[SLUG] CentOS5 + DRBD0.8 + GFS2
Hey all, Can someone guide me to getting a network mirrored setup working with drbd and gfs2. I've gotten to the point where I can get drbd mirroring and then turn both servers to primaries which is allowed only if you have some locking type file system in place... This is where GFS comes into it. I can't find a decent HowTo which goes into details about this. Most sites that show it assume all works fine yet I get into problems where cman won't start due to ccsd not running (which it is when I ps -ef for it).. Now, I would've thought that there was a lot more to configure for cman to work (ie nodes setup, etc) but maybe for pure shared disk storage it's not required (for all I know) but I don't see any mention of this. Any help appreciated Regards, George Vieira -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Second Attempt at monitoring IPTABLES with MRTG.
For those of you who rememeber my first attempt to monitor firewall rules with MRTG, I have rewritten a script to handle it alot better as the detection was really starting to tick me off a little. The script isn't the best and if anyone wants to rewrite it in C binary or something faster/better please let me know. At the moment this script does pretty much exactly what I want and is alot easier. I'm not on the list and just thought you guys might be interested in it or pass the idea onto someone who might need it. I've placed the into on this site and if I've missed something, please also let me know. http://forum.lancentre.com.au/showthread.php3?s=postid=91#post91 thanks guys/gals, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Wondershaper
Has anybody implemented this shaper program? Seems to be my holly grail of bandwidth shaping I'd like to know any success stories or failures. http://lartc.org/wondershaper thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Extended partition
Hi, I have a problem where I've built a RH7.2 system and on another system which is the exact model/specs I've used Ghost to mirror the drives across to save time (10 machines to do).. The first machine looks OK as below: Device BootStart EndBlocks Id System /dev/hda1 * 164514048+ fd Linux raid autodetect /dev/hda265 701 5116702+ fd Linux raid autodetect /dev/hda3 702 956 2048287+ fd Linux raid autodetect /dev/hda4 957 2482 122575955 Extended /dev/hda5 957 1020514048+ fd Linux raid autodetect /dev/hda6 1021 2482 11743483+ 83 Linux The mirrored machine seems to have an incorrect partition settings as below: Device BootStart EndBlocks Id System /dev/hda1 * 164514048+ fd Linux raid autodetect /dev/hda265 701 5116702+ fd Linux raid autodetect /dev/hda3 702 956 2048287+ fd Linux raid autodetect /dev/hda4 957 2482 12257595f Win95 Ext'd (LBA) /dev/hda5 957 1020514048+ fd Linux raid autodetect /dev/hda6 1021 2482 11743483+ 83 Linux I tried using fsck and e2fsck but it's been a while and don't know how to fix this stupid Win95 extended partition back to just Extended.. Can someone tell me what I should be using.. thanks, George Vieira -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Extended partition
But I cant map this /space partition as it's erroring.. about the superblock.etc.etc.. anyway to fix that? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Crossfire [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 09 April 2002 8:15 AM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] Extended partition George Vieira was once rumoured to have said: Hi, I have a problem where I've built a RH7.2 system and on another system which is the exact model/specs I've used Ghost to mirror the drives across to save time (10 machines to do).. [chop] I tried using fsck and e2fsck but it's been a while and don't know how to fix this stupid Win95 extended partition back to just Extended.. Can someone tell me what I should be using.. Nothing. Technically speaking, the change is correct - Win95 added a few new partition types to explicitly state that the partition was being mapped via LBA. C. -- --==-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==-- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Extended partition
Actually, I just noticed... [root@cutter1 root]# mount /space/ mount: wrong fs type, bad option, bad superblock on /dev/hda6, or too many mounted file systems it's /dev/hda6 not hda4 that it's complaing about.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: George Vieira Sent: Tuesday, 09 April 2002 8:26 AM To: 'Crossfire' Cc: Sydney Linux Users Group (E-mail) Subject: RE: [SLUG] Extended partition But I cant map this /space partition as it's erroring.. about the superblock.etc.etc.. anyway to fix that? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Crossfire [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 09 April 2002 8:15 AM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] Extended partition George Vieira was once rumoured to have said: Hi, I have a problem where I've built a RH7.2 system and on another system which is the exact model/specs I've used Ghost to mirror the drives across to save time (10 machines to do).. [chop] I tried using fsck and e2fsck but it's been a while and don't know how to fix this stupid Win95 extended partition back to just Extended.. Can someone tell me what I should be using.. Nothing. Technically speaking, the change is correct - Win95 added a few new partition types to explicitly state that the partition was being mapped via LBA. C. -- --==-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==-- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Extended partition
I've actually managed to get it working.. I changed the /etc/fstab to read the file systems as ext2 and not ext3 and they came up fine.. But the original machine was configured for ext3 partitions.. it doesn't make sense (sounds like a commercial I know).. I don't know how to chnge the partition back to a ext3 from an ext2 partition.. Argh! ;) thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Ben Donohue [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 09 April 2002 9:11 AM To: George Vieira; 'Sydney Linux Users Group (E-mail)' Subject: RE: [SLUG] Extended partition HI George, You might like to check the BIOS settings on the cloned machines and that they are the same as the original one. Make sure that the hard disk is set to the same mode the clones. ie. NORMAL LBA LARGE Just a thought. Ben -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Extended partition
OK.. I fixed it... FYI. All I had to do was run tune2fs -j /dev/hdb6 tune2fs -j /dev/hda6 and it created a journaling FS.. on reboot it's mounting fine now.. hopefully this was correct. Thanks for the help guys. George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Ben Donohue [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 09 April 2002 9:19 AM To: George Vieira; [EMAIL PROTECTED]; 'Sydney Linux Users Group (E-mail)' Subject: RE: [SLUG] Extended partition Hi George, Can't help you with ext2-ext3 conversion. Someone will know... Probably Ghost does not know how to handle ext3. Ben -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Squid Logs
Well I've solved my first problem and filtered out the month I needed just by Grepping it but now I need to convert the data back so calamaris can read it back.. #! /usr/bin/perl -p s/^\d+\.\d+/localtime $/e; Did a great job but I can't read it 100% to convert it back.. the translation looks like: decimal + . + decimal convert to localtime no sure what the $ is so it's messing up my convert back... s/^localtime/d+\.\d+/e;---??? AARGHH!!??? somebody good at this??? many thanks... thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Simon Bryan [mailto:[EMAIL PROTECTED]] Sent: Friday, 01 March 2002 7:32 AM To: George Vieira; Slug Subject: RE: [SLUG] Squid Logs You can set the squid.conf file to use htpd style logs which show it in human readable time. However there are many log analysers that will do this for you, I use SARG as my main analyser. Of course you could also just rotate your logs monthly, I do mine daily. If the problem is for existing logs then the entries are in calendar order so you should be able to at worst manually rip out a months worth of entries. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Barnes Sent: Friday, 1 March 2002 12:51 AM To: 'SLUG' Subject: RE: [SLUG] Squid Logs This is just a guess, but can you tell squid to log dates in a different format in the config file? If so you might be in luck. -- -Original Message- From: George Vieira [mailto:[EMAIL PROTECTED]] Sent: Thursday, 28 February 2002 3:42 PM To: Sydney Linux Users Group (E-mail) Subject: [SLUG] Squid Logs Hi all, Does anybody know how to read the dates from the access.log file from squid.. I need to get calamaris to read only the lines for a particular month and not the whole file, doing a vi of the file shows integer dates.. 1008047100.732 25 192.168.0.1 TCP_MISS/304 82 GET http://www.yellowpages.com.au Any ideas? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug Searching for A Better Way to a home loan ?. Call RAMS on 13 7267, or go to http://www.rams.com.au The e-mail and any attachments may contain confidential information. If you receive it in error you must not use or disclose the information. You must tell us and delete it. We do not waive any legal privilege by sending it. RAMS does not promise that the email is free from virus defect or error. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Squid Logs
Hi all, Does anybody know how to read the dates from the access.log file from squid.. I need to get calamaris to read only the lines for a particular month and not the whole file, doing a vi of the file shows integer dates.. 1008047100.732 25 192.168.0.1 TCP_MISS/304 82 GET http://www.yellowpages.com.au Any ideas? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Rh7.1 with post tape drive install
Hi all, I installed RH7.1 in a Compaq and later installed an AIT tape drive. Kudzu didn't pick up the tape drive but when I do a `modprobe st` it loads fine.. Problem is that I get a No Such Device error trying to `mt -f /dev/nst0 status` the drive.. Here's my info: [root@www www]# cat /etc/modules.conf alias eth0 eepro100 alias scsi_hostadapter cpqarray alias parport_lowlevel parport_pc [root@www www]# lsmod Module Size Used by autofs 11264 1 (autoclean) eepro100 16624 1 (autoclean) iptable_filter 2304 0 (autoclean) (unused) ip_tables 11072 1 [iptable_filter] cpqarray 16528 7 sd_mod 11680 0 (unused) scsi_mod 95072 1 [sd_mod] Any help appreciated.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] RE: Rh7.1 with post tape drive install
Sorry the lsmod was wrong.. I did load the st module [root@www www]# lsmod Module Size Used by st 26016 0 (unused) autofs 11264 1 (autoclean) eepro100 16624 1 (autoclean) iptable_filter 2304 0 (autoclean) (unused) ip_tables 11072 1 [iptable_filter] cpqarray 16528 7 sd_mod 11680 0 (unused) scsi_mod 95072 2 [st sd_mod] thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: George Vieira Sent: Friday, 22 February 2002 3:59 PM To: '[EMAIL PROTECTED]' Subject: Rh7.1 with post tape drive install Hi all, I installed RH7.1 in a Compaq and later installed an AIT tape drive. Kudzu didn't pick up the tape drive but when I do a `modprobe st` it loads fine.. Problem is that I get a No Such Device error trying to `mt -f /dev/nst0 status` the drive.. Here's my info: [root@www www]# cat /etc/modules.conf alias eth0 eepro100 alias scsi_hostadapter cpqarray alias parport_lowlevel parport_pc [root@www www]# lsmod Module Size Used by autofs 11264 1 (autoclean) eepro100 16624 1 (autoclean) iptable_filter 2304 0 (autoclean) (unused) ip_tables 11072 1 [iptable_filter] cpqarray 16528 7 sd_mod 11680 0 (unused) scsi_mod 95072 1 [sd_mod] Any help appreciated.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] MRTG - IPTABLES
Anyone interested in graphing the rules in iptables/ipchains with mrtg? I have used in combination of mrtg-eth and some scripts, I was able to graph out some iptable rules to show how much traffic came through..etc..etc.. This was due to the problems of upgrading my current Perl to get the GD libraries working with NTOP... due to the hassle I scripted this together and it works well... so far.. If anybody is interested please email me directly and I will email some information for you... thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] routing
Well in that case don't trust those scripts and add your on in /etc/ppp/ip-up.local use something like CURDEFROUTE=`netstat -rn | grep ^0.0.0.0 | grep eth1` if [ $CURDEFROUTE ]; then # Current route is pointing to eth1 still route del default route add default dev $1 # I think it's $1 for device fi WARNING: This code was typed directly into the email and not tested.. you should also add this code to /etc/ppp/ip-down.local and revserve to commands so the default route is back to eth1 or whatever your eth device is.. -Original Message- From: Christopher Booth [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 5 February 2002 12:07 PM To: George Vieira Subject: Re: [SLUG] routing It does but, it only works sometimes. I was looking at the scripts last night, quite complex scripts there. If I have up the eth0 interface, with or without the default route set, but no cable plugged in, then when I dial-up no new default route is exported. I ended up having to add this command to the post connect settings in kppp. ip route add default dev ppp0 This is actually in the /etc/sysconfig/network-scripts/ifup command # Set a default route. if [ -z ${GATEWAYDEV} -o ${GATEWAYDEV} = ${DEVICE} ]; then # set up default gateway if [ -n ${GATEWAY} -a `ipcalc --network ${GATEWAY} ${NETMASK} 2/dev/null` = NETWORK=${NETWORK} ]; then ip route add default via ${GATEWAY} DEFGW=${GATEWAY} elif [ ${GATEWAYDEV} = ${DEVICE} ]; then ip route add default dev ${DEVICE} fi fi ifup-ppp0 has this command to delete the default route if found, but I am not sure that it adds a new default route . if [ ${DEFROUTE} != no ] ; then # pppd will no longer delete an existing default route # so we have to help it out a little here. DEFRT=`ip route list | awk '/^default / { print $3 }'` [ -n ${DEFRT} ] echo $DEFRT /etc/default-route route del default /dev/null 21 opts=$opts defaultroute fi Chris On Sun, 3 Feb 2002 20:51:39 +1100 George Vieira [EMAIL PROTECTED] wrote: -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] how can I rsh ?
