RE: Forced DHCP setup
Hello! El mié, 30-10-2002 a las 15:59, C. R. Oldham escribió: ... It is possible, in hotels that have broadband in rooms, and on some university campuses I've been too they have a DHCP server setup to serve addresses from a private block. On that network there is a webserver ... Sorry, I don't know of any opensource packages to do this, but it shouldn't be too hard. Last week I sneeked through and anouncment of an OpenSource authentication server, which seems to do just this. However, I'm not very helpful, because I cannot remember exactly what was it's name ... coming back to the original question: Of course, unless you setup your routers to block packets based on MAC address this won't prevent someone from guessing a valid IP and setting it up static. ... At UNI we will be using IRM to register MAC/IP/hostnames and use a script (I think it is some lines of perl) to create the dhcpd.conf and tinydns-data files for DHCP and DNS. Of course, iptables rules should be easy to create (as well as bind zone-files) too. This way, we just register a new computers MAC, it's user and hostname an asign it an IP number. Rest will be pushed into the systems configuration. However this does not tie a user to his/her computer... Best Regards, Jorge-León P.S.: If you ask for the scripts, you'll have to contribute! They are just not there by now... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Qmail/Postfix/Sendmail for fastest outgoing mail
On Tue, Nov 26, 2002 at 01:33:57AM -0600, [EMAIL PROTECTED] wrote: El lun, 25-11-2002 a las 07:00, Craig Sanders escribi?: On Mon, Nov 25, 2002 at 11:37:58PM +1100, Jason Lim wrote: nope, because postfix has no way of knowing that they were originally the same email(*). postfix has been handed 10 individual emails by qmail, so it will deliver 10 individual emails. Mmm... but, for example, if it scanned it's queue every 30 seconds, for example, it could then combine them together? nope. For example at www.exim.org you find the following paragraphs: SMTP batching [...] When an SMTP delivery succeeds, Exim consults the database to see if there are any other messages waiting for the same host and address. If it finds any, it creates a new Exim process and passes it the open SMTP channel and a message identification. The new process then delivers the waiting message down the existing channel and may in turn cause the creation of yet another process. Any other waiting addresses in the message are skipped. The maximum number of messages sent down one connection is configurable. this is what postfix, and i believe sendmail too, calls connection caching, or re-using an existing SMTP connection to deliver a second (or third or...) message, instead of closing the connection after sending one message and opening new connections for subsequent messages. tis isn't what Jason wanted, which was combining multiple almost-identical messages together into one message. postfix can't do this yet. the author, wietse venema, says it is on his TODO list - i guess he'll start working on it for the dev snapshot after the postfix 1.2 has been released (due about a month from now) what postfix does now is open multiple smtp connections to the same host in parallel if there are multiple different messages to deliver to that host. this is controlled by the smtp_destination_concurrency_limit option. qmail also does multiple parallel deliveries to the same host (always, even when one message is CC-ed to 2+ addresses at the same domain). i don't know whether qmail also does connection caching or not. personally, i'd like to have both connection caching AND parallel delivery - but if i had to choose between them, i'd probably choose parallel. it isn't one of the reasons i use postfix, but i'm not at all dissatisfied with postfix's performance...quite the contrary. This scheme achieves some SMTP efficiency when a number of messages have been queued up for a given host, without the overhead of a heavyweight queueing apparatus. yep, it avoids the overhead of establishing new smtp connections to the same host - i.e. saves a few round-trip delays of possibly several hundred milliseconds (or sometimes more) each. this can be significant. it is particularly useful when outbound smtp connections go through a firewall or NAT box which can only keep track of a limited number of connections. some commercial firewalls have this problem, linux ipchains/iptables doesn't. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re COMPAQ SERVER 3155 Series
how the hell do you boot from the scsi cd rom interface? Samantha Scafe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
On Tue, 26 Nov 2002 at 1:01:02 -0600, [EMAIL PROTECTED] wrote: El mar, 19-11-2002 a las 17:07, jernej horvat escribió: ... I have a question about djbdns - can i have one control file for all IP's/interfaces that i have on one system ? ... You can configure env/IP to 0.0.0.0 so it will listen on _all_ interfaces. I've got related (but contrary) requirement. If I understand djbdns' documentation correctly, it is _impossible_ to run both DNS functions: authoritative-only NS ('tinydns') and recursive/caching server ('dnscache') on the same IP address, right? I know that it's better when these functions are separated and run on different IP addresses. But using different addresses for them is _not_ an option for me, due to various reasons. So, is there any way to run them on one address? As I wrote above, as far as I know, not. But I'd like to be sure. I really wanted to give djbdns a try, but this limitation eliminates djbdns for me :-( . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DNS servers
