Re: [expert] closing ports

[Gregor Maier]

This depends on your server. If the server tries to get the portnumber on which
to listen from the services file (get_servbyname) then this would work. But NOT
if the the server has a numeric port number in its config (like apache).

 
On 21-Sep-2001 James Sparenberg wrote:
> All,
>Coming from the BSD world I can say that to "close" a port I would simply
> edit /etc/services and comment out (add a # sign) at the front of every line
> for a port and service I didn't need/want running.  Wouldn't this work the
> same in Linux?  If not, does anyone know why?
> 
> James
> 
> On Fri, 21 Sep 2001 17:49:38 -0400
> etharp <[EMAIL PROTECTED]> wrote:
> 
>> On Friday 21 September 2001 17:12, you wrote:
>> > I visited the self scan page and there are some ports open. how to close
>> > ports? I tried closing them using firewall, nothing happened.  I have
>> > used linuxconf to stop service using these ports, but they'r estill
>> > open.  mandrake 7.1 had an application to close ports, but it's not
>> > available in M 8.0, i want to close this ports, how to do it
>> 
>> 
>> Content-Type: text/plain; charset="us-ascii"; name="message.footer"
>> Content-Transfer-Encoding: 8bit
>> Content-Description: 
>> ----
>> as root, in a rext console, type "InteractiveBastille", without the quotes, 
>> noteing the caps
>> 
>> 
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 24-Sep-2001
Time: 08:46:00
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] software recommendations

[Gregor Maier]

On 20-Sep-2001 Richard Kuryk wrote:
> 1. Jedit - A great java programmers editor
>  
> 2. ncftp - great command line ftp program
>  
> I'm pulling together a list of gui apps for my own little mandrake based
> installation (P75, 64MB, 540MB HD). I'm looking for apps that do not use QT
> or GTK+ (I'm trying to keep things as simple as possible, and I probably
> wouldn't be installing the libraries anyways). I need:
> 
> 1. A decent text editor (Not XEmacs... I hate Emacs) 
then i should be vi / gvim ;-)
but i'm not sure if gvim requires gtk

> 2. An FTP client 
ncftp is a really good tip

> 3. CD player 

> 4. MP3/Media Player 
mpg123.

> 5. mpeg/avi player 

> I've been playing around with everything that's included with MDK 7.2, but
> most of the included apps use the aforementioned libraries. Any thoughts?
> 

And have a look a freshmeat.net
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 21-Sep-2001
Time: 07:48:31
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] multiple mailservers on one machine

[Gregor Maier]

This should not be a problem.

You just have to configure the services to listen on the desired
interface / ip-address.

for services that are run from xinet.d you must use the 
bind or interface keyword in the config file.  man xinetd.conf will tell you
more.

For "standalone" servers you have to check their config files

Gregor

On 20-Sep-2001 Patrick Erler wrote:
> hello Mandrake-expert!
> 
> i'm a bit stuck in thinking about this problem:
> 
> is it possible to bind, for instance, sendmail to eth0 port 25
> and qmail to eth0:1 port 25?
> 
> same applies for, let's say, zope on eth0 port 80 and apache on
> eth0:1 port 80...
> 
> background: i'd like to run teamware
> (http://www.teamw.com/linux/) which brings it's own (mail-
> etc...) servers parallel to "normal" services on one mandrake
> machine.
> 
> 
> regards,
> 
> PAT
> --
> 
> 
> vcard/LDAP/PGP: http://dresden-online.com/perler/identity.html
> PGP fingerprint: DAC6 2FDA 1ED7 AD55  BD1F 5142 3D5F 72BF
> 
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 21-Sep-2001
Time: 07:44:20
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Nimda

[Gregor Maier]

On 20-Sep-2001 Tom Badran wrote:
> On Thursday 20 September 2001 4:24 am, you wrote:
>> Okay then ... big question.
>>
>> How do I ensure my shares are not publicly writable?
> 
> If your not sure, then they probably are not - its harder to set them that 
> way. I have never been able to set up a writable share in samba (although i 
> havent tried very hard). Basically, you would already know.
> 
> I think the options are:
> 
> [public] = yes
> [writeable] = yes
And then the user must still autheticate himself. To make a share really
writeable to EVERYONE in your system is some more work...

So don't worry, if you haven't done it by yourself your samba share are NOT
world writeable.

Gregor
 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 20-Sep-2001
Time: 07:58:57
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Replacement for lynx -dump?

[Gregor Maier]

On 20-Sep-2001 Bob Puff@NLE wrote:
> Hello,
> 
> I need to fetch a specific URL in a cron job.. but I need it NOT to 
> report an error if it can't get to the URL.  I've been using lynx -dump, 
> but it sends root an email each and every time it fails.. I need 
> something that shuts up on errors!   Any suggestions?
> 
> Bob
> 
You can use wget. 
Use it with the --quiet option.


------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 20-Sep-2001
Time: 07:52:27
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Testing mouse wheel

[Gregor Maier]

On 18-Sep-2001 Laurent Duperval wrote:
> On 17 Sep, Moses Backman III wrote:
>>> i couldn't get it to work either with LM8.0 but BETA3 of 8.1 has it
>> and it works 
>> great
> 
> Hmm. Ok, I'll have to wait until I upgrade, I guess.
> 
My wheel mouse works with some browsers (opera, netscape) and  I can always use
it a third mouse button (VERY important under X).
I didn't do any special configuration for it it was recognized by the
Xconfigurator.



------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 18-Sep-2001
Time: 14:52:52
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Compile error: -lX11 not found

[Gregor Maier]

On 12-Sep-2001 Dave Sherman wrote:
> Hello everyone,
> 
> I hope this isn't too far off-topic, since I am running a Mandrake
> system...
> 
> I am trying to compile an application that has a GUI front-end. The
> compile dies with an error, "-lX11 not found".
> 
> This appears to be looking for a library, or a directory containing
> libraries, related to X11. Is it looking for X headers?
> 
> I'm not sure where to go from here, so any advice would be very helpful.
> 
> Dave

It is looking for the X11 library.
Try to find where this lib is (file something like libX11.so, )
I should be in /usr/lib or /usr/lib/X11

Do you have the -dev package for X11 installed?

Also make sure that the compiler can find it. Try setting the LDFLAGS before
compilation and look at /etc/ld.so.conf. The path to the lib must be in there
when you try to run your program. After changing ld.so.conf you must run
ldconfig!

export LDFLAGS="-L /PATH/TO/X-LIBS"

If the compiler complains about missing .h files also set:
export CFLAGS="-I /PATH/TO/X-HEADER"
export CXXFLAGS="-I /PATH/TO/X-HEADER"
export CPP FLAGS="-I /PATH/TO/X-HEADER"

Gregor
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 14-Sep-2001
Time: 08:35:35
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Running telnet server

[Gregor Maier]

On 14-Sep-2001 J.P.Pasnak wrote:
> On September 13, 2001 20:10 pm, you wrote:
>> Hello all,
>>
>> I realize telnet is inherently insecure, but I want to run the in.telnetd
>> on a LM8.0 machine to test some things.  I'm not sure how to get it
>> started.  There's a telnet file in /etc/xinetd.d, but no script in
>> /etc/rc.d/init.d, and I'm not sure what it should look like.
>>
> 
> Telnet server uses xinet.d, so all you have to do is edit that script in 
> '/etc/xinetd.d' and change 'disable = yes' to 'disable = no' and then make 
> sure xinet.d is running - '/etc/rc.d/init.d/xinetd status'
> 
After making the changes you must restart xinetd
with  /etc/rc.d/init.d/xinetd restart

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 14-Sep-2001
Time: 08:34:12
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Hard Drive Performance SUCKS under LM8

[Gregor Maier]

Have a look in /etc/sysconfig. I'm not sure about LM but in redhat there's a
config file that set hdparm with certain at boot time. 
If you can't find anything there have a look at /etc/rc.d/rc.local. If there's
no call to hdparm add one at the bottom with your desired options.

Also be careful with those data transfer values. What program did you use the
measure it?? Did you use bonnie or something similiar. 
Also be aware that 33MB/sec is the maxmimum transfer rate of the IDE interface.
If there a two devices on the same IDE-Channel then they have to share that
rate.

Maybe your CPU is the problem. I don't know why but for me reiserfs is pushing
a hard job to my CPU. On an AlphaStation 200 with 233MHz the performance of my
harddrive dropped from about 18-20MB/sec (ext2) to about 7 or 8 MB/sec
(reiserfs) - measured with bonnie++. The reason for that drop was that the CPU
couldn't handle it faster (i.e. 98% cpu time, whereas ext2 almost nothing).
And no, I don't have the extra checking option for reiser set.

Since people say that reiser has the best performance I'm really wondering what
would happen if I use another journaling FS.

Gregor



On 14-Sep-2001 Theo Brinkman wrote:
> OK, found hdparm (would have sworn I'd already tried /sbin, but I guess not.
> 
> Seems my drives are running in 16-bit mode.  When I switch them to 
> 32-bit mode, drive performance nearly doubles (from 2.6-3.7 up to 
> 6.3-6.7 MB/sec).  How do I convince it I want it to run in 32-bit mode 
> all the time.
> 
> I seem to remember reading somewhere that numbers less than 14 MB/sec 
> indicate that the drive is not properly configured (as 33 MB/sec is what 
> you could maximally get out of pre UDMA drives).  Someone please correct 
> me if I'm wrong.
> 
> My other (older) laptop also seems to default to 16-bit mode, but it's 
> numbers are [16-bit] 7.59 MB/sec & [32-bit] 7.62 MB/sec.  I'd expect my 
> new laptop with a 20GB drive (same height and spindle speed) to be 
> faster than the old 4GB drive.  Am I off base here, or not?
> 
> - Theo
> 
> Theo Brinkman wrote:
> 
>> I am running Mandrake 8.0 on my Toshiba Satellite 2805-S402 (one of 
>> the nice shiny ones with the GeForce2Go).  The performance is great 
>> except for one aspect.  The hard drive performance under Linux seems 
>> to be much worse than under Win2K.  I ran hdparm -t shortly before I 
>> did a reinstall hoping I might spot an elusive option that might 
>> help.  In the process of the reinstall, I seem to have missed the 
>> package with hdparm in it, so I can't be sure, but I'm not seeing any 
>> performance (it takes less time for my old PII 233 Satellite 4000 to 
>> load up Mozilla).  Once things are loaded into memory, performance is 
>> great, but it takes almost 10 seconds for a terminal window to pop up 
>> the first time, but only about 1 second for a second one.
>>
>> What can I do to boost hard disk performance.  I've got /, /usr/local, 
>> and /home set up as ReiserFS partitions, and /boot as ext2 (that 
>> little trick let me upgrade my kernel in 7.1 without the ReiserFS 
>> filesystem work-around, so I kept with it).
>>
>> I can't verify it until I find the rpm which contains hdparm, but I 
>> think I remember the result of hdparm -t was 2.6 or 6.2 Mb/sec. 
>> Obviously, either of those is FAR slower than it should be.
>>
>>- Theo
>>
>>
>>
>>--------
>>
>>Want to buy your Pack or Services from MandrakeSoft? 
>>Go to http://www.mandrakestore.com
>>
>> message.footer
>>
>> Content-Type:
>>
>> text/plain
>> Content-Encoding:
>>
>> 8bit
>>
>>
> 
> 
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 14-Sep-2001
Time: 07:34:28
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Cannot telnet or FTP in as root

[Gregor Maier]

That's for security. The root user should NEVER be allowed to login directly
over the network (the only acceptable is when using ssh).
I'm not familiar with the ftp config files but I'm not sure if it is possible
to configure the ftp server in a way to allow root logins.