your problem is most likely to do with /etc/xinet.d/rshd or something... otherwise it's permissions... -Original Message-From: henry [mailto:[EMAIL PROTECTED]]Sent: Thursday, 31 January 2002 7:21 PMTo: [EMAIL PROTECTED]Subject: [SLUG] how can I rsh ? Dears : I edit a file .rhosts under /root as belows 192.168.0.251 root I use command "rsh 192.168.0.223" from another machine Then I get message "192.168.0.223 connection refused " . How can I rsh as a root ? Tks in advance ! Henry
RE: [SLUG] routing
You probably find that it's not routing the whole network via the dialup device.. Other words your dial up device only sees X.X.143.YY which is the dial up server... in your ip-up.local , try detecting that dial up connection and route the network through it.. route add -net X.X.143.0/24 gw $5 # (or was it $6).. try that... I'd firstly add the route manually and see if that fixes it.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Booth, Christopher (Aus) - ATP [mailto:[EMAIL PROTECTED]] Sent: Friday, 01 February 2002 10:33 AM To: '[EMAIL PROTECTED]' Subject: [SLUG] routing Hi guys At work I have my Linux laptop on the network with a static IP X.X.105.30 When I dial-in I am given another IP address X.X.143.187 Most things work, PROXY for websurfing, DNS, but if I wan't to access my email thorugh sylpheed, or ping the mail server X.X.104.13 it always trys to connect through eth0 (X.X.105.30). If I ifdown eth0 then it only uses ppp0, which is fine unless I want to access something via eth0. What IPTABLES or route commands would I need to use to enable it to use ppp0 as the interface that it connects through instead ? I have the same problem, if I use my home box for internet connection sharing from Win 2000, via a network crossover cable to my laptop. This uses 192.168.0.1 for the Win 2K and an IP alias on my laptop 192.168.0.4 on eth0:0 Obviously I can't ifdown eth0 as I lose all connectivity. TIA Chris -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] sendmail configuration
Correct me if I'm wrong but that'll make that server spammable.. be very careful on how you use that.. If your using 8.12 (that's what I'm using, not sure of older ones), you can probably use the access.db option of: Connect:10.0.0.10 RELAY not sure if it'll work but I think it will.. just try it I guess.. too early in the morning to answer some on these.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Tony Green [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 30 January 2002 9:24 PM To: [EMAIL PROTECTED] Cc: Dennis M. Gray Subject: Re: [SLUG] sendmail configuration * This one time, at band camp, Dennis M. Gray said: Dear Sluggers, I want to allow a certain network to be able to use my sendmail server to relay mail to local addresses. I have added the network to the access (access.db) but get a message to the effect that relaying is denied because the IP address lookup failed. Can anyone suggest a remedy? Add FEATURE(`accept_unresolvable_domains')dnl to your sendmail.mc (please tell me you're using m4 to configure it). That will allow hosts which do not resolve to deliver to the server. I'd recommend that you consider, if possible, fixing DNS. HTH -- Greeno [EMAIL PROTECTED] GnuPG Key : 1024D/B5657C8B Key fingerprint = 9ED8 59CC C161 B857 462E 51E6 7DFB 465B B565 7C8B Imagine working in a secure environment and finding the string _NSAKEY in the OS binaries without a good explanation -Alan Cox 04/05/2001 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] File browser
I remember a long time ago there was a Network Neighborhood for linux.. I probably have the files stil here somewhere.. George digs into his ~george directory thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Grant Parnell [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 29 January 2002 8:11 AM To: Wayne Crich Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] File browser On Sat, 26 Jan 2002, Wayne Crich wrote: A little while ago I came across a linux file browser that allowed you to browse shared files on MS machines. Can anyone supply a program name, I cannot remember it or find it in my files. gnomba is one. Alternately, you could also mount the remote filesystem. See man mount and man smbmount. -- ---GRiP--- Web: www.arcadia.au.com/gripz Phone/fax: 02 4950 1194 Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] help : telnet RedHat7.1
OK if your telnet is in fact working and it's just root that's not allowed.. the only thing I could do to get working was to remove securetty from the PAM settings as this was the only way I could get it to work.. No one on slug was able to give me answers long long ago when I needed it but this was what i did... vi /etc/pam.d/login #%PAM-1.0auth optional /lib/security/pam_securetty.soauth required /lib/security/pam_pwdb.so shadow nullokauth required /lib/security/pam_nologin.soaccount required /lib/security/pam_pwdb.sopassword required /lib/security/pam_cracklib.sopassword required /lib/security/pam_pwdb.so nullok use_authtok md5 shadowsession required /lib/security/pam_pwdb.sosession optional /lib/security/pam_console.so Changed the line with securetty from required to optional this makes it available from anywhere so the only thing you can do is stop it when it gets to the shell.. it's very grude but works for me.. Didn't worry me anyway and I have software which monitors all logs and alerts on problems.. ie root logins from elsewhere.. -Original Message-From: henry [mailto:[EMAIL PROTECTED]]Sent: Tuesday, 29 January 2002 5:02 PMTo: [EMAIL PROTECTED]Subject: [SLUG] help : telnet RedHat7.1 Dears: I installed RedHat choosed No_Firewall,then modify /etc/securetty by adding 0 1 2 3 (0 1 2 3 means that 4 tty(s) can telnet this host as root) I just cant telnet from outside as root though I can ping from outside Could someone help me ? TIA Henry
RE: [SLUG] newbi
even better.. www.google.com/linux -Original Message- From: Rick Welykochy [mailto:[EMAIL PROTECTED]] Sent: Monday, 28 January 2002 11:46 PM To: ü su Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] newbi 1. http://google.com/ search for linux -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] installing via nfs
Well this may not be much help but I used to format floppies using Disk Image which is an old program and formatted them to 1.7MB which is considered unreliable but if you get a good brand floppy then you might have some better chances... I used cheapies and it still worked for me.. I might even have the program if you want it... -Original Message- From: sm [mailto:[EMAIL PROTECTED]] Sent: Saturday, 26 January 2002 5:32 PM To: [EMAIL PROTECTED] Subject: [SLUG] installing via nfs Hi, could someone help with this? I'm trying to install RH 7.1 over nfs. I've been trying to copy bootnet.img onto a floppy from the install cd but the file size is too big at 1.5Mb for a 1.4Mb floppy. Is there a way to get this file on a floppy? Am I aproaching this the right way? Thanks in advance. Being new to Linux this list has been invaluable help. Steve. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] lost eth1 solution
in redhat the default route is probably set in it's config file... /etc/sysconfig/network-scripts/ifcfg-eth0 remove the option GATEWAY (or something) then on boot it'll won't have a default route... -Original Message- From: David Kempe [mailto:[EMAIL PROTECTED]] Sent: Friday, 25 January 2002 9:03 PM To: Kevin Waterson; [EMAIL PROTECTED] Subject: Re: [SLUG] lost eth1 solution That should be fairly easy - just don't define a gateway for eth0 You should be able to do it by editing /etc/sysconfig/network-scripts/ifcfg-eth0 i think. (i think you said you had redhat) or one of the various configuration utilitys for redhat should have it. Then the adsl should add a default route no worries dave - Original Message - From: Kevin Waterson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 25, 2002 5:44 PM Subject: [SLUG] lost eth1 solution OK, got it fired up, the solution was to install with eth0 in place, and setup the network, then, after installation put the second NIC in place and let kudzu find in but when prompted, do not set up the network. When you have a prompt, ifconfig eth1 up and then adsl-start this bought up the link but it seems the default route remains the one for eth0, so, I needed to ifconfig eth0 down and then adsl-start to get it to work. So next I need to get eth0 up againg without affecting eth1. any thoughts? Kevin -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] lost eth1
Probably Tel$tra.. I get those PADO packet errors when the link is down.. he he make sure your Alcatel modem flashes both outgoing and incoming lights when it's trying to connect.. the 2 lights on the far right must always be green and the 2nd from the left is usually flashing 50% cycle and the left most is your Tx and 3rd one is Rx... If the Rx isn't flashing then nothing is coming back from Tel$tra and the PADO errors are true... -Original Message- From: Kevin Waterson [mailto:[EMAIL PROTECTED]] Sent: Thursday, 24 January 2002 9:18 PM To: David Kempe; [EMAIL PROTECTED] Subject: Re: [SLUG] lost eth1 let me know how you go swapping the cables I went one better, I removed eth0 and reinstalled, now my new install has the ADSL as eth0, but still the same tragedy Kevin -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] NTOP compile
Hi all, I'm trying to rebuild my NTOP which I had running before my firewall got splattered with a bad HDD and I'm trying to get 2.0 working as I had that running before but I have compile errors now and can't find out why since it compiled before just fine.. I've done a make on libzip (i think it's called) and gd and whatever else it asked to compile and yet this is what I get when i `make` ntop. any ideas? gcc -g -O2 -pipe -o .libs/ntop main.o .libs/libntopreport.so -lcrypt -lm -L/home/georgev/gdchart0.94c -lgdchart -L/home/georgev/gdchart0.94c/gd-1.8.3 -lgd -L/home/georgev/gdchart0.94c/gd-1.8.3/libpng-1.0.8 -lpng -L/home/georgev/gdchart0.94c/zlib-1.1.3 -lz -lssl -lcrypto -lpthread -lresolv -lnsl -ldl -lcrypt -lm -lgdchart -lgd -lpng -lz -lssl -lcrypto .libs/libntop.so -L/usr/local/lib -lpcap -lgdbm -lpthread -lresolv -lnsl -ldl -lcrypt -lm -lgdchart -lgd -lpng -lz -lssl -lcrypto -lpthread -lresolv -lnsl -ldl -lcrypt -lm -L/home/georgev/gdchart0.94c -lgdchart -L/home/georgev/gdchart0.94c/gd-1.8.3 -lgd -L/home/georgev/gdchart0.94c/gd-1.8.3/libpng-1.0.8 -lpng -L/home/georgev/gdchart0.94c/zlib-1.1.3 -lz -lssl -lcrypto -Wl,--rpath -Wl,/usr/local/lib /usr/local/lib/libgd.so.4: undefined reference to `jpeg_read_scanlines' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_simple_progression' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_set_defaults' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_start_decompress' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_destroy' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_write_marker' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_destroy_decompress' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_std_error' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_CreateDecompress' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_read_header' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_start_compress' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_destroy_compress' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_finish_decompress' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_resync_to_restart' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_CreateCompress' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_finish_compress' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_set_quality' /usr/local/lib/libgd.so.4: undefined reference to `jpeg_write_scanlines' /usr/local/lib/libgd.so.4: undefined reference to `XpmReadFileToXpmImage' collect2: ld returned 1 exit status make[2]: *** [ntop] Error 1 thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] hosts.deny
Has anybody got this running lately? I used to use this in the days of RH5.0/5.1 and now can't get it working at all.. I've read the `man hosts.deny` but the example doesn't work for me... it simple doesn't execute the script. I've tried: ALL:ALL | (/bin/hosts.deny.script %d %a %h)#(6 year memory of how I did it before) ALL:ALL: (/bin/hosts.deny.script %d %a %h)#(as per man hosts.deny) and some others... which way is it and is there any special conditions? It's chmoded 755.. might be something else going wrong maybe.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] hosts.deny
I had spawn originally but it did nothing at all thats when I turned to the man pages and saw they didn't use it and though that's what caused it to fail.. Will test again thx thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Jobst Schmalenbach [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 24 2002 2:34 PM To: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] hosts.deny ALL : ALL : spawn ( /usr/sbin/safe_finger -l @%h | /usr/bin/Mail -s HOSTNAME\: Host denied\: %d from %c(%u)-%h YOUREMAILADDRESS) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Samba problems.
Just check that they are connecting as themselves and not GUEST(nobody)... `smbstatus` will show who's on etc... run `mksmbpasswd.sh /etc/passwd /etc/smbpasswd` to import the user list and then give them their windows password by using `smbpasswd username` and set each one.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Michael Kraus [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 24 2002 2:33 PM To: [EMAIL PROTECTED] Subject: [SLUG] Samba problems. G'day all... I've set up samba for an NPO, and am having some difficulties. How do I get the samba passwords to be generated from the users passwords on the local machine? Users on the windows machines can open some files, but they open as read-only by their applications. (Not all of them, but a number. They are not marked as read only in the directory. Have read, write and execute permissions in the linux directory.) This is quite urgent as the NPO cannot operate without this functionality. Any help greatly appreciated. All the best. Michael. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] intra-internet gateway?
Only by a silly default install on RedHats part. It was done because of a flaw in IPtables with conntracking.. Update the iptables to 1.24 and use that Ipchains is limited compared to iptables so best get used to it now. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Stephan Borg [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 22 2002 8:15 AM To: Bill Taylor Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] intra-internet gateway? Yes, RH7.1 uses IPChains. I've used this setup before I got onto ADSL - works a treat. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] intra-internet gateway?
Sure hope not because I've got 7.1 as my firewall, your thinking of 7.0 thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Stephan Borg [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 22 2002 8:43 AM To: George Vieira Cc: Bill Taylor; Sydney Linux Users Group (E-mail) Subject: RE: [SLUG] intra-internet gateway? Keep in mind, RH7.1 comes with a 2.2 kernel, which AFAIK won't work with IPTables. Stephan On Tue, 2002-01-22 at 08:18, George Vieira wrote: Only by a silly default install on RedHats part. It was done because of a flaw in IPtables with conntracking.. Update the iptables to 1.24 and use that Ipchains is limited compared to iptables so best get used to it now. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Stephan Borg [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 22 2002 8:15 AM To: Bill Taylor Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] intra-internet gateway? Yes, RH7.1 uses IPChains. I've used this setup before I got onto ADSL - works a treat. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- ÿþS -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] RE: using CU for SMS
Thanks, though I fixed it late Friday and didn't have a chance to email the list back.. stupid me didn't realise what was stuffing it up.. though I had 2 chat lines thinking it's sequetial but it only executed the last line.. so I put everything in one line and it worked.. If anybody wants me to email the list on the setup so they can SMS to vodaphone and telstra.. I'll post the setup tomorrow when I'm back at work.. thanks, GV -Original Message- From: Grant Parnell [mailto:[EMAIL PROTECTED]] Sent: Sunday, 20 January 2002 1:51 PM To: George Vieira Cc: 'Sydney Linux Users Group (E-mail)' Subject: Re: [SLUG] RE: using CU for SMS On Fri, 18 Jan 2002, George Vieira wrote: OK, I've found out what's happening and it seems that cu (or chat really) will not accept a _blank_ to wait for: chat ATZ --- doesn't like waiting for no characters to force it to just SEND an ATZ.. chat OK ATDT0411100200 Chat can be used in this way to wait for nothing. I think it's an escaping issue. chat \\ ATZ maybe? -- ---GRiP--- Web: www.arcadia.au.com/gripz Phone/fax: 02 4950 1194 Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Redhat Linux 7.1
My experience with RedHat (at least tried on 6.x) was that it wouldn't install on less than I think 6-8MB... 1 Mb..good luck.. Have you looked around for memory upgrades... trading post etc..etc.. Otherwise I hear Acer's are good door stoppers...;-) thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message-From: Michael Jordan [mailto:[EMAIL PROTECTED]]Sent: Sunday, January 20 2002 10:04 PMTo: [EMAIL PROTECTED]Subject: [SLUG] Redhat Linux 7.1 To those familiar with Redhat Linux 7.1, I was intending to install this version on my laptop- it's an old piece of hardware, an Acer Note Light. It houses a Pentium 1 at 100MHz, 1 MB DRAM and a 774 MB hard disk. Now is it a feasible idea for me to install Redhat Linux 7.1 on this laptop? Are there any alternatives, any suggestions?
