Re: Still Considering Debian - But Stuck!
Just to follow up: If you do want to install Debian with the 2.4 kernel just use the BF24 boot option when installing from CD. A complete list of boot options is available when installing from CD. You then will have 2.4 options (i.e. drivers, ext3, etc.) available during the install process. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting
Re: Still Considering Debian - But Stuck!
Just to follow up: If you do want to install Debian with the 2.4 kernel just use the BF24 boot option when installing from CD. A complete list of boot options is available when installing from CD. You then will have 2.4 options (i.e. drivers, ext3, etc.) available during the install process. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: 2.6 kernel network interface assignment order
Take a look at: http://www.xenotime.net/linux/doc/network-interface-names.txt This seems to be what you want. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Tommy Moore wrote: > > You won't be able to do this I don't think if the cards you are using > operate off the same module. > > Tommy > > On Thu, Jan 29, 2004 at 10:15:09PM +0100, Franz Georg K??hler wrote: > > On Do, Jan 29, 2004 at 03:47:26 -0500, Eric Sproul <[EMAIL PROTECTED]> > > wrote: > > > On Thu, 2004-01-29 at 14:55, Franz Georg K??hler wrote: > > >> This occasionally happens with new kernel releases. > > > > > > I'd like to know why. > > > > I think this is related to the pci-bus initialization-, ACPI-code, etc. > > Upgrading to a new major release also means experiencing major changes. > > > > I noticed this when I upgraded from 2.2 to 2.4 . > > > > If you're using a modular kernel you should be able to influence the > > device names by loading the modules in a specific order. > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: 2.6 kernel network interface assignment order
Take a look at: http://www.xenotime.net/linux/doc/network-interface-names.txt This seems to be what you want. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Tommy Moore wrote: > > You won't be able to do this I don't think if the cards you are using > operate off the same module. > > Tommy > > On Thu, Jan 29, 2004 at 10:15:09PM +0100, Franz Georg K??hler wrote: > > On Do, Jan 29, 2004 at 03:47:26 -0500, Eric Sproul <[EMAIL PROTECTED]> wrote: > > > On Thu, 2004-01-29 at 14:55, Franz Georg K??hler wrote: > > >> This occasionally happens with new kernel releases. > > > > > > I'd like to know why. > > > > I think this is related to the pci-bus initialization-, ACPI-code, etc. > > Upgrading to a new major release also means experiencing major changes. > > > > I noticed this when I upgraded from 2.2 to 2.4 . > > > > If you're using a modular kernel you should be able to influence the > > device names by loading the modules in a specific order. > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SOP for debian isp/corporate server...
Prasad, 1) There is a manual on securing Debian at: http://www.debian.org/doc/manuals/securing-debian-howto 2) There really is no SOP on "bloat" because one man's bloat is another's needed service. You, however, can create your own. Basically do an install and add/strip whatever packages you want. Once you have your "perfect" set of packages do a: dpkg --get-selections '*' > {some-file-name} You will now have a list of the status of all Debian packages (i.e. installed, purged, etc.) on your system. Next time you do an install do a: dpkg --set-selections < {some-file-name} then run apt-get dselect-upgrade This will add and remove packages as needed to bring the packages on your new system exactly like the base system. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Ho Quoting prasad <[EMAIL PROTECTED]>: > hi, > > As many of you must have experienced, there are usual SOPs for setting > up > non-bloated, secure bare-bones Servers with respective OSs eg for > solaris. > > Is there SOP for debian, if not, I guess this list is better poised to > produce one. Any links, pointers... I have googled, but didn't find any > old > message, > > What applies for isp-servers also applies for corporate servers which > are > 24/7 connected to net for things like mail etc, which need to take > similar > precautions. One of the reasons I have found, one company took a policy > decision to not deploy to linux servers some time back, is becuse these > rapidly moving distros like RH with insecure preinstalled bloat, was > causing > major maintainance & security hasle. Now that RH is out of picture, and > debian just the kind of thing made for such a configuration, SOP will > help. > > regards, > prasad > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > sting
Re: SOP for debian isp/corporate server...
Prasad, 1) There is a manual on securing Debian at: http://www.debian.org/doc/manuals/securing-debian-howto 2) There really is no SOP on "bloat" because one man's bloat is another's needed service. You, however, can create your own. Basically do an install and add/strip whatever packages you want. Once you have your "perfect" set of packages do a: dpkg --get-selections '*' > {some-file-name} You will now have a list of the status of all Debian packages (i.e. installed, purged, etc.) on your system. Next time you do an install do a: dpkg --set-selections < {some-file-name} then run apt-get dselect-upgrade This will add and remove packages as needed to bring the packages on your new system exactly like the base system. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Ho Quoting prasad <[EMAIL PROTECTED]>: > hi, > > As many of you must have experienced, there are usual SOPs for setting > up > non-bloated, secure bare-bones Servers with respective OSs eg for > solaris. > > Is there SOP for debian, if not, I guess this list is better poised to > produce one. Any links, pointers... I have googled, but didn't find any > old > message, > > What applies for isp-servers also applies for corporate servers which > are > 24/7 connected to net for things like mail etc, which need to take > similar > precautions. One of the reasons I have found, one company took a policy > decision to not deploy to linux servers some time back, is becuse these > rapidly moving distros like RH with insecure preinstalled bloat, was > causing > major maintainance & security hasle. Now that RH is out of picture, and > debian just the kind of thing made for such a configuration, SOP will > help. > > regards, > prasad > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > sting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Root Hints Problem after Security Update
Hello All, After applying the latest Debian Woody security update to BIND I am getting sysquery errors logged to the daemon log complaining that bind can't get an address for any of the root servers. Everything I can find says that the problem is an out-of-date root hints file but I have downloaded the latest one from Internic and also used dig to create one, but both produce the same errors. I should also note that bind was happy with the old root hints file before the security update. Anyone else having this problem? Any suggestions? Pete Billson -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting
Root Hints Problem after Security Update
Hello All, After applying the latest Debian Woody security update to BIND I am getting sysquery errors logged to the daemon log complaining that bind can't get an address for any of the root servers. Everything I can find says that the problem is an out-of-date root hints file but I have downloaded the latest one from Internic and also used dig to create one, but both produce the same errors. I should also note that bind was happy with the old root hints file before the security update. Anyone else having this problem? Any suggestions? Pete Billson -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian on a Dell-Server???
Daniel, Debain works fine on Dells. A couple tips assuming you are installing from the Woody CD: 1) Use the BF24 boot option so that you are installing a 2.4 kernel and not the default 2.2 kernel 2) You may run into problems with your RAID array due to a chicken/egg problem with the driver. There is a perfect "how-to" at http://lists.us.dell.com/pipermail/linux-poweredge/2002-September/003971.html to work around the problem. The how-to says you can do it on the system during install but I have found it is *much* easier to make the driver floppy on another system first. 3) There is more info on Matt Domsch's page at http://domsch.com/linux Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Daniel Holze wrote: > > Hello debian-isp, > > Anyone know, if i can Debian on an Dell-Server? > Dell says olny RedHat9 :-/ > > -- > Best wishes, > > DWL-Deutsche Webleasing oHG > Daniel Holze > Technical Director > Hanauer Landstrasse 320 > D-60314 Frankfurt > > Telefon: +49 (0)69 403 57 990 > Telefax: +49 (0)69 403 57 991 > > http://www.dwleasing.de > mailto:[EMAIL PROTECTED] > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian on a Dell-Server???