Also note that telnet and ftp transmit the password unecrypted. Everyone who is
"listening" on your network connection can get you root password.

If you just connect from your local private network where ALL users are trusted
then you could use telnet (for normal users). In all other cases you should use
ssh.

If you want to be able to root over a telnet session then use su -. I.e. telnet
as normal user and then issue a 
su -


Gregor

On 12-Sep-2001 George Petri wrote:
> Hello!  Here's yet another problem that has completely stumped me:
> 
> 1. If I try to telnet into my own machine with the root password:
> 
> [root@cups166 /root]# telnet cups166
> Trying 192.168.1.2...
> Connected to cups166.reisersun.
> Escape character is '^]'.
> Welcome to cups166.reisersun
> Linux Mandrake release 8.0 (Traktopel) for i586
> Kernel 2.4.3-20mdk on an i586
> login: root
> Password:
> Login incorrect
> 
> 2. If I try to ftp into my own machine with the root password:
> 
> [root@cups166 /root]# ftp cups166
> Connected to cups166.reisersun.
> 220 ProFTPD 1.2.2rc1 Server (ProFTPD Default Installation)
> [cups166.reisersun]
> Name (cups166:root):
> 331 Password required for root.
> Password:
> 530 Login incorrect.
> Login failed.
> ftp>
> 
> I deleted the line "root" from /etc/ftpusers and restarted xinetd but it
> still won't allow root to login.  WuFTPd in Mandrake 7.2 allowed root to
> login after that line was deleted.
> 
> So how do I login using these services as root?  I can login as any user 
> *other* than root, which is somewhat unusual :).  I am using the "Medium"
> security level.  I know that I should use scp and ssh instead (which I do)  
> but I am just curious as to why ftp and telnet don't work in LM8 (telnet
> doesn't either in LM7.2, but ftp does).
> 
> Thanks again,
> George
> 
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 12-Sep-2001
Time: 14:16:42
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Connection Sharing with IPtables

[Gregor Maier]

On 10-Sep-2001 Tom Badran wrote:
> I asked about connection sharing a short while ago, and got plenty of 
> respones about doing it with ipchains. Todady i decided to make it work with 
> ip tables, and found a very simple script for doing it that i thought others 
> may be interested in. Is in the ip-masquerade-simple howto at linuxdoc.org.
> 
> Just thought this might be helpful to a few people.
> 
> -- 
> Tom "Tomahawk" Badran
> Department of Computing, Imperial College

AFAIK there's none there. But just have a look a netfilter.filewatcher.org.
Browse to the HOWTO section and get the Packet-Filtering and the NAT HOWTO (in
the NAT HOWTO is the place to look for masquerading)

Gregor 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 11-Sep-2001
Time: 08:49:22
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Which Packages?

[Gregor Maier]

Just a short question about this.
If I use original (kernel.org) kernel sources and then build a new kernel
should / must I copy the header files from KERNEL-TREE/include/linux to the
appropriate location (/usr/include/linux)

Gregor

On 09-Sep-2001 civileme wrote:
> On Sunday 09 September 2001 08:02, Dennis Myhand wrote:
>> A brief question to the list.  I just downloaded the 2.4.8 kernel,
>> source, header, and documentation packages from rpmfind.net, after
>> seeing that the 2.4.7 update was listed in my security update list.  I
>> have been reading the notes about NOT using Mandrake update and to do it
>> manually.  My question is, which packages and in what order do I install
>> them?  Thanks, Dennis in Victoria
> 
> 
> If you have a plain vanilla desktop system without multiple CPUs and are not 
> using a server, then the kernel-headers and
> 
> kerbel-2.4.7-12.3mdk.i586.rpm
> 
> Should be sufficient., though it is good policy to download and install 
> kernel-source..
>   
> 
> If your system is a bit more complicated, you will need a different set.  So 
> if it is complicated, please  tell the list what it is and someone will make 
> a recommendation.
> 
> Civileme
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 10-Sep-2001
Time: 09:20:21
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] gets error: "fsize is exceeded" by using su

[Gregor Maier]

Looks like the disk quotas for that user is full. When a X-sesion starts it
writes something to harddisk (homedir, I think). On the console it doesn't.
Use quota to check if that's the problem. 

Another possibility would be that the disk is full. On each filesystem there is
some space reservered for root. So when some user fills up the disk root can
still work. Have a look at this too. 

IIRC there's a limit.conf file in /etc but I don't know what you can do with it
- but I think it's worth a try.

If all else failes, maybe some log file is too big (IIRC ext2 can't create
files larger than 2GB) - so maybe you have such a file (although that's really
unlikely).

Hope that helps.



On 06-Sep-2001 Juergen Hammelmann wrote:
> 
> I get a strange error when I tra to log in as a user by su
> after setting the password su fails with the message that "the maximal 
> file size is exceeded" ("Die maximale Dateigrv_e ist |berschritten")
> This error comes when working in XWindows not at the console.
> 
> Whats the error?
> 
> Ciao, J|rgen
> -- 
> email: [EMAIL PROTECTED]   address: J. Hammelmann, Br|hlstr. 6
> phone: +49-7034-61578, +49-179-2178869  D-71157 Hildrizhausen,
> Germany
> fax:   +49-7034-652189
> www:   http://www.mathematik.uni-stuttgart.de/~hammelje
> 
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 07-Sep-2001
Time: 13:43:11
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Kernel 2.4.7

[Gregor Maier]

The main reason for initrd's is not filesystems. There aren't that much
important filesystems the kernel must know before loading modules  and they can
easily be build into the kernel itself.
The reason are more the SCSI-Controllers, Network card (for network boot).
Since the kernel must have these drivers to be able to boot the system.



On 07-Sep-2001 lhon wrote:
> Hi Scott,
> 
> Many distribution are very confuse (foolish), most distribution need this
> kind
> of
> file to load something in RAM first to function , e.g. some type of  file
> systems, but the kernel
> of  2.4.7 seems not need to load some modules first and already bundled in,
> e.g.
> reiserfs file system, you should check.
> 
> I tried many (over 10) famous distributions of Linux, nearly no one help to
> create
> this file, a command mk_initrd or mkinitrd should do so, but need manualy to
> do.
> Wonder, these distribution are all contain document in their web site teach
> people
> about early modules loading process and to use these 2 commands.
> Except specially build the post-install steps, rpm natively not create this
> file, it is
> realy surprise me before.
> 
> Don't think you can create back initrd.img file after reboot if not previous
> create.
> 
> Nowaday, harddisk is much cheaper , just install new kernel and update
> lilo/grub and
> make initrd.img,  don't upgrade/replace the working kernel.
> 
> Even just update/upgrade some simple packages will cause the system problems.
> 
> Regards,
> Leo Hon
> 
> Scott Thurmond wrote:
> 
>> I used the software manager to upgrade my kernel from 2.4.3 to 2.4.7.
>>
>> I noticed the new files in my /boot directory, except the initrd-2.4.7*img
>> file.
>>
>> Do I have to change the links to point to the new kernel or should the
>> software installer have done that for me?
>>
>> -Scott
>>
>>   --------
>> Want to buy your Pack or Services from MandrakeSoft?
>> Go to http://www.mandrakestore.com
> 
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 07-Sep-2001
Time: 09:56:29
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Linux mandrake security firewall

[Gregor Maier]

On 06-Sep-2001 William R. Nash wrote:
> Hello i need some help with Linux mandrake security firewall.  I'm trying to
> set up this firewall at home.  I need to open ports tcp 1494 and udp 1604 so
> i can use citrix from home.  i added the ports and when i use nmap it states
> that the ports are closed.  i need to have this ports open so i can work. 
> thanks Bill Nash.
> 
> P.S. all the other ports i have open states they are open.  Not sure why i
> can't get citrix to work with this firewall.
>  the program work great before the firewall.

If you just open the ports in the firewall you won't see anything with nmap.
First you need a programm that listens on these ports. I.e. you must start the
server first, then you can use nmap to check if the ports are open. 

If you've already done this make sure which side tries to establish the
connection maybe you need to add another rule to the firewall. 

Gregor 

------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 06-Sep-2001
Time: 16:38:35
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Re: [newbie] Ximian Gnome

[Gregor Maier]

I just wanted to say that I use quite old machines with gnome and its pretty
fast. I use gnome on a PII-350 with 128MB and on a P166, also with 128MB. And I
never had serious problems with speed. 
Maybe it would help to turn off some gimmicks (like animated menus, opaque
window moving. color depth, transparency effects)
Or shut down some programs you don't need all the time (like nautilus)

Gregor

On 04-Sep-2001 Mark Weaver wrote:
> Dave Sherman wrote:
> 
>> At 07:56 PM 09/03/2001 -0400, Mark Weaver wrote:
>> 
>>> In order to do that I would have to come up with a real "good" reason 
>>> "why" my machine needed more RAM so my supervisor would be willing to 
>>> spend the money.   !!!  Not to mention that fact that this machine 
>>> isn't a slouch my any stretch of the imagination. I figure if a 
>>> machine of this type has to labor that much to run a desktop then 
>>> there's something inherently wrong with the software that is being 
>>> run. Maybe the resource management of the desktop isn't what it 
>>> "should" be.
>>>
>>> It wasn't that it was hogging the CPU. what was making me crazy was 
>>> the fact that with 128MB of RAM there were so many processes running 
>>> taking care of Nautilus and all the others that it started hitting the 
>>> swap! and THAT was just for the desktop! thats just plain poor 
>>> software design if you ask me. It's got an absolutely beautiful GUI, 
>>> but WAY too expensive to run and expect to get any amount of work 
>>> done. I personally wouldn't mind seeing this addressed by the developers.
>>>
>>> Mark
>> 
>> 
>> Jeez Mark, don't hide your feelings like that, or you might really lose 
>> your temper later! ;-P
>> 
>> If this is an office/work/production PC, then you probably shouldn't be 
>> loading *beta* quality software on it anyway. For what it's worth, I 
>> don't use the Nautilus file manager. I really just wanted to try 
>> Evolution, and figured I might as well do the full Gnome update (sans 
>> Nautilus) at the same time. Even with just Evolution running, there are 
>> several processes running, taking up several MB of memory.
>> 
>> Dave
>> 
> 
> Sorry about that...  didn't mean to rant. Its just that I 
> saw some really nice things in Gnome/sawfish, but got frustrated because 
> it bogged down the machine the way it did. It makes me wonder what in 
> the world they're programming for. This machine is only a few months 
> old, as is Mandrake 8... at this rate i'd need a 1.5Ghz machine just for 
>   this desktop to be fluid.
> 
> Actually, all in all it's funny what one finds to complain about when 
> you no longer have to reboot all the time and worry about system freezes.
> 
> -- 
> daRcmaTTeR
> =/\=???
>|%C++
> 
> "Beware of little sins. Mosquitoes drink more blood than lions."
>  Author unknown
> 
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 04-Sep-2001
Time: 09:23:06
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] Compile problems with kernel-2.4.8-11mdk

[Gregor Maier]

Hi all,

yesterday I tried to compile kernel-2.4.8-11mdk with
absolutely no success.

