RE: users bypassing shaper limitation
You fail to understand. Drop traffic from any MAC/IP pair that isn't "registered" with you, thus in your traffic shaper configuration. Keeping track of MAC addresses and where they're supposed to be on your network in a campus environment is pretty standard. I work on a University campus and must notify the IT department anytime I want to add a host or move network cards around. If I do not, they will grumble and/or disable the ethernet ports that unknown MAC addresses appear on. In some areas (e.g. student labs) they do that automatically so kids can't just bring their laptop in and hop on napster at 100Mbit. - jsw -Original Message- From: Gerard MacNeil [mailto:[EMAIL PROTECTED] Sent: Monday, July 02, 2001 5:39 AM To: debian-isp@lists.debian.org Subject: Re: users bypassing shaper limitation On Sun, 1 Jul 2001 15:59:34 -0400, "Jeff S Wheeler" <[EMAIL PROTECTED]> wrote: > I have been reading this thread and noticed no one has suggested the MAC > address filtering capabilities in Linux 2.4's new ip tables subsystem. There is no requirement to run 2.4.x and iptables, nor iproute2, to accomplish the policy implementation that was specified. The administrative policy is bandwith control over a defined set of IP addresses. That policy is being circumvented with the current configuration by the whizkids. It is up to the tech to implement a solution. Beside, I'm sure I have a MAC address changer utility (or is that a feature of iproute2) that I downloaded sometime in the past. The same whizkids would use it and circumvent the policy based on MAC addresses with it ... although it would be a trickier thing to accomplish. I think I have read on some mailing list that it is quite a security issue with PPPoE and some wireless connections. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: users bypassing shaper limitation
You fail to understand. Drop traffic from any MAC/IP pair that isn't "registered" with you, thus in your traffic shaper configuration. Keeping track of MAC addresses and where they're supposed to be on your network in a campus environment is pretty standard. I work on a University campus and must notify the IT department anytime I want to add a host or move network cards around. If I do not, they will grumble and/or disable the ethernet ports that unknown MAC addresses appear on. In some areas (e.g. student labs) they do that automatically so kids can't just bring their laptop in and hop on napster at 100Mbit. - jsw -Original Message- From: Gerard MacNeil [mailto:[EMAIL PROTECTED]] Sent: Monday, July 02, 2001 5:39 AM To: [EMAIL PROTECTED] Subject: Re: users bypassing shaper limitation On Sun, 1 Jul 2001 15:59:34 -0400, "Jeff S Wheeler" <[EMAIL PROTECTED]> wrote: > I have been reading this thread and noticed no one has suggested the MAC > address filtering capabilities in Linux 2.4's new ip tables subsystem. There is no requirement to run 2.4.x and iptables, nor iproute2, to accomplish the policy implementation that was specified. The administrative policy is bandwith control over a defined set of IP addresses. That policy is being circumvented with the current configuration by the whizkids. It is up to the tech to implement a solution. Beside, I'm sure I have a MAC address changer utility (or is that a feature of iproute2) that I downloaded sometime in the past. The same whizkids would use it and circumvent the policy based on MAC addresses with it ... although it would be a trickier thing to accomplish. I think I have read on some mailing list that it is quite a security issue with PPPoE and some wireless connections. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: disk partition schemes
On Saturday 30 June 2001 17:49, Christian Hammers wrote: > On Fri, Jun 15, 2001 at 10:13:33AM -0400, Kevin J. Menard, Jr. wrote: > > Basically, I have 20 gigs of space to tinker with (well, there's > > really 40 there, but I run a hardware RAID 10). I also have half a > > gig of SDRAM (sure this would matter with swap space). Now, I have > > no problem running fdisk or anything, but I wanted to get a feel for > > what people are doing for various types of systems. > > Seperated partitions are usefull for the following reasons for me: > * /boot because old bootloaders (and new?) have problems with bzImage > files over a certan sector number, i.e. it should be at the start of > your HDD. If your root file system is at the start then it is unlikely to be large enough to break any boot loaders. Recent boot loaders are very capable... > * /var, as used for logs, can fill up completely if a program > get mad and prevent other programs than just syslogd from working if > it's on / chgrp log /var/log/*log Set quota for log group. Problem solved? > Something I would suggest you, too is LVM. There