On Thu, Nov 21, 2002 at 02:38:56AM +0100, Russell Coker wrote: Does multilog allow filtering log messages to determine which ones are worth logging to disk? That's the only feature that I'd like to see in syslog. Yes, see http://cr.yp.to/daemontools/multilog.html (Selecting lines). It's very effective matching, not regular expressions. The code for matching lines in multilog is less than 20 lines C. Regards, Gerrit. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Qmail/Postfix/Sendmail for fastest outgoing mail
I remember, that sendmail, exim, and others have queuing strategies, that try to minimize the number of remote conections. El lun, 25-11-2002 a las 07:00, Craig Sanders escribió: On Mon, Nov 25, 2002 at 11:37:58PM +1100, Jason Lim wrote: nope, because postfix has no way of knowing that they were originally the same email(*). postfix has been handed 10 individual emails by qmail, so it will deliver 10 individual emails. Mmm... but, for example, if it scanned it's queue every 30 seconds, for example, it could then combine them together? nope. For example at www.exim.org you find the following paragraphs: SMTP batching When an SMTP delivery attempt fails, causing the message to be deferred till later, Exim updates a DBM database that contains records keyed by host name plus IP address. Each record holds a list of messages that are waiting for that host and address. When an SMTP delivery succeeds, Exim consults the database to see if there are any other messages waiting for the same host and address. If it finds any, it creates a new Exim process and passes it the open SMTP channel and a message identification. The new process then delivers the waiting message down the existing channel and may in turn cause the creation of yet another process. Any other waiting addresses in the message are skipped. The maximum number of messages sent down one connection is configurable. This scheme achieves some SMTP efficiency when a number of messages have been queued up for a given host, without the overhead of a heavyweight queueing apparatus. --- This is similar to what I'm talking about. I'm just looking to increase efficiency with sending millions of emails. Nope... not running ezmlm at all, just a lot of CGIs (through web/Apache) sending emails. Actually... I wonder... is there any drop-in replacement for /usr/sbin/sendmail that would just dump the emails to another server for actual sending? This should not affect receiving email in the least (hence minimize disruption) but would need to be able to dump the emails at a high rate. I'm not sure if there is such a thing though. In your scenario you could forward the messages to the mail-sending box via the QMTP protocol provided by Qmail. On the Mail sending box you just receive via QMTP and hand it over to Postfix or whatever you decide to use for outgoing mail. QMTP is loots faster then SMTP. But only Qmail supports QMTP, which means the outgoing server must be running QMTP too? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
Tomasz Papszun writes: If I understand djbdns' documentation correctly, it is _impossible_ to run both DNS functions: authoritative-only NS ('tinydns') and recursive/caching server ('dnscache') on the same IP address, right? Right. Two different programs can't bind to port 53 on the same IP address. I know that it's better when these functions are separated and run on different IP addresses. Yes. But using different addresses for them is _not_ an option for me, due to various reasons. Why? Can you list the reasons? For example, do you really need an external cache and a server running on the same machine, which can only have one public IP address? There are many configurations you could try, depending on your network topology. Regards, -- Adriano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Apache mod_proxy as reverse proxy
I've got what seems to be a pretty common setup, and things aren't working correctly and want to know if it's something that I've configured wrong, or if it's something deeper. Here's the setup. Publicly accessable apache box henceforth referred to http://proxy/; Private apache box henceforth referred to as http://internal/; I'd like for anyone to be able to access the server http://proxy/internal and have it be exactly the same as if they were on our private network and accessing http://internal/. Read the apache docs you cry out! I've been down that road my friend, and it works as advertised in the most trivial case. I've set up the following parameters in the virtual host declaration on http://proxy/ ProxyPass /internal/ http://internal/ ProxyPassReverse /internal/ http://internal/ That's according to the Apache mod_proxy Docs on apache.org, easy so far. Everything works as advertised until http://internal/ serves up a redirect or a cgi script to the user via http://proxy/. For instance, if the page http://internal/home.html has the following link on it. a href=/cgi-bin/click.cgiClick here/a Clicking the link will not request http://internal/cgi-bin/click.cgi as it would from our internal network, it would request http://proxy/cgi-bin/click.cgi Now, if I'd have been using absolute URL's in the links (eg http://internal/cgi-bin/click.cgi) I can understand that the link wouldn't work, but I don't see why mod_proxy isn't working the way I expect. It seems that the mod_proxy module should know that a request on http://proxy/internal/* should be treated as a request for http://internal/*. I've poked around with the mod_rewrite module to no immediate avail, I think my answer lies there, but I don't know enough to get started. Anyone have any pointers? Thanks. -- Dustin Douglas -- Free The Lapland Six!!! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re COMPAQ SERVER 3155 Series