Daniel, Debain works fine on Dells. A couple tips assuming you are installing from the Woody CD: 1) Use the BF24 boot option so that you are installing a 2.4 kernel and not the default 2.2 kernel 2) You may run into problems with your RAID array due to a chicken/egg problem with the driver. There is a perfect "how-to" at http://lists.us.dell.com/pipermail/linux-poweredge/2002-September/003971.html to work around the problem. The how-to says you can do it on the system during install but I have found it is *much* easier to make the driver floppy on another system first. 3) There is more info on Matt Domsch's page at http://domsch.com/linux Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Daniel Holze wrote: > > Hello debian-isp, > > Anyone know, if i can Debian on an Dell-Server? > Dell says olny RedHat9 :-/ > > -- > Best wishes, > > DWL-Deutsche Webleasing oHG > Daniel Holze > Technical Director > Hanauer Landstrasse 320 > D-60314 Frankfurt > > Telefon: +49 (0)69 403 57 990 > Telefax: +49 (0)69 403 57 991 > > http://www.dwleasing.de > mailto:[EMAIL PROTECTED] > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: two ethernet ports on one PCI NIC?
Steven, Intel makes duel and quad port NIC cards that are fully supported and have worked great for me. http://www.intel.com/network/connectivity/products/server_adapters.htm BTW - if you only need one Intel will sell you one "evaluation" card for a great price! Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting "Jones, Steven" wrote: > > Think you will have to go to a 4 port NIC, Im not aware of a 2 port one, > > I know of 2 made but I have not tried either, one is a dlink unit (the other > intel or 3com?)and Ive used the single port version so the chipset works, > but not if 4 are seen by Debian (you can send me one to try if you want > ). > > regards > > Steven > > -Original Message- > From: Chris Evans [mailto:[EMAIL PROTECTED] > Sent: Friday, 10 October 2003 8:58 AM > To: [EMAIL PROTECTED] > Subject: two ethernet ports on one PCI NIC? > > I run a small postfix/ecartis Email list service (double opt in) for > some charities. My firewall is due to be replaced and I'd like to go > for one of these new tiny, very quiet boxes since the old things I've > got do create a great racket in my study and take up space. All the > tiny boxes I'm considering have one ethernet port on the motherboard > but only one PCI slot. Anyone know of a reliable dual ethernet NIC > for PCI that has linux drivers (Debian tested ideally)? > > TIA, > > Chris > PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling >and Therapeutic Communities; practice, research, >teaching and consultancy. > Chris Evans & Jo-anne Carlyle > http://psyctc.org/ Email: [EMAIL PROTECTED] > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: multi-terabyte disks
Noah, The 2.4.x kernels do have a 2Tb limit but that is "fixed" in => 2.5.40 / 2.6 kernels. You could, of course, partition your 10Tb array into 5 logical drives to solve the problem with the 2.4.x kernel. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting "Noah L. Meyerhans" wrote: > > Am I correctly interpreting pages such as > http://www.gelato.unsw.edu.au/IA64wiki/LargeBlockDevices in my > understanding that Linux 2.4 can not address the entire capacity of a 3 > terabyte disk? I find this very surprising if it's true. I would have > expected there to be some demand for such a feature, especially since > multiple-terabyte disk arrays can be found $10k or less these days. > > noah > > >Part 1.2Type: application/pgp-signature -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: splitting a subnet in an odd way
Leonardo, I may not exactly understand what you are trying to do but if the only thing you are trying to accomplish is firewalling the machines differently, couldn't you just: 1) assign them different gateways. The "open" machines would use the "real" gateway. The other two groups would use the trusted side of the two firewalls as gateways. The firewalls would use your "real" gateway to forward the packets to/from the world. The "two" firewalls could be one Linux box with a couple interfaces and appropriate firewall rules. 2) just write the firewall rules to do what you want. Why not just write your firewall rules to do what you want? Pass IPs x to y without filtering, etc., etc. This seems most straight forward. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting > > On Wednesday 24 September 2003 10:47, Leonardo Boselli wrote: > > > > > I have a /24 subnet. > > > .1 is the gateway and almost all IP from 2 to 254 are occupied. > > > I would like to split the host in three groups: > > > 12 that can have full access, 12 thought one firewall and the other 205 > > > throught a second firewall. > > > I cannot chanmge the number of some machines, so the only option is > > > that the first 12 and the two firewalls are .2 to .14 > > > the second group is .18 to .29 and the third vould keep is present > > > numbers between .36 and .254. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Routingtable vulnerability
Thomas, My brother tells me that there has been some discussion about this on the kernel list. RedHat's patch was applied to 2.4.21 (plus 2.5.69) but people are reporting that the patch breaks other things so it is not yet ready for prime time. At this point this remains only a theoretical flaw which someone noticed while hacking on the kernel. No one has shown an actual exploit. Until the kernel hackers can do their thing, there isn't much the Debian project can do. You may want to monitor the kernel list for more up-to-date information. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Thomas Hebinck wrote: > > Hi, > > is there really nobody who knows anything about this vulnerability? > We use Debian Woody as firewall ... > > Sincerely, > Thomas > > >-Original Message- > >From: www-data [mailto:[EMAIL PROTECTED] Behalf Of > >[EMAIL PROTECTED] > >Sent: Wednesday, May 21, 2003 11:50 AM > >To: debian-isp@lists.debian.org > >Subject: Routingtable vulnerability > > > > > > > > > >Due to the fact that I'm only subscribed to two Debian related Mailinglists > >(debian-isp and security-announce) I haven't heard of any discussions about > >the > >newly discoverd Kernel vulnerability (Routingtables, > >http://rhn.redhat.com/errata/RHSA-2003-172.html). > >Has this been discussed on Debian-Lists and are there any countermesasures > >recommended? > > > >Best Regards, > >Dominik Schulz > > > >- > >This mail sent through IMP: http://horde.org/imp/ > > > > > >-- > >To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Procmail weirdness
Hello *, I'm having some procmail weirdness that I can't get my brain around. I have a box running exim with two domains that sort to various system users. Every user has a procmailrc file in their home directory like this: LINEBUF=4096 MAILDIR=$HOME/Maildir/ :0 c * $HOME/MailBU/Inbound/ :0 $MAILDIR This works perfectly for the primary domain but not the virtual domain. For the "broken" domain, if I put this procmailrc file in a user's home directory their mail gets delivered in mbox format to /var/spool/mail/{username}. If I remove it it gets delivered in maildir format to /home/{username}/Maildir/new as it should. Any suggestions as to where to look for the problem? Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting
Re: NON-US can anyone reach aljazeera.net?
>From New York area of US I can resolve www.aljazeera.net, but not >english.aljazeera.net. My traceroute dies on a nice.francetelecom hop. Pete Martin Wheeler wrote: > > On Tue, 25 Mar 2003 [EMAIL PROTECTED] wrote: > > > Can anyone reach aljazeera.net or english.aljazeera.net from outside > > of US? Or any nameservers for it? > > 2003-03-26 01:15 GMT > > OK -- looks like we in the UK are going to be allowed to read it in Arabic.
Re: NON-US can anyone reach aljazeera.net?