you can partition your > harddisc(s) in arbitrary pieces (physical extends), put them together > in a big heap (volume group) and from this heap you can cut out your > virtual discs (logical volumes) and resize them as needed no matter if > they are physically in a line or scattered over all harddiscs. > Of course this requires a filesystem that can adjust, too, only > extending the (virtual) partition alone doesn't help. But reiserfs > (AFAIK) and ext2/ext3 can do it. > (well but keep in mind that this is not 10-year-approved technology so > maybe not use it with your best paying customer..) From what I've seen LVM is much better at breaking data into pieces than it is at putting them back together... I wanted to take over maintenance of the LVM packages for Debian but couldn't because I couldn't get it working with a recent kernel! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Qmail errors
Outlook ignores the SMTP spec by not enclosing the e-mail addresses in angle brackets (although microsoft blames "older mail server systems"): http://support.microsoft.com/support/kb/articles/Q197/4/17.ASP?LN=EN-US&SD=gn&FR=0 Djb did a workaround for this (stupid RFC ignorant clients) on qmail version 1.03, install it. Thus spake Robert Ruzbacky, on Mon, Jul 02, 2001 at 08:59:28PM +1000: > Currently I am having a problem with qmail. Our users are getting the > following error when sending mail via SMTP: > > > "No transport provider was available for delivery to this recipient" > > The client they are using is Microsoft Outlook. I can send via Outlook > express, and it works fine on my machine. I check the qmail logs, but cannot > find any bounce message. The error bounces back to the user with systems > administrator as the user. With Microsoft Outlook, internet email is enabled > as well as Microsoft Mail (the old win3.11 pop system) for internal mail. > > Any ideas? I am running a debian 1.3 server with qmail being v1.02. > > > Thanks > > Rob.. > > -- Jose Celestino <[EMAIL PROTECTED]> - "Existence takes is toll, extinction unfolds, The Colossus falls back from its threshold" -- Borknagar - Colossus
Re: disk partition schemes
On Saturday 30 June 2001 17:49, Christian Hammers wrote: > On Fri, Jun 15, 2001 at 10:13:33AM -0400, Kevin J. Menard, Jr. wrote: > > Basically, I have 20 gigs of space to tinker with (well, there's > > really 40 there, but I run a hardware RAID 10). I also have half a > > gig of SDRAM (sure this would matter with swap space). Now, I have > > no problem running fdisk or anything, but I wanted to get a feel for > > what people are doing for various types of systems. > > Seperated partitions are usefull for the following reasons for me: > * /boot because old bootloaders (and new?) have problems with bzImage > files over a certan sector number, i.e. it should be at the start of > your HDD. If your root file system is at the start then it is unlikely to be large enough to break any boot loaders. Recent boot loaders are very capable... > * /var, as used for logs, can fill up completely if a program > get mad and prevent other programs than just syslogd from working if > it's on / chgrp log /var/log/*log Set quota for log group. Problem solved? > Something I would suggest you, too is LVM. There you can partition your > harddisc(s) in arbitrary pieces (physical extends), put them together > in a big heap (volume group) and from this heap you can cut out your > virtual discs (logical volumes) and resize them as needed no matter if > they are physically in a line or scattered over all harddiscs. > Of course this requires a filesystem that can adjust, too, only > extending the (virtual) partition alone doesn't help. But reiserfs > (AFAIK) and ext2/ext3 can do it. > (well but keep in mind that this is not 10-year-approved technology so > maybe not use it with your best paying customer..) From what I've seen LVM is much better at breaking data into pieces than it is at putting them back together... I wanted to take over maintenance of the LVM packages for Debian but couldn't because I couldn't get it working with a recent kernel! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Qmail errors
Currently I am having a problem with qmail. Our users are getting the following error when sending mail via SMTP: "No transport provider was available for delivery to this recipient" The client they are using is Microsoft Outlook. I can send via Outlook express, and it works fine on my machine. I check the qmail logs, but cannot find any bounce message. The error bounces back to the user with systems administrator as the user. With Microsoft Outlook, internet email is enabled as well as Microsoft Mail (the old win3.11 pop system) for internal mail. Any ideas? I am running a debian 1.3 server with qmail being v1.02. Thanks Rob..
