated.
Jan 18 09:42:40 linbad pppd[3519]: Exit.

again, this was during the transfer of a large outgoing e-mail attachement.
What is comming from my ISP?  Is the connection being terminated by my ISP, and if so, 
why during large e-mails?

any insights would be great.  thanks

-Brian


-Original Message-
From:   David A. Ranch [SMTP:[EMAIL PROTECTED]]
Sent:   Friday, January 15, 1999 8:03 PM
To: [EMAIL PROTECTED]; NEWS IP_MASQ (E-mail)
Subject:Re:  [masq] large e-mail failures


First thing that strikes me, do you have "asyncmap 0" in your
/etc/ppp/options?  You NEED it.

Next, I would recommend to put "debug" into the /etc/ppp/options
file and then monitor the messages log file.  From here, you
will get a better idea what is going on.

--David


>I am currenly running IP-Masq.  Slackware, 2.0.34, clients are Win95.  Most 
>things work great. except...  E-mail is hosted by my ISP, to which a dialup 
>from the Linux IP-masq box connects.  Often, if an e-mail attachment 
>approaches or exceeds 1 meg, my linux box disconnects from the ISP durning 
>the transfer (after a random percentage is sent).  Incomming message have 
>no problems.   The limit imposed by the ISP is 5 meg attachements.  We have 
>a drafting department that e-mails autocadd files.Are there any 
>settings on the linux box I can check, or which log files would contain a 
>clue as to what's happening?
..
|  David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED]  |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -'
-
To unsubscribe, e

[masq] Ip Masq just isen't working

1999-01-19 Thread Longjos


Everything seems to set up right (No errors) but when i telnet to the outside
IP Number it says I'm from 192.168.123.4 (This machine)
Why isen't it being masqueraded.
Here is how i set it up.
/etc/sysconfig/network-scripts/ifup ifcfg-eth0
/etc/syscofig/network-scripts/ifup ifcfg-eth1
SIOCADDRT:  Invalid argument( what could cause this)
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.123.0/24 -D 0.0.0.0/0
I've also tried 
ipfwadm -F -a m -S 192.168.123.0/24 -D 192.168.124.0/24  <~~ as I am just
testing i'm useing internal addresses for both sides

Is my routing table wrong?

Destination Gateway Genmask FlagsMetric Ref,   
use, Iface 
192.168.123.0   0.0.0.0 255.255.255.0   U   0  
 0 1eth0
192.168.124.0   0.0.0.0 255.255.255.0   U   0  
 0  0   eth1
127.0.0.0   0.0.0.0 255.0.0.0   U  
 0   0  1  lo
0.0.0.0 192.168.123.2   0.0.0.0 UG 
 0   0  0   eth0

Sorry for this confusing message.
I just cant figure this out.
Thanks 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] FTP timeout?

1999-01-19 Thread Steffen Plotner


Hi

I have had the same problem with kernel 2.0.29 and the masq_ftp module -
since I have upgraded the kernel to 2.0.33 and also loaded masq_ftp
module the problem went away - does anybody know what exactly it takes
to fix the timeout problem?  I am also running diald.

Thanks

> -Original Message-
> From: Charles Curley [SMTP:[EMAIL PROTECTED]]
> Sent: Saturday, January 16, 1999 5:22 PM
> To:   [EMAIL PROTECTED]
> Subject:  [masq] FTP timeout?
> 
> I have been running ip masquerading for about a month. I have noticed
> a
> glitch which may be a timeout issue: when I transfer a large file
> (10+Mb)
> using Netscape on NT, the whole file appears to transfer. Then the
> little
> window just hangs there. If I copy the file before hitting cancel (to
> preserve it) it is only partially intact. I can copy the same file in
> with
> a direct connection with no problem, and I only have seen this when
> copying
> via the IP masquerading computer.
> 
> Is this an IP masquerading timeout issue? If so, how can I solve it?
> 
> Thanks.
> 
> 
> 
>   -- C^2
> 
>   I have sworn upon the altar of God eternal hostility against
> every form of
> tyranny over the mind of man.
> -- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D.
> 
> Thomas Jefferson, Patron Saint of the Internet:
> http://w3.trib.com/~ccurley/Jefferson.html
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] FTP timeout?

1999-01-19 Thread Charles Curley


I have been running ip masquerading for about a month. I have noticed a
glitch which may be a timeout issue: when I transfer a large file (10+Mb)
using Netscape on NT, the whole file appears to transfer. Then the little
window just hangs there. If I copy the file before hitting cancel (to
preserve it) it is only partially intact. I can copy the same file in with
a direct connection with no problem, and I only have seen this when copying
via the IP masquerading computer.