>From New York area of US I can resolve www.aljazeera.net, but not >english.aljazeera.net. My traceroute dies on a nice.francetelecom hop. Pete Martin Wheeler wrote: > > On Tue, 25 Mar 2003 [EMAIL PROTECTED] wrote: > > > Can anyone reach aljazeera.net or english.aljazeera.net from outside > > of US? Or any nameservers for it? > > 2003-03-26 01:15 GMT > > OK -- looks like we in the UK are going to be allowed to read it in Arabic. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Denial of Service via UCE
Pulu, You may want to ask someone with a fatter pipe to act as your MX where they can bit-bucket the UCE then forward on the good stuff to you. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Pulu 'Anau wrote: > > Hi, this is not particularly a debian related question but this is the > most knowledgable list that I track, and I hope someone here might have a > "miracle answer" that we can't think of. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: cybercafe management software
Remi, You may want to check out the LTSP (Linux Terminal Server Project - www.ltsp.org) mailing list. There has been several threads about public kiosks. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Rémi Letot wrote: > > Hi all, > > don't know if this is the right list for such problems, but after all > a cybercafe is also an isp, so here it is: > > I'm in search of a management software for a cybercafe. The firewall > will be debian, the stations will multiboot win/lin. > > I'd like to be able to manage who can login on which machine, until > when, and if internet connectivity is granted. So clients pay, then > they are given a machine number and a username/password pair which is > valid on that machine until the time expires. Idem for internet > connectivity for that machine. > > Client <-> machine mapping is a plus but not a requirement (but I > think it's easier to tell which machine can connect through the fw > than which client). > > The most basic setup would be management of the firewall rules in a > clean interface, time management being done by hand. The system has to > be usable by a complete non techie, so no way to do it with a real > firewall management program. > > Well, I think you get the idea of what I'd like. It does not have to > be a complete killer solution (although that would be best :-), but it > has to tackle the job and be simple to use. > > Does it exist in the free world? Note that if it exists but not in > debian, I would be willing to package it. > > Thanks, > -- > Rémi > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Problem while compiling wanpipe.o
Michelle, As I understand it you do not compile Wanpipe into the kernel you compile wanpipe separately but you must have the kernel source that you used to compile your current kernel. My guess is that the symbols complaint is due to that fact that your kernel source does not match your running kernel. BTW - Sangoma's tech support is *great*. I have found that questions emailed to them (during business hours) are returned very quickly and actually help! :-) Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Michelle Konzack wrote: > > Hello, > > I have a Sangoma Wanpipe and need to compile a new Kernel which support > it. I have tried to compile the module and compiled into the kernel. > > But I get every time I compile it many error messages about 'symboles' > or something like this. Sorry, I can not give you better informations, > because curently I have NO internet access at home and I am writing > this E-Mail in a cyber-center. > > Please can anyone help me out ? > > I need the module urgently, becaue I must install it at a client. > > Please note:This error ocures in Kernel 2.4.18 and 2.4.19 > > Many thanks in advance > Michelle > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backup Web Server
Rizal, Check out HA (High Availability) http://linux-ha.org Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting [EMAIL PROTECTED] wrote: > >Can anyone pls tell me how to setup a Backup Web Server..meaning if the > primary Web Server fails, it will automatically go to a seperate Web > Server. > > ex. > > Home User - www.abc.com > > Server Unit 1 - www.abc.com : but if the unit bogs down > it will go to, > > Server Unit 2 - www.abc.com > > Can this be possible? > > Rizal > > "If you think you play too much, play more" > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bind8 to Bind9
Hey *, I am planning the move from Bind8 to Bind9 on woody and was wondering if anyone has any tips, gotchas or pointers I should know before the move. Thanks in advance. Pete
Bind8 to Bind9
Hey *, I am planning the move from Bind8 to Bind9 on woody and was wondering if anyone has any tips, gotchas or pointers I should know before the move. Thanks in advance. Pete -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Pipeline internet help
Johnno, That depends on where the second pipe is coming from. If it is coming from a different NOC of the same upstream company then they should take care of all the messy routing details. If you use multiple providers then use BGP to provide multiple routes for your IP blocks. Your upstream should be able to help you with this. BTW - be sure that your redundant connection is truly redundant. Here in the US many providers rent equipment space in the telcos office so one fire in a telco can take out all the different providers. You backup connection should take a *completely* different route from start to end, including the wires to your building (of course a totally separate building is even better :-) otherwise a single falling tree somewhere along the path could eliminate both connections. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Johnno wrote: > > Hello All, > > At the moment the servers I ran has only one pipline to the net, Now I am > looking at adding other one as a backup.. > > How do I go about make the second as a backup so if the first goes down the > second will take over?? > > Then when the first one goes back online that will be used putting the > second back into backup > > will our ip addresses work with both feeds? > > Thanks, > Johnno > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Pipeline internet help
Johnno, That depends on where the second pipe is coming from. If it is coming from a different NOC of the same upstream company then they should take care of all the messy routing details. If you use multiple providers then use BGP to provide multiple routes for your IP blocks. Your upstream should be able to help you with this. BTW - be sure that your redundant connection is truly redundant. Here in the US many providers rent equipment space in the telcos office so one fire in a telco can take out all the different providers. You backup connection should take a *completely* different route from start to end, including the wires to your building (of course a totally separate building is even better :-) otherwise a single falling tree somewhere along the path could eliminate both connections. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Johnno wrote: > > Hello All, > > At the moment the servers I ran has only one pipline to the net, Now I am > looking at adding other one as a backup.. > > How do I go about make the second as a backup so if the first goes down the > second will take over?? > > Then when the first one goes back online that will be used putting the > second back into backup > > will our ip addresses work with both feeds? > > Thanks, > Johnno > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: APC PowerChute on Linux
Andreas, It has been a while since I played with it, but if I remember correctly the documentation said that Linux can't be the master only a slave. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Andreas Rabus wrote: > > Hi, > > It's not free software, but i think i need it as master for two for the > Windoze Servers on the UPS. > So i tried to install PowerChute for linux on my debian box. > > Did not work for now > > Anybody managed it already? > > I searched the web and found a page: > http://homepage2.nifty.com/drpanda/tech/opensource/debian-ups.html > But i can't read it. > Can any body help by translating this page? > > Thanks in advance, > > ar > > Andreas Rabus > entity38 AG > > Isartalstr. 44b/Rgb. > 80469 München > > Tel +49 (89) 286772-27 > Fax +49 (89) 286772-21 > ISDN +49 (89) 286772-30 > ICQ #132675697 > > [EMAIL PROTECTED] > www.entity38.de > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rm: cannot unlink `sendmail': Operation not permitted
try chattr -i /usr/sbin Even if sendmail is set -i, if the directory is immutable you will not be able to rm it. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Jason Lim wrote: > > Hi all, > > This is happening on a Redhat 7.2 system, but i think it would apply > across all Linux distros. > > [EMAIL PROTECTED] sbin]# pwd > /usr/sbin > [EMAIL PROTECTED] sbin]# chattr -iu sendmail > [EMAIL PROTECTED] sbin]# rm sendmail > rm: remove `sendmail'? y > rm: cannot unlink `sendmail': Operation not permitted > > [EMAIL PROTECTED] sbin]# ls -al sendmail > -rwxr-xr-x 1 root root99161 May 1 01:21 sendmail > > That is happening for all the files in that directory. > > strace rm sendmail: > > lstat64("sendmail", {st_mode=S_IFREG|0755, st_size=99161, ...}) = 0 > access("sendmail", W_OK)= 0 > unlink("sendmail") = -1 EPERM (Operation not > permitted) > > Any ideas as to what may be happening? > > Sincerely, > Jason > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rm: cannot unlink `sendmail': Operation not permitted
try chattr -i /usr/sbin Even if sendmail is set -i, if the directory is immutable you will not be able to rm it. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Jason Lim wrote: > > Hi all, > > This is happening on a Redhat 7.2 system, but i think it would apply > across all Linux distros. > > [root@linux1 sbin]# pwd > /usr/sbin > [root@linux1 sbin]# chattr -iu sendmail > [root@linux1 sbin]# rm sendmail > rm: remove `sendmail'? y > rm: cannot unlink `sendmail': Operation not permitted > > [root@linux1 sbin]# ls -al sendmail > -rwxr-xr-x 1 root root99161 May 1 01:21 sendmail > > That is happening for all the files in that directory. > > strace rm sendmail: > > lstat64("sendmail", {st_mode=S_IFREG|0755, st_size=99161, ...}) = 0 > access("sendmail", W_OK)= 0 > unlink("sendmail") = -1 EPERM (Operation not > permitted) > > Any ideas as to what may be happening? > > Sincerely, > Jason > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How fast can Linux-Firewalls be?