as witrh most machines that wont, start with the 2 floppies then switch to the cdrom later Thing On Tue, 26 Nov 2002 13:47, Samantha Scafe wrote: how the hell do you boot from the scsi cd rom interface? Samantha Scafe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim and radius
- Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 25, 2002 9:30 PM Subject: exim and radius I'm using multiple companies to give me good POP coverage, but I'm having a bear of a time allowing my dialup users to be able to send mail through my server, since I have the relaying locked down fairly well. How is anyone doing this. I'm using exim. I've tinkered with the idea of watching the radius log file, and trying to do something with the IP's that are assigned... Tim I'd skip IP based restrictions and use SMTP authentication (SASL). It works in all modern email clients. I'm not sure, but I think exim has support for it. Sincerely, -- Kirk Ismay System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
On Tue, 26 Nov 2002 at 15:27:40 -0200, Adriano Nagelschmidt Rodrigues wrote: Tomasz Papszun writes: If I understand djbdns' documentation correctly, it is _impossible_ to run both DNS functions: authoritative-only NS ('tinydns') and recursive/caching server ('dnscache') on the same IP address, right? Right. Two different programs can't bind to port 53 on the same IP address. Yes, I know that. I hoped (with quite small hope), that there could be some way doing it by means of this svs-something or so... I know that it's better when these functions are separated and run on different IP addresses. Yes. But using different addresses for them is _not_ an option for me, due to various reasons. Why? Can you list the reasons? For example, do you really need an external Reasons are mainly historical. It would be very difficult to suddenly change all delegations, settings of many customers' computers and so on. Generally speaking, things which are dependent on many other persons. Personally, I could get used to new format of files, hard-coded magic filenames, absolute lack of manual pages, let this ugly and ridiculous /service in the / directory and so on, but due to things which would involve other peoples, it's definitely not an option, at least currently. So djbdns is out of discussion. I must say it with sadness because I really would like to use DJB software because of it's security. cache and a server running on the same machine, which can only have one public IP address? Yes. I mean, I can assign more addresses but queries must come to the same address (and answers must go back from the same address). There are many configurations you could try, depending on your network topology. Regards, -- Adriano Thank you for the answer, anyway :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
ANR == Adriano Nagelschmidt Rodrigues [EMAIL PROTECTED] writes: [...] ANR Why? Can you list the reasons? For example, do you really ANR need an external cache and a server running on the same ANR machine, which can only have one public IP address? [...] Here's one: consider the domain bogus.internal served by the proxy/gateway box that also doubles as a caching DNS server for resolvers inside a firewall. This is not unusual. DJB probably covers this case in some FAQ at his site, I am just saying this is not an altogether nutty thing to want as you seem to imply. cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
Hello! cache and a server running on the same machine, which can only have one public IP address? Yes. I mean, I can assign more addresses but queries must come to the same address (and answers must go back from the same address). Set up external dnscache on the public IP, and set up tinydns on IP 127.0.0.1 Then, if you host a domain eg. test.com, you simple create a file: echo 127.0.0.1 /service/dnscachex/root/servers/test.com So when a client is asking for the domain on the public IP, dnscache will ask tinydns on local IP about the domain. This way queries can go to one IP, and come from the same. I hope it helps. Regards, Balazs Kinszler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
Bulent Murtezaoglu writes: ANR == Adriano Nagelschmidt Rodrigues [EMAIL PROTECTED] writes: [...] ANR Why? Can you list the reasons? For example, do you really ANR need an external cache and a server running on the same ANR machine, which can only have one public IP address? [...] Here's one: consider the domain bogus.internal served by the proxy/gateway box that also doubles as a caching DNS server for resolvers inside a firewall. This is not unusual. Just run the server on the public IP address and the cache on the internal (private) IP address. You can easily configure the cache to ask the server for the bogus and in-addr.arpa.x domains. By only have one public IP address I meant only have _one_ IP address, sorry. I also assume that there is no shortage for private IPs (you can always add one more to a host). Regards, -- Adriano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