RE: [SLUG] Forwarding a mailbox
Use formail.. I had an accident and had the companies email delivered locally on the gateway machine and then used formail to forward the accounts to the exchange server.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Howard Lowndes [mailto:[EMAIL PROTECTED]] Sent: Monday, January 21 2002 8:25 AM To: Mail List - SLUG Subject: [SLUG] Forwarding a mailbox If I have a /var/spool/mail/user mailbox file which comprises several emails, what is the best method to forward the individual emails on to another email address? -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com We are either doing something, or we are not. 'Talking about' is a subset of 'not'. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] configuring PPP under Debian.
can you ping via an IP ie 203.2.192.124 if not then it's a default route problem... netstat -rn check that your routes OK... also make sure your firewall isn't blocking anything... then when the pings work.. start checking more stuff thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Michael Kraus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 21 2002 12:58 PM To: Michael Kraus; [EMAIL PROTECTED] Subject: RE: [SLUG] configuring PPP under Debian. G'day again... Thanks to George Vieira and Jamie Wilkinson for their answers. However, I've still had no success. :( I'm working from the release that came with the advanced linux pocketbook. The install is really fresh. 'pppconfig' has been used to configure the connections, and pon/poff to connect/disconnect. 'route' things as expected, as does 'tail /var/log/messages' (including primary and secondary nameservers listed.) bind is installed. (No further configuration made.) 'ftp ftp.debian.org' results in: ftp: ftp.debain.org: Host name lookup failure What is going on? This is a fresh install. Have I inadvertedly deleted or modified something I shouldn't? (Ie. should I try reinstalling?) I'm under time pressure, as I'm doing the work for a non-profit organisation, and their system is down whilst I'm doing the work. Many thanks! Michael. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Failing pop3 login
Last time I saw something like this it ended up being something silly like a lock file in the /tmp directory was stopping the pop3 from working.. ie.. /tmp/ipop3d.georgev or something.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Shannon [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17 2002 9:13 PM To: [EMAIL PROTECTED] Subject: [SLUG] Failing pop3 login Hi people, I nedd a little help. I am trying to get my pop3 server back up and running here at home, after it decided to die today. However I am getting a failing error on login. I have looked through my logs and am getting Error opening or locking INBOX user= I am assuming this is a permissions problem but I am not sure exactly what the permission need to be on the mail spool files. 777? 477? 4777? any help would be great. - Shannon -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] using CU for SMS
Readers, I used to have a successful email2sms system running on RedHat 6.1 which when I moved to 6.2, I decided to retrieve the files for reuse as I now require them again.. Nothing has changed in /etc/uucp/dial and /etc/uucp/port and yet the system no longer works.. /etc/uucp/ports --- port port2 device /dev/ttyS0 dialer pager speed 38400 /etc/uucp/dial dialer pager chat ATZ OK-ATZ-OK chat \d\d\dOK-ATZ\r-OK\d\c OK ATDT0414100200 QUIT \T TELENOTE chat-fail BUSY complete \d\d+++\d\dATH\r\c abort \d\d+++\d\dATH\r\c As much as the lines in the dial file seem weird, it always worked..This is the command line I run: echo -e This is an email2sms test\r | cu -p port1 -c 0414xx The output I get is this: cu: icexpect: Looking for 8 TELENOTE cu: icexpect: Got (timed out) cu: Timed out in chat script cu: fcsend: Writing sleep sleep +++ sleep sleep ATH\r WT#? Sometimes the Looking for 8 comes up as Looking for 4... as I changes things for testing.. I'm now using: dialer pager chat \r chat ATZ chat OK ATDT0414100200 chat RETURN TO QUIT \T chat TELENOTE chat-fail BUSY complete \d\d+++\d\dATH\r\c abort \d\d+++\d\dATH\r\c This also fails... It takes forever to pick up the line and yet doesn't do jack Any help here.? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] RE: using CU for SMS
OK, I've found out what's happening and it seems that cu (or chat really) will not accept a _blank_ to wait for: chat ATZ --- doesn't like waiting for no characters to force it to just SEND an ATZ.. chat OK ATDT0411100200 yet I've seen these in PPPD chat scripts so what's the difference? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Getting a USB controller recognised
OK, the $20K question, what motherboard is it? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Dean Hamstead [mailto:[EMAIL PROTECTED]] Sent: Friday, January 18 2002 4:01 PM To: Howard Lowndes Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] Getting a USB controller recognised sure its a uhci usb controller? Dean Howard Lowndes wrote: Yep, done that, then did modprobe usb-uhci and got: -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] AArrgh!! RAID down..
My customer has had a raid failure and I think it's a mirror.. 2 of the partitions have [_U] and the other is [U_]... what commands are there to check/repair/sync these?? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Iptables and internal web servers redirected works, but what abou t the firewall itself..
No. External hosts are fine as mentioned in the original post as Outside clients. It's the firewall _itself_ that can't access the external IP address of these servers... Ext Clients (Works) | | Firewall (Fails) | HUB +--+--+ | | WWW | | Int Clients (Works) Firewall Int IP = 192.168.1.254 Website Int IP = 192.168.1.1 Client Int IP = 192.168.1.65 Everybody BUT the firewall and PING and browse the WWW server via the external IP address but the firewall can't... The rule you supplied works for external clients. Hopefully I've explained it better here.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Crossfire [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17 2002 8:16 AM To: George Vieira Cc: '[EMAIL PROTECTED]' Subject: Re: [SLUG] Iptables and internal web servers redirected works, but what abou t the firewall itself.. George Vieira was once rumoured to have said: Hi all, I have everything working sweet with IPtables but what I've noticed is that the firewall itself can't ping/connect to the internal/NATed webservers... Outside and Inside clients are routed / transalated back and forth OK but the firewall can't connect.. From my little diagram, I can only see that it can only be done at the OUTPUT(nat) chain and the PREROUTING(nat) chain on the internal nic interface Does this sound right to people.. I don't want to knock my webserver down. iptables -A OUTPUT -t nat -d 203.x.x.x -j DNAT --to 192.168.1.1:80 iptables -A PREROUTING -t nat -s 192.168.1.1:80 -i eth0 -j SNAT --to 203.x.x.x Uh, this is much bogosity. If you're trying to let external hosts connect to 192.168.1.1:80 by communicating to 203.x.x.x, you want: iptables -t nat -A PREROUTING -p tcp -d 203.x.x.x --dport 80 -j DNAT --to-destination 192.168.1.1 the reverse rule is NOT necessary as NAT replies are dynamically handled in iptables, even for static translations. C. -- --==-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==-- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Iptables and internal web servers redirected works, bu t what abou t the firewall itself..
Reason is because on this firewall I run scripts to check things like web server up status using wget and unfortunately my proxy is running on it which means I have to move it to another machine when I can't because then I can't turn on transparent proxying.. DoH!! tcpdump shows it works to me.. OK, I'll ignore these tcpdumps then.. 08:45:15.916655 eth0 firewall.3192 jupiter.http: 08:45:15.917035 eth0 jupiter.http firewall.3192: I know the problem is really that I need to have SNAT on the PREROUTING rule to convert the 192.168.1.1:80 back to 203.x.x.x:80 but it's not supported.. Oh Well... thx anyway.. It's a live with thing then thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Iptables and internal web servers redirected works, bu t what abou t the firewall itself..
Bugger I just realised something, I have rules which ignore our external subnet and route through and only external websites go through the proxy... I have some success.. WHooho!! thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- Oh Well... thx anyway.. It's a live with thing then thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] ESC key in bash
Well, I just use CTRL-C if I make an error thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Daniel Harper [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17 2002 12:37 PM To: SLUG Subject: [SLUG] ESC key in bash One thing I really like about . wait for it, MS-Dos is that I press the escape key and it clears the command line. Can anyone point me in the right direction about how I could set this up in bash. Regards, Daniel Harper -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] IPSec tunnel latency
You can check the routes using a different protocol as we do when checking GRE (prot 47) packets with PPTP. Not sure the version of traceroute needed or how to run the command as I've never needed to. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Howard Lowndes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 16 2002 6:43 AM To: Mail List - SLUG; Mail List - CLUG Subject: [SLUG] IPSec tunnel latency I have a number of sites with freeS/WAN IPSec tunnels running on them, mostly with little or no problem, except for one. All of the tunnel configs are identical and all have compression running. In most cases the tunnel adds a latency of around 15msec where the links are ADSL to ADSL; typically 50-60msec out of tunnel -v- 65-75msec in tunnel. In all of these cases the gateways are 500+MHz CPUs with 64+Mb Ram and running either 2.4.5 or 2.4.8 kernels. One is an ADSL to PSTN tunnel where the PSTN end is on a P120 with 64Mb. Here the latency is 150msec -v- 190msec. I could put this 40msec difference down to the P120, but it does seem a little excessive even so. The really bummer is an ADSL to PSTN link where the PSTN end is on a 733MHz CPU with 128Mb so there should be no CPU bottleneck, but the latencies are 220MHz out of tunnel -v- 460MHz in tunnel; a tunnel latency of 240msec. The kernel version here is 2.4.5, but earlier reference does not show that as a problem as one of the good links is also running 2.4.5 -v- 2.4.8 on most of the rest. BTW, all of these times are average over a 3 hour period, and pretty consistent. The only explanation I can come up with is that the PSTN modem is really barfing about handling protocol 50, or something in the circuits in between is barfing about protocol 50. Would anyone care to make a stab in the dark on this one before I do a 250km trip to replace the modem. One stab in the dark - would there be any possibility that the routing between these two particular sites might differ depending upon the type of protocol being handled. I am measuring these by pinging the sites, but the out of tunnel packets would be seen in the circuits as protocol 17 (ICMP) whereas the in tunnel packets would be being seen as protocol 50. Could these proto 50 packets be being routed via a bird whereas the proto 17 packets are being ground routed? -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com We are either doing something, or we are not. 'Talking about' is a subset of 'not'. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] PPPD and C source -Tracking that External IP....