[EMAIL PROTECTED] wrote: > What minimum characteristics would a Linux IP Masquerading Firewall > Box need, to run a 100 Mbps link without slowing down traffic. There was some discussion last January (2001) about this type of thing. The problem you will run into if you are using POTS Intel hardware is the PCI bus speed, so you are going to have a tough time filling one 100Mbs connection with an old Pentium - assuming an old 66Mhz PCI bus. You can forget about filling two or more. Also, cheap NICs will do more to kill your max. throughput. That being said, I run old Pentium 133s with 64Mb RAM in several applications as routers and can notice no network latency on a 100BaseT network, but I have never benchmarked the machines. Usually the bottlenecks are elsewhere - i.e. server hard drive throughput. Packet routing, filtering, masquerading really doesn't require much CPU horsepower. > With two old Pentium boxes and Debian, I could set up a Firewall and a > network traffic watcher within a few hours, thus relieving some > tecnical flaws of the University Network. Linux. World domination... fast. Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: How fast can Linux-Firewalls be?
[EMAIL PROTECTED] wrote: > What minimum characteristics would a Linux IP Masquerading Firewall > Box need, to run a 100 Mbps link without slowing down traffic. There was some discussion last January (2001) about this type of thing. The problem you will run into if you are using POTS Intel hardware is the PCI bus speed, so you are going to have a tough time filling one 100Mbs connection with an old Pentium - assuming an old 66Mhz PCI bus. You can forget about filling two or more. Also, cheap NICs will do more to kill your max. throughput. That being said, I run old Pentium 133s with 64Mb RAM in several applications as routers and can notice no network latency on a 100BaseT network, but I have never benchmarked the machines. Usually the bottlenecks are elsewhere - i.e. server hard drive throughput. Packet routing, filtering, masquerading really doesn't require much CPU horsepower. > With two old Pentium boxes and Debian, I could set up a Firewall and a > network traffic watcher within a few hours, thus relieving some > tecnical flaws of the University Network. Linux. World domination... fast. Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim question
Ward, Yes, it really does work for me. I thought the point of the original poster is that he wanted any address that didn't match a real user (and I assume another alias) to be delivered to a particular mailbox. He wanted the alias file to never fail. The original poster didn't mention that he was doing virtual domains on the box. To do virtual hosts I configure exim to use multiple alias files (one for each domain) and then the *: rule would go in the appropriate alias file. Trying to do virtual domains in one alias file is troublesome and the *: rule in that case would probably be bad. Pete Ward Willats wrote: > > Pete: > > >In your alias file, as your last rule, put > > > >*: username > > > > Does that really work for you? I had trouble with it because > with a line like this, the alias file can never fail. Exim would > qualify "username" and run it through again, it would also run > any aliases generated by other rules in the file through a > second time, and wind up mapping lots of addresses to > "[EMAIL PROTECTED]" > > Maybe I just ran into trouble since I have include_domain on > and explicitly handle several virtual domains in my aliases > filebut the *: construct was a big enough gun that I > sure blew my foot off with it! > > -- Ward > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: exim question
Ward, Yes, it really does work for me. I thought the point of the original poster is that he wanted any address that didn't match a real user (and I assume another alias) to be delivered to a particular mailbox. He wanted the alias file to never fail. The original poster didn't mention that he was doing virtual domains on the box. To do virtual hosts I configure exim to use multiple alias files (one for each domain) and then the *: rule would go in the appropriate alias file. Trying to do virtual domains in one alias file is troublesome and the *: rule in that case would probably be bad. Pete Ward Willats wrote: > > Pete: > > >In your alias file, as your last rule, put > > > >*: username > > > > Does that really work for you? I had trouble with it because > with a line like this, the alias file can never fail. Exim would > qualify "username" and run it through again, it would also run > any aliases generated by other rules in the file through a > second time, and wind up mapping lots of addresses to > "username@qualify_domian" > > Maybe I just ran into trouble since I have include_domain on > and explicitly handle several virtual domains in my aliases > filebut the *: construct was a big enough gun that I > sure blew my foot off with it! > > -- Ward > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim question
In your alias file, as your last rule, put *: username where username is the account the mail should goto. Username can also be a remote address i.e. [EMAIL PROTECTED] Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Bernie Berg wrote: > > im running potato with the unstable packages. How do I get exim to spit all > mail that there isn't a user defined for to a certain mail box? so "[EMAIL > PROTECTED]" goes to "[EMAIL PROTECTED]" > > thanks! > bernie > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim question
In your alias file, as your last rule, put *: username where username is the account the mail should goto. Username can also be a remote address i.e. [EMAIL PROTECTED] Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Bernie Berg wrote: > > im running potato with the unstable packages. How do I get exim to spit all mail >that there isn't a user defined for to a certain mail box? so >"[EMAIL PROTECTED]" goes to "[EMAIL PROTECTED]" > > thanks! > bernie > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Missing /proc/sys
Jacob, Thanks! I forgot the golden rule: "Use the Source." A quick grep through the source would have saved the public humiliation. :-/ Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting > CONFIG_SYSCTL=y > > -- > Jacob Elder > http://www.lucidpark.net/
Missing /proc/sys
Hello *, I have a weird problem on a server, the /proc/sys directory is not there. The /proc filesystem is mounted and the rest of /proc seems to be fine, but /proc/sys and it's sub-directories are MIA. I have turned up a few people that have had this problem, but no answers. I'm running a 2.4.9 kernel on a modified potato machine (I have a similar set up on half-a-dozen other machines without a problem) and discovered the problem after running out of file descriptors. The machine runs fine otherwise. Help? Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting
Re: Missing /proc/sys
Jacob, Thanks! I forgot the golden rule: "Use the Source." A quick grep through the source would have saved the public humiliation. :-/ Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting > CONFIG_SYSCTL=y > > -- > Jacob Elder > http://www.lucidpark.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Missing /proc/sys
Hello *, I have a weird problem on a server, the /proc/sys directory is not there. The /proc filesystem is mounted and the rest of /proc seems to be fine, but /proc/sys and it's sub-directories are MIA. I have turned up a few people that have had this problem, but no answers. I'm running a 2.4.9 kernel on a modified potato machine (I have a similar set up on half-a-dozen other machines without a problem) and discovered the problem after running out of file descriptors. The machine runs fine otherwise. Help? Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SLow server
Hello *, Got a weird server problem that I could use some pointers where to look. I have a PIII 600 Dell server with 1 IDE HD and 128Mb or RAM running 2.2.19Pre17 potato. The server is lightly loaded - basically IMAP and Apache Web mail for about 20 users. The problem is the thing is *Slow*. The users keep pretty large mailboxes (mbox not maildir) and use Outlook to access them but that doesn't seem to account for the slowness. Top shows plenty of free memory (74Mb buffers, 16Mb cached), an idle CPU (90-95%) and vmstat shows little disk activity and no swapping but the load will shoot up to 7 or 8 while someone opens their mailbox. Any disk I/O seems to drag (i.e. 'less /var/log/messages') even when nothing else is going on. I'm stumped. Any suggestions on what to look at would be helpful. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting
Re: Raid 1 + lilo
Earlier in this thread, there was a question of how hardware RAID would handle the failure of a drive on reboot. While at LinuxWorld I asked the Intel team how their controller would handle it. The answer was that the card would note the disk failure, notify you of the problem, rebuild the array once you replaced the bad drive and then the system would boot. Of course if you had a hot swap on line the rebuild would be automatic. It sounds like, for high availability with no hot swap, that software RAID with LILO on both drives could be a better choice. Your system would come back, although crippled, faster and be running while rebuilding the array. Seems from the discussions there is no "right" answer to which is better. A lot of factors weigh in such as availability of a hot swap, cost, availability vs. data integrity, etc. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian in 100 MB ?