I also use a self compiled kernel. After downloading the
kernel-source-2.4.8-11mdk and kernel-headers I did a
make mrproper, then I copied my previous .config (from the stock 2.4.3 kernel,
that came with 8.0) added one option (network card rtl8139) and tryed to
compile the kernel.
I got an error message concerning the symSOMETHING scsi controller. 
I tried changing options, adding this, removing that, changed between compiling
several options as modules / into the kernel.
Then I tried to use kgcc instead of gcc in the Top Level Makefile.
But I always got error message (at different points) but I wasn't able to get
the kernel to compile.
I also tried a make oldconfig and change it and again no success in compiling.

After some hours of reconfiguring and trying to compile I got pissed off,
downloaded a pure 2.4.9 kernel from kernel.org copied my 2.4.3 .config file,
added the desired option (rtl8139) and it worked on the first compile run.

I had the same problems some time ago when I tried to compile the original
2.4.3 kernel from LM8.0 - but I somehow managed to compile it.

So my question is: what fancy patches are applied to Mandrake kernels?? Why all
these problems when compiling mdk kernels while pure kernels from kernel.org
work as expected. I know that the mdk kernel is patches in order to get some
additional features, but I think there's some lack of proper testing with
different configurations - especially with slimmed down kernels such as mine.

I like LM very much but I think they should do something against this problem.

I came to the conclusion, that I'm not going to use just pure kernels from
kernel.org and apply the patches myselft if I really need them. I regret not
being able to use the cooker kernels but until this problems are solved I'm not
wasting my time again trying to get the kernel compiled.

So what does the list think about this. Am I missing some important point??

Gregor

------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 03-Sep-2001
Time: 11:09:46
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] Compose key, sun like keys under X

[Gregor Maier]

Hi all,

i'm trying to use the win95 keys on my keyboard do to something useful.

I already manages to change the console kmap so that the Start / Menu key
(keycode 127) is used as compose key.

Unfortunaly I wasn't able to do so under X (XFree 4.something).
I tried playing with Xmodmap but couldn't figure out how to do it. I know that
it is also possible to do this in the XF86Config-4 file but that didn't work
either (and I prefer changing Xmodmap).

My questions:
- How can make the Win95 key (or any other key whose keycode is known) the
compose key under LM8.0 using Xmodmap (where's the global Xmodmap file anyway??)

- Is it possible to fake the keys on a left-hand-keys sun keyboard (like bring
the window under the cursoer to the front if FRONT key is pressed, PASTE key
(behaves like the middle mousebutton when pasting text), ...)
I would like to bind such a function to another win95 key. How can this be done
with xmodmap.

Thanks in advance

Gregor


------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 03-Sep-2001
Time: 10:38:38
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] ipchains problem on 2.4.9

[Gregor Maier]

On 30-Aug-2001 Dianne Marie Montesa wrote:
> thanks for the link and advice. 
> 
> ill read the link and see how much time i would need
> to get it working on that machine. im quite pressed
> for time that is why im trying to find the fastest
> solution. 
> 
> cheers!
The syntax is almost identical. But iptables can do a many more things.
I don't know the document in the link. I used the Packet-Filtering and NAT HOWTO
from netfilter.filewatcher.org

The are very good. And if you are familiar they have a little summary
concerining the changes between ipchains and iptables.

Gregor

> --- "J.P.Pasnak" <[EMAIL PROTECTED]> wrote:
>> On August 30, 2001 10:23 am, you wrote:
>> > > > ipchains: Incompatible with this kernel
>> > >
>> > > ipchains has been replaced by iptables
>> > >
>> > >
>>
> http://www.linuxnewbie.org/nhf/intel/security/iptables_basics.html
>> >
>> > Yes, but ipchains compatablity is still a kernel
>> option.
>> 
>> Quite true, but I would suggest migrating now if
>> possible, as everything I've 
>> read says eventually ipchains compatibility will be
>> dropped, and it is quite 
>> simple to get working.
>> 
>> -- 
>> "Live fast, die young,
>> you're sucking up my bandwidth"
>> 
>> J.P. Pasnak, CD
>> Warped Systems
>> http://www.warpedsystems.sk.ca
>> http://canopener.ca
>> 
>> > Want to buy your Pack or Services from
> MandrakeSoft?
>> 
>> Go to http://www.mandrakestore.com
>> 
> 
> 
> __
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
> http://im.yahoo.com
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 31-Aug-2001
Time: 08:08:14
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Internet Connection Sharing w/ Linux & Win2000

[Gregor Maier]

On 28-Aug-2001 Leif Madsen wrote:
> I'm hoping I can figure this out with software as I am a poor student going 
> to school and can't afford a PCMCIA network card :)
> 
> There's got to be SOME way... I would think...?
> 
> On Wednesday 29 August 2001 18:09, you wrote:
>> I know on my windows 2000 machine, I hade two Ethernet cards, one for
>> home, and one for the road, and when they were set-up, my network
>> settings would automagically change depending on which card was
>> inserted.  Probably won't work that easy if you have an internal
>> card, for this I think you could use a single PCMCIA card and have
>> two different hardware profiles to choose at boot time.
When want a pure software solution you can try to make your home network look
like your school net. 
First of all: is your school configuration with static ip-adresses or with dhcp
/ dynamic adresses and DNS entries.

if its completely dynamic (all settings are dynamic including dns): Set up a
dhcp server on your linux box and it should work.

If not this should work:
If your school uses private IP Adresses (192.168.*, 10.*, ...) use the same
one for your home network. Give the linux machine the address of the school's
dns server. 

Gregor
 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 30-Aug-2001
Time: 08:54:40
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] No Dial Up After Kernel Upgrade?

[Gregor Maier]

On 27-Aug-2001 Leif Madsen wrote:
> I can reinstall the 2.4.9 kernel and see if I get it again, then send the 
> logs.  The only problem is that I don't have the logs anymore.  I'll see if I
> can recreate the problem and send logs.
> 
> On Tuesday 28 August 2001 10:52, you wrote:
>> On 27-Aug-2001 Leif Madsen wrote:
> 
>> Do you have more information. Can you send some logs of the pppd (normally
>> they are in the syslog file /var/log/messages).
> 

I don't think that the logs are gone, unless you deleted them by hand or
reinstalled the WHOLE system.
Maybe the've been rotated - then you'll have to look for messages.X  etc.



--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 28-Aug-2001
Time: 17:14:29
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] Zombie in paradise...

[Gregor Maier]

On 28-Aug-2001 J. Craig Woods wrote:
> Sergio Korlowsky wrote:
>> 
>> On Tuesday 28 August 2001 12:00 am, you wrote:
>> > Greetings,
>> >
>> > Has anyone taken the plunge into 2.4.8-12mdk? I have done so, and I am
>> > observing some strange things. For one, top shows one zombie running,
>> > and I can not figure out what it might be. No amount of "ps" commands
>> > with every possible arg has yet to reveal this zombie. On every other
>> > UNIX system that I have worked on, a zombie is NOT a wanted daemon. My
>> > gut, not my head, tells me it has something to do with "keytable"
>> > because, on several boots, it failed to start. I took a look at
>> > "etc/sysconfig/keytable", and all entries look correct. Does anyone have
>> > a trick to identify a zombie on Linux? Is this a bug in 2.4.8-12mdk?
>> 
>> I did... and I am back to 2.4.8-5mdk
>> is not by any chance kpnpbios  "Z"  I had that before... h
> 
> Sergio,
> 
> You hit first time out, buddy! What the hell is it, some kind of process
> for running a kde version of "plug & plug? It has no pid assigned to it,
> how do you kill it? And thanks...
> 
Just guessing here but I suppose the k stands for kernel. Is that's true then
it's a kernel process/thread which cannot be killed from userspace. This also
means that it doesn't take any resources.
There's some similiar discussion on this list concerning some other kernel
process. IIRC Civileme said that newer version of ps/top will handle such
processes and not show them.

Gregor


--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 28-Aug-2001
Time: 09:01:04
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] mount other file system on mdk 8.0

[Gregor Maier]

On 27-Aug-2001 Oscar wrote:
> Sergio Korlowsky escribis:
>> 
>> On Sunday 26 August 2001 10:25 am, you wrote:
>> > On Sunday 26 August 2001 05:11 pm, thus spake Oren Gozlan:
>> > > > while installing mandrake and win 2000 on the same machine, the mdk
>> > >
>> > > detect the other file system and created an entery in the /etc/fstab to
>> > > mount it to /mnt/windows...
>> > >
>> > > but, while trying to access to the mount, i gety masseges that file
>> > > system is read only ...
>> > > this is the line in the /etc/fstab
>> > > /dev/hda5  /mnt/windows vfat
>> > > user,exec,suid,dev,rw 0 0
>> > >
>> > > does anyone have an idea ?
>> >
>> > At this time, the NTFS filesystem is read-only. I have heard there is
>> > "experimental" write-support in the kernel source, so you can recompile
>> > your kernel to get it. But please note that it is not considered
>> > release-ready code, and should *not* be used on production systems.
>> >
>> > Dave
>> 
>> Yes.. but if you check the line in fstab it reads vfat   not ntfs ;-)  and
>> is
>> 'rw'  what I think its wrong, is... it is not mounted!
> 
> mmm... but, is the filesystem ntfs or vfat? If fstab refers to vfat and
> the filesystem is ntfs, this is the reason because the filesystem is not
> mounted.
> As Dave says, ntfs filesystem is read-only because write-support is
> experimental. In order to read the filesystem you can change "vfat" to
> "auto". If you need read-write access you must recompile your kernel,
> too.
> 

Actually I don't think that the partition is NTFS at all. I've a vfat and a
ntfs partition on my harddisk, but the installation program of LM 8.0 just
recognized the vfat partition and added it as /mnt/windows.
That's why I think that we are facing a vfat partition and not a ntfs one.