I've done a little more research and found that there is no link between PPTP and PPPD which is traceable.. The only thing I can now think of is to make PPTP to pass the ipparam parameter to PPPD then it can be tracked back..eg. 1) VPN client connects from address 141.x.x.x 2) PPTPD accepts the connection 3) PPTPD creates a /var/run/pptpd-link0 and stores the external IP into it (more client connections become -link1, -link2, etc) 4) PPTPD forks PPPD using: pppd blah blah blah ipparam ${ipparam}-link0 (Note: Incase the user already uses ipparam it is passed and -link0 is added to it.ie. mypptp-link0) 5) PPPD starts up and uses the ipparam passed by PPTP and possibly anything else the user sent ( ${ipparam} ). PPPD ip-up.local can then determine from the ipparam parameter what the IP address is from the file containing the true IP address of the client (/var/run/pptp-link0) ... # ip-up.local (example) #!/bin/sh LINK=`echo $6 | cut -f 2 -d -` REALIP=`cat /var/run/pptpd-$LINK` This sounds like it'll work without modifying the PPPD source code but has created alot more tweaking on the PPTPD source side... Worst thing is I have not coded C in 10 years and it's changed alot to me.. Now for the hard part.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] ISP's AND INTERNET SOLUTIONS
Home connections don't have fixed IPs.. especially Tel$tra ADSL unless it's business class. There are some providors I've heard which provide DSL with ethernet connections and not PPPoE, these were static too. WHo it was who told me I can't rememeber... Optus cable don't provide Static IPs even thought my friends cable connection has had the same IP since he started it, but Optus don't guarentee that it'll stay like that forever.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Matthew Palmer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 16 2002 10:10 AM To: Jon Biddell Cc: Daniel Harper; SLUG Subject: Re: [SLUG] ISP's AND INTERNET SOLUTIONS On Tue, 15 Jan 2002, Jon Biddell wrote: home service with fixed IP (doesn't mean it doesn't exist...). And yes, the business class service doesn't seem to mention it explicitly either, but since they're talking multiple IP addresses assigned to the client, I assume they do fixed IP. Sure do... Pity I can't get ADSL at my exchange, or I'd be on one of these now... I did notice later (damn my inability to read right the first time) that Home connections do have fixed IP, and furthermore there's no restriction on running servers or multiple machines off the one line. So, the question then becomes, why pay for a business service? Support, perhaps? Seems like an awful lot of money for the ability to get the answer 'you're screwed' a bit faster... g Yes, they've got some nice cheap home connections. But their business ones aren't the low end of the spectrum. Hmmm... They're not the cheapest, but better than Telstra, and support is 'Better than Telstra' is hardly a difficult task... -- --- #include disclaimer.h Matthew Palmer [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Help with RHL-6.2 IBM x340 eserver
Ha haa.. Sorry, not laughing at you directly but it seems IBM still haven't fixed it.. Citadel had the same problem and they admitted to us that we were the first people to install Linux on some of their systems.. What you had to do was boot on the CD and use the prompt command linux=dd then it'll ask for the drivers etc..etc..etc.. I also found that if SMP wasn't installed, things would go crazy and crash but that may have been a rare case... Booting from floppy I'm not sure of. Have you tried using the ServerGuide CD? Or don't you have a CD at all thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 16 2002 12:31 PM To: [EMAIL PROTECTED] Subject: [SLUG] Help with RHL-6.2 IBM x340 eserver Hi Sluggers, I am trying to install an IBM eserver x330/x340 with the ServerRAID driver. I am having problems putting together a driver disk for Redhat 6.2, in spite of having support for the machine. I built a kickstart floppy but I do not have the drivers installed correctly (I think). The problem is, I followed some guides on the net, to modify the boot floppy initrd.img file. I added the drivers I needed, edited modinfo and pcitable and repacked the .img file. When I boot off this floppy, the ramdisk loads Ok, but I cannot seem to get the drivers to load - I get a message: trying to insmod ips.o (Path is NULL) or similar. I suspect it is something to do with the way I have recreated the ramdisk image. What I am asking is: 1) can someone please point me to the correct way to build a boot floppy/initrd.img file? Yes, I read the kickstart Howto, and pursued the cpio commands but I think there's something wrong with my cpio image. 2) can someone just send me a 6.2 Ramdisk initrd.img file that already has the ips.o and module for the Intel etherexpress pro 10/100 NIC? 3) a 6.2 boot floppy that will work with an x330/x340 server? thanks! rachel - This message was sent using Endymion MailMan. http://www.endymion.com/products/mailman/ -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Virus Scanners
There many on google and some not too bad but I prefer to use Trend Micro even on Linux it works great.. www.antivirus.com www.trendmicro.com.au there's even an eval on there to try out.. easy to install too.. -Original Message- From: Shannon Doyle [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, January 16, 2002 4:09 PM To: [EMAIL PROTECTED] Subject: [SLUG] Virus Scanners Hi People, I am looking to setup an anti-virus scanner on our sendmail box, to scan all incoming/outgoing emails and remove/notify of any viruses. Can someone suggest an appropriate package (preferably not too costly). Regards, ___ Shannon Doyle BIGBLUE Internet Pty Ltd -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Iptables and internal web servers redirected works, but what about the firewall itself..
Hi all, I have everything working sweet with IPtables but what I've noticed is that the firewall itself can't ping/connect to the internal/NATed webservers... Outside and Inside clients are routed / transalated back and forth OK but the firewall can't connect.. From my little diagram, I can only see that it can only be done at the OUTPUT(nat) chain and the PREROUTING(nat) chain on the internal nic interface Does this sound right to people.. I don't want to knock my webserver down. iptables -A OUTPUT -t nat -d 203.x.x.x -j DNAT --to 192.168.1.1:80 iptables -A PREROUTING -t nat -s 192.168.1.1:80 -i eth0 -j SNAT --to 203.x.x.x Does this sound right and hopefully not effect the outside/inside requests.. should effect only the firewall as far as I can see... thanks.. might have to try it tonight... -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Iptables and internal web servers redirected works, but what abou t the firewall itself..
AArgh... Can't use SNAT in PREROUTING... damn.. -Original Message- From: George Vieira Sent: Wednesday, January 16, 2002 4:39 PM To: '[EMAIL PROTECTED]' Subject: [SLUG] Iptables and internal web servers redirected works, but what abou t the firewall itself.. iptables -A OUTPUT -t nat -d 203.x.x.x -j DNAT --to 192.168.1.1:80 iptables -A PREROUTING -t nat -s 192.168.1.1:80 -i eth0 -j SNAT --to 203.x.x.x -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] ISP's AND INTERNET SOLUTIONS
I'm on the same for $84 because my line is with telstra.. so... -Original Message- From: Stephan Borg [mailto:[EMAIL PROTECTED]] Sent: Monday, 14 January 2002 7:26 PM To: [EMAIL PROTECTED] Subject: RE: [SLUG] ISP's AND INTERNET SOLUTIONS Ok, ok, ok - I'll admit it - I'm with Telstra . . . But, in my defense, let me say this: (1) I shopped around before I joined, and I tried Optus, AAPT and PacNet - and no one unfortunately, could give me better than 512k/64k, 3Gb/mnth for $105. (2) Sss - I use dynamic DNS to get around the static IP problem -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] RAID1 system boot problem after new kernel compile
yeah I've done this and it still fails.. tested at 5PM today.. People say the RAID must be in the kernel and not a module but mkinitrd complains it need RAID1 which I assume it needs them as modules because it doesn't complain when I do... but also doesn't boot up.. from the LILO prompt is there anything I can type to make it load the root FS somehow?? -Original Message- From: Grant Parnell [mailto:[EMAIL PROTECTED]] Sent: Monday, 14 January 2002 10:05 PM To: George Vieira Subject: Re: [SLUG] RAID1 system boot problem after new kernel compile I'm sure somebody would have beaten me to an answer, but yes, you're going to have to make an initrd. It's easy-as though, man mkinitrd (assuming you did a make modules_install somewhere along the line. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] RAID1 system boot problem after new kernel compile
WhhoooO! That was the problem, I don't need to add the line for initrd in lilo.conf argh, for so long I've been trying to figure out what was going on.. thanks peeps. George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Marty Richards [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14 2002 11:41 PM To: George Vieira Subject: RE: [SLUG] RAID1 system boot problem after new kernel compile FYI image = /boot/vmlinux root = /dev/md0 label = Linux_new read-only is all thats in our lilo.conf... no mention of initrd at all. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] PPPD and C source
HI, I'm now doing mission impossible and trying to work out the source code to PPTPD server. I was hoping that I could find where it forks off a PPPD process and as hoping I can get the PPP device it used and add something to the /var/rub/ppp0.pid file YEAH RIGHT!!! Anybody familiar with forking processes in C that might want to help??? pwwease... ;-) thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] MOSIX Clustering
Does it works with Apache and MySQL transparently? I heard some apps needed to be cluster aware and so on... thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -Original Message- From: Jeff Waugh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 15 2002 3:51 PM To: [EMAIL PROTECTED] Subject: Re: [SLUG] MOSIX Clustering quote who=Stephan Borg Have any SLUGGERs had any experiences with MOSIX clustering. Yeah, I was going to do a talk on this at SLUG a while ago, but everyone wanted something else... kernel? I think that was it. MOSIX is wy cool, and lots of fun to play with. Migrate processes across machines! Nuts. - Jeff -- http://www.xach.com/debian-users-are-beatniks.html -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] RAID1 system boot problem after new kernel compile
Hi all, I'm still stuck with the machine with RAID1 and recompiling the kernel. I've upgraded kernels for years but never done one with the built in RAID of linux and everytime I try to boot with a new kernel config, it crashes with a problem mounting root fs. My guess is that it's not loading the RAID drivers/software or something as it's fine on the old kernel. It's frustrating me to hell coz' I need to compile some important stuff and patch my iptables etc,etc Has anybody recompiled a NEW kernel from scratch (with a new .config) and has RAID1 running on it. Any help on this? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] RAID1 system boot problem after new kernel compile
default=linux image=/boot/vmlinuz-2.4.2-2 label=linux initrd=/boot/initrd-2.4.2-2.img read-only root=/dev/md5 image=/boot/vmlinux-2.4.16 label=firewall initrd=/boot/initrd-2.4.2-2.img read-only root=/dev/md5 Could it be that I didn't update anything with the initrd 2.4.2-2 version? I've never had to touch it and yet have systems running quite fine..?? Should I be using mkinitrd, I've never created a new one (n00b he he) thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Howard Lowndes [mailto:[EMAIL PROTECTED]] Sent: Monday, 14 January 2002 8:12 AM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] RAID1 system boot problem after new kernel compile Have you got the RAID elements included as monolithic or as modules? If they are modules then you might need to build and use an initrd. Just a stab in the dark. On Mon, 14 Jan 2002, George Vieira wrote: -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: Disguising Linux (Was: [SLUG] Re: just like the old days ...)
I'm thinking of making my own windows version for Linux.. called Windows Xtinct... Using Gnome and patch up the icons to look like windows enough to fool the Boss. Anybody care to help me modify the icons etc.. eg. how to change the gnome foot button?? -Original Message- From: Peter Hardy [SMTP:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 2:13 PM To: slug Subject: Disguising Linux (Was: [SLUG] Re: just like the old days ...) Heh. :-) Fortunately, it's even easier to do that these days, with a little bit of care. Compare and contrast: http://home.pacific.net.au/~peterhardy/win-desktop.png http://home.pacific.net.au/~peterhardy/linux-desktop.png -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] [OT] burned on a deal
Simple solution send it out to another Auction and sell it -Original Message- From: Felix Sheldon [mailto:[EMAIL PROTECTED]] Sent: Saturday, 12 January 2002 4:30 PM To: [EMAIL PROTECTED] Subject: Re: [SLUG] [OT] burned on a deal AFAIK auction houses are treated as second-hand goods dealers, and are not under the same obligations as the manufacturers or distributors of a product might be. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Linux and the Next Generation
3 cheers for Paul Copeland and his school..!!! That is the problem these days is that alot of people are standardising on M$ products... My girlfriend went into an interview and they tested her on Excel,Word,Access but didn't ask her if she know anything about linux desktops at all.. because windows is so much out there it's scarey... Though I'm one of the unfortunate ones who actually hate Netscape, though M$ is not far either.. It crashes just as much but Netscape is a pain to deal with in HTML, some thing it just causes more grief than it's worth to get a good effect on a web site where you decide to test it in IE and it just works.. But Mozilla is soon to be maturing.. it works like IE but isn't.. sorry if this hits some people but just my experiences... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Paul Copeland [mailto:[EMAIL PROTECTED]] Sent: Thursday, 10 January 2002 5:17 PM To: SLUG Subject: [SLUG] Linux and the Next Generation Hi All, Although I am relatively new to Linux, as a high school teacher I have noticed some things regarding students and computers. It amazes me to see how proficient some students are when delving into the Windows OS, and it demonstrates how comfortable people are with something that the grow up with it. While I was very comfortable with the nuances of Windows these kids would run rings around me several times over. The problem I see is that many students no of nothing outside the M$ universe. Prior to moving over to Linux my minimal move away from M$ was to use Netscape 6.2. I asked a couple of classes what they use to browse the net and they all looked at me like I was a fool, i.e. There is only one net browser sir. Their next question was to ask me what I used? They were stunned I didn't use M$ Explorer. Well there are now Linux stickers around my classroom and one machine will be a dual OS machine with Windows 98 and SuSE 7.3. The test will be to see if Linux will work with Novell, the network we run at school. One small victory is the Computing Studies teacher is quite interested in my Linux move and has agreed we should run both systems on the Staffroom machines. Small steps and the school may get there. It doesn't help, however, when the Department of Education enters into a licencing agreement with M$ that allows all staff to install Office etc at home legally. Forgive my musings, I am hoping I am in a good position to make people aware about Linux at a young age. Regards Paul Copeland -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Linux and the Next Generation
It probably is and I haven't used 6.x yet under linux. I know under windows it works alot better than 4.x but it still has some small rendering quirks.. maybe I'll check my code and make sure.. Whatever the case is, it's freee thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Paul Copeland [mailto:[EMAIL PROTECTED]] Sent: Friday, 11 January 2002 12:25 AM To: SLUG Subject: Re: [SLUG] Linux and the Next Generation Hi George, Thanks for the kind words. I will be interseted to see what the kids think of SuSE 7.3 and KDE. Just a question, isn't Netscape 6/6.1/6.2 based on the Mozilla Project? I once read that Netscape 6 was just a rehashed version of Mozilla. This was how Time Warner reduced the amount of programmers working on Netscape as they based there work on the work of the Open Source Mozilla developers. Forgive me if I have this all topsy turvey. Regards Paul George Vieira wrote: 3 cheers for Paul Copeland and his school..!!! That is the problem these days is that alot of people are standardising on M$ products... My girlfriend went into an interview and they tested her on Excel,Word,Access but didn't ask her if she know anything about linux desktops at all.. because windows is so much out there it's scarey... Though I'm one of the unfortunate ones who actually hate Netscape, though M$ is not far either.. It crashes just as much but Netscape is a pain to deal with in HTML, some thing it just causes more grief than it's worth to get a good effect on a web site where you decide to test it in IE and it just works.. But Mozilla is soon to be maturing.. it works like IE but isn't.. sorry if this hits some people but just my experiences... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] DSL vs Cable security
Security in what sense.. stealing someones cable login or something? All ports are open and it's up to the user to block incoming traffic, except for AOL and others who block some ports... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] DSL vs Cable security
I think that's not how IRC does it.. What IRC hackers do is scan ports like 23, 3128 etc which is open and they relay through it and appear as that machine rather than themselves.. Some IRC server now check your ports when you connect on IRC for these ports and if they are open it'll lot allow you to connect to the IRC server.. I've seen this happen. thanks, George Vieira Systems Manager Citadel Computer Systems P/L IIRC the way some providers are set up you can steal the IP addresses of machines on the same subnet as you if you have the right tools(software). -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Iptables, diagram comments/suggestions...