We are running a router/firewall from a standard Debian distro using 111Mb, but this includes keeping a local set of logs so getting to your 100Mb mark should be easy. To duplicate the machine after the first set up either dd to a second disk, and change config files, or do a standard install and do a dpkg --get-selections '*' > package.list from the master and a dpgk --set-selections < package.list on the second, third, etc. machine. Finish up with a apt-get dselect-upgrade and you have a second machine with all the same packages. You also could burn the system to a CD and run from there. I'm curious where your 100Mb goal came from? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting [EMAIL PROTECTED] wrote: > > Hi List ! > > I´d like to get a Firewalling LINUX with IPTABLES into 100 MB for use on a > couple of ADSL/ISDN/ETH Firewalls. > For this I`d like to use a stock debian, install onto a slightly larger > partition and (scripted) remove excess software to make the 100 MB image. > Advantage for me would be the use of APT on the larger partition to keep > the software up to date. > > Is this the right way to do it ? I could not find a small debian based > distro with IPTABLES/DSL/ISDN support... > > Cu > Pete > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Webalizer
> I can't suggest alternative loggers, but one of the reasons that > my webalizer kept breaking is because I had logrotate in the > /etc/cron.daily as well. l comes before w. I changed the name of > the logrotate script to 'zlogrotate' and webalizer hasn't had a > problem since. Alternately, you could configure webalizer to parse the access.log.0 file instead of access.log. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ftp.uk.debian.org
Steve Wright wrote: > > Anyone else having problems reaching ftp.uk.debian.org ?? > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] I can't even resolve that name from here, but I can resolve ftp.debian.org... Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: new photos from my party!
Bummer man, I clicked on this SPAM link in mutt hoping to see p0rn and it trashed my Linux box! Hope nobody else did that! :-) Pete PS what's with all the SPAM to this list lately... admins? I'll bet it's that WoW guy that's suing Russell! :-) > My party... It was absolutely amazing! > I have attached my web page with new photos! > If you can please make color prints of my photos. Thanks! > > Name: www.myparty.yahoo.com >www.myparty.yahoo.comType: unspecified type (application/octet-stream) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Rsync
Hey *, I just applied the security fix to rsync and now it is dumping core. Before I report this as a bug, I thought I'd check to see if anyone else is having trouble. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rsync backup scipt
Hereward Cooper wrote: > > > Using the --exclude-from={FILE} switch then listing the things you want > > excluded in a separate file works well for me. > > Is this recursive? Can I just put in the line /mnt/ and it'll ignore everything > in there? Yes it is. /cdrom will eliminate everything on the cdrom, /mnt will eliminate everything under /mnt, etc. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [BAD] the whole server down with a red-alert-like attack
> IMHO something that runs every minute should not be in cron, even something > that runs every 5 minutes possibly shouldn't be in cron. Could you tell me why that is so? I often run things from cron that run every 5 mins and have never run into a problem... but then again I often do stupid things repeatedly! :-) Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rsync backup scipt
> On Friday 25 January 2002 03:09, Hereward Cooper wrote: > > I've used rsync ok, (using one from a previous thread) but i'm > > not sure how to do the rotation system? Also when backing up / > > on the server, what stops it from copying the contents of a > > mounted cd aswell? > > --exclude=PATTERN exclude filesmatching > PATTERN There are a number other files that you will want to exclude that are machine specific, such as hostname, /etc/network/interfaces, etc. I also exclude /boot so that a kernel upgrade will not break LILO when rsync runs, but if you use grub this may not be a problem. Using the --exclude-from={FILE} switch then listing the things you want excluded in a separate file works well for me. -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting q -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: user-agent log problem
Hmmm, seems right. A couple thoughts: 1) Do you have any other CustomLog directives that are not commented out 2) Are you running NameVirtualHosts where you'd have to define a CustomLog for each? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting [EMAIL PROTECTED] wrote: > > hi, in my logs files don't aper the user-agent (Mozilla, lynx ecc...) logs > .. > > why ? > > example: > > debian - - [12/Jan/2002:14:03:02 +0100] "GET /doc/HTML/web/w3/index.html > HTTP/1.1" 200 5208 > > and in my httpd.conf > > ... > ... > LogFormat "%h %l %u %t \"%r\" %>s %b > \"%{Referer}i\" \"%{User-Agent}i\"" combined > LogFormat "%h %l %u %t \"%r\" %>s %b" common > LogFormat "%{Referer}i -> %U" referer > LogFormat "%{User-agent}i" agent > > # The location of the access logfile (Common Logfile Format). > # If this does not start with /, ServerRoot is prepended to it. > > CustomLog /var/log/apache/access.log combined
Re: EXIM, LDAP and some pop3 stuff?
> But I think this is an inherent UNIX / LDAP problem. LDAP seems > a very powerful tool doing for UNIX everything the 'Regestry' has > done for windows - and more. Whats missing here is some standardized > way of how to do it. Now there is something to strive for. One monolithic, incomprehensible mess that will cause your entire system to stop functioning if one byte is out of order. If using a Windows-like registry is "fixing" it, I'll keep the *nix's "broken" method, thank you. Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: user-agent log problem
Hmmm, seems right. A couple thoughts: 1) Do you have any other CustomLog directives that are not commented out 2) Are you running NameVirtualHosts where you'd have to define a CustomLog for each? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting [EMAIL PROTECTED] wrote: > > hi, in my logs files don't aper the user-agent (Mozilla, lynx ecc...) logs > .. > > why ? > > example: > > debian - - [12/Jan/2002:14:03:02 +0100] "GET /doc/HTML/web/w3/index.html > HTTP/1.1" 200 5208 > > and in my httpd.conf > > ... > ... > LogFormat "%h %l %u %t \"%r\" %>s %b > \"%{Referer}i\" \"%{User-Agent}i\"" combined > LogFormat "%h %l %u %t \"%r\" %>s %b" common > LogFormat "%{Referer}i -> %U" referer > LogFormat "%{User-agent}i" agent > > # The location of the access logfile (Common Logfile Format). > # If this does not start with /, ServerRoot is prepended to it. > > CustomLog /var/log/apache/access.log combined -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: EXIM, LDAP and some pop3 stuff?