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 27-Aug-2001
Time: 11:28:29
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] printer woes

[Gregor Maier]

On 26-Aug-2001 Bruce E. Harris wrote:
> Gregor,
> 
> Problems persist. I think I have the symbolic links right, but when I start 
> printtool it does not see my printer, when I try detect I get this error
> "Could not find pconf_detect command-line utility
> required for auto-detection. Make sure
> that the gnulpr printfilters package is
> properly installed."
> 
> Any suggestons? 
> 
> TIA 


Right now I don't have any ;-)

I don't have access to my machine now but I'll have a look. Tomorrow I can tell
you what I excatly did...

But maybe this will help:
Is the gnulpr package installed correct?
What't the version of your printtool program?
Maybe you can configure your printer without auto detect..

BTW: Which printer do you have. I think I delete your original post...

Gregor


--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 27-Aug-2001
Time: 09:04:19
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] KDE uses always at least half the power of the proc

[Gregor Maier]

On 22-Aug-2001 Olaf Marzocchi wrote:
> Yesterday I had to compress a big tar archive (350MB) with Bzip2.
> I launched it from a console inside KDE, then in a second console I 
> launched "top", that told me KDE was using 46% (at least) of the 
> processor's power, and bzip2 45-50%.
> I thought it was strange, since KDE was doing NOTHING!! that console was 
> the only app running!
> 
> Could you explain this? One (among many) reasons to switch to Linux is the 
> better use of the power, so what is this?
> 
> Another (silly) question: I didn't remember how to compress the archive 
> with tar then bzip using a single command line, in order to have only the 
> final .tar.bz2 file in the HD without passing from the .tar file. Could you 
> write it?
> 

for the compression use the -j option to tar
i.e tar cfvj xxx.tar.bz2 somefiles
 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 23-Aug-2001
Time: 14:31:36
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] file block size

[Gregor Maier]

On 22-Aug-2001 Scott St. John wrote:
> Hi everyone-
> 
> We are considering finally putting Mandrake in production to replace some 
> outdated
> FreeBSD servers.  We have 70gig raid controlled servers, but seem to have
> some
> trouble with changing the default file block size.  This box will serve as 
> a web server
> and we want to drop the file block size down to avoid using up the drives 
> on little
> html files.
> 
> Any advice on where to start?
> 
> Thanks for your help.
> 
> -Scott
i don't know for reiserfs, but you can sure do it with the ext2 filesystem. 
The thing you need is 

mke2fs -i BYTES-PER-INODE ...
of mke2fs -N NUMBER-OF-INODES
have a look at the man page of the appropriate mkfs man page for more
information.
I suppose that there is a similiar thing with reieserfs.

This BYTES-PER-INODE is also the number of bytes a file will occupy on all
circumstances on your harddisk. But don't make this value too small because
then the number of inodes (the max. number of files) will become quite big and
you diskspace and performance.

AFAIK the default value for such fs-sizes is 8k per inode. Probably a value of
1 or 2k will fit your needs. 

Gregor


--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 23-Aug-2001
Time: 09:18:40
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] printer woes

[Gregor Maier]

On 22-Aug-2001 Bruce E. Harris wrote:
> I have tried everything and can not get my printer to work with MK 8--it did 
> for a time under 7.2 until I upgraded cups. I never has this printer or my 
> pervious, Canon BJC 6000 work under MK 8.
> 
> I have a Epson Stylus Photo 870 connected to my parallel port and tired USB. 
> It did work with USB, but painfully slow and very faint--totally unusable. I 
> tried the web interface with cups and I see the printer there but cant get it
> to print. I tried KCUPS and that is how I got the USB to work (sort of) but 
> it will not see my parallel port. Under Mandrake Control Center, Hardware, 
> Hardware, I see a printer icon, but nothing identified for it, as if it is 
> empty. Under Printer, I try to set it up but get an error saying lp not 
> ready. Then I delete the printer and reinstall and still wont print. It acts 
> as if my parallel port is not there. But this printer works great under Win95
> attached to the parallel port. But all the software I use is Linux, so that 
> point is really mute.
> 
> What else can I try?
> 
> This problem is getting critial since I need a working printer for my new
> job.
> 
I got similiar problems with cups so I switched back to lpd.
I uninstalled the cups packages, installed the lpd packages then I downloaded
printtool from RedHat (either hasn't Mdk got printtool anymore it just work
with cups). Then I configured my printer with printtool just as I did in LM 7.1
and it worked fine.
You should check the lpr, lprm, lpq commands IIRC they are symbolic links that
need to be adjusted if you switch to lpd.

Gregor


--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 23-Aug-2001
Time: 09:10:17
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] FW: What does this error mean?

[Gregor Maier]

On 22-Aug-2001 Todd Zashin wrote:
> whoops sorry I think I sent this to the wrong address the first time.
> 
> Todd
> 
>  -Original Message-
> From: Todd Zashin [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 22, 2001 12:32 PM
> To:   Expert-Owner@Linux-Mandrake. Com (E-mail)
> Subject:  What does this error mean?
> 
> HI folks.  I am trying to install the nkfs package on my Linux Mandrake 8.0
> system and this is the error I see when I attempted the make command at the
> konsole prompt:
> 
> make[1]:  Entering directory /root/tmp/nkfs/nkfs-4.2.1/src
> gcc -D__KERNEL__ -Wall -Wstrict-prototypes -02 -fomit-frame-pointer -DMODULE
>  -DM
> ODVERSIONS -I/usr/include -I. -I../include -DLINUX1_3_x  -c -o
nkfs_drive.0
> nkfs_driver.c
> In file included from nkfs_driver.c:27:
> /usr/include/linux/modversions.h:1:2: #error Modules should never use
> kernel -headers system headers /usr/include/linux/modversions.h:2:2: #error
> but headers from an appropriate kernel -source
> make [1]: *** [nkfs_driver.o] Error 1
> make [1]: Leaving directory /root/tmp/nkfs/nkfs-4.2.1/src
> make: *** [all] Error 2
> 
> What does this mean?  Should I stop and not continue with Make Install?  How
> do I correct these errors and start again if that is the appropriate step to
> take?
> 

Looks like nkfs is configured for kernel 1.3.x (-DLINUX1_3_x) but if you use a
plain LM8.0 you got kernel 2.4.3
The error itself is that the header files are from kernel 2.4.3 while nkfs
expects 1.3.x.

You should change the configuration of nkfs to match your kernel.

Gregor

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 23-Aug-2001
Time: 09:02:50
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] Emptying CUPS print queue

[Gregor Maier]

On 22-Aug-2001 J. C. Woods wrote:
> "D. R. Evans" wrote:
>> 
>> On 22 Aug 01, at 22:04, DStevenson wrote:
>> 
>> > On the machine with the pinter attached:
>> >
>> >  lpq -   to show what jobs are in the queue
>> >  cancel [job id]   -   to kill the job
>> >
>> > Always works for me.
>> >
>> 
>> Nope. "cancel" is the same as "lprm", and that's the first thing I
>> always try, in the forlorn hope that perhaps this time it will work.
>> Yes, the queue status says that it's empty but the printer keeps
>> spewing out the screwed-up binary.
>> 
>> It works fine (here) for removing yet-to-be-printed jobs from the
>> queue, but not for ones that have started printing.
>> 
>>   Doc Evans
> 
> Have your tried "lprm-cups"? Do you even have such an executeable,
> /usr/bin/lprm-cups?
> 

lprm is a link to lprm-cups or the lpd  lprm.

Maybe you can switch back to lpd printing if cups isn't working out for you.
I've also switched back to lpd because I couldn't set up the printer as I
wanted.

Gregor

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 23-Aug-2001
Time: 08:58:13
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] Make the mouse faster

[Gregor Maier]

On 22-Aug-2001 Thierry De Corte wrote:
> Use "xset m 10"...
> 
Thanks, sometimes the solution is so easy that you don't see it.

I was looking in the XF86Config file.

Gregor

------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 22-Aug-2001
Time: 16:32:54
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

[expert] Make the mouse faster

[Gregor Maier]

Hi all,

how can I make my mouse faster (i.e. the mouse pointer mouses further with the
same movement of the mouse itself).
I suppose this has to be done somewhere in the X configuration.

The mouse acceleration in KDE is not the thing I want.

Thanks,

Gregor



--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 22-Aug-2001
Time: 14:55:56
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] Problem with Traffic on my Interface

[Gregor Maier]

On 22-Aug-2001 Angus Beath wrote:
> Are you running any time of firewalling? That would just drop packets like
> this quite easily. I get port scanned all the time,
> but I've got iptables set up to DENY any packets going to the wrong ports. If
> you set it up with Bastille-firewall or the
> firewall configuration thing in DrakConf, you should be able to deal with
> this problem. It looks like you were just scanned
> anyway, not actually attacked. Have a nice day.
> 
> Angus 
> 
> 
It looks to me that he is running a firewall because the log says it has
DENYied the package.

If you don't want these logs you'll have to reconfigure your firewall so that it
doesn't log this information.

Gregor
 
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 22-Aug-2001
Time: 08:42:55
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] Why 2 menu editors?

[Gregor Maier]

Mandrake uses their own menu editor to ensure that you get the SAME menu in kde
and gnome. And you don't have one menu with gnome apps and the other with kde
apps.
Since I use gnome as desktop but also a lot kde apps this I like this feature
very much.

The problem with lyx is probably that the entries for programmes are not made
the rpm but that they are in the menu for all times...
Why the rest  isn't  working I don't know.