After spending a couple of hours figuring out and drawing this diagram, do you guys think this looks too confusing or is there any inconsistences anybody may have noticed? The drawing has been made this way so people know that rules are applied in both directions. In other words, prerouting rules take place when entering the ethernet card from the wire above and from below too where it may have been forwarded from another device, etc.etc.. Words for Wire etc.. not placed yet. http://www.lancentre.com.au/iptables.jpg Any comments, suggestions ? Happy to take this off the list. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Iptables, diagram comments/suggestions...
Oh yes your right.. mangle happens before prerouting and hasn't been included.. I'll add that in, thx. What's I'm hopefully going to make is either a flash or anitmated GIF version of this image with an animated packet going in and out depending on the rules,etc... may sound like a bit of waste of time but I feel like doing it.. I'll hopefully cover SNAT/DNAT/REDIRECT/FORWARD/INPUT/OUTPUT... don't know much about magle yet and some other stuff too but eventually I'll get there.. thx -Original Message- From: Howard Lowndes [mailto:[EMAIL PROTECTED]] Sent: Friday, 11 January 2002 5:43 PM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] Iptables, diagram comments/suggestions... I appreciate the diagram, it looks really flash, but would it help to split it into perhaps 3 diagrams to cover the 3 default tables, filter, nat and mangle. These tables have different default chains. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] The Linux Generation (gap?)
I think before you start a flame war, you should consider how many people code in Java and your calling it a poor site because of it's use in them. Java has alot of advantages so does PHP and everything else on the shelf these days. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Terry Collins [mailto:[EMAIL PROTECTED]] Sent: Thursday, 10 January 2002 9:51 AM To: Howard Lowndes Cc: Grant Parnell; [EMAIL PROTECTED] Subject: Re: [SLUG] The Linux Generation (gap?) Howard Lowndes wrote: Except that you can't get a version that will run on W311 _and_ do JS and all the rest of the crap (at least as far as I know). You could also use lynx, but with the same caveats Why would you want to do JS? or Java for that matter? These are the sign of a poor WWW site. -- Terry Collins {:-)}}} Ph(02) 4627 2186 Fax(02) 4628 7861 email: [EMAIL PROTECTED] www: http://www.woa.com.au Wombat Outdoor Adventures Bicycles, Books, Computers, GIS People without trees are like fish without clean water -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Sendmail woes
Oh another thing to watch out is that sendmail (default) listens only to 127.0.0.1 to connect... search your sendmail.cf for 127.0.0.1 and you'll probably find it.. I can't rememeber what I did but it had to be remarked or changed.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Nicholas O'Donnell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 1:58 PM To: [EMAIL PROTECTED] Subject: [SLUG] Sendmail woes I have sendmail installed out-of-the-box with redhat 7.2 (with updates) but I cannot get it to recieve mail from another host other than doing echo blah | mail username I can recieve mail from the machine without any problems once I have mail in the spool, but getting the mail into the spool from the outside world is the problem Any help much appreciated Nick -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Sendmail woes
I think this was it.. # SMTP client options #O ClientPortOptions=Address=0.0.0.0 thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: George Vieira Sent: Wednesday, 09 January 2002 3:38 PM To: 'Nicholas O'Donnell'; '[EMAIL PROTECTED]' Subject: RE: [SLUG] Sendmail woes Oh another thing to watch out is that sendmail (default) listens only to 127.0.0.1 to connect... search your sendmail.cf for 127.0.0.1 and you'll probably find it.. I can't rememeber what I did but it had to be remarked or changed.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Nicholas O'Donnell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 1:58 PM To: [EMAIL PROTECTED] Subject: [SLUG] Sendmail woes I have sendmail installed out-of-the-box with redhat 7.2 (with updates) but I cannot get it to recieve mail from another host other than doing echo blah | mail username I can recieve mail from the machine without any problems once I have mail in the spool, but getting the mail into the spool from the outside world is the problem Any help much appreciated Nick -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Ping from eth0 problem
Make sure the network card is in half duplex mode and 10Mb.. I think these cards do 100Mb don't they... I've seen weird problems when these type of cards are in autodetect mode... dunno why.. -Original Message- From: Minh Van Le [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 9 January 2002 5:55 PM To: [EMAIL PROTECTED] Subject: [SLUG] Ping from eth0 problem I'm experiencing difficulty getting an ISA 3Com509 NIC to communicate to the rest of my LAN. I can't see any reason for it not to work as I've checked ifconfig, route and ipchains. /proc's IRQ/IO and module seems to be aware of the 3Com509. The ping error is Destination Host Unreachable. I've also replaced the ISA 3Com509 with a PCI Netgear FA310TX with the exact network (and cabling) configuration and the FA310 works under Linux, so there's no (or shouldn't be) cabling or routing/firewall problems. I've also tested the 3Com509 under W2k to communicate to other Linux hosts and had no problems, so I know the 3Com509 works on both the 10Base2 and 10BaseT ports. I also tried passing media 10base2 and media 10baset to ifconfig which still doesn't fix the problem. To my knowledge the 3Com509 is installed on IRQ:10 I/O:0300-030f. Distribution is Redhat 7.2 [2.4.7-10]. Here're my diagnostics when only the ISA 3Com509 is inserted: [root@f1 tmp]# ping -c 3 192.168.0.1 PING 192.168.0.1 (192.168.0.1) from 192.168.0.10 : 56(84) bytes of data. From 192.168.0.10: Destination Host Unreachable From 192.168.0.10: Destination Host Unreachable From 192.168.0.10: Destination Host Unreachable --- 192.168.0.1 ping statistics --- 3 packets transmitted, 0 packets received, +3 errors, 100% packet loss [root@f1 tmp]# ifconfig eth0 Link encap:Ethernet HWaddr 00:20:AF:E1:5A:2A inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:0 (0.0 b) TX bytes:1512 (1.4 Kb) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:84 errors:0 dropped:0 overruns:0 frame:0 TX packets:84 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:6714 (6.5 Kb) TX bytes:6714 (6.5 Kb) [root@f1 tmp]# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.0.0 * 255.255.255.0 U 0 00 eth0 127.0.0.0 * 255.0.0.0 U 0 00 lo [root@f1 tmp]# ipchains -L Chain input (policy ACCEPT): Chain forward (policy ACCEPT): Chain output (policy ACCEPT): [root@f1 tmp]# lsmod Module Size Used by ide-cd 27072 0 (autoclean) cdrom 28512 0 (autoclean) [ide-cd] soundcore 4464 0 (autoclean) binfmt_misc 6416 1 iscsi 21984 0 (unused) scsi_mod 95696 1 [iscsi] autofs 11520 0 (autoclean) (unused) 3c509 7920 1 appletalk 20912 0 (autoclean) ipx16448 0 (autoclean) ipchains 39200 0 mousedev4448 1 hid19024 0 (unused) input 3840 0 [mousedev hid] usb-uhci 21536 0 (unused) usbcore51712 1 [hid usb-uhci] ext3 64624 2 jbd40992 2 [ext3] [root@f1 tmp]# cat /proc/interrupts CPU0 0: 184779 XT-PIC timer 1: 3783 XT-PIC keyboard 2: 0 XT-PIC cascade 8: 1 XT-PIC rtc 10: 0 XT-PIC eth0 12: 30086 XT-PIC usb-uhci, usb-uhci 14: 20969 XT-PIC ide0 15: 5503 XT-PIC ide1 NMI: 0 ERR: 0 [root@f1 tmp]# cat /proc/ioports -001f : dma1 0020-003f : pic1 0040-005f : timer 0060-006f : keyboard 0070-007f : rtc 0080-008f : dma page reg 00a0-00bf : pic2 00c0-00df : dma2 00f0-00ff : fpu 0170-0177 : ide1 01f0-01f7 : ide0 02f8-02ff : serial(auto) 0300-030f : 3c509 0376-0376 : ide1 03c0-03df : vga+ 03f6-03f6 : ide0 03f8-03ff : serial(auto) 0cf8-0cff : PCI conf1 4000-40ff : VIA Technologies, Inc. VT82C686 [Apollo Super ACPI] 5000-500f : VIA Technologies, Inc. VT82C686 [Apollo Super ACPI] 6000-607f : VIA Technologies, Inc. VT82C686 [Apollo Super ACPI] c000-cfff : PCI Bus #01 c000-c07f : PCI device 1039:0300 (Silicon Integrated Systems [SiS]) d000-d00f : VIA Technologies, Inc. Bus Master IDE d000-d007 : ide0 d008-d00f : ide1 d400-d41f : VIA Technologies, Inc. UHCI USB d400-d41f : usb-uhci d800-d81f : VIA Technologies, Inc. UHCI USB (#2) d800-d81f : usb-uhci dc00-dcff : VIA Technologies, Inc. AC97 Audio
[SLUG] Kernel Upgrade on RedHat7.1
Hi all, Is it safe to upgrade only the kernel only and not what RedHat suggest.. ie headers,SysVinit etc.etc..?? I am running 2.4.2-12 and want to move off it beause of the IPTABLES problems and my Tar.gz of 2.4.16 isn't working due to some sort of root= lilo problem.. will a rpm -Uvh kernel-2.4.9xxx.rpm be enough for this? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] IPTABLES and confusing messages
I think I found the site which showed some very large amounts of info on iptables including the graphs I mentioned, I'm pretty sure this was the one of many I went through... If this site has been passed around already then forgive me... http://iptables.linuxguruz.org/iptables-tutorial/iptables-tutorial.html#AEN1 42 -Original Message- From: Ben Donohue [mailto:[EMAIL PROTECTED]] Sent: Thursday, 3 January 2002 9:05 PM To: George Vieira Subject: Re: [SLUG] IPTABLES and confusing messages yes George if you can find the page again i for one would appreciate it. i'm finding iptables rather hard so any help would be appreciated. look in your history file if you have one for the site! thanks Ben George Vieira wrote: Ahaa!! Crossfire was right. Packets do not pass through the INPUT chain first and then the FORWARD chain like they do in IPCHAINS. I have allowed the internet network on the internal device and dropped practically everything else and it now logs and drops properly. Thanks for that information. I also had found a site which graphed a block diagram of how the rules work but accidently closed the page. If people want it, I'll try and find that site again and post it. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Crossfire [mailto:[EMAIL PROTECTED]] Sent: Thursday, 3 January 2002 10:27 AM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] IPTABLES and confusing messages George Vieira was once rumoured to have said: hey all, I thought I was starting to get an understaning of iptables when I stumbled on this problem. [snip] The other thing weird is that my rules aren't DROPPING non allowed packets and yet my rules appear quite strict.. I usually ACCEPT on the OUTPUT and FORWARD (-P) rules.. I explicitly specify as much rule matching as possible to eliminate the possiblility of accidently accepting when it shouldn't ie. -A INPUT -i eth1 -d 203.x.x.x ouch.. Anything I want passed through I make the rules as explicit as possible. It sounds like you're being snared by the fact that forwarded packets do not pass through the INPUT ruleset in iptables, which is different behaviour to ipchains. C. -- --==-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==-- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] IPTABLES, small problems
Everything appears to work except for some log messages that I'm getting down below. Does anyone know what causes these to happen? .254 is the firewall and .3 is a SNAT/DNAT server and .1 is a MASQUERADED server. Is the way I've done it below incorrect, should I put rules for ESTALISHED,RELATED??? Jan 4 13:19:03 firewall kernel: NAT: 3 dropping untracked packet c68c4220 1 192.168.0.254 - 192.168.0.1 $IPTABLES -A POSTROUTING -o $EXTDEV -t nat -s $SERVERINT -j MASQUERADE Jan 4 13:19:03 firewall kernel: NAT: 3 dropping untracked packet c304ed40 1 192.168.0.254 - 192.168.0.3 $IPTABLES -A POSTROUTING -o $EXTDEV -t nat -s $WWWINT -j SNAT --to $WWWEXT # Mangle: internal users to internal WWW server $IPTABLES -A PREROUTING -i $INTDEV -t nat -p tcp -d $WWWEXT --dport 80 -j DNAT --to $WWWINT $IPTABLES -A POSTROUTING -o $INTDEV -t nat -p tcp -d $WWWINT --dport 80 -s $INTSN -j SNAT --to $FIREWALLINT # Other external Services $IPTABLES -A PREROUTING -i $EXTDEV -t nat -p tcp -d $WWWEXT --dport 80 -j DNAT --to $WWWINT $IPTABLES -A PREROUTING -i $EXTDEV -t nat -p tcp -d $WWWEXT ! --syn -j DNAT --to $WWWINT thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] IPTABLES and confusing messages
hey all, I thought I was starting to get an understaning of iptables when I stumbled on this problem. I've figured out how to SNAT and DNAT thanks to the help from the previous post and SLUGGERS who explained it a bit better than the man pages. My problem now is that I have rules (as below) which allow incoming ports for TCP, any anything else should be dropped or rejected (-P INPUT DROP). My problem is that the remote site receives a telnet: Unable to connect to remote host: No route to host instead of just a TimeOut type of message when attempting to test a port (ie telnet). # # GEORGEV TEST # $IPTABLES -P INPUT DROP $IPTABLES -A POSTROUTING -o $EXTDEV -t nat -s $GEORGEVINT -j SNAT --to $GEORGEVEXT #Outgoing # Special Rules for Citadel Internal Users to see External WWW server on GEORGEV $IPTABLES -A PREROUTING -i $INTDEV -t nat -p tcp-d $GEORGEVEXT --dport 80 -j DNAT --to $GEORGEVINT #Int WWW $IPTABLES -A POSTROUTING -o $INTDEV -t nat -p tcp -d $GEORGEVINT --dport 80 -s $INTSN -j SNAT --to $STARGATEINT #Int WWW # $IPTABLES -A PREROUTING -i $EXTDEV -t nat -p tcp-d $GEORGEVEXT --dport 23 -j DNAT --to $GEORGEVINT $IPTABLES -A PREROUTING -i $EXTDEV -t nat -p tcp-d $GEORGEVEXT ! --syn -j DNAT --to $GEORGEVINT I found on ports which are DROPPED I receive arp messages as below. (eth1 is external). 08:57:26.641509 eth1 arp who-has webmachine.citadelcomputer.com.au tell firewallmachine.citadelcomputer.com.au (xx:xx:xx:xx:xx:xx) 0001 0800 0604 0001 5254 05e3 089a cb6f 4f72 cb6f 4f77 The other thing weird is that my rules aren't DROPPING non allowed packets and yet my rules appear quite strict.. I usually ACCEPT on the OUTPUT and FORWARD (-P) rules.. I explicitly specify as much rule matching as possible to eliminate the possiblility of accidently accepting when it shouldn't ie. -A INPUT -i eth1 -d 203.x.x.x ouch.. Anything I want passed through I make the rules as explicit as possible. If anybody would like to see my complete firewall rules, I can email them off list. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] IPTABLES and confusing messages
