Gyepi SAM wrote:
>
> On Mon, Aug 09, 1999 at 03:24:23PM -0400, Paul Stephenson wrote:
>
> > Prob 1. Spurious dialouts of between a minute and two minutes duration
> > sporadically. I've filtered all the Netbios calls in my standard.filter and
> > disabled the browse master on those Win clients that use file and print for
> > MS networks. I admit I have not removed Windows critical update from the
> > one Win 98 PC connected, as the dialouts happen even when this PC is turned
> > off. In each instance the filter being accepted is:
> > "filter accepted rule 27 proto 17 len". Could it be the Samba server and
> > how can I stop this?
>
> I am not sure, but I think proto 17 is for named packets.
> You may want to dig a little more into it. Increase the log levels in
> samba and see what it says.
> Make sure that your caching named server responds correctly for all
> machine names and aliases in your domain. Also, keep in mind that
> Windows machines can be configured to use DNS to resolve Netbios calls.
> you may wish to turn that off. See my response to question 2 for other
> solutions.
>
> >
> > Prob 2. All the users love diald but I need to produce some reporting for
> > management. Specifically, they'd like to see a weekly report of those
> > Websites visited. This would need to include domain names and visit
> > frequency. Is this something that can only be done with Squid?
>
> Geez, that seems rather like an invasion of the illusion of privacy.
> Opinions aside, since you are running ipfwadm, you can use that to log
> these things.
> The rule
>
> ipfwadm -I -accept -y -P tcp -S 10.0.0.1/255 80 -o
>
> will catch and log all http requests originating from your domain.
> The -y tells ipfwadm to only catch packets with the syn bit set. That
> way you only log the attempt to connect and ignore all subsequent
> packets for the same tcp session. Change the netmask to represent your
> own. You may with to also put in a similar line for port 443 ( or
> whatever port https uses. I think that's right). You could also add
> to the rule to watch particular interfaces and so on.
>
> You'll then want to write a script to analyse the log and generate reports.
> That is left as an exercise for the reader. Before you embark on it
> though, checkout the syslog reporters floating around CPAN. You are
> using perl for the reports arent't you?
>
> --
> Gyepi Sam --+-- Designer/Programmer --+-- Network/System Administrator
> [EMAIL PROTECTED] --+-- http://www.praxis-sw.com/gyepi
>
> What is a magician but a practising theorist? -- Obi-Wan Kenobi
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to [EMAIL PROTECTED]
use tcpdump -i sl0 to see what's bringing the link up. it might be
samba, as it tries to resolve netbios names with DNS if it can't do so
with netbios. so if your Win boxes are trying to connect to a share on a
PC that's switched off, samba will try to find that PC's netbios, fail
('cos the PC's switched off and has not registered with samba) and use
DNS. depending on your named/diald config, this can cause your link to
go up.
--
:D_ima
Dima Nemchenko
[EMAIL PROTECTED]
---------------------------------------------------------------------
"I was drugged!!!"
Mulder
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