On 15-Aug-2001 Praedor Tempus wrote:
> I am running KDE 2.2 on my Mandrake 8.0/Cooker system.  I find that I cannot 
> use the default menu editor to do anything useful with my menus if I get to 
> it via the panel by either right-clicking the panel and selecting the panel 
> menu -> menu editor or if I do it via the kmenu button.  I get the menudrake 
> app that doesn't do anything useful.  By this, I mean that the menu list it 
> produces indicates something like lyx existing in the kstart menu -> office 
> list but in reality, it doesn't exist.  Trying to (re)add it via the 
> menudrake app, as root or user, seems to work but when I go back to the 
> kstart menu->office list, it never shows up.  Not after a reboot, not after a
> logout-login cycle.  Nothing makes the kstart menu lists necessarily match 
> what menudrake (kstart -> configure panel -> menu editor...) shows.
> 
> On the other hand, if I start kmenuedit (by necessity from a CLI since it 
> isn't listed in the kstart menu or submenus), it displays all the correct and
> existent apps listed in the kmenus and any changes I make, as root or user, 
> subsequently show up as they should.
> 
> The panel's menu editor displays things that sometimes aren't really there 
> and adding/changing anything in the editor does NOTHING inspite of giving all
> indications that it is doing something worthwhile while the kmenuedit app 
> does exactly what it is supposed to do.
> 
> Why not dump menudrake or make kmenuedit the DEFAULT kde menu editor?
> This retarded behavior has existed for me on pre kde 2.2 installs too...from 
> clean installs/reinstalls to upgrades.  Nothing makes the menu editor 
> function as it should.
> 
> Any ideas?  Why would the default KDE menu editor be a broken/nonfunctioning 
> app instead of the VERY nice and working kmenuedit?  The name "menudrake" 
> indicates that it is something specific to mandrake rather than something 
> that KDE wants.  Perhaps menudrake works in Gnome or some other environment 
> but I have not found it to work for quite a while, for several iterations of 
> KDE, within the KDE environment.
> 
> No error messages ever.  It just does't do anything useful, apparently.
> 
> praedor
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 16-Aug-2001
Time: 17:02:43
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] Netscape & wish using up memory

[Gregor Maier]

On 15-Aug-2001 Jaime Herazo B . wrote:
> * Naka Gadjov ([EMAIL PROTECTED]) wrote:
>> Netscape is using much memory everywhere. In Windows, and strange NS suffers
>> by same problems in Linux too. I am waiting for a 5 years for a new version
>> that do not have memory leakage, but at the moment there is not. Strange
>> Mozilla have the same problem.
> 
> I prefer Opera, but usually i stick with lynx :)
> 
> You could check out konqueror too

I also prefer Opera. It's amazingly fast it's much more stable then netscape.


--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 16-Aug-2001
Time: 09:23:36
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] ManHat

[Gregor Maier]

On 14-Aug-2001 Mark Belanger wrote:
> I'd like to install Mdk8 or FreqN, remove all kernel packages
> and replace them with the stock Redhat 7.1 kernel(2.4.2-2).
> 
> Should there be any problem doing this for an ext2-only system?
> 
> I need to use Clearcase 4.2 which is very particular about the
> kernel  it really wants the stock RH kernel.
> 
> -Mark
> 
This shouldn't be a problem. Another possibility would be to check out the
patches RH applies to the "pure" kernel, get them and apply them to a kernel
from kernel.org


Gregor 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 16-Aug-2001
Time: 09:21:08
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] Non-destructive Linux Partition re-size

[Gregor Maier]

On 13-Aug-2001 Lonnie Cumberland wrote:
> Hello All,
> 
> does anyone know if there is something like FIPS for Linux?
> 
> I need to re-size an ext2 partition so that I can make another one without
> loosing my existing data?
> 
> Thanks,
> Lonnie

Note: If you resize your /boot partition (where the kernel is) then you'll have
to rerun lilo. Lilo writes the address of the kernel and the
bootloader to the bootsector when you run it. The resising may or
maynot change the location of the bootloader and the kernel on the disk but you
should run lilo just to make shure.

Gregor


----------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 13-Aug-2001
Time: 17:05:30
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] Domain Name

[Gregor Maier]

On 13-Aug-2001 George Petri wrote:
> Hello again!
> 
> Suppose I were to buy my own domain name and run the apache webserver
> off my computer (mandrake 7.2)...
> 
> What is the difference between http://domainname.com and
> http://www.domainname.com.  Are they both the same?
> 
> Because, some websites can only be accessed via http://domainname.com
> (e.g. http://x42.com), while most only work with www.
> 
> Thanks,
> George

This depends on how you set up your DNS server.

If you want to setup your domain you'll need two permanent nameservers.
(Normally one will be at your provider).
If you just want your apache webserver with a domain name you can look at
dyndns.org for example.  It's free and probably enough. If you donate to them
you can have more complex configurations too.

Gregor

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 13-Aug-2001
Time: 16:08:50
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] * does not select all files

[Gregor Maier]

On 13-Aug-2001 George Petri wrote:
> Hi!
> 
> Does anyone know why * misses hidden files such as .kderc?
> What is the reasoning for that?
> 
> I mean to select ALL files, now I have to specify (in bash, of course):
> 
> * *.[a-zA-Z]
> 
> to my programs e.g. cp * *.[a-zA-Z] /somefolder.
> 
> It is also a pain to type!  Is there a better way to select ALL files?
> 

cp .* * /somefolder should work


------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 13-Aug-2001
Time: 16:07:04
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] Why I can't see all packets on my network segment?

[Gregor Maier]

On 08-Aug-2001 Zilvinas Atkociunas wrote:
> Hello mdk fans,
> 
> I hope someone could explain me why I can't see my segment packets on my
> promisc workstation (mdk7.2, 2.2.17 kernel, running tcpdump turns PROMISC
> flag to state on). I can watch only packets coming to and from my
> workstation.
> 
> Thanks in advance,
> 
> zilvis
> 
> BTW: The label on the box where my ws is plugged into plainly says "Dual
> speed 16-port Ethernet/Fast Ethernet Hub"  so this is not switch. ;-)
> 
IMHO some switch / hub manucfactures (especially low cost) don't care very much
about the difference between hubs and switches. There are names like 10/100
Dual Hub, Switching Hub, ...

So I think what you got is a switch. Or it is something between a hub and a
switch.


Gregor
 
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 09-Aug-2001
Time: 09:17:15
--

RE: [expert] User migration between two linux.

[Gregor Maier]

On 09-Aug-2001 Simon Li wrote:
> Dear all,
> 
> Hi all, I guess i can ask this question here mandrake is similar to RH ?...
> 
> I have two Rh6.2 system Kernel 2.2.14, (and I guess the
> installatoin disc are the same one too).
> 
> I want to move:
> 1) User accounts (around 1200), and
> 2) Their files (webpage, email inbox)
> to the another RH system, where it has little users and files, and plenty
> free HHD space.
> 
> Since the desination server has little users, i guess it is okay coz the
> userid
> would not overlay too much. (Userid below 500 are system account, and
> they have similar setting on the two system)
> 
> My solution was:
> To append /etc/passwd, /etc/shadow and /etc/group to the desntination
> system. (with some manual editing)
> 
> Outcome:
> It is fine  for passwd and group file. But the /etc/shasow file is locked.
> I sued as root and checked lsattr, they went fine. I guess the kernel (or
> something is lock it up?). I tried fuser /etc/shadow and it gave no clue.
> 
> Since i am not able to shutdown these two server for long time or dis-
> assemble them, what should i do if I want to do things this way?
> 
I don't know what causes the problem with the /etc/shadow file? Can you edit it
by hand with an editor. Are you sure you were root when you tried to read /
write the shadow file. /etc/shadow can only be read as root.

You could use NIS to export your users to the other machine. But that may be a
security risk since the encrypted passwords can be read by everyone.

Gregor

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 09-Aug-2001
Time: 09:03:30
--

RE: [expert] GCC 3.0 install failure

[Gregor Maier]

On 06-Aug-2001 Jesse Hepburn wrote:
> I'm trying to upgrade to GCC 3.0 (because 2.96 is buggy).  Whenever I
> try to make it (using make --bootstrap) I get preprocessor errors and
> the make fails.  Is this a known problem, or is it just me?  Any help
> would be appreciated.
>  
> Cheers,
> Jesse

I suppose you got a problem with libstdc++ with a file called gthr.h.
This is problem with sed and locale. (I can't remeber what it was excatly but
the solution is to set LC_ALL=C and LC_COLLATE=C
export LC_ALL=C
export LC_COlLATE=C

now you can do your make bootstrap.

AFAIK gcc-3.0.1 should already have a fix for this

Gregor

PS: Please add information to you next post (describe the problem more closely).
------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 07-Aug-2001
Time: 09:12:39
--

RE: [expert] Can't Access My linux box! R there any experts out

[Gregor Maier]

> Hi:
> 
> I have a linux(mandrake) server and its "hosts.deny" file deny All except
> localhost and another "ip" 
> The problem is that I am not able to access this server remotely through
> telnet from any machine not
> even from the machine having same "ip" as mentioned in the host.deny file.
> Only once I could access it
> remotely through telnet from machine with "ip".
> 
> Error msg that I get is "Remote system refused the connection .."
> 
> And also I am not able to login through server terminal because the keyboard
> is not getting connected. 
> when I connect the keyboard, initially three lights of the keyboard(caps, num
> and scroll  lock) blinks 
> for a second and then goes off.
> 
> I am using this server as gateway, its runing fine other than the fact I am
> not able get hold of it :)
> 
> Can anyone help me out ? Have my server been hacked ?
> 

Have a look at the xinetd config files (/etc/xinetd.d/*
/etc/xinetd.conf).
There's a only_from options maybe this is set to.

Gregor

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 02-Aug-2001
Time: 09:02:14
--

RE: [expert] Logging uptime

[Gregor Maier]

On 31-Jul-2001 Mads Rasmussen wrote:
> 
> 
> I would like to log the uptime of our systems, just I cannot see into the 
> future to expect when a system crashes so an aproach that logs, like 1 time 
> per hour should do it.
> 
> I guess you could run a crontab script that just cat's the uptime output into
> /var/log/uptime
> 
> This however will be overwritten when the system comes back up, so I thought 
> it would be better to log in two files a live one and a backup one.
> 
> Like 
> 
> uptime > uptime.running
> uptime > uptime
> 
just use uptime >> uptime.log
the double >> will append the the output to the uptime.log instead of
overwriting the file.

