Jim, Jarmo:
I noticed this when my clients added Win98 systems to their Novell network
which uses diald for dial on demand and other Internet uses. I setup my
clients with static IPs. Then in /etc/hosts I added all the ip addreses
with dummy names. It is smple to implement at many client sites because
we have some rules.
1) Linux box internal ip always 10.0.0.1
2) Other servers are 10.0.0.10 to 10.0.0.99
3) All users are 10.0.0.100 to 10.0.0.250
Therefore we have a floppy copy of etc/hosts with entries like
10.0.0.100 ws0
10.0.0.101 ws1
Where the wsx are the dummy names and they are all ws0 through ws150.
Now the Linux box says I know who they are, so diald don't dial.
I wonder if this is why others run a local DNS to have the Linux box
"know" of the existence of these IP addresses. For the effort of copying
a file it is simple to set up. Then if local DHCP is in use limit the IP
range to values from 10.0.0.100 to 10.0.0.250 which DHCP will assign.
With the servers being static internal IPs.
Also see diald filter at end of message.
Hope this helps
JAH
Date sent: Thu, 02 Sep 1999 11:02:20 +0100 (BST)
Organization: Insignia Solutions plc
From: Jim Hague <[EMAIL PROTECTED]>
To: Jarmo Paavilainen <[EMAIL PROTECTED]>
Subject: RE: dial at startup
Copies to:
> > What does Win98 do that Linux does not at boot (actually Login, "NT
> > login" _without_ NT-domain).
>
> (Warning - it's years since I looked at this).
>
> If it's trying to log into an NT domain and you have checked the 'Enable
> DNS for Windows Resolution' Win95 at least will generate a blizzard of
> garbage name lookups for DNS. If (like me) you have diald set to bring the
> line up for DNS that can't be satisfied locally, your line will come up
> while this farrago is in progress. --- Jim Hague - [EMAIL PROTECTED]
> (Work), [EMAIL PROTECTED] (Play) Never trust a computer you can't
> lift.
>
These are a collection from various replies to the list and watching the
list for 8+ months. Apologies if it does not fit your needs.
# diald rules - included by /etc/diald/diald.conf #
# rules 1 thru 5
ignore tcp tcp.fin,tcp.ack
keepup tcp 120 tcp.ack,tcp.source=tcp.http
accept tcp 120 tcp.dest=tcp.http
keepup tcp 60 tcp.ack,tcp.source=tcp.ftp-data
keepup tcp 60 tcp.ack,tcp.dest=tcp.ftp-data
# rules 6 thru 10
keepup tcp 60 tcp.ack,tcp.dest=tcp.ftp
keepup tcp 60 tcp.ack,tcp.source=tcp.ftp
keepup tcp 20 tcp.ack
ignore tcp tcp.ack
accept tcp 120 tcp.syn
# rules 11 thru 15
ignore tcp tcp.source=tcp.domain
ignore tcp tcp.dest=tcp.domain
accept tcp 5 ip.tot_len=40,tcp.syn
ignore tcp ip.tot_len=40,tcp.live
accept tcp 240 tcp.dest=tcp.http
# rules 16 thru 20
accept tcp 240 tcp.source=tcp.http
keepup tcp 5 !tcp.live
ignore tcp !tcp.live
accept tcp 60 tcp.dest=tcp.ftp
accept tcp 60 tcp.source=tcp.ftp
# rules 21 thru 25
accept tcp 60 tcp.dest=tcp.ftp-data
accept tcp 60 tcp.source=tcp.ftp-data
keepup tcp 300 any
ignore udp udp.dest=udp.who
ignore udp udp.source=udp.who
# rules 26 thru 30
ignore udp udp.dest=udp.route
ignore udp udp.source=udp.route
ignore udp udp.dest=udp.ntp
ignore udp udp.source=udp.ntp
ignore udp udp.dest=udp.timed
# rules 31 thru 42
ignore udp udp.source=udp.timed
ignore udp udp.dest=udp.domain,udp.source=udp.domain
ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
ignore udp udp.dest=udp.netbios-dgm
ignore udp udp.source=udp.netbios-dgm
## ignore udp udp.dest=udp.netbios-ssn
## ignore udp udp.source=udp.netbios-ssn
### Above two disabled as I keep gettin an error when parsing
### and no udp ssn service setup on any of the Linux boxes.
### Rules 36 thru 40
ignore tcp tcp.source=tcp.netbios-ns,tcp.dest=tcp.netbios-ns
ignore tcp tcp.dest=tcp.netbios-dgm
ignore tcp tcp.source=tcp.netbios-dgm
ignore tcp tcp.dest=tcp.netbios-ssn
ignore tcp tcp.source=tcp.netbios-ssn
### Rules 41 thru 46
accept udp 30 udp.dest=udp.domain
accept udp 30 udp.source=udp.domain
ignore udp udp.dest=udp.netbios-ns
ignore udp udp.source=udp.netbios-ns
ignore udp tcp.dest=udp.route
ignore udp tcp.source=udp.route
# accept udp 180 any
# rule 47 thru 48
ignore any ip.tot_len=60,ip.daddr=224.0.0.10
accept any 120 any
In general I have found that the ignore must go before accept as per the
diald notes.
JAH
Failure is not an option. It comes bundled with your Windows Product.
James A. Haliburton
On-Site Computer Services of Halifax
Suite 100, 25 Walton Drive
Halifax, Nova Scotia
Canada B3N 1X6
Cell/Pager : (902)499-5250
Home/Office : (902)477-8342
e-mail : [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