The problem isn't that they can't reach the ports as the ports I allowed are working.. it's the ports that aren't specified should be handled by the default chain and/or the last chain which is supposed to be LOGGING and DROPPING but aren't even run. # # DROP and log everything if logging is enabled.. # if [ $LOG ]; then $IPTABLES -A INPUT -j LOG --log-level notice --log-prefix INET --log-tcp-options --log-ip-options fi $IPTABLES -A INPUT -j DROP The rules above rarely get activated ie only XX bytes filtered after a port scan on any host... should be 100,XXXs bytes dropped.. Doh! Just saw the message from Crossfire, if this is true then this will explain my problem... argh how annoying. I will test it.. many thanks. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: David Fitch [mailto:[EMAIL PROTECTED]] Sent: Thursday, 3 January 2002 10:15 AM To: George Vieira Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] IPTABLES and confusing messages On Thu, Jan 03, 2002 at 09:23:52AM +1100, George Vieira wrote: I've figured out how to SNAT and DNAT thanks to the help from the previous post and SLUGGERS who explained it a bit better than the man pages. My problem now is that I have rules (as below) which allow incoming ports for TCP, any anything else should be dropped or rejected (-P INPUT DROP). My problem is that the remote site receives a telnet: Unable to connect to remote host: No route to host instead of just a TimeOut type of message when attempting to test a port (ie telnet). probably no help to you but... I had a similar thing where people couldn't get to my webserver from outside yet I could from inside and I was allowing port 80 etc. Telnet from outside in showed the same messages about no route to host. I discovered (or deduced) that it was due to dingo/optus blocking inbound port 80 (and 25 and maybe others). Running my webserver on a different port works fine. Maybe just something to check - that your upstream provider isn't blocking or doing strange routing things to you. Dave. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] IPTABLES and confusing messages
Ahaa!! Crossfire was right. Packets do not pass through the INPUT chain first and then the FORWARD chain like they do in IPCHAINS. I have allowed the internet network on the internal device and dropped practically everything else and it now logs and drops properly. Thanks for that information. I also had found a site which graphed a block diagram of how the rules work but accidently closed the page. If people want it, I'll try and find that site again and post it. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Crossfire [mailto:[EMAIL PROTECTED]] Sent: Thursday, 3 January 2002 10:27 AM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] IPTABLES and confusing messages George Vieira was once rumoured to have said: hey all, I thought I was starting to get an understaning of iptables when I stumbled on this problem. [snip] The other thing weird is that my rules aren't DROPPING non allowed packets and yet my rules appear quite strict.. I usually ACCEPT on the OUTPUT and FORWARD (-P) rules.. I explicitly specify as much rule matching as possible to eliminate the possiblility of accidently accepting when it shouldn't ie. -A INPUT -i eth1 -d 203.x.x.x ouch.. Anything I want passed through I make the rules as explicit as possible. It sounds like you're being snared by the fact that forwarded packets do not pass through the INPUT ruleset in iptables, which is different behaviour to ipchains. C. -- --==-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==-- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] IPROUTE2 and IPTABLES combination
Yes I think I have figured it out.. thanks. What I needed was to allow all my WWW/DNS servers to traverse the internet via THEIR external IPs and not masqueraded as the linux firewall. So in your example the firewall may have a live IP of 203.16.16.1 but the SNAT for the servers must go out as 203.16.16.2,3,4,5 etc.etc..etc.. I found your --to $IPWWW was the way to do it.. though the man pages don't mention using --to anywhere and only show --to-source. Are these the same thing and only abbreviated? And why when we're changing the from address we specify --to in SNAT? weird? Anyhow problem seems to be solved.. now for the ipchains/iptables rules conversions...argh -Original Message- From: Bernhard Lüder [mailto:[EMAIL PROTECTED]] Sent: Saturday, 29 December, 2001 10:49 AM To: George Vieira; Sydney Linux Users Group (E-mail) Subject: RE: [SLUG] IPROUTE2 and IPTABLES combination Hi, I think there is an understanding problem here. Your question could be understood in 2 ways: 1. You want to view something on the Internet from 192.168.0.1. via 203.16.16.1 you would require to use some sort of masquereading rule in your IPTABLES on 203.16.16.1. For example (assuming your eth1 is the interface pointing to the web): iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $IPWWW or iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE 2. You want to provide a service (eg web server) on your internal machine: 192.168.0.1. and you have a live public IP address of say 203.16.16.1. So poeple from the www will resolve a name say: www.webserver.com.au to your live IP 203.16.16.1 You would need this rule to do a NAT. (assuming your eth1 is the interface pointing to the web) iptables -t nat -A PREROUTING -i eth1 -p tcp -d 203.16.16.1 --dport 80 -j DNAT --to 192.168.0.1:80 and of course your web server has to be able to answer to 192.168.0.1 as well as www.webserver.com.au. and your default route of 192.168.0.1 has to point to 203.16.16.1. Otherwise you will also need: (asssuming eth0 is pointing to your internal LAN). iptables -t nat -A POSTROUTING -o eth0 -p tcp -d 192.168.0.1 --dport 80 -j MASQUERADE Hope this helps. No guarantees of course. Bernhard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of George Vieira Sent: Friday, 28 December 2001 10:49 To: Sydney Linux Users Group (E-mail) Subject: RE: [SLUG] IPROUTE2 and IPTABLES combination but how do you SNAT a machine to a _different_ external IP address? Internet | | Linux FW (203.x.x.1) | | WWW (192.168.0.1) goes out to internet as (203.x.x.2) know what I mean, iptables doesn't have a syntax to do this does it??? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Jeffrey Borg [mailto:[EMAIL PROTECTED]] Sent: Monday, 24 December 2001 9:40 PM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] IPROUTE2 and IPTABLES combination I am doing this for every machine on my lan has a range of 200 ports on the public ip which is useful for incoming connections to apps which can be reconfigured for eg. realplayer, icq etc... how about just putting a SNAT line in as well? and forget the iproute2 stuff. On Mon, 24 Dec 2001, George Vieira wrote: hi all, Firstly - Merry Christmas to all, My question (for hopefully the rest of this year) is how do you use in conjunction with iptables to NAT a few servers out the internet with their public external IPs using iproute2 (so I've been told can do it) ?... $IPTABLES -t nat -A PREROUTING -i $EXTDEV -d 203.x.x.x.x -j DNAT --to-destination 192.168.0.1 I've have worked out the incoming using DNAT/IPTABLES (as above) but the outgoing and iproute2 has confused me or have I gotten things mixed up? I've been told that iproute2 has to do this... but some examples I've tried were total screw ups. thanks, George Vieira. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] IPROUTE2 and IPTABLES combination
but how do you SNAT a machine to a _different_ external IP address? Internet | | Linux FW (203.x.x.1) | | WWW (192.168.0.1) goes out to internet as (203.x.x.2) know what I mean, iptables doesn't have a syntax to do this does it??? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Jeffrey Borg [mailto:[EMAIL PROTECTED]] Sent: Monday, 24 December 2001 9:40 PM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] IPROUTE2 and IPTABLES combination I am doing this for every machine on my lan has a range of 200 ports on the public ip which is useful for incoming connections to apps which can be reconfigured for eg. realplayer, icq etc... how about just putting a SNAT line in as well? and forget the iproute2 stuff. On Mon, 24 Dec 2001, George Vieira wrote: hi all, Firstly - Merry Christmas to all, My question (for hopefully the rest of this year) is how do you use in conjunction with iptables to NAT a few servers out the internet with their public external IPs using iproute2 (so I've been told can do it) ?... $IPTABLES -t nat -A PREROUTING -i $EXTDEV -d 203.x.x.x.x -j DNAT --to-destination 192.168.0.1 I've have worked out the incoming using DNAT/IPTABLES (as above) but the outgoing and iproute2 has confused me or have I gotten things mixed up? I've been told that iproute2 has to do this... but some examples I've tried were total screw ups. thanks, George Vieira. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] IPROUTE2 and IPTABLES combination
hi all, Firstly - Merry Christmas to all, My question (for hopefully the rest of this year) is how do you use in conjunction with iptables to NAT a few servers out the internet with their public external IPs using iproute2 (so I've been told can do it) ?... $IPTABLES -t nat -A PREROUTING -i $EXTDEV -d 203.x.x.x.x -j DNAT --to-destination 192.168.0.1 I've have worked out the incoming using DNAT/IPTABLES (as above) but the outgoing and iproute2 has confused me or have I gotten things mixed up? I've been told that iproute2 has to do this... but some examples I've tried were total screw ups. thanks, George Vieira. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] limit apaches bandwidth usage
I didn't think the shaper would allow dummy interfaces (eth0:0 etc).. I tried that years ago without luck.. have they changed the setup heaps since then, I'd guess so.. Does it support port shaping yet? Haven't seen anything about it, but that would be a big +plus+ for the project thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Grant Parnell [mailto:[EMAIL PROTECTED]] Sent: Thursday, 20 December 2001 7:40 PM To: Doug Stalker Cc: Slug Subject: Re: [SLUG] limit apaches bandwidth usage On Wed, 19 Dec 2001, Doug Stalker wrote: How can I limit Apaches bandwidth use? I have a 256 kbps outgoing connection with Telstra ADSL (when it works...) and would like to limit apache to using only 192kbps, so that I can still use systems inside the network when my web-site is being hit. You could bind apache to a dummy interface on a different IP then 'route' traffic through the shaper device. It was just installed automatically on my laptop's RedHat 7.2 system. Looking through the doco's suggests it hasn't had much done to it lately. [root@gripz 2.4.7-10]# find /usr/lib/modules/2.4.7-10 | grep shap /usr/lib/modules/2.4.7-10/kernel/drivers/net/shaper.o [root@gripz shapecfg-2.2.12]# rpm -qi shapecfg Name: shapecfg Relocations: (not relocateable) Version : 2.2.12Vendor: Red Hat, Inc. Release : 7 Build Date: Wed 18 Jul 2001 05:38:40 AM EST Install date: Fri 24 Aug 2001 11:14:45 AM EST Build Host: porky.devel.redhat.com Group : System Environment/Base Source RPM: shapecfg-2.2.12-7.src.rpm Size: 23764License: GPL Packager: Red Hat, Inc. http://bugzilla.redhat.com/bugzilla Summary : A configuration tool for setting traffic bandwidth parameters. Description : The Shapecfg program configures and adjusts traffic shaper bandwidth limiters. Traffic shaping means setting parameters or limit to which network traffic should conform--setting limitations on bandwidth consumption. To use Shapecfg, you must have also installed the kernel which supports the shaper module (kernel versions 2.0.36 or later and late 2.1.x kernels). Install the shapecfg package if you want to set traffic bandwidth parameters, and if you have the appropriate kernel. -- ---GRiP--- Web: www.arcadia.au.com/gripz Phone/fax: 02 4950 1194 Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] limit apaches bandwidth usage
I don't think apache can do it *george looks up apache site*... if anything you might be able to rig squi to use delay pools and proxy it into the apache server... don't ask how but it's a thought thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Doug Stalker [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 19 December 2001 10:53 PM To: Slug Subject: [SLUG] limit apaches bandwidth usage How can I limit Apaches bandwidth use? I have a 256 kbps outgoing connection with Telstra ADSL (when it works...) and would like to limit apache to using only 192kbps, so that I can still use systems inside the network when my web-site is being hit. - Doug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Dud Network Car?