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 01-Aug-2001
Time: 09:12:27
--

RE: [expert] CD Writing

[Gregor Maier]

On 30-Jul-2001 Felix Miata wrote:
 
> My immediate goal is to get a bootable Mandrake 8 CD and install it in
> place of 7.1 on #3. 
> 
> The only CD writing I've done so far is with the windoze software that
> came with the Yamaha (Adaptec whatever), installed on the SCSI HD in the
> external SCSI HD, using machine #2 & windoze. I've not yet burned from
> an ISO. I'd *like* to do all current and future writing using Mandrake
> Linux if possible, but not if it means an elaborate setting up in 7.1
> that will be summarily scrapped in order to replace the 7.1 installation
> with 8.0. The reality is if the windoze Adaptec software can easily
> create the Mandrake 8 CD from an ISO, but this is something I don't know
> either. That software, like most free and cheap software, came with no
> printed docs to check.
> 
> I've browsed Linux/HOWTO/CD-Writing-HOWTO and its FTP link to various
> cdrecord versions. My initial impression is this is a bear to get set up
> - unless, my "easy" (default) installation of Mandrake 7.1 has already
> done what I need.
> 
> Questions:
> 
> 1-Can it be said unequivocally that my Mandrake 7.1 is already set up &
> ready to burn?
Probably yes. You have to install the cdrecord rpm if this isn't already done.
If it is installed do a cdrecord -scanbus. This will scan your scsi bus for
your cd recorder. Remember the three numbers you get in the line of your
recorder. Then you just have to do a 
cdrecord -v -eject speed=xx dev=a,b,c filename.iso
where xx is the speed of your cdrecorder. a,b,c are the values you got from
cdrecord -scanbus (a is the number of the scsi bus, b is the scsi id, and is
the lun.) 


> 
> 2-If 1 is false, is there an easier way than digesting the whole of the
> (not too good IMO) HOWTO to figure out what is and is not already
> prepared?
You want to try xcdroast (doesn't come with LM AFAIK). It's a
quite good graphical frontend for cd-burning. You must have mkisofs and cdrecord
installed in.
 
> 3-Is there someplace better than the HOWTO to explain CD writing under
> Linux?
The actual CD-Burning is easy. I think the HOWTO is quite good altough it
doesn't disdinguish between basic and advanced issues.

If I want to burn a data cd on my system is just do a 
mkisofs -v -R -J -T -l -o filname.iso directory-with-data 
cdrecord -v -eject speed=xx dev=a,b,c filename.iso
That's it...

Or I use xcdroast.

Note on burning under windoze:
I think you got adaptec easy cd cdreator, which supports burning iso files. But
have another name for it (i think something like CD-Image or RAW,...)

Hope this helps
Gregor


--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 30-Jul-2001
Time: 17:14:36
--

Re: [expert] ip_masq in 8.0 ?

[Gregor Maier]

On 30-Jul-2001 [EMAIL PROTECTED] wrote:
> On Mon 30 Jul at 01:47:30 -0400 [EMAIL PROTECTED] done said:
>> 
>> IPtables, as I mentioned in the other group...
> 
> That reminds me, I've been meaning to mention how big of a pain in the
> ass it is (well, not really, but I just think it could have been done
> better) that iptables is built in to the RPM-ised kernel by default which
> eliminates having ipchains built as a loadable kernel module.  IMHO,
> it'd be much more simple to build them both in as modules and just have
> the user do an insmod on whichever they plan on using if and when they need
> them.  Just my $0.02...

AFAIK The iptables is ALWAYS used in 2.4.x kernels (either as modules or
compiles into the kernel). The ipchains module is (as is the ipfwadm module)
is just for compatibility it "translates" calls to ipchains to the matching
iptables rules. This means you will always need iptables (even if you use
ipchains). And ipchains is just needed if you want to use the "old" ipchains
command.

Gregor 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 30-Jul-2001
Time: 10:43:50
--

RE: Re[2]: [expert] Problem with FTP server

[Gregor Maier]

On 26-Jul-2001 Rusty Carruth wrote:
> Glen Sagers <[EMAIL PROTECTED]> wrote:
>> No, I don't think so.  All the machines are technically workstations, a
>> desktop, a
>> laptop, and a win machine.  Mandrake ICS is setup, but I haven't manually
>> configured much of anything on them, yet.  I'd just like to be able to
>> easily
>> transfer files from the laptop to the desktop, as well as the browsing
>> capability
>> that ICS provides (working fine).
>> 
>> Do I need to manually setup DHCP or DNS?
>> Glen
> 
> Well, sort of.
> 
> In /etc/hosts on all machines, add the ip addresses and names
> of all the machines.
> 
> Sorta like this:
> 127.0.0.1   localhost   localhost.localdomain
> 10.40.1.1   amachine
> 10.40.1.2   anothermach
> 10.40.1.3  yetanother
> 
> and so on.
> 
> Then it should be much faster...
> 
> rc
If who have Windows machine as you said above you may also want to enter this
information in the WINDOWS-DIR\hosts file.

If you're network gets bigger you may want to setup a small dns server for your
network. The method with /etc/hosts works fine. But you'll have to keep all
hosts files on all machine up to date or you'll fancy results.
If you have more than 5 I would really suggest to setup dns. Have a look at the
DNS-Howto. It's quite good and you get a working dns server in (almost) no time

Gregor

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 27-Jul-2001
Time: 09:15:40
--

RE: [expert] how to convert from ext2fs to reiserfs ?

[Gregor Maier]

On 27-Jul-2001 Daniel Woods wrote:
> I want to upgrade a current LM7.1 server with 8.0-Freq version.
> I will do a fresh install but not re-formatting /home, /usr/local,
> /var to keep the data as is. The other partitions can be formatted.
> They are currently ext2fs and I wanted to know if the install
> would convert them to reiserfs if I ask it to, or do I simply install
> as ext2fs and then convert all partitions later ?  How do I convert
> the partitions (what commands, docs) ?
> 
> Thanks... Dan.
> 
I think it's not possible to convert directly from ext2 to reiserfs. I also
want to switch from ext2 to reiserfs.
I would suggest that you backup your ext2 partions and  make the
old partitions reiserfs (mkreiserfs), which will destroy all data on the
partition. Then you can restore your file from the backup to the new reiserfs
partiotions.

If you want buy / have a new harddisk you could just create the reiserfs
partitions there and then copy the files from the old partition (using cp -a).
 
But either way you will need enough harddisk / backup space.

Gregor
------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 27-Jul-2001
Time: 09:02:01
--

RE: [expert] xcdroast woes

[Gregor Maier]

On 25-Jul-2001 [EMAIL PROTECTED] wrote:
> I recently installed a 3ware controller in my system.  Seeing that in
> order to create a RAID 5 array with this controller you had to wipe out
> all drives that are being put into the array and seeing that I have gone
> through a number of mdk upgrades without doing a fresh install, I
> decided to do a fresh install of mdk 8.0.  The configuration of the
> array and the install of mdk 8.0 went without a hitch once I allowed
> myself to sleep enough to read CD labels properly.
> 
> Before I did a wipe and re-install I was running mdk 8.0 and I had
> installed the updates necessary to get xcdroast to work properly.  Now I
> can't seem to make it work after doing the updates for this new
> install.  Here is what I get when I run xcdroast:
> 
> [root@tick root]# xcdroast
> 
> ** ERROR **: cdrecord -scanbus output syntax error
> 
> aborting...
> Aborted (core dumped)
> 
cdrecord -scanbus scans the scsi bus on your machine and gives you list. If
IDE-SCSI emulation is enabled the emulated devices are also shown. I suppose
that your 3ware controller does some fancy things on the scsi bus.

This is a hardware / driver problem.

Gregor

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 25-Jul-2001
Time: 10:03:25
--

[expert] Promise Ultra100Tx2 problem with Kernel 2.4.7

[Gregor Maier]

Hi there,

i tried to use a Promise Ultra100 Tx2 IDE Controller with Kernel 2.4.7 but I
didn't work. I compiled the kernel myself and added support for the Promise
Chips (PD...) I also enabled the general IDE settings like UDMA support.


When scanning the pci bus the card is as a part of the bus but the
IDE-Controller isn't initialized. Since my primary HD is a SCSI Disk the boot /
init process goes on until the initscript tries to mount my IDE Disk with a
error message that the device is not there. 

Are there any options in the kernel config that are required to make the
Controller work (others as I mentioned support for Promise Chips is already
enabled). Or maybe I have to pass some kernel options??

Thanks

Gregor

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 24-Jul-2001
Time: 16:31:29
--

RE: [expert] rpms and tarballs

[Gregor Maier]

On 24-Jul-2001 Abraham Mandac wrote:
> Two questions:
> 
> What is the difference between a 'regular'
> *.tar.gz source tarball and a *.src.rpm?
> 
> And what does it mean when an rpm file has
> 'devel' in it?
> 
> Thanks -- Abe


Technicly they are just two different forms of packing stuff together. But
normally the are used as described below:

a tar.gz is just the sourcecode without information about rpm stuff.

When you have a src.rpm you are able to build a binary rpm from this source
file (with the entries to the rpm database). (i.e. with rpm --rebuild
*.src.rpm).

Normally a src.rpm files contains a tarball and one (or more) additional files.
The most important one is packagnane.spec it tells the rpm programm everything
it must know (how to build a binary rpm from  src, what files belong to this
package, what packages are required, what packages are provided, )

When do a rpm -ivh package.src.rpm  you'll normally )depends on the creator
of the src.rpm) get package.tar.gz in /usr/src/RPM/SOURCES and
package.spec in  /usr/src/RPM/SPECS


The devel packages normally come with a library. The normal package (without
devel) contains the libraries itself (.so, .a). They are needed in order to run
a program which is dynamicly linked against this lib.
The devel package contains the header files and all othter stuff that is
required to build (compile) a program that used this library. For example if
you want to compile a kde program you'll need the the devel packages of the
kdelibs but if you just want to use a kde programm you just need the "normal"
rpm package.
The devel doesn't say anything how stable the package is. 


Gregor
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 24-Jul-2001
Time: 11:05:38
--

RE: [expert] DNS Caching

[Gregor Maier]

On 23-Jul-2001 Brett wrote:
> I've setup a nameserver running bind 9 and also the nameserver caching
> module/rpm.
> 
> With the nameserver caching, what I would like like to know is -
> 
> a) where it caches to ? (ie-which file and at what path)?
> 
> b) where is the main config file that says which ip's may use the host as a
> name server?
> 
> 


the config-file is /etc/named.conf. In order to set which ip addressed the dns
should use you must use ACL (acces control lists). example below.
Have a look at the DNS Howto. It's gives a good overview over a basic DNS setup
(from caching only to a small domain). It covers bind8 which has a sligthly
other zone-file format. I suggest you use the files that come with bind9 as
base and edit/copy them to your needs. Then it will work fine.