> But I think this is an inherent UNIX / LDAP problem. LDAP seems > a very powerful tool doing for UNIX everything the 'Regestry' has > done for windows - and more. Whats missing here is some standardized > way of how to do it. Now there is something to strive for. One monolithic, incomprehensible mess that will cause your entire system to stop functioning if one byte is out of order. If using a Windows-like registry is "fixing" it, I'll keep the *nix's "broken" method, thank you. Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HP LC2000r trouble
> I suspect the same problem ! > So I write 3 floppies with resue.bin root.bin and drivers-1.bin from the > debian 2.2r5 "compact flavor" of kernel. The kernel is 2.2.19. The boot > works, the dboostrap start, but when I want to read the drivers from the > third floppy the message is that this floppy doesn't contain a > filesistem. > > Perhaps I done something wrong ... > I cannot use the third floppy in any way ! > And to eliminate the problem of a bad floppy I tried to mount the image: > mount -o loop ./driver-1.bin /mnt > ... but ... > kernel: FAT: bogus logical sector size 8308 > kernel: VFS: Can't find a valid FAT filesystem on dev 07:00 > > I hope this is not a RTFM problem :) H... HP has a install help guide for Debian available at http://netserver.hp.com/support/manuals.asp?pid=lpr Is that of any help to you? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: OT: secondary dns
Stability of the Web in general. A domain should resolve regardless if it is reachable. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting > i guess negative TTL, but is there > another reason? after all, what use is it to me to be able to resolve > e.g. metrosophia.com to its IP, if the IP and the backup MX are down?
Re: HP LC2000r trouble
> I suspect the same problem ! > So I write 3 floppies with resue.bin root.bin and drivers-1.bin from the > debian 2.2r5 "compact flavor" of kernel. The kernel is 2.2.19. The boot > works, the dboostrap start, but when I want to read the drivers from the > third floppy the message is that this floppy doesn't contain a > filesistem. > > Perhaps I done something wrong ... > I cannot use the third floppy in any way ! > And to eliminate the problem of a bad floppy I tried to mount the image: > mount -o loop ./driver-1.bin /mnt > ... but ... > kernel: FAT: bogus logical sector size 8308 > kernel: VFS: Can't find a valid FAT filesystem on dev 07:00 > > I hope this is not a RTFM problem :) H... HP has a install help guide for Debian available at http://netserver.hp.com/support/manuals.asp?pid=lpr Is that of any help to you? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OT: secondary dns
Stability of the Web in general. A domain should resolve regardless if it is reachable. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting > i guess negative TTL, but is there > another reason? after all, what use is it to me to be able to resolve > e.g. metrosophia.com to its IP, if the IP and the backup MX are down? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HP LC2000r trouble
Adrian, I've not played with a HP with megaraid but I can point you to a Dell/Redhat specific site that may get you started http://domsch.com/linux/ - see the megaraid section. The basic problem is that you need the correct driver for your card to get the install to work and the older kernels didn't have great RAID support. You may have better success with a newer kernel (i.e. 2.4.9) but that doesn't help with your install. Your 2.2.19 problem sounds like you have the RAID or SCSI driver(s) compiled as modules and not into the kernel. The bootstrapping obviously works, since the kernel loads. You need to either compile the drivers into the kernel or set up an initrd to provide the modules in an initial ramdisk. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Adrian Minta wrote: > > I am trying to install Debian potato onto Netserver LC > 2000r machine from HP. > With kernel 2.2.18pre21 (potato 2.2r3) the kernel > hangs with last message : > scsi2: Found a MegaRAID controller > > With kernel 2.2.19 the kernel boots, but no hardrives > are detected. > > Does anyone found this situation ? > Please HELP ME! > > __ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HP LC2000r trouble
Adrian, I've not played with a HP with megaraid but I can point you to a Dell/Redhat specific site that may get you started http://domsch.com/linux/ - see the megaraid section. The basic problem is that you need the correct driver for your card to get the install to work and the older kernels didn't have great RAID support. You may have better success with a newer kernel (i.e. 2.4.9) but that doesn't help with your install. Your 2.2.19 problem sounds like you have the RAID or SCSI driver(s) compiled as modules and not into the kernel. The bootstrapping obviously works, since the kernel loads. You need to either compile the drivers into the kernel or set up an initrd to provide the modules in an initial ramdisk. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Adrian Minta wrote: > > I am trying to install Debian potato onto Netserver LC > 2000r machine from HP. > With kernel 2.2.18pre21 (potato 2.2r3) the kernel > hangs with last message : > scsi2: Found a MegaRAID controller > > With kernel 2.2.19 the kernel boots, but no hardrives > are detected. > > Does anyone found this situation ? > Please HELP ME! > > __ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: netscape o cosa ?
> There are products, that just runs under IE. But IE is freeware. So > why not download it and intergrate with wine to your linux... Have you tried this? I'm wondering if IE runs reliably under WINE... at least as (un)reliably as it does under Windoze. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: netscape o cosa ?
> There are products, that just runs under IE. But IE is freeware. So > why not download it and intergrate with wine to your linux... Have you tried this? I'm wondering if IE runs reliably under WINE... at least as (un)reliably as it does under Windoze. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: netscape o cosa ?
If you don't like Netscape, try http://www.opera.com Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting [EMAIL PROTECTED] wrote: > > cosa usate voi per navigare in internet senza problemi ? (e non mi dite > lynx perche non supporta ne java ne tutte le altre cose !!!) > > io ho provato sia netscape che opera e con tutti e due ho problemi nella > magior parte dei siti che quindi mi tocca vederli con IE (soto W$) > > _ > > Sebastian Ezequiel Ovide > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: netscape o cosa ?
If you don't like Netscape, try http://www.opera.com Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting [EMAIL PROTECTED] wrote: > > cosa usate voi per navigare in internet senza problemi ? (e non mi dite > lynx perche non supporta ne java ne tutte le altre cose !!!) > > io ho provato sia netscape che opera e con tutti e due ho problemi nella > magior parte dei siti che quindi mi tocca vederli con IE (soto W$) > > _ > > Sebastian Ezequiel Ovide > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
NFS Problem
Hello *, I am having permissions problems with a NFS mount that I just can't figure out and I'm hoping someone can help. I am NFS mounting a drive on machine A by using automount on machine B. The drive shows it is mounted rwxrwxrwx and owned root.root. Any user can read and write to the disk (as I want) but only root can create a new file. I need to give other users the ability to write a new file to the disk. I am exporting the drive (rw,no_root_squash) and automounting it -fstype=nfs,retry=1,soft Any suggestions why a normal user can not create a file and how to let them? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
NFS Problem
Hello *, I am having permissions problems with a NFS mount that I just can't figure out and I'm hoping someone can help. I am NFS mounting a drive on machine A by using automount on machine B. The drive shows it is mounted rwxrwxrwx and owned root.root. Any user can read and write to the disk (as I want) but only root can create a new file. I need to give other users the ability to write a new file to the disk. I am exporting the drive (rw,no_root_squash) and automounting it -fstype=nfs,retry=1,soft Any suggestions why a normal user can not create a file and how to let them? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange apache behaviour?