Re: Qmail errors
Outlook ignores the SMTP spec by not enclosing the e-mail addresses in angle brackets (although microsoft blames "older mail server systems"): http://support.microsoft.com/support/kb/articles/Q197/4/17.ASP?LN=EN-US&SD=gn&FR=0 Djb did a workaround for this (stupid RFC ignorant clients) on qmail version 1.03, install it. Thus spake Robert Ruzbacky, on Mon, Jul 02, 2001 at 08:59:28PM +1000: > Currently I am having a problem with qmail. Our users are getting the following >error when sending mail via SMTP: > > > "No transport provider was available for delivery to this recipient" > > The client they are using is Microsoft Outlook. I can send via Outlook express, and >it works fine on my machine. I check the qmail logs, but cannot find any bounce >message. The error bounces back to the user with systems administrator as the user. >With Microsoft Outlook, internet email is enabled as well as Microsoft Mail (the old >win3.11 pop system) for internal mail. > > Any ideas? I am running a debian 1.3 server with qmail being v1.02. > > > Thanks > > Rob.. > > -- Jose Celestino <[EMAIL PROTECTED]> - "Existence takes is toll, extinction unfolds, The Colossus falls back from its threshold" -- Borknagar - Colossus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: users bypassing shaper limitation
On Sun, 1 Jul 2001 15:59:34 -0400, "Jeff S Wheeler" <[EMAIL PROTECTED]> wrote: > I have been reading this thread and noticed no one has suggested the MAC > address filtering capabilities in Linux 2.4's new ip tables subsystem. There is no requirement to run 2.4.x and iptables, nor iproute2, to accomplish the policy implementation that was specified. The administrative policy is bandwith control over a defined set of IP addresses. That policy is being circumvented with the current configuration by the whizkids. It is up to the tech to implement a solution. Beside, I'm sure I have a MAC address changer utility (or is that a feature of iproute2) that I downloaded sometime in the past. The same whizkids would use it and circumvent the policy based on MAC addresses with it ... although it would be a trickier thing to accomplish. I think I have read on some mailing list that it is quite a security issue with PPPoE and some wireless connections. Gerard MacNeil System Administrator
Qmail errors
Currently I am having a problem with qmail. Our users are getting the following error when sending mail via SMTP: "No transport provider was available for delivery to this recipient" The client they are using is Microsoft Outlook. I can send via Outlook express, and it works fine on my machine. I check the qmail logs, but cannot find any bounce message. The error bounces back to the user with systems administrator as the user. With Microsoft Outlook, internet email is enabled as well as Microsoft Mail (the old win3.11 pop system) for internal mail. Any ideas? I am running a debian 1.3 server with qmail being v1.02. Thanks Rob..
Re: users bypassing shaper limitation
On Sun, 1 Jul 2001 15:59:34 -0400, "Jeff S Wheeler" <[EMAIL PROTECTED]> wrote: > I have been reading this thread and noticed no one has suggested the MAC > address filtering capabilities in Linux 2.4's new ip tables subsystem. There is no requirement to run 2.4.x and iptables, nor iproute2, to accomplish the policy implementation that was specified. The administrative policy is bandwith control over a defined set of IP addresses. That policy is being circumvented with the current configuration by the whizkids. It is up to the tech to implement a solution. Beside, I'm sure I have a MAC address changer utility (or is that a feature of iproute2) that I downloaded sometime in the past. The same whizkids would use it and circumvent the policy based on MAC addresses with it ... although it would be a trickier thing to accomplish. I think I have read on some mailing list that it is quite a security issue with PPPoE and some wireless connections. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]