/etc/named.conf example
This will make bind listen on the 192.168.0.* network and on the loopback
interface 

acl "internal" { 192.168.0.0/24; 127.0.0.1; };

options {
directory "/var/named/";

# Just listen on the local interface
# bind will listen on any if that has an address in 192.168.0.0 network
listen-on { 192.168.0.0/24; 127.0.0.1; };
listen-on-v6 { none; }; # no IPv6 addresses

# Allow queries and recursion only from our local network
allow-query { "internal"; };
allow-recursion { "internal"; };

# Since we have no slave - Do not allow any zone transfers
allow-transfer { none; };

forward first;
forwarders {
NAMESERVER1.YOUR-ISP.COM;
};
};

# Your zones 
#END OF EXAMPLE FILE



--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 24-Jul-2001
Time: 08:56:25
--

RE: [expert] simple vu-meter for linux

[Gregor Maier]

You could try xmms with a plugin. But I'm not sure if recording / getting
signals from Line In is supported but it's worth a try.
www.xmms.org

Gregor


On 19-Jul-2001 joy winter wrote:
> hi all,
> 
> im searching for a simple vu-meter for the line-input of my soundcard. does
> anyone heard about a small tool for this, or a project going on to develop
> something like this??
> 
> any hint apriciated
> 
> g.
> 
> z.
------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 20-Jul-2001
Time: 09:37:54
--

[expert] glibc-2.2.2 with gcc-3.0

[Gregor Maier]

I compiled and installed the gcc-3.0 src rpm from the cooker (this took some
time due to the LOCALE problem).
I installed all generated gcc-3.0 rpms 


Then I tried to recompile the glibc-2.2.2 src.rpm (the one from the LM 8.0
release). It worked fine. When I tried to update (--upgrade) it I got a lot of
dependency problems (file xxx is owned by glibc-2.2.2). I installed this with
--force and nodeps. Everything did fine. No problems.
But when I tried to reboot init was not able to execute any script due to
problems with some libs. I wasn't even able to boot to single user mode...

I had to install LM on seperate partition so that I could reinstall the
glibc-rpms from the LM-8.0 CDs. (I use raid for my /usr partition so the
rescue system from the CD was pretty much useless).

Does anyone know what's the problem. I suppose it has something doto with
gcc-3.0 (because i used the glibc source from the official mdk release).

I've done this two weeks ago and I didn't try again because it was a real pain
and to get my system back.

Gregor

------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 19-Jul-2001
Time: 11:05:15
--

RE: [expert] Routing Firewalls With Mandrake

[Gregor Maier]

The new program to do firewalling, masquerade, portforwarding etc is iptables
(kernel 2.4).
ipchains was used in kernel 2.2.

I don't use any frontend to do my firewall settings I use the iptables command
in a shell script. 

There are good howtos (netfilter-howto, nat-howto) on how to set up a packet
filtering firewall and NAT (masquerading, port-forwarding, etc. at) on
netfilter.filewatcher.org
They are written by the guy who does the kernel programming of this stuff so
they are accurate...

Another node if you want to use ip_forwarding (routing, masquerading) on a
redhat like system (this includes LM) you must set net.ipv4.ip_forward=yes in
your /etc/sysctl.conf file...  This took me quite a lot of time to figure out
on my RH7.1 router. 

On 17-Jul-2001 Dalton Calford wrote:
> I am looking for the best firewall configuration software for Mandrake 
> version 8.
> The firewall that comes in the control panel is next to useless and the tech 
> support centre for mandrake told me that they do not support Bastille. 
> 
> What I am trying to do is this.
> 
> I have two locations, Office1 and Office2
> both locations have a router that connects them to the internet and each has 
> 32 ip addresses.
> The router at each location connects directly to a system we call a SAN 
> (system access node) so we have SAN1 at Office1 and SAN2 at Office2
> Each SAN has three network cards (eth0, eth1, eth2), one for each ethernet 
> segment in the office.
> eth0 connects to the router for the office and nothing else.
> eth1 connects to the rest of the routable ip addresses and is a DMZ.
> eth2 connects to the rest of the office workstations and uses a non-routable 
> ip block.
> All traffic has to travel through the SAN in order to get to any other 
> ethernet segment.
> The SAN acts as a NAT server for the non-routable ip addresses, and acts as a
> intelligent firewall vs a simple filter for the DMZ machines.
> The two SAN's need to set up a secure VPN between them extending the 
> non-routable block accross the two offices.
> 
> The setup is a little more complex than that, but, if I can set that up, I 
> can extrapolate the rest.
> 
> My problem is, I know that the firewalling and masqaurading rules have 
> changed between the 2.2 and 2.4 kernels.  I am getting conflicting 
> instructions from the different books and how-to's depending on what is 
> newer.  I have also found that mandrake makes some assumptions towards 
> security and configuration that conflict with some of the How-to's.
> 
> I need to know, where can I find the how-to's that support Mandrake 8.0 and 
> address my design needs?
> Is there a configuration tool that supports the design I require?
> Has anyone else had any experience in this?
> 
> Mandrake Tech support was useless, even with sitting on hold for 15 minutes 
> while the guy goes to ask someone else what NAT is.
> 
> Although I have always supported Mandrake and bought the Prosuite Edition, I 
> am now regreting having spent the money for support that the company does not
> really provide.
> 
> best regards
> 
> Dalton
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 18-Jul-2001
Time: 13:12:36
--

RE: [expert] XDMCP, and glx extension?

[Gregor Maier]

On 12-Jul-2001 Ferris, Cathal wrote:
> Here's an interesting one...
> Running mandrake 8.0 on a celery333, ati rage lt pro onboard
> Have xdmcp working fine, graphical login across the network (xwin-32), and
> almost everything is going fine.
> On localhost, stuff that uses GL (eg Xscreensaver-gl) appears correctly on
> screen.
> On my windows box, when running GL stuff, this appears:
> 
> Xlib:  extension "GLX" missing on display ":0.0".
> where  is the ip of the machine running the X display remotely
> (actually a win2k box, with tnt2 card)
> Is this an X problem or a local configuration of Xwin32? I have a feeling
> that it is somewhere in my X configuration, but I am not for sure where to
> look.. Any ideas?
> 
Looks like the X-Server running on your Win32 machine is not capable of doing GL
stuff...
Don't know if there are X-Servers for win which can do this.

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 12-Jul-2001
Time: 10:26:57
--

RE: [expert] Iptables

[Gregor Maier]

On 11-Jul-2001 Orlando Reis wrote:
> Hi was wondering if someone can give me some help
> with a problem i'm having with iptables. I wan't to allow
> people to connect to an internal ftp server.
> But some how it doesn't work.
> These are rules I' using for doing the job:
> 
> $IPTABLES -A tcp_allowed -p TCP -i $EXTERNAL_ETH0 --dport 21 -j ACCEPT
> $IPTABLES -A tcp_allowed -p TCP -i $EXTERNAL_ETH0 --dport 20 -j ACCEPT
> 
> $IPTABLES -t nat -A PREROUTING -p tcp -d $EXTERNAL_IP --dport 21 -j DNAT
> --to $INTERNAL_FTP:21
> $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_ETH0 -s $INTERNAL_FTP -j SNAT
> --to $EXTERNAL_IP

You must also allow packages with sourceport 20, 21 (ftp-data and ftp). Since
the every packages the server sends has the source port ftp. Same for ftp-data
(but this time it's the clients side).
In your configuration the client can send packages to the server but the
firewall blocks all responses from that server.


$IPTABLES -A tcp_allowed_in -p TCP -i $EXTERNAL_ETH0 --dport 21 -j ACCEPT
$IPTABLES -A tcp_allowed_in -p TCP -i $EXTERNAL_ETH0 --sport 20 -j ACCEPT

$IPTABLES -A tcp_allowed_out -p TCP -o $EXTERNAL_ETH0 --sport 21 -j ACCEPT
$IPTABLES -A tcp_allowed_out -p TCP -o $EXTERNAL_ETH0 --dport 20 -j ACCEPT

allpy tcp_allowd_in to INPUT chain and tcp_allowed_out to OUTPUT chain

> The clients can't even connect.
> 
> I do an ftp from an external machine with no nat(i.e.), a public ip.
> and nothing happends.
> 
> Orlando
> ---
> 
> 

--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 12-Jul-2001
Time: 09:30:49
--

Re: [expert] Listing files in uninstalled rpm package.

[Gregor Maier]

On 12-Jul-2001 Nathan Callahan wrote:
> I haven't recieved the original message of this one yet, so this may be 
> completely wrong.
> 
> To list the files in an uninstalled package, you can use...
> 
> rpm -qpl 
> 
> The "p" stands for package and is made for doing all sorts of queries on 
> uninstalled packages.

look the query section of the rpm man page. there are a lot of things you can
do with it (not just listing the files)...

------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 12-Jul-2001
Time: 09:23:10
--

Re: [expert] Multiple network cards in a Mandrake firewall/switc

[Gregor Maier]

On 12-Jul-2001 Darcy Brodie wrote:
> I have added the additional nic into the firewall / masqurading machine, and
> configured  it to 192.168.1.128/255.255.255.128
> I can ping the address from the 100mhz network(both from the server, and from
> remote workstations).  However, I connected a  workstation to the new nic
> card (eth2) through a 10mhz hub, and I can not ping either the eth2 card from
> the remote 10mhz workstation, or the remote workstation  from the server.  I
> have verified that the hub and the cables are working. I have even used a
> cross over cable from the workstation to the server, but I still can not ping
> the eth2 card
> 
> Darcy
The Address 192.168.1.128 is the adress of your SUBNET. It't the same as if you
would use the 192.168.1.0 address with the 255.255.255.0 network which also
doesn't work. Use 192.168.1.129 up to .254 instead. On the other subnet you can
use 192.168.1.1 to .126
Reason.
On seach subnetwork you have two addresses which CANNOT be used for Interfaces
(nodes) these are the network adrress (like 192.168.1.0 in Class C) and the
broadcast adrress (192.168.1.255 for Class C). The network adress specifies the
network (necesarry for routing issues) and if you send something to the
broadcast address all hosts in this subnet will be addressed.

This address are calculated from the subnetmask:
192.168.1.xxx & 255.255.255.0 will give you 192.168.1.0 (this is the network
adress).

192.168.1.0 to .127 & 255.255.255.128 will give you 192.168.1.0
(your network address). With .127 as the last address in this net as broadcast

192.168.1.128 to .255 &  255.255.255.128 will give you 192.168.1.128 (again
your network address) with 255 as your broadcast.


--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 12-Jul-2001
Time: 09:09:58
--

RE: [expert] Disable ext2 fsfilesystem check on startup

[Gregor Maier]

On 10-Jul-2001 Jose M. Sanchez wrote:
> As everyone will tell you not a good idea...
> 
> BUT why not set up your partitions as Reiser?
> 
> You'll only need a small /boot partition to be ext2 for startup.
> 
> Reiser doesn't get fsck'd AFAIK (or doesn't need it if your system is
> stable...)
> 
Reiser is Journaling file system. This means is logs everything it does
(removing files, creating,...) If the system crashed Reiser looks at this logs
and then it knows what was not finished (what it is inconsistent on this fs)
and it can fix it. So it has no need to check the filesystem because it already
knows what's wrong
ext2 doesn't have these logs so it needs to check the whole filesystem to check
if it is inconsistent...
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 11-Jul-2001
Time: 09:29:47
--

Re: [expert] Hoto close some ports...