I had/have this problem with my thrid network card which goes to a LAN upstairs. It's happened since moving to a new firewall (hardware changed but HDD stayed).. I moved the cards around and even changed the cards over. In the end I disabled the card as it was no longer needed but found that it was sharing IRQs which was weird as I changed then in the BIOS but they seemed to still want to have the same IRQ as the other NIC. weird... I was getting a whole lot of errors though on the console.. this isn't possibly what you've got but just thought I'd throw that in... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Terry Collins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 19 December 2001 10:19 AM To: Slug List Subject: [SLUG] Dud Network Car? Just checking my thought processes before I start pulling hw apart. The server network looks to be fine, ifconfig reports all interfaces up, but ping always return network/host unreachable or such. Ifconfig shows no packets on eth0 interface. tcpdump only shows messages from this host. At this stage I am thinking that perhaps the network card has died for some reason ( power drops out have been recently occurring) Curiously traceroute shows a line like 1. cissus 2998.99ms !H 2998.99ms !H 2998.99ms !H This has me thinking that perhaps it is as simple as a snafu'ed file from the power outages. netstat -nr is fine with lo line, local network line and gw line. -- Terry Collins {:-)}}} Ph(02) 4627 2186 Fax(02) 4628 7861 email: [EMAIL PROTECTED] www: http://www.woa.com.au Wombat Outdoor Adventures Bicycles, Books, Computers, GIS People without trees are like fish without clean water -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Perl Glob
Hi all, Again with this globbing.. I can't see anything about using glob in reverse order only using nosort. I'm using this: my $dir = ./news/*.n; @files = glob($dir); Have having this listing using ls -l which is the order that glob seems to be doing, Dec 10 16:30 011024.n Dec 10 16:28 011026.n Dec 10 16:28 011107.n Dec 10 19:21 011210.n Dec 12 16:33 011212.n Dec 13 10:48 011213.n Dec 14 14:48 011214.n Dec 18 13:37 011217.n but what I need is this (reversed/latest first): Dec 18 13:37 011217.n Dec 14 14:48 011214.n Dec 13 10:48 011213.n Dec 12 16:33 011212.n Dec 10 19:21 011210.n Dec 10 16:28 011107.n Dec 10 16:28 011026.n Dec 10 16:30 011024.n I can't figure out how to use the File::Glob properly.. can anyone help? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Perl Glob
Oh cool thanks. works like a beaute. I couldn't figure out how the $a and $b were derived.. I've got alot more reading to do now.. many thanks again... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Andre Pang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 19 December 2001 11:45 AM To: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] Perl Glob On Wed, Dec 19, 2001 at 11:43:15AM +1100, George Vieira wrote: Again with this globbing.. I can't see anything about using glob in reverse order only using nosort. I'm using this: my $dir = ./news/*.n; @files = glob($dir); from perldoc -f sort: sort SUBNAME LIST sort BLOCK LIST sort LIST Sorts the LIST and returns the sorted list value. one of the examples given is: # same thing in reversed order @articles = sort {$b cmp $a} @files; use '=' instead of 'cmp' if you want to sort numerically instead of lexically (see the perlfunc manpage for more information), e.g. @files = sort {$b = $a} @files;. so glob the directory first, then sort it afterward. -- #ozone/algorithm [EMAIL PROTECTED] - trust.in.love.to.save -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Cable providers
Yeah this the funny part about Tel$tra. I can pay _ALL_ my bills over the internet except the actual internet bill itself. Every time I have connection problems they want me to uninstall and reinstall my NIC drivers and PPPoE software. I usually tell them I've done that already, then they ask where does it stop working and depending on the problem/logs I'm having I tell them it's the progress bar times out or authentication problems... hee hee works for me. I think Tel$tras problem is that they have script kiddies working there.. possibly playing CS on their Wireplay network and do maintenance after school which is why it's always down after 5:30pm-6:00pm. They don't do maintenance late at night because these kids have to go to bed. This explains everything to me...see. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Erik de Castro Lopo [mailto:[EMAIL PROTECTED]] Sent: Monday, 17 December 2001 7:33 PM To: [EMAIL PROTECTED] Subject: Re: [SLUG] Cable providers On Mon, 17 Dec 2001 18:55:47 +1100 Erik de Castro Lopo [EMAIL PROTECTED] wrote: I forgot the biggest irony of them all. 10) I cannot pay for the bigpong service over the net, nor via BPay. I have to go to a bloody post office and pay it with eftpos. Erik -- +---+ Erik de Castro Lopo [EMAIL PROTECTED] (Yes it's valid) +---+ I would rather spend 10 hours reading someone else's source code than 10 minutes listening to Musak waiting for technical support which isn't. - Dr. Greg Wettstein, Roger Maris Cancer Center -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] subracting dates from dates
Hi all, Is there a way to subtract the number of days remaining from a date so I can report back 125 days remaining etc.. under linux/perl? I want to subtract it from a date which will be a special event etc.. Is there a date to interger conversion or something? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] subracting dates from dates
Thanks to all that replied.. I found a way to do it in bash but now want to use perl to check the passed in date for it's format ie... mm/dd/ format. I'd be happy with just 00-99 numbers.. At the moment I've done this (below) in shell commands in perl but wanted to pass in $date is possible and checked too for errors.. I've taken a big guess and tried it.. it seems to work (OMG) but would like suggestions... # This part was original test and works but want $in{eventdate} to replace $date $date=02/23/2002; $event=`date -d \$date +%s`; $nowdate=`date +%s`; $daysleft=`echo $((($event - $nowdate) / 86400 ))`; if ( $in{eventdate} !~ /^[0-9]+[\/]+[0-9]+[\/]+[-]+$/ ){ print EOT; Content-type: text/plain Invalid Date Format with $in{eventdate} EOT exit(0); } else { print $in{eventdate} is just fine; any help with this I appreciate it. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Tony Green [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 December 2001 12:00 PM To: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] subracting dates from dates * This one time, at band camp, George Vieira said: Hi all, Is there a way to subtract the number of days remaining from a date so I can report back 125 days remaining etc.. under linux/perl? I want to subtract it from a date which will be a special event etc.. Is there a date to interger conversion or something? If your dates are in Epoch seconds, and fall in the range Fri Dec 13 20:45:52 1901 to Tue Jan 19 03:14:07 2038 (inclusive), simply subtract one from the other and convert the seconds to days. $seconds = $recent - $earlier; If you have distinct DMYMHS values, or are worried about the range limitations of Epoch seconds, use the Date::Calc module from CPAN. It can calculate the difference between dates: use Date::Calc qw(Delta_Days); $days = Delta_Days( $year1, $month1, $day1, $year2, $month2, $day2); It also calculates the difference between dates and times: use Date::Calc qw(Delta_DHMS); ($days, $hours, $minutes, $seconds) = Delta_DHMS( $year1, $month1, $day1, $hour1, $minute1, $seconds1, # earlier $year2, $month2, $day2, $hour2, $minute2, $seconds2); # later Discussion One problem with Epoch seconds is how to convert the large integers back to forms that people can read. The following example shows one way of converting an Epoch seconds value back to its component numbers of weeks, days, hours, minutes, and seconds: $bree = 361535725; # 16 Jun 1981, 4:35:25 $nat = 96201950; # 18 Jan 1973, 3:45:50 $difference = $bree - $nat; print There were $difference seconds between Nat and Bree\n; There were 265333775 seconds between Nat and Bree $seconds= $difference % 60; $difference = ($difference - $seconds) / 60; $minutes= $difference % 60; $difference = ($difference - $minutes) / 60; $hours = $difference % 24; $difference = ($difference - $hours) / 24; $days = $difference % 7; $weeks = ($difference - $days)/ 7; print ($weeks weeks, $days days, $hours:$minutes:$seconds)\n; (438 weeks, 4 days, 23:49:35) Date::Calc's functions can ease these calculations. The Delta_Days function returns the number of days between two dates. It takes the two dates as a list: year, month, day. The dates are given chronologically - earliest first. use Date::Calc qw(Delta_Days); @bree = (1981, 6, 16); # 16 Jun 1981 @nat = (1973, 1, 18); # 18 Jan 1973 $difference = Delta_Days(@nat, @bree); print There were $difference days between Nat and Bree\n; There were 3071 days between Nat and Bree The Delta_DHMS function returns a four-element list corresponding to the number of days, hours, minutes, and seconds between the two dates you give it. use Date::Calc qw(Delta_DHMS); @bree = (1981, 6, 16, 4, 35, 25); # 16 Jun 1981, 4:35:25 @nat = (1973, 1, 18, 3, 45, 50); # 18 Jan 1973, 3:45:50 @diff = Delta_DHMS(@nat, @bree); print Bree came $diff[0] days, $diff[1]:$diff[2]:$diff[3] after Nat\n; Bree came 3071 days, 0:49:35 after Nat See Also The documentation for the CPAN module Date::Calc -- Greeno [EMAIL PROTECTED] GnuPG Key : 1024D/B5657C8B Key fingerprint = 9ED8 59CC C161 B857 462E 51E6 7DFB 465B B565 7C8B Imagine working in a secure environment and finding the string _NSAKEY in the OS binaries without a good explanation -Alan Cox 04/05/2001 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] subracting dates from dates
OK.. I figure some things out and this is really messy I know but at least it works for me... print Content-type: text/plain\n\n; if ( $in{eventdate} !~ /^[0-9]+[\/]+[0-9]+[\/]+[0-9]+[0-9]+[0-9]+[0-9]$/ ){ print TBA; exit(0); } else { $date=$in{eventdate}; $event=`date -d \$date\ +\%s\`; $nowdate=`date +%s`; $daysleft=int (eval ((( $event - $nowdate ) / 86400 ))); print $daysleft; } Thanks for all your help.. will try the full perl when I get around to it.. George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: George Vieira Sent: Tuesday, 18 December 2001 1:02 PM To: Sydney Linux Users Group (E-mail) Subject: RE: [SLUG] subracting dates from dates Thanks to all that replied.. I found a way to do it in bash but now want to use perl to check the passed in date for it's format ie... mm/dd/ format. I'd be happy with just 00-99 numbers.. At the moment I've done this (below) in shell commands in perl but wanted to pass in $date is possible and checked too for errors.. I've taken a big guess and tried it.. it seems to work (OMG) but would like suggestions... # This part was original test and works but want $in{eventdate} to replace $date $date=02/23/2002; $event=`date -d \$date +%s`; $nowdate=`date +%s`; $daysleft=`echo $((($event - $nowdate) / 86400 ))`; if ( $in{eventdate} !~ /^[0-9]+[\/]+[0-9]+[\/]+[-]+$/ ){ print EOT; Content-type: text/plain Invalid Date Format with $in{eventdate} EOT exit(0); } else { print $in{eventdate} is just fine; any help with this I appreciate it. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Tony Green [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 December 2001 12:00 PM To: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] subracting dates from dates * This one time, at band camp, George Vieira said: Hi all, Is there a way to subtract the number of days remaining from a date so I can report back 125 days remaining etc.. under linux/perl? I want to subtract it from a date which will be a special event etc.. Is there a date to interger conversion or something? If your dates are in Epoch seconds, and fall in the range Fri Dec 13 20:45:52 1901 to Tue Jan 19 03:14:07 2038 (inclusive), simply subtract one from the other and convert the seconds to days. $seconds = $recent - $earlier; If you have distinct DMYMHS values, or are worried about the range limitations of Epoch seconds, use the Date::Calc module from CPAN. It can calculate the difference between dates: use Date::Calc qw(Delta_Days); $days = Delta_Days( $year1, $month1, $day1, $year2, $month2, $day2); It also calculates the difference between dates and times: use Date::Calc qw(Delta_DHMS); ($days, $hours, $minutes, $seconds) = Delta_DHMS( $year1, $month1, $day1, $hour1, $minute1, $seconds1, # earlier $year2, $month2, $day2, $hour2, $minute2, $seconds2); # later Discussion One problem with Epoch seconds is how to convert the large integers back to forms that people can read. The following example shows one way of converting an Epoch seconds value back to its component numbers of weeks, days, hours, minutes, and seconds: $bree = 361535725; # 16 Jun 1981, 4:35:25 $nat = 96201950; # 18 Jan 1973, 3:45:50 $difference = $bree - $nat; print There were $difference seconds between Nat and Bree\n; There were 265333775 seconds between Nat and Bree $seconds= $difference % 60; $difference = ($difference - $seconds) / 60; $minutes= $difference % 60; $difference = ($difference - $minutes) / 60; $hours = $difference % 24; $difference = ($difference - $hours) / 24; $days = $difference % 7; $weeks = ($difference - $days)/ 7; print ($weeks weeks, $days days, $hours:$minutes:$seconds)\n; (438 weeks, 4 days, 23:49:35) Date::Calc's functions can ease these calculations. The Delta_Days function returns the number of days between two dates. It takes the two dates as a list: year, month, day. The dates are given chronologically - earliest first. use Date::Calc qw(Delta_Days); @bree = (1981, 6, 16); # 16 Jun 1981 @nat = (1973, 1, 18); # 18 Jan 1973 $difference = Delta_Days(@nat, @bree); print There were $difference days between Nat and Bree\n; There were 3071 days between Nat and Bree The Delta_DHMS function returns a four-element list corresponding to the number of days, hours, minutes, and seconds between the two dates you give it. use Date::Calc qw(Delta_DHMS); @bree = (1981, 6, 16, 4, 35, 25); # 16 Jun 1981, 4:35:25 @nat = (1973, 1, 18, 3, 45, 50); # 18 Jan 1973, 3:45:50 @diff = Delta_DHMS(@nat, @bree); print Bree came $diff[0] days, $diff[1]:$diff[2]:$diff[3] after Nat\n; Bree came 3071 days, 0:49:35 after Nat See Also The documentation for the CPAN module Date::Calc -- Greeno [EMAIL PROTECTED] GnuPG Key : 1024D/B5657C8B Key fingerprint = 9ED8 59CC C161 B857 462E 51E6 7DFB 465B
RE: [SLUG] Suspect Claims Al Qaeda Hacked Microsoft
yeah it is.. it take 10% of your bandwidth and spams microsoft with info. I might start a GUI OS company called bighard. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Jon Biddell [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 December 2001 4:42 PM To: Jason Rennie Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] Suspect Claims Al Qaeda Hacked Microsoft On Tue, Dec 18, 2001 at 05:26:17PM +1100, Jason Rennie wrote: During interrogation, Afroze, 25, also claimed that a member or members of Osama bin Laden's Al Qaeda network, posing as computer programmers, were able to gain employment at Microsoft and attempted to plant trojans, trapdoors, and bugs in Windows XP, according to Ravi Visvesvaraya Prasad, a New Delhi information systems and telecommunication consultant. But the real question is, who would notice ? I thought XP *was* a virus ? Jon -- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] character checking
Hi people, I know this isn't the Perl mailling list but I hoped that someone who knows it well enough and has possibly done something similar to this may be able to help me quickly and if they wish, off the list. I am submitting a FORM on a web page and want to make sure noone tries to exploit commands submitted to the POST action, so PerlDocs showed something like this... if ($data =~ /^([-\@\w.]+)$/) { $data = $1; # $data now untainted } else { die Bad data in $data;# log this somewhere } I tried this and it seemed to work in a test.cgi program but on the live one it keeps saying the data is bad even when the dat submitted contained only TEXT characters.. I really don't understand the test line above but it says that it only allows text,@,-,.,0-9 characters only. any help would be great. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Perl help. web script.