ANP == Adriano Nagelschmidt Rodrigues [EMAIL PROTECTED] writes: BM Here's one: consider the domain bogus.internal served by the BM proxy/gateway box that also doubles as a caching DNS server for BM resolvers inside a firewall. This is not unusual. ANP Just run the server on the public IP address and the cache on ANP the internal (private) IP address. [...] Hmm, the 127.0.0.1 way outlined by another lister is much better, no need for listening on the public IP. ANP By only have one public IP address I meant only have _one_ ANP IP address, sorry. I also assume that there is no shortage ANP for private IPs (you can always add one more to a host). Oh sure, I was just responding to the who'd need such a thing question, not to the how would one do this if one cannot run both kinds of servers on one interface one. It turns out you weren't asking the question I thought you were! cheers, BM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
Bulent Murtezaoglu writes: Hmm, the 127.0.0.1 way outlined by another lister is much better, no need for listening on the public IP. Sure, if you don't want a public dns server (and don't need a cache in other hosts accessing it, as in your example) that would be the recommended setup. I use a variation of it in my dialup machine (forwarding only dnscache on 127.0.0.1, tinydns on 127.53.0.2). Oh sure, I was just responding to the who'd need such a thing question, not to the how would one do this if one cannot run both kinds of servers on one interface one. It turns out you weren't asking the question I thought you were! What I was trying to say (but expressing myself badly) is that the software can be configured in a very flexible way, and that the functionality separation in two programs (which is a good idea) shouldn't be a problem. Regards, -- Adriano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: djb and multiple IPs
Craig Sanders writes: yep, that's the obvious way to do it. it does leave a few questions, though: 1. can this kind of setup return authoritative answers? I don't think so, you would only be talking to dnscache. If you want a public dns server, you need to run tinydns on a public IP address. 2. can it handle incoming zone-transfer requests for your secondaries? getting other ISPs to change their secondary configuration can be a pain, but getting a customer (who happens to secondary their own domain from your server - not an uncommon situation) is almost impossible. You need to setup axfrdns to handle zone-transfers. tinydns axfrdns can run on the same IP address, because they use different protocols (udp and tcp, respectively). 3. can tinydns send a zone xfer request from the real IP address even when it's configured to run only on 127.0.0.1? Nope, AFAIK. [snip potential flammable material ;-] if i tried doing it, there'd be a week of two of complete chaos, with almost all customers getting the impression that our service was broken (to their eyes, it would be)...and i'd still be dealing with customer problems months later because some customers are just incapable of following clear and simple instructions, sometimes it's difficult enough getting help desk staff to understand what needs to be done - i know all you ISPs out there will find this hard to believe, but it's true :) If you don't provide dns cache (recursive) services to your clients, there's no problem. If you do, you can install new caches at different IPs and give your clients time until you migrate your bind dns servers. what would be useful here is an application layer DNS proxy sitting on port 53 (both tcp and udp), with both authoritative and recursive servers on other IP addresses. that way neither customers, secondary servers, nor help desk staff would need to do anything - as far as they're concerned, nothing has changed. Then you'd be (almost) back to bind. Regards, -- Adriano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Langsing dan Greeng !!
Mohon maaf bila email ini mengganggu anda, bila tidak berkenan mohon agar dihapus saja. Langsing dan Greeng !! Anda kegemukan ? Jangan risau, banyak jalan menuju tubuh ideal. Salah satu jalan menuju tubuh ideal murah dan mudah tanpa efek samping ialah mengkonsumsi secara teratur : Coarse Rice Powder/CRP __3 x 2 sdm/hari Esodia Tea ___. 3 x 1 sachet/hari InsyaAllah __..tubuh ideal segera Anda dapatkan_.dan jangan lupa berdoa saat mengkonsumsinya dengan selang waktu 30 menit Nah_kalau mau ditambah supaya semangat ''kelelakian'' di ranjang berkobar_..konsumsi secara teratur pula : Royal Jelly 500mg ___2 x 1 sachet/hari Vita5-302 x 1 kapsul/hari dan membuktikan bahwa pria yang meminumnya ''terkaget-kaget'' semalaman di ranjang. Tak ayal, jika food supplement ini [aman, alami dan sehat], lebih patut dikonsumsi pria yang loyo. yang akan menjadi saingan berat Viagra. Tanpa efek samping dan membawa nikmat itu yang bakal diburu kaum pria. Langsing dan greng! Tapi jangan lupa_berdoa saat mengkomsumsinya Penjelasan dan pemesanan hubungi [EMAIL PROTECTED] atau SMS 0811 171055 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re Lilo
If I ever wanted to make a boot floppy i've always just done this. cd /usr/src/linux make bzdisk I'm sure theres a debian-specific way, but this way works ;) -- Brad Lay ([EMAIL PROTECTED]) Systems Administrator Samford Net P) +61 7 3855 2233 F) +61 7 3289 5458 W) http://www.samford.net You will contract a disease for which the cure is so expensive that you will die of poverty. On Wed, 27 Nov 2002, Samantha Scafe wrote: How does one make a boot floppy with Lilo on it Samantha Scafe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]