[Gregor Maier]

On 10-Jul-2001 civileme wrote:
> On Tuesday 10 July 2001 09:25, Arman Khalatyan wrote:
>> Hallo!
>> Hoto close some ports...
>> I have Mandrake  7.2 with 2.4.1 kernel.
>> #
>> [arm2arm@icas> arm2arm]$ nmap localhost
>> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
>> Interesting ports on localhost.localdomain (127.0.0.1):
>> (The 1514 ports scanned but not shown below are in state: closed)
>> Port   State   Service
>> 21/tcp openftp
>> 23/tcp opentelnet
>> 25/tcp opensmtp
>> 110/tcpopenpop-3
>> 113/tcpopenauth  <-- I wont to close this one
>> 443/tcpopenhttps
>> 513/tcpopenlogin
>> 1024/tcp   openkdm  <-- I wont to close this one
>> 6000/tcp   openX11<-- I wont to close this one
>> ##
>> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>>
>> Bests ArMan.
> 
> Would you settle for filtered?
> 
> Closing the ports means the server is not running.  Stop kdm and you won't be
> logging in to graphics window managers; stop X and you won't have any 
> graphics system, and stop auth and you won't be able to login.
> 
> 
> iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 6000 DROP
> iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 113 DROP
> iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 1024 DROP
that should be -j DROP and not just DROP (prehaps it will still work but the
correct syntax is -j)
there's a nice howto on iptables and packet filtering at
netfilter.filewatcher.org or look at the ipchains howto at linuxdocs.org (which
can give you additional hints on packet filtering)

> Those are faily strict rules--ssh logins will not be possible externally, nor
> will exports through xhost (where your screen appears on some other
> computer).

> Now you have a problem.  72 does not have iptables, but that is what kernel 
> 2.4 uses.  I am unsure how to activate ipchains for kernel 2.4, and I think 
> you would be well-advised to seek out and compile the tarballs or source rpms
> for iptables since the 8.0 mandrake cannot supply the binaries.
>
there's a module ipchains in kernel 2.4 which will enable use of the ipchains
command (you could still use ipfwadm with the ipfwadm  module...)
 
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 10-Jul-2001
Time: 11:57:06
--

RE: [expert] Hoto close some ports...

[Gregor Maier]

On 10-Jul-2001 Arman Khalatyan wrote:
> Hallo!
> Hoto close some ports...
> I have Mandrake  7.2 with 2.4.1 kernel.
>#
> [arm2arm@icas> arm2arm]$ nmap localhost
> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
> Interesting ports on localhost.localdomain (127.0.0.1):
> (The 1514 ports scanned but not shown below are in state: closed)
> Port   State   Service
> 21/tcp openftp 
> 23/tcp opentelnet  
> 25/tcp opensmtp
> 110/tcpopenpop-3   
> 113/tcpopenauth  <-- I wont to close this one   
> 443/tcpopenhttps   
> 513/tcpopenlogin   
> 1024/tcp   openkdm  <-- I wont to close this one   
> 6000/tcp   openX11<-- I wont to close this one  
>##
> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
> 
port 6000 is needed if you want to use X-Window probably the same with kdm but
i don't know. If you do block them from machines other than yours you'll have
to set up some basic firewall rules.

What to do:
run a "netstat -ap | grep LISTEN". This will show all ports which are open
(where the kernel listens for connections) and it will also show you which
process is listenning there. 
If the process is xinetd this port is serveb by the super server. Go to the
/etc/xinetd.d directory and edit the matching file (should be could auth or
something alike) Add a line disable=yes to it and reload  the xinetd  server's
config files (/etc/init.d/xinetd reload)
If the owner is a different process use linuxconf do disable this process
(system services part if linuxconf).

As i mentioned above another possibility would be a firewall using iptables
(for 2.4 kernels) - have a look at netfilter.filewatcher.org for a HOWTO on
iptables and packet-filtering
 
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 10-Jul-2001
Time: 10:28:34
--

Re: [expert] Show status of adsl connect

[Gregor Maier]

On 10-Jul-2001 Darcy Brodie wrote:
> Gregor Maier wrote:
> 
>
>> >
>> in addition to this job you could also run this script as cronjob which will
>> check if the connection (ppp0 interface) is still up. if not it will
>> reconnect
>> and it will also write to a logfile that the connection was down
>> I've written this script for a SuSE installation, so maybe you have to
>> change
>> some directories...
>>
>> #!/bin/bash
>> #
>> # This script checks if the specified (network-) interface is up by
>> # examining ifconfigs output. If the connection is down a new
>> # connection will be established
>> #
>>
>> # check this interface
>> IFACE=ppp0
>> # the pid-file of the iface
>> PIDFILE=/var/run/$IFACE.pid
>> LOGFILE=/var/log/adsl-status.log
>>
>> # We must be in RL 3 or 5, otherwise the script does nothing
>> if [  $(runlevel | awk '{ print $2 }') -gt 2 ]
>> then
>> if ! /sbin/ifconfig | /usr/bin/grep --silent $IFACE
>> then
>> datestr=$(date +"%Y-%m-%d %H:%M:%S")
>> echo $datestr Interface $IFACE is not up. Reconnecting. >> $LOGFILE
>> /sbin/init.d/adsl stop >> $LOGFILE
>> while [ -e $PIDFILE ]
>> do
>> sleep 1
>> done
>> sleep 2
>> /sbin/init.d/adsl start >> $LOGFILE
>> echo "---" >> $LOGFILE
>> fi
>> fi
>> # END OF FILE
>>
>> /sbin/init.d/adsl is the script that does the work for
>> connecting/unconnecting.
>> On a normal linux installation (everything but SuSE) the directory is
>> /etc/init.d
>>
>> since my ISP uses PPTP and not PPoE for the adsl connection I got some
>> problems
>> when the connection died. (pppd stays alife,). Therefor I shut down the
>> connection with adsl stop (which will kill the pppd), wait until pppd has
>> terminated and then i reconnect.
>>
>> Probalby you can just bring up your connection without the need to stop and
>> then start the connection.
>> So that you can do this:
>>
>> ...
>>  if ! /sbin/ifconfig | /usr/bin/grep --silent $IFACE
>> then
>> datestr=$(date +"%Y-%m-%d %H:%M:%S")
>> echo $datestr Interface $IFACE is not up. Reconnecting. >> $LOGFILE
>> COMMAND TO BRING CONNECTION UP
>> echo "---" >> $LOGFILE
>> fi
>>
> 
> Would I be correct in thinking that this script could be modified to also be
> able
> to monitor, and renew connection via a cable connection, by changing the
> IFACE to
> eth0, adn the commands to stop the connection, adn restart to ifdown eth0 and
> ifup
> eth0 ?  I have had trouble lately with my isp dropping my connection at work,
> and
> nobody can get any of their mail until I get in.
> 
> Darcy
> 
This would only work when your eth0 interface is down after you were
disconnected by your ISP and I don't think so. Run ifconfig after your
connection died and see if you still got the eth0 interface then. If so the
script won't work.
Or maybe you can still use the script with ppp0 device. My adsl connection is
like this. eth0 is connected to my adsl modem and when i bring up the
connection a ppp-tunnel will be created. This means the ppp0 interface is
brought but (again look at ifconfig this time when the connection is up). This
ppp0 interface is my link to the isp. All communication is encapsulated througt
the eth0 interface. Maybe your cable modem works like this.

If not you could use ping to verify your connection the problem is that if you
send 10 packages with ping and just one is lost ping will return a no zero exit
value. So maybe you're reconnection more often than necesarry but i should work
if test your connection like this

Ping must fail 2 times before we believe the connection is down. The reason
is, that when you send 5 ping packages and one gets lost, than there will be a
non zero exit value and the script would reconnect. If we do the ping twice it'
a little better.
 
if ! (ping -c 5 nameserver.yourproiver.com ||
  ping -c 5 nameserver.yourproiver.com )
then
   # connection is - bring it up again
   # do some logging
fi
  

gregor 
--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 10-Jul-2001
Time: 09:03:11
--

RE: [expert] Show status of adsl connect

[Gregor Maier]

> Got adsl yesterday and managed the setup. though not using draknet. I
> tried draknet first but it did not work. Then I ran adsl-setup and added
> a defaultroute in adsl-start. Now it works like a charm.
> Problem is, 1&1 (my provider) cuts the link after 15 minutes
> of inactivity and after 14 hours of continous running.
> 
> 1. I put up a cronjob which sends 1 ping tom my own domain every 14
> minutes.
> 
in addition to this job you could also run this script as cronjob which will
check if the connection (ppp0 interface) is still up. if not it will reconnect
and it will also write to a logfile that the connection was down
I've written this script for a SuSE installation, so maybe you have to change
some directories...

#!/bin/bash
#
# This script checks if the specified (network-) interface is up by
# examining ifconfigs output. If the connection is down a new
# connection will be established
#

# check this interface
IFACE=ppp0
# the pid-file of the iface
PIDFILE=/var/run/$IFACE.pid
LOGFILE=/var/log/adsl-status.log

# We must be in RL 3 or 5, otherwise the script does nothing
if [  $(runlevel | awk '{ print $2 }') -gt 2 ]
then
if ! /sbin/ifconfig | /usr/bin/grep --silent $IFACE
then
datestr=$(date +"%Y-%m-%d %H:%M:%S")
echo $datestr Interface $IFACE is not up. Reconnecting. >> $LOGFILE
/sbin/init.d/adsl stop >> $LOGFILE
while [ -e $PIDFILE ]
do
sleep 1
done
sleep 2
/sbin/init.d/adsl start >> $LOGFILE
echo "---" >> $LOGFILE
fi
fi
# END OF FILE

/sbin/init.d/adsl is the script that does the work for connecting/unconnecting.
On a normal linux installation (everything but SuSE) the directory is
/etc/init.d

since my ISP uses PPTP and not PPoE for the adsl connection I got some problems
when the connection died. (pppd stays alife,). Therefor I shut down the
connection with adsl stop (which will kill the pppd), wait until pppd has
terminated and then i reconnect. 

Probalby you can just bring up your connection without the need to stop and
then start the connection.
So that you can do this:

... 
 if ! /sbin/ifconfig | /usr/bin/grep --silent $IFACE
then
datestr=$(date +"%Y-%m-%d %H:%M:%S")
echo $datestr Interface $IFACE is not up. Reconnecting. >> $LOGFILE
COMMAND TO BRING CONNECTION UP
echo "---" >> $LOGFILE
fi


--
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 09-Jul-2001
Time: 13:00:48
--