Jason, Apaches log file ownership and permissions are set when they rotate in /etc/cron.daily/apache (about line 90 or so). As pointed out there are security issues to worry about so be careful. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Jason Lim wrote: > > Anyone figured out my apache problem (log file permissions)? > > I still haven't figured this one out yet. > > TIA, > > Jas > > - Original Message - > From: "Jason Lim" <[EMAIL PROTECTED]> > To: > Sent: Saturday, December 08, 2001 1:52 AM > Subject: Re: Strange apache behaviour? > > > Thats not very good security-wise to run webalizer as www-data, because > if > > a user ever finds a way to poison the log files, then webalizer will run > > them as www-data, and possibly be able to fool around with apache too > > (because they now run as the same user). > > > > A far better way (and much more direct) would be to have a way to change > > apache's log files BACK to the previous permissions. > > > > I think if no one knows the answer i'll have to ask netgod himself... (i > > think he is still the package maintainer?) > > > > Sincerely, > > Jason > > > > - Original Message - > > From: "Denis A. Kulgeyko" <[EMAIL PROTECTED]> > > To: "Jason Lim" <[EMAIL PROTECTED]> > > Sent: Friday, December 07, 2001 9:10 PM > > Subject: Re: Strange apache behaviour? > > > > > > > Hello ! > > > > > > > Do you know how to change the permissions of the log files apache > > > > generates? > > > > > > > > -rw-r-1 www-data www-data 1372461 Dec 7 13:04 > > apache-access.log > > > > -rw-r-1 www-data www-data 740269 Dec 2 06:21 > > > > apache-access.log.0 > > > > -rw-r-1 www-data www-data44414 Nov 25 05:52 > > > > apache-access.log.1.gz > > > > -rw-rw-r--1 www-data www-data 167114 Sep 23 06:10 > > > > apache-access.log.10.gz > > > > -rw-rw-r--1 www-data www-data13069 Sep 16 06:06 > > > > apache-access.log.11.gz > > > > -rw-rw-r--1 www-data www-data14357 Sep 9 06:04 > > > > apache-access.log.12.gz > > > > -rw-rw-r--1 www-data www-data21209 Sep 2 06:24 > > > > apache-access.log.13.gz > > > > -rw-rw-r--1 www-data www-data 5979 Nov 19 2000 > > > > apache-access.log.14.gz > > > > -rw-rw-r--1 www-data www-data36771 Nov 18 06:23 > > > > apache-access.log.2.gz > > > > > > > > It USED to be readable by all, now the persmissions have changed > > (which in > > > > my case screws up the webalizer processes run by users). > > > > > > > > Having a look at the changelog... > > > > > > > > apache (1.3.22-1) unstable; urgency=low > > > > * Default ownership of logfiles is root/adm, perms 640 (closes: > > > > #112675). > > > > > > > > Thats all nice a good... but how to I get it 644? I looked and can't > > > > appear to find it. Closest thing I could find was in > > > > /etc/apache/cron.conf, but that only sets the uid/gid, not the file > > > > permissions of the logfiles. > > > > > > > > Any ideas? > > > > > > Run webalizer with permissions of group www-data and set appropriate > > umask to > > > user www-data (may be to loogrotate daemon too). > > > > > > -- > > > With Best Regards, > > > Denis A. Kulgeyko > > > DK666-UANIC > > > e-mail: [EMAIL PROTECTED] > > > ICQ: 81607525 > > > SMS: [EMAIL PROTECTED] > > > -- > > > UNIXes ... they are VERY friendly. > > > But .. they chooses their friends VERY carefully ... :) > > > ^]:wq! > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange apache behaviour?
Jason, Apaches log file ownership and permissions are set when they rotate in /etc/cron.daily/apache (about line 90 or so). As pointed out there are security issues to worry about so be careful. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Jason Lim wrote: > > Anyone figured out my apache problem (log file permissions)? > > I still haven't figured this one out yet. > > TIA, > > Jas > > - Original Message - > From: "Jason Lim" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, December 08, 2001 1:52 AM > Subject: Re: Strange apache behaviour? > > > Thats not very good security-wise to run webalizer as www-data, because > if > > a user ever finds a way to poison the log files, then webalizer will run > > them as www-data, and possibly be able to fool around with apache too > > (because they now run as the same user). > > > > A far better way (and much more direct) would be to have a way to change > > apache's log files BACK to the previous permissions. > > > > I think if no one knows the answer i'll have to ask netgod himself... (i > > think he is still the package maintainer?) > > > > Sincerely, > > Jason > > > > - Original Message - > > From: "Denis A. Kulgeyko" <[EMAIL PROTECTED]> > > To: "Jason Lim" <[EMAIL PROTECTED]> > > Sent: Friday, December 07, 2001 9:10 PM > > Subject: Re: Strange apache behaviour? > > > > > > > Hello ! > > > > > > > Do you know how to change the permissions of the log files apache > > > > generates? > > > > > > > > -rw-r-1 www-data www-data 1372461 Dec 7 13:04 > > apache-access.log > > > > -rw-r-1 www-data www-data 740269 Dec 2 06:21 > > > > apache-access.log.0 > > > > -rw-r-1 www-data www-data44414 Nov 25 05:52 > > > > apache-access.log.1.gz > > > > -rw-rw-r--1 www-data www-data 167114 Sep 23 06:10 > > > > apache-access.log.10.gz > > > > -rw-rw-r--1 www-data www-data13069 Sep 16 06:06 > > > > apache-access.log.11.gz > > > > -rw-rw-r--1 www-data www-data14357 Sep 9 06:04 > > > > apache-access.log.12.gz > > > > -rw-rw-r--1 www-data www-data21209 Sep 2 06:24 > > > > apache-access.log.13.gz > > > > -rw-rw-r--1 www-data www-data 5979 Nov 19 2000 > > > > apache-access.log.14.gz > > > > -rw-rw-r--1 www-data www-data36771 Nov 18 06:23 > > > > apache-access.log.2.gz > > > > > > > > It USED to be readable by all, now the persmissions have changed > > (which in > > > > my case screws up the webalizer processes run by users). > > > > > > > > Having a look at the changelog... > > > > > > > > apache (1.3.22-1) unstable; urgency=low > > > > * Default ownership of logfiles is root/adm, perms 640 (closes: > > > > #112675). > > > > > > > > Thats all nice a good... but how to I get it 644? I looked and can't > > > > appear to find it. Closest thing I could find was in > > > > /etc/apache/cron.conf, but that only sets the uid/gid, not the file > > > > permissions of the logfiles. > > > > > > > > Any ideas? > > > > > > Run webalizer with permissions of group www-data and set appropriate > > umask to > > > user www-data (may be to loogrotate daemon too). > > > > > > -- > > > With Best Regards, > > > Denis A. Kulgeyko > > > DK666-UANIC > > > e-mail: [EMAIL PROTECTED] > > > ICQ: 81607525 > > > SMS: [EMAIL PROTECTED] > > > -- > > > UNIXes ... they are VERY friendly. > > > But .. they chooses their friends VERY carefully ... :) > > > ^]:wq! > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: host & DNS
> I am trying to understand how the hosts.allow and hosts.deny files work as > well as DNS. > > So far, I have a nameserver, but kept getting an error: > > warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname > (gomez.star.cd) failed > > I finally figured out that something was wrong as one of this ISP's user > complained that they couldn't send an email to my mailserver (which is the > nameserver as well). > > I did a host lookup and got the following: > > host 203.36.43.17 > Name: gomez.star.cd > Address: 203.36.43.17 > > then later: > > host gomez.star.cd > gomez.star.cd does not exist, try again It sounds like you have two problems. DNS shouldn't be affected by the hosts.allow/deny files since it is not run out of inet.d and the "can't verify hostname" indicates that you have a DNS problem. Check the daemon log to see if bind is complaining. Does it stay running after you start it? Do you have reverse DNS working properly? Second, you really can't filter connections to your mail server if you are running a public mailserver, since you want everyone in the world to be able to send you mail. Of course you could try to filter out spammers that way, but that would be like playing wack-a-mole. There is a lot of reference material. Check out http://www.google.com/search?hl=en&q=linux+tcpwrappers Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: host & DNS