Hi all, Can someone help me with a perl script as I'm a n00b at this.. I have a directory (news/) which contains files which are dated eg. 011213.txt and inside it contains HTML code. I want to be able to look inside this directory and grab each file and print the contents of all of them. I can do some of this code but I don't know how to get it to select every file. Each file needs processing before printing so it's not like doing a `cat ./news/*.txt` in bash because I need to addsome HTML codearound each file before printing it. Sothe bash equivalentwould need to be something like below but in Perl: ls -lt ./new/*.txt | while read FILE do process $FILE done Another thing I need to know how to delete a file in Perl, I looked up the Perl Docs' on perl.com but the delete command talks about hashed file records and so on and no to do a basic DEL FILE... Hope some guru can help me.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L
RE: [SLUG] Perl help. web script.
Cool, thanks people. Yeah I know Guru is a bad word and it really doesn't exist in this world as even a so called Guru still learns new stuff everyday.. Unlink how would I ever know that was it.. he hee.. thx. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Gareth Walters [mailto:[EMAIL PROTECTED]] Sent: Thursday, 13 December 2001 9:18 AM To: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] Perl help. web script. - Original Message - From: George Vieira To: Sydney Linux Users Group (E-mail) Sent: Thursday, December 13, 2001 8:49 AM Subject: [SLUG] Perl help. web script. ls -lt ./new/*.txt | while read FILE do process $FILE done I am by no means a perl expert but one way to do this in perl would be.. @files = split /\n/,`/bin/ls -1 ./new/*.txt`; foreach $file (@files){ #process files here } Another thing I need to know how to delete a file in Perl, I looked up the Perl Docs' on perl.com but the delete command talks about hashed file records and so on and no to do a basic DEL FILE... I think the function you are looking for is unlink. Documentation for perl's in built functions should be available via man perlfunc ---Gareth Walters htttp://www.microforte.com.au http://www.bigworldgames.com -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Broadband user allocation
Yes, do what I do and use a specified FORWARD rule for each machine.. then count it every 5 minutes and remove the rule should the user exceed it.. eg. 110K 15M MASQ all -- 0xFF 0x00 eth1 10.10.10.10/32 0.0.0.0/0 n/a This user has a 15MB limit and the the rule killed it off.. I have just added the line before the removal... A crontab each month readds the users FORWARD rule back in... Hope this springs ideas to people.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Edwin Humphries [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 December 2001 12:18 PM To: [EMAIL PROTECTED] Subject: [SLUG] Broadband user allocation G'day, We have a low volume ADSL connection to our three-client home office network, run through a RH 6.2 server. We have ntop running to monitor network traffic, and the ISP is warning us (using some rather suspect tools) that in a week we have exceeded our month's allocation. Although I can move to the next plan up, which doubles the allocation, even this would be inadequate, and to get a plan for the claimed usage would be prohibitive. Although I don't have a problem with legitimate office use, some of the ankle-biters are downloading MP3s, movies, and staying logged on to hotmail, MSN messenger and ICQ for long periods of time - I suspect this is where most of the traffic is going. So: is there a way that I can allocate a certain amount of the monthly traffic limit to various logged-in users? In other words, person A logged in on machine 1 (an NT4 client) has a defined traffic limit for the month? Best Regards Edwin Humphries [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Pppd server won't authenticate
What's the client, a windows or linux machine? What type of authentication is your server requesting? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Doug Stalker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 December 2001 12:17 PM To: '[EMAIL PROTECTED]' Subject: [SLUG] Pppd server won't authenticate I'm currently trying to get PoPToP working, but it's coming up with an error on the server: Dec 11 12:13:58 legba pppd[10845]: The remote system is required to authenticate itself Dec 11 12:13:58 legba pppd[10845]: but I couldn't find any suitable secret (password) for it to use to do so. Dec 11 12:13:58 legba pppd[10845]: (None of the available passwords would let it use an IP address.) I've commented out ALL:PARANOID in /etc/hosts.deny, but there was no change. How can I get the server to accept the connections? Server: Debian Woody, 2.2.17 kernel Client: Windows 98 using built in VPN - Doug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Pppd server won't authenticate
Firstly unless your using TCPwrappers and pptpd in the inittab /etc/hosts.allow will do nothing.. Check your /var/log/messages for anything else, so far your posting just a couple of lines and we're probably missing an important piece.. can you send a whole pppd session logs to us? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Doug Stalker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 December 2001 12:43 PM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]'; George Vieira Subject: RE: [SLUG] Pppd server won't authenticate Client is windows. Authentication should be chap - I have both 'auth' and 'require-chap' in /etc/ppp/pptpd-options I just tried adding noauth to /etc/ppp/pptpd-options and /etc/ppp/options, and including ALL:ALL in /etc/hosts.allow, and I still got the same error. /usr/sbin/pppd: The remote system is required to authenticate itself /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so. /usr/sbin/pppd: (None of the available passwords would let it use an IP address.) Is there something else I'm misisng here? The fact that noauth is being ignored suggests to me it is in the wrong place - where should I be placing sting for this? - Doug -Original Message- From: George Vieira [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 12:22 PM To: Doug Stalker; '[EMAIL PROTECTED]' Subject: RE: [SLUG] Pppd server won't authenticate What's the client, a windows or linux machine? What type of authentication is your server requesting? -Original Message- From: Doug Stalker [mailto:[EMAIL PROTECTED]] I'm currently trying to get PoPToP working, ... How can I get the server to accept the connections? Server: Debian Woody, 2.2.17 kernel Client: Windows 98 using built in VPN - Doug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Pppd server won't authenticate
modprobe: Can't locate module char-major-108 This will be a problem... you need /etc/modules.conf modifed.. This is what I have alias /dev/ppp ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias char-major-108 ppp_generic thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Doug Stalker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 December 2001 12:53 PM To: George Vieira; '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: [SLUG] Pppd server won't authenticate Firstly unless your using TCPwrappers and pptpd in the inittab /etc/hosts.allow will do nothing.. It was worth a try. :) Check your /var/log/messages for anything else, so far your posting just a couple of lines and we're probably missing an important piece.. can you send a whole pppd session logs to us? There is nothing in messages, in syslog I get Dec 11 12:57:36 legba pptpd[11084]: CTRL: Client 202.129.XXX.XXX control connection started Dec 11 12:57:36 legba pptpd[11084]: CTRL: Starting call (launching pppd, opening GRE) Dec 11 12:57:36 legba modprobe: modprobe: Can't locate module char-major-108 Dec 11 12:57:36 legba pppd[11085]: The remote system is required to authenticate itself Dec 11 12:57:36 legba pppd[11085]: but I couldn't find any suitable secret (password) for it to use to do so. Dec 11 12:57:36 legba pppd[11085]: (None of the available passwords would let it use an IP address.) Dec 11 12:57:36 legba pptpd[11084]: GRE: read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error Dec 11 12:57:36 legba pptpd[11084]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 11 12:57:36 legba pptpd[11084]: CTRL: Client 202.129.XXX.XXX control connection finished -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Pppd server won't authenticate
He should specify the IP in the chap-secrets file or in the modems tty file ie /etc/ppp/options.ttyS0 I think the authentiction is that he doesn't have the chap-major-80 setup correctly.. so it can't authenticate properly I don't think.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: David Kempe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 December 2001 1:55 PM To: Doug Stalker; 'David Kempe'; [EMAIL PROTECTED] Subject: Re: [SLUG] Pppd server won't authenticate There is no chap-options file; should there be?. chap-secrets contains the test user bill * bob * are you using chap auth? i suggest you do at least. in which can the format is outlined in the man pages, however you need to assign an IP address in chap-secrets try replacing that last * in chap-secrets with a valid IP on your network dave -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] In Car MP3 Players
I ran a laptop on Linux and it had a MP3 playa (forgot which).. I used the keyboard as the screen was broken hence the reason for the idea.. no visual but I have sound... I didn't end up using it in the car though as I started to fear the thieves in the area... ;-)) thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Kevin Saenz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 December 2001 2:57 PM To: [EMAIL PROTECTED] Subject: [SLUG] In Car MP3 Players Hi all, I think I have a little too much time on my hands. :) I am considering the idea of building my own Linux in car Mp3 player. Before I do this I would like to find out if I can get some of the parts in Oz. Also I would appreciate it if anyone could point me in the right direction for the following A touch screen that is big enuf to fit into the dash, and runs X nicely. Power Transformer from 12 volts to computer voltage me thinks it's 5.5 volts or 3.5 ( I think that is only CPU.) Thanks Kevin -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] In Car MP3 Players
well the good thing about the laptop is that it runs on batteries and it is also 12V.. some higher unfortunately.. I had made a small ciruit so that when the car switched off it trigger a UPS type effect and made the server shutdown... when the power came back on the machine would boot up.. The only drawback was waiting for the machine to be ready... I never installed it coz I had to stuff around with the keyboard and lengths of wire for a keypad to control it and we have people around my area who like looking into cars... so I left it and used the laptop for something else.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Kevin Saenz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 December 2001 3:13 PM To: George Vieira Cc: [EMAIL PROTECTED] Subject: RE: [SLUG] In Car MP3 Players Yeah I just want to mount the sustem in my boot so it will sit next to my amp. I ran a laptop on Linux and it had a MP3 playa (forgot which).. I used the keyboard as the screen was broken hence the reason for the idea.. no visual but I have sound... I didn't end up using it in the car though as I started to fear the thieves in the area... ;-)) thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Kevin Saenz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 December 2001 2:57 PM To: [EMAIL PROTECTED] Subject: [SLUG] In Car MP3 Players Hi all, I think I have a little too much time on my hands. :) I am considering the idea of building my own Linux in car Mp3 player. Before I do this I would like to find out if I can get some of the parts in Oz. Also I would appreciate it if anyone could point me in the right direction for the following A touch screen that is big enuf to fit into the dash, and runs X nicely. Power Transformer from 12 volts to computer voltage me thinks it's 5.5 volts or 3.5 ( I think that is only CPU.) Thanks Kevin -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug --- Kevin Saenz Security Analyst mobile: +61418455661 email: [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] http access
possibly that it's listening on 127.0.0.1 and not on all devices.. look for Listen directive or similar thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Christopher Booth [mailto:[EMAIL PROTECTED]] Sent: Monday, 10 December 2001 12:20 PM To: [EMAIL PROTECTED] Subject: [SLUG] http access Hi guys, I seem to remember a similar problem someone had a while back, but couldn't find it in the archives. On the local system, if I type http://localhost it comes up with my default page. but if I type http://ausmasodp-121m which is my hostname I get a 404 error which I also get by typing the ip address into the browser. I am on Mandrake 8.1, on another box Mandrake 8.0 this works but I can't find any obvious differences in how they are set up. Any ideas on how to get this to work ? Chris -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] http access
Actually 404 is file not found so check your /var/loh/http logs for where the error occured... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: George Vieira Sent: Monday, 10 December 2001 12:20 PM To: 'Christopher Booth' Cc: Sydney Linux Users Group (E-mail) Subject: RE: [SLUG] http access possibly that it's listening on 127.0.0.1 and not on all devices.. look for Listen directive or similar thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Christopher Booth [mailto:[EMAIL PROTECTED]] Sent: Monday, 10 December 2001 12:20 PM To: [EMAIL PROTECTED] Subject: [SLUG] http access Hi guys, I seem to remember a similar problem someone had a while back, but couldn't find it in the archives. On the local system, if I type http://localhost it comes up with my default page. but if I type http://ausmasodp-121m which is my hostname I get a 404 error which I also get by typing the ip address into the browser. I am on Mandrake 8.1, on another box Mandrake 8.0 this works but I can't find any obvious differences in how they are set up. Any ideas on how to get this to work ? Chris -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Bandwith Shaping/Throttling
Never used rshaper but I have used the Linux Traffic Shapper which uses a Serial Link (not sure if this is the same thing as rshaper just renamed..??) It worked for me but was years ago.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -Original Message- From: Shaun Cronin [mailto:[EMAIL PROTECTED]] Sent: Thursday, 6 December 2001 5:30 PM To: [EMAIL PROTECTED] Subject: [SLUG] Bandwith Shaping/Throttling Hi All, The phb's have blessed me with the task of working how to simulate a 256k/512k connection between two servers. In that latter stages of the project, one server will placed in a server farm with a 256k (eventually upgarded to 512k) connection. Hence they need a proof of concept that there won't be problems with data transfer restricted to 512k. I know there is hardware that can do this but I wondered if a linux box could be used instead (and show to certain management types that Linux is wonderful). I've found rshaper which may do what I want it do. I have a Linux box doing nothing with two NICs installed. My theory is using rshaper on one NIC (which would be connected to the server that would be at 512k in real life) I can give them what they want. Has anyone used rshaper and if so, would my scenario work? Cheers, Shaun -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug