Linux-Misc Digest #461, Volume #26 Mon, 4 Dec 00 02:13:02 EST
Contents:
Re: Virtual Hosts point to MASQ machines??? ("LCR")
Re: Virtual Hosts point to MASQ machines??? (moonie;))
Re: glx , Suse 7.0 , X crashes system. (Thomas Zajic)
Re: Monitor specs? (MaryP)
enlightenment questions ([EMAIL PROTECTED])
Re: Virtual Hosts point to MASQ machines??? ("Rick Goh")
Network problem: don't know where to look (Jan Erik Moström)
Systems Change? (Dwight Fleck)
Re: Network problem: don't know where to look (Charlie Ebert)
Re: Freezing Box - *whimper* ("D. Stimits")
Re: Kernel won't mount raid0 (Stephan A Suerken)
----------------------------------------------------------------------------
From: "LCR" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking,alt.os.linux
Subject: Re: Virtual Hosts point to MASQ machines???
Date: Mon, 4 Dec 2000 05:12:24 -0000
You have to compile your kernel to support routing based on firewall mark
(or something like that) - you also need to select CONFIG_Experimental
Then try this:
ipchains -A forward -s 192.168.1.100 80 -i <external interface> - j MASQ
ipchains -A forward -s 192.168.1.200 80 -i <external interface> - j MASQ
ipchains -A forward -p tcp -d <virtual ip 1> 80 -m 1
ipchains -A forward -p tcp -d <virtual ip 2> 80 -m 2
ipmasqadm mfw -A -m 1 -r 192.168.1.100 80
ipmasqadm mfw -A -m 2 -r 192.168.1.200 80
It should be a start
Jim
------------------------------
From: moonie;) <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking,alt.os.linux
Subject: Re: Virtual Hosts point to MASQ machines???
Date: Mon, 4 Dec 2000 00:38:23 -0500
On Sun, 03 Dec 2000, Rick Goh wrote:
>I have managed to set up 2 virtual hosts. They are residing on my linux
>server; /www/client1 & /www/client2.
>
>However, what I want is to have them hosted on my other 2 clients which are
>IP MASQ machines.
>
>Scenario to be achieved:
>http://client1.domain.com --> 192.168.1.100
>http://client2.domain.com --> 192.168.1.200
>
>How can the above be achieved?
>
>Regards.
Why would you want to, this blows a hole through your firewall, bad idea.
--
moonie ;)
Registered Linux User #175104
http://counter.li.org
KDE2
Kernel 2.4.0-test5
XFree86 4.0 Nvidia .94 drivers
RAID 0 Striped
Test-Pilots-R-Us ;)
------------------------------
From: [EMAIL PROTECTED] (Thomas Zajic)
Subject: Re: glx , Suse 7.0 , X crashes system.
Reply-To: [EMAIL PROTECTED] (Thomas Zajic)
Date: Mon, 04 Dec 2000 05:45:01 GMT
On Sun, 3 Dec 2000 22:23:45 -0600, Jerry Kreps wrote:
> Does the 4.0.1 even support NV!? I don't think so.
Did you really have to quote 500 lines for a one-line answer? I don't
think so.
Thomas
--
=-------------------------------------------------------------------------=
- Thomas "ZlatkO" Zajic <[EMAIL PROTECTED]> Linux-2.2.17/slrn-0.9.6.3pl1 -
- "It is not easy to cut through a human head with a hacksaw." (M. C.) -
=-------------------------------------------------------------------------=
------------------------------
From: [EMAIL PROTECTED] (MaryP)
Subject: Re: Monitor specs?
Date: 4 Dec 2000 05:46:01 GMT
In article <[EMAIL PROTECTED]>, Steven Atkinson
<[EMAIL PROTECTED]> wrote:
> ... I don t know what
> is safe for this monitor. ...
> The literature that came with it does not mention any manufactures
If you have the manual, it should contain the necessary specs, and you
won't need to know the manufacturer at all. Look for something that tells
you the horizontal and vertical refresh rate, as well as a few other
numbers. In your install, choose a custom monitor configuration and it'll
let you enter those numbers in the appropriate places.
It will then create for you a few different possible resolutions, and once
you are in X, you will be able to shuffle between them using
cntrl-alt-plusonthekeypad or minusonthekeypad (if I remember correctly)
until you see the resolution that works best.
(If it's not that, it's shift-alt-plus or minus. Maybe somebody else will
refresh my memory here, as I don't have that feature any more.)
HTH
MP
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.x
Subject: enlightenment questions
Date: Mon, 04 Dec 2000 06:09:59 GMT
I have recently switched to enlightenment..
A couple of things I have noticed that I could use some help with:
Each window used to have an option for moving the window to another
workspace on the pager and now there is not, at least that I can tell.
How can I do this with Enlightmenment installed?
Also, when I left click or right click the desktop, I get
Enlightmentment menus.
Is there anyway to modify these hotkey so that perhaps Shift+left
click or Shift+right click do this instead?
Best regards,
Charles
------------------------------
From: "Rick Goh" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking,alt.os.linux
Subject: Re: Virtual Hosts point to MASQ machines???
Date: Mon, 4 Dec 2000 14:30:21 +0800
How does it blow a hole in my firewall? Sorry but i'm not security savvy.
Could u please elaborate? thanks.
Regards.
<moonie>; ")" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sun, 03 Dec 2000, Rick Goh wrote:
> >I have managed to set up 2 virtual hosts. They are residing on my linux
> >server; /www/client1 & /www/client2.
> >
> >However, what I want is to have them hosted on my other 2 clients which
are
> >IP MASQ machines.
> >
> >Scenario to be achieved:
> >http://client1.domain.com --> 192.168.1.100
> >http://client2.domain.com --> 192.168.1.200
> >
> >How can the above be achieved?
> >
> >Regards.
>
> Why would you want to, this blows a hole through your firewall, bad idea.
> --
> moonie ;)
>
> Registered Linux User #175104
> http://counter.li.org
>
> KDE2
> Kernel 2.4.0-test5
> XFree86 4.0 Nvidia .94 drivers
> RAID 0 Striped
> Test-Pilots-R-Us ;)
>
------------------------------
From: Jan Erik Moström <[EMAIL PROTECTED]>
Subject: Network problem: don't know where to look
Date: Mon, 04 Dec 2000 07:18:31 +0100
I'm slowly getting desperate over my Linux machine ...
frankly I (and yes I'm a newbie to Linux) have no idea
what to do to get it to connect to my network at home.
And I would be VERY GRATEFUL if someone could help me
in getting it up and running.
Here are the facts:
My network at home
Mac G4 ----------- Hub -------- PowerBook
(IP 10.1.1.2) | (IP 10.1.1.3)
|
|
PC running SuSE
(IP 10.1.1.11)
The Linux machine is running SuSE 7.0 with no updates
except for KDE2 and the driver for my network card. The
network card is a D-Link DFE-530TX and the hub is a D-Link
DE-805TP. Everything on the linux machine is working fine
(as far as I understand). The only problem is that it can't
see the other two machines and they can't see the Linux
machine (I tried ping, ftp, telnet, http).
The Macs see each other and I can use http, etc.
I started by checking the cable between the hub and the
Linux machine and it sees OK, the indicator lights on the
card and the hub is both turned on. When I send something
using the Macs I can see the indicator lights flickering
but not when I ping from the linux machine.
I issued the ifconfig command and it lists eth0 as up and
running.
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:10.1.1.11 Bcast:10.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 tcqueuelen:100
Interrupt:9 Base address:0xcc00
If I type "route -n" I get
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
If I have understood things correctly this should work.
Right now I have no idea where to start looking to find my
problem (which I suspect is a pretty basic one 8-) so if
someone have an idea ...
jem
------------------------------
From: Dwight Fleck <[EMAIL PROTECTED]>
Subject: Systems Change?
Date: Mon, 04 Dec 2000 06:30:07 -0000
Hello;
I have a Pentium 133 mhz. Packard Bell.
It is running Windows 98, And doing a very poor job of it. Windows uses
a lot of ram memory.
I am thinking of changing the system to Linux.
Is this possible? And is Linux a better system for my computer?
My main use is internet, email, web page building, and different software
programs I pick up online.
I appreciate any advice or help any one can offer.
Dwight
--
Posted via CNET Help.com
http://www.help.com/
------------------------------
From: [EMAIL PROTECTED] (Charlie Ebert)
Subject: Re: Network problem: don't know where to look
Reply-To: Charlie Ebert:<[EMAIL PROTECTED]>
Date: Mon, 04 Dec 2000 07:00:00 GMT
On Mon, 04 Dec 2000 07:18:31 +0100,
Jan Erik Moström <[EMAIL PROTECTED]> wrote:
>I'm slowly getting desperate over my Linux machine ...
>frankly I (and yes I'm a newbie to Linux) have no idea
>what to do to get it to connect to my network at home.
>And I would be VERY GRATEFUL if someone could help me
>in getting it up and running.
>
>Here are the facts:
>
>My network at home
>
> Mac G4 ----------- Hub -------- PowerBook
> (IP 10.1.1.2) | (IP 10.1.1.3)
> |
> |
> PC running SuSE
> (IP 10.1.1.11)
>
>The Linux machine is running SuSE 7.0 with no updates
>except for KDE2 and the driver for my network card. The
>network card is a D-Link DFE-530TX and the hub is a D-Link
>DE-805TP. Everything on the linux machine is working fine
>(as far as I understand). The only problem is that it can't
>see the other two machines and they can't see the Linux
>machine (I tried ping, ftp, telnet, http).
>
>The Macs see each other and I can use http, etc.
>
>I started by checking the cable between the hub and the
>Linux machine and it sees OK, the indicator lights on the
>card and the hub is both turned on. When I send something
>using the Macs I can see the indicator lights flickering
>but not when I ping from the linux machine.
>
>I issued the ifconfig command and it lists eth0 as up and
>running.
>
>eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
> inet addr:10.1.1.11 Bcast:10.1.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 tcqueuelen:100
> Interrupt:9 Base address:0xcc00
>
>If I type "route -n" I get
>
>Destination Gateway Genmask Flags Metric Ref Use Iface
>10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
>
>If I have understood things correctly this should work.
>
>
>
>Right now I have no idea where to start looking to find my
>problem (which I suspect is a pretty basic one 8-) so if
>someone have an idea ...
>
>
>
>
> jem
I have an idea!
If you can web browse the suse box and get the
apache sample web page
then to into webmin and use that to set up
the server!
I have a local network so I can try http://192.168.1.25
That get's up MY local box, your's will have a different
IP number. There I see my default apache webserver page.
Then I use http://192.168.1.25:10000 or
https://192.168.1.25:10000
to get webmin running.
https is the secured version and I don't know which
one suse would have set up. My debian box uses
the secure version.
The first thing webmin will get you to do is log
into it as root, do so.
The rest is very simple. When the webmin screen
comes up after login cruise around in there
and find what you need to do. There are ton's
for help files and this thing is MUCH easier to
understand, believe me.
I have a web server here and also a samba server
for my windows desktops and a firewall I adminster
it all with webmin.
Very good product and it's already installed on
your suse 7.0 server I think you will find.
YOu shouldn't have to do anything but run it.
Now from the server side, see if you can web
browse the internet with it. That will
let you know if the network card has been
set up properly for all this to work right.
Suse usually does a very good job of setting up
network cards and the one you described will probably
be set up using the tulip driver as most
dlink cards use that.
Charlie
------------------------------
Date: Mon, 04 Dec 2000 00:03:12 -0700
From: "D. Stimits" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Freezing Box - *whimper*
[EMAIL PROTECTED] wrote:
>
> In article <90enkp$qee$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Bill Unruh) wrote:
> > In <90eh4g$lg1$[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
> >
> > ]In article <[EMAIL PROTECTED]>,
> > ] [EMAIL PROTECTED] wrote:
> > ]> [EMAIL PROTECTED] wrote:
> > ]> >
> > ]> > I work for Ossec International (ossec.com, if you're interested
> in
> > ]our
> > ]> > page/product/whatever). We have recently installed a firewall at
> a
> > ]> > company in our base here in Sydney. Everything was going okay
> until
> > ]> > three weeks in, when it suddenly stops, it just freezes - no
> > ]keyboard
> > ]> > input, nothing.
> > ]> > We thought at first it might be a hardware problem/conflict of
> some
> > ]> > kind so we took out the four-port ethernet card and replaced it
> with
> > ]> > three standard ones. Then it was still freezing, so we just
> replaced
> > ]> > the entire box with one with a quicker processor.
> > ]> > It's still freezing.
> > ]> > The only clues we have to what may or may not be happening is one
> > ]entry
> > ]> > in the Apache access_log which gives a line that looks like this:
> > ]> > ^@^@^@^@^@^@^@^@^@^@^@
> > ]> > right after the freeze is registered as happening.
> > ]> > The company in question gets alot of emails every day; over
> 5,000.
> > ]Even
> > ]> > though they use Microsoft Exchange as their mail server ( we
> shan't
> > ]> > hold that against them too much; we're a pretty easy-going
> company,
> > ]as
> > ]> > companies go ) it still shouldn't be enough to freeze the box up
> > ]> > entirely.
> > ]> > We are using a slimmed-down SuSE 6.4 on the box ( slimmed down in
> > ]that
> > ]> > it's a firewall; we don't have a compiler, or any other
> uneccessary
> > ]> > stuff on there that might interfere with security in any way ).
> > ]> > Please help! I am but a humble trainee with no clue as to why
> this
> > ]is
> > ]> > happening. Any more freezes ( it's now once a day, at half three
> in
> > ]the
> > ]> > afternoon, bang on time - sometimes more ), and they are probably
> > ]going
> > ]> > to cancel the contract, and as we are such a new company, we need
> > ]all
> > ]> > the contracts we can get!
> > ]> >
> > ]> > Sent via Deja.com http://www.deja.com/
> > ]> > Before you buy.
> > ]>
> > ]> If you run out of both physical ram and swap, it will freeze.
> Servers
> > ]> can use a lot of memory, and if it has caching DNS on it, that too
> > ]can.
> > ]> You might want to monitor closely the amount of swap it has, and
> how
> > ]> much is used, up till the time it freezes.
> > ]>
> > ]> And if there is a slightly low power line voltage at that
> location, or
> > ]> spikes and other surges, it can show up that way as well. Make sure
> > ]you
> > ]> have a good UPS on the line that can handle brownouts. Make sure
> the
> > ]> power supply in the machine is sufficient for the hardware.
> > ]>
> >
> > ]I'm pretty sure it's not a physical ram or swap problem because
> because
> > ]the cpu and memory usage never falls below 50%. Most days, I've seen
> it
> > ]hover at around 98% idle. We even have a top.log and there has never
> > ]been any processor usage that has taken it anywhere near maximum
> > ]capacity.
> > ]Similarly, we are not using caching DNS. We are using external DNS
> and
> > ]we don't cache it inside the firewall. It's not really acting as a
> > ]server.
> > ]The company in question has a pretty good UPS and a well insulated
> > ]power supply already. Although it is entirely likely that there may
> be
> > ]power surges, having spent alot of time troubleshooting on site, I
> > ]think I can say that I don't believe it to be a power-supply problem
> in
> > ]any way, which is what makes it all the more frustrating that I can't
> > ]figure out why it's still freezing.
> >
> > ]As to your last suggestion about it being an i840, I realised I
> should
> > ]have informed you, but it's an 810 chipset, so I don't think that is
> > ]the problem, either.
> >
> > Well, I would suspect a hacker attack. Make sure that you have updated
> > all of the security stuff on the system. If suse uses rpm do
> > rpm -Va |grep '^..5'>/tmp/verify
> > and see if thee is anything suspicious. (Some of the files will
> > certainly have changed, but if things like find, ls, ps have changed
> you
> > have a hacker attack).
> >
> > Next, I know on Mandrake 7.1 there was a bug which overflowed the
> nodes
> > on the / filesystem So although it indicted there was lots of disk
> > space, all the inodes were used up
> > Look in all the /var/log files and directories for a huge bunch of
> > files.
> >
> > When you moved to a new box did you just move the disks or did you
> > reinstall?
> >
> > What happens if you do not run apache? (I know, it is supposed to be a
> > http server, so this is just a test).
> >
> >
>
> We cannot use the rpm command because our distribution of SuSE is not
> the standard one. It's a slimmed down copy of it, for security reasons.
> We check the files using MD5, and nothing appears to have been changed.
> If it is a hacker attack, I want them working for me! because there's
> no record on any other of the logs listing this as a potential attack.
> For this reason, one of my co-workers thought that perhaps it was their
> mail server (exchange) sending bad requests to the firewall, but I
> don't know, now.
>
> When we moved boxes, we did a complete re-install, and then uploaded
> the backup, with the old settings, which is why I'm wondering whether
> this could perhaps be a conflict in some setting somewhere. I don't
> know enough about smwrap to be able to say so, though, with any
> certainty, and I don't know how to find out.
>
> It would be difficult to test how the box runs without apache because
> it's a working model - it's in use 24 hours a day - and taking it down
> just to run some experiments is going to really piss off this company.
> We have a similar setup to this troublesome location in another place,
> and they also have Exchange, and nothing there seems to go wrong, so I
> really don't know whether taking down Apache would help. The only
> difference in locales is that this problematic place has a user base of
> ninety or so, and the other (working one) is smaller.
>
> It's very confusing, and very frustrating. I really appreciate all the
> suggestions, though, because at least I can find out what the
> problem /isn't/, and may be therefore narrow down the scope a little
> more.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
It sounds rather mysterious so far. If you have the magic sysrq enabled
(see kernel doc at /usr/src/linux/Documentation/sysrq.txt), you might
get some kind of response that at least tells you if some part is still
running. On RH, besides having a kernel that supports sysrq,
/etc/sysctl.conf must contain the line:
kernel.sysrq = 1
One thing that is probably unrelated but which the /etc/sysctl.conf
reminds me of, is to tell the kernel to always defragment; this might
improve its ability in some way to deal with bad packets (intentional or
otherwise). I say this only as something that won't hurt, but is
unlikely to actually help. In /etc/sysctl.conf (for RH), it has this
line:
net.ipv4.ip_always_defrag = 1
The other thing I'd do is simply explore some of the data available in
/proc/. For example, if you had an irq conflict, it might not show up
until something occurs that actually causes two conflicting devices to
run at the same time. /proc/interrupts could be worth looking at, as
well as some of the networking files (looking for errors). If you run
scsi, there are also scsi statistics.
If you know the exact time of any failures, you might want to see what
cron jobs could possibly have been running at the failure time.
Also, what kind of ethernet card does it have?
------------------------------
From: Stephan A Suerken <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: Kernel won't mount raid0
Date: 04 Dec 2000 07:47:18 +0100
Peter,
"Peter T. Breuer" <[EMAIL PROTECTED]> writes:
> In comp.os.linux.misc Stephan A Suerken <[EMAIL PROTECTED]> wrote:
> > /dev/md0 raid0,16k,0,802eab69 /dev/hda3 /dev/hdc2
> > oo Kernel 2.2.18pre23 and Kernel 2.2.17pre6 (both tried), with the
> > necessary RAID options (raid0, boot) enabled. Not as modules of course.
> > image = /vmlinuz
> > label = Orlok_Kernel
> > root = /dev/md0
> > read-only
> > vga=4
> > append="md=0,0,16,0,/dev/hda3,/dev/hdc2"
>
> waaaaaaaaaaah. Raid mirror root. Bad bad bad. Can you really do this?
No! Good (tm) idea! ;) However, I never talked of mirror mode.
> It'd requires heaps of special support in the kernel! Where did you see
> that you could? (Yes, *I* know that one can, with lots of prayer, but
> it's not something that the random person in the street should assume
> is just a normal situation that requires no effort).
There is support to boot linear and striped (raid0) arrays since
2.2.x. I can really do this. Or, that is, I should really ought to be
able to be doing this ;).
> > ---
> > EXT2-fs error (device md(9,0)): ext2_check_descriptors: Block bitmap for group 64
>not
> > in group (block 3670038)!
> > EXT2-fs: group descriptors corrupted!
> > ---
>
> Yes, well, not surprised. Go find a kernel that is guaranteed to do
> raid mirror root,
As said above. All kernels >=2.2.0. There is only the uncertainty of
me being able to read or not.
> and set it up for it. You need at least::
>
> CONFIG_BLK_DEV_MD=y
> CONFIG_MD_MIRRORING=y
> CONFIG_MD_BOOT=y
I don't need MD_MIRRORING (raid0 only), although I actually have it in
the kernel. As for the rest, I have it all of course.
Imho, there must be some slight difference in creating the /dev/md0
device between doing it from userspace via raidtools, or directly in
the kernel via boot options. The second imho most likely thing is that
I give the wrong chunk size factor. Kernel's md.txt isn't really clear
about that.
MfG,
Stephan
--
s-Stephan A Suerken <[EMAIL PROTECTED]>
s-WWW http://www.fh-worms.de/~inf222
s-Debian-related mail: <[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