> I am trying to understand how the hosts.allow and hosts.deny files work as > well as DNS. > > So far, I have a nameserver, but kept getting an error: > > warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname > (gomez.star.cd) failed > > I finally figured out that something was wrong as one of this ISP's user > complained that they couldn't send an email to my mailserver (which is the > nameserver as well). > > I did a host lookup and got the following: > > host 203.36.43.17 > Name: gomez.star.cd > Address: 203.36.43.17 > > then later: > > host gomez.star.cd > gomez.star.cd does not exist, try again It sounds like you have two problems. DNS shouldn't be affected by the hosts.allow/deny files since it is not run out of inet.d and the "can't verify hostname" indicates that you have a DNS problem. Check the daemon log to see if bind is complaining. Does it stay running after you start it? Do you have reverse DNS working properly? Second, you really can't filter connections to your mail server if you are running a public mailserver, since you want everyone in the world to be able to send you mail. Of course you could try to filter out spammers that way, but that would be like playing wack-a-mole. There is a lot of reference material. Check out http://www.google.com/search?hl=en&q=linux+tcpwrappers Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: debian/cyclades .vs. cisco
John Hawley wrote: > > Hi. > > I just priced out a Cisco to handle multiple T1's for our Internet access. > $15K+, ack! > > Just wondering. Anyone have any experience using the Cyclades-PC300 boards? > I've already converted the my network services from M$ to Debian/Linux and > have > nothing against converting our router from Ci$co if Linux can match the > stability. I don't have experience with the Cyclades boards but I use Sangoma (www.sangoma.com) cards in a POTS PIII box and it doesn't even register a load average saturating multiple T's and multiple NICS. Sangoma's support has been fantastic and the box has never failed to operate properly in over a year... for 10% of the cost of a Cisco. We are currently working to get it running off of a CD-ROM so that we can eliminate the hard drive as a possible point of failure. Linux routers are so cheap to build, you can incorporate a couple into your network design (assuming you are running BGP or the like) and one can fail, or be taken one out of service for maintenance, and not affect your connectivity. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: debian/cyclades .vs. cisco
John Hawley wrote: > > Hi. > > I just priced out a Cisco to handle multiple T1's for our Internet access. > $15K+, ack! > > Just wondering. Anyone have any experience using the Cyclades-PC300 boards? > I've already converted the my network services from M$ to Debian/Linux and have > nothing against converting our router from Ci$co if Linux can match the > stability. I don't have experience with the Cyclades boards but I use Sangoma (www.sangoma.com) cards in a POTS PIII box and it doesn't even register a load average saturating multiple T's and multiple NICS. Sangoma's support has been fantastic and the box has never failed to operate properly in over a year... for 10% of the cost of a Cisco. We are currently working to get it running off of a CD-ROM so that we can eliminate the hard drive as a possible point of failure. Linux routers are so cheap to build, you can incorporate a couple into your network design (assuming you are running BGP or the like) and one can fail, or be taken one out of service for maintenance, and not affect your connectivity. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DELL perc3/di users
The install that I did was using RedHat so it is a bit different then Debian but what I did was download the PERCRAID driver module from Dell's download area and loaded it during install when asked if you have any drivers on floppies. Once the module was loaded the rest of the install went as usual. Compiling your own bootable kernel would be a much better solution since the Dell driver is probably compiled against one of RedHat's hyper-patched kernels. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting alexis bory wrote: > > >Did you check out http://www.merilus.com/~kevin/aacraid.html ? He > > has Debian boot disks with the kernel you're looking for. I'd do a > > potato install then change your apt sources to woody and do a > dist-upgrade. > > I already used Kevin Traas's disks image to install potato on some 2450 > and it works perfectly with aacraid 1.0.6 . 2450 have perc3/si (single > RAID chanel). When I try these disk on a 2550 (perc3/di dual RAID chanel) > I got this message : > >user.err dbootstrap[28]: No hard disk drive could de found. blahblah... > > Did you experience it? > > I'm going to 'try' to build some new images with the latest aacraid driver > version (1.0.7) which should be complient with 2550 servers. > > alexis > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DELL perc3/di users
The install that I did was using RedHat so it is a bit different then Debian but what I did was download the PERCRAID driver module from Dell's download area and loaded it during install when asked if you have any drivers on floppies. Once the module was loaded the rest of the install went as usual. Compiling your own bootable kernel would be a much better solution since the Dell driver is probably compiled against one of RedHat's hyper-patched kernels. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting alexis bory wrote: > > >Did you check out http://www.merilus.com/~kevin/aacraid.html ? He > > has Debian boot disks with the kernel you're looking for. I'd do a > > potato install then change your apt sources to woody and do a > dist-upgrade. > > I already used Kevin Traas's disks image to install potato on some 2450 > and it works perfectly with aacraid 1.0.6 . 2450 have perc3/si (single > RAID chanel). When I try these disk on a 2550 (perc3/di dual RAID chanel) > I got this message : > >user.err dbootstrap[28]: No hard disk drive could de found. blahblah... > > Did you experience it? > > I'm going to 'try' to build some new images with the latest aacraid driver > version (1.0.7) which should be complient with 2550 servers. > > alexis > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DELL perc3/di users
Did you check out http://www.merilus.com/~kevin/aacraid.html ? He has Debian boot disks with the kernel you're looking for. I'd do a potato install then change your apt sources to woody and do a dist-upgrade. I have done a RedHat install on a similar machine and there really are no big surprises. Just like any SCSI install you need to either build the hard drive driver (in this case the PERCRAID driver) into the kernel or make an initrd if the driver is only available as a module. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting alexis bory wrote: > > hi, > > I'm looking for the easiest way to manage 'testing' installation on the > 2550 Dell servers. > I think i have to boot them with a rescue disk with > aacraid 1.0.7 already ennabled and I'm looking for a patched kernel. > > Matt Domsch's ( http://domsch.com/linux/ ) page gives a link on > ftp://ftp.debian.org/pub/mirrors/debian/pool/main/k/kernel-source-2.2.19/ker > nel-source-2.2.19_2.2.19-7_all.deb but I'm blind or this doesn't exist. > > Does someone did this install, and could help me ? > > Thanks, Alexis > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DELL perc3/di users
Did you check out http://www.merilus.com/~kevin/aacraid.html ? He has Debian boot disks with the kernel you're looking for. I'd do a potato install then change your apt sources to woody and do a dist-upgrade. I have done a RedHat install on a similar machine and there really are no big surprises. Just like any SCSI install you need to either build the hard drive driver (in this case the PERCRAID driver) into the kernel or make an initrd if the driver is only available as a module. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting alexis bory wrote: > > hi, > > I'm looking for the easiest way to manage 'testing' installation on the > 2550 Dell servers. > I think i have to boot them with a rescue disk with > aacraid 1.0.7 already ennabled and I'm looking for a patched kernel. > > Matt Domsch's ( http://domsch.com/linux/ ) page gives a link on > ftp://ftp.debian.org/pub/mirrors/debian/pool/main/k/kernel-source-2.2.19/ker > nel-source-2.2.19_2.2.19-7_all.deb but I'm blind or this doesn't exist. > > Does someone did this install, and could help me ? > > Thanks, Alexis > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: policies for securing privacy systemwide against random wiretap/nettap
[EMAIL PROTECTED] wrote: > > Given recent passage of the Patriot Act here in US, I'm re-evaluating > privacy policies at the ISP I run. > > I'm curious what mechanisms and policies we might keep/implement > to preserve the privacy and integrity of our clients. Some are obvious: > * gnpgp/pgp email > * quick and regular deletion of logs after our system security checks > > What about protecting client data? Suppose someone with a name like > "Saddam" signs up for a mailing list; what can be done to protect everyone > else on that mailing list. (I did not make up that example.) Are > there ways of handling data like that mailing list that would