Is this an IP masquerading timeout issue? If so, how can I solve it?

Thanks.



-- C^2

I have sworn upon the altar of God eternal hostility against every form of
tyranny over the mind of man.
-- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D.

Thomas Jefferson, Patron Saint of the Internet:
http://w3.trib.com/~ccurley/Jefferson.html
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] [masq] large e-mail failures

1999-01-19 Thread David A. Ranch



>> First thing that strikes me, do you have "asyncmap 0" in your
>> /etc/ppp/options?  You NEED it.
>
>You might tell him why it's needed.  :)
>
>I can't think why a bad asyncmap setting could cause any problem, except
>to slow the connection down.  "asyncmap 0" causes your PPP connection to
>allow any and all control characters, rather than escaping them, which
>causes more data to be sent on average.

In addition to this, if the user is lucky enough to have a "+++ATH" or
a PPPd shutdown sequence somehow encoded into the MIME attachment, that
will nail the user too.

--David
..
|  David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED]  |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -'
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] FTP timeout?

1999-01-19 Thread Charles Curley


At 10:02 PM 1/16/99 -0800, Fred Viles wrote:
>On 16 Jan 99, at 15:21, Charles Curley wrote about
>"[masq] FTP timeout?":
>
>| I have been running ip masquerading for about a month. I have noticed a
>| glitch which may be a timeout issue: when I transfer a large file (10+Mb)
>| using Netscape on NT, the whole file appears to transfer. Then the little
>| window just hangs there.
>
>This will happen if you are not running the ip_masq_ftp "helper" 
>module.  As you guessed, it is probably the control connection timing 
>out while the lengthy data connection is going on.
>
>Does lsmod show ip_masq_ftp running?

ip_masq_ftp is built into the kernel, not a module.


-- C^2

I have sworn upon the altar of God eternal hostility against every form of
tyranny over the mind of man.
-- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D.

Thomas Jefferson, Patron Saint of the Internet:
http://w3.trib.com/~ccurley/Jefferson.html
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] Ipportfw PPtP

1999-01-19 Thread Dimitris Georgakopoulos


I have experienced the following problem while I was trying to set up PPTP
on linux 2.0.36.
I have to patch the kernel with the subs-patch-1_37.gz and the
ip_masq_pptp.patch.gz.  I patch the kernel with the pptp patch complile and
everything goes ok.  The I patch the subs patch and no errors occur.
However the option for IP port fw never shows up.  Has anyone encountered
the same problem?

Thank you,
dimitris

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] rc.firewall from Trinity

1999-01-19 Thread Justin S. Cooksey


I have been going through the Trinity document in order to improve my
knowledge and my system. Specifically the ipfwadm rules in rc.firewall
about which I have a few questions.

RedHat 5.2
Dial-up PPP account
Dynamically assign IP address

1) The rc.firewall is called from ip-up and uses a command to get the ppp0
IP from ifconfig. However I have read that IPs etc are passed as command
line arguments to ip-up, couldn't these be passed to rc.firewall?

2) I can't find the reference that I read the above in :-(. Can anyone
provide me with the details?

3) ip-up in RedHat 5.2 says not to modify but create ip-up.local and put all
commands into it. Is ip-up.local passed the same arguments?

4) One line in the Trinity rc.firewall regards ICMP:
ipfwadm -I -a accept -W $extif -P icmp -S $dgw/24 -D $extip
I don't have a "default gateway on the external NIC" ($dgw)... Or is it the
address passed in ifconfig as P-t-P? Do I need this ipfwadm line at all?
(Don't know what ICMP is yet sorry?)

5) If it is the P-t-P IP, is that passed to ip-up?

Thanks,
Justin.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] Setting up Masq behind Dynamic PPP

Re: [masq] rc.firewall from Trinity

Re: [masq] [masq] Red Hat 5.2 and ipmasquerading

Re: [masq] large e-mail failures

[masq] Masquerading with bootp

Re: [masq] [masq] FTP timeout?

[masq] Re rc.firewall from Trinity

Re: [masq] [masq] FTP timeout?

Re: [masq] FTP timeout?

[masq] It's not masquerading

[masq] IPChains MASQ/Firewall

[masq] Setting up Masq behind Dynamic PPP

Re: [masq] large e-mail failures

[masq] Ip Masq just isen't working

Re: [masq] FTP timeout?

[masq] FTP timeout?

Re: [masq] [masq] large e-mail failures

Re: [masq] FTP timeout?

[masq] Ipportfw PPtP

[masq] rc.firewall from Trinity

20 matches

Site Navigation

Mail list logo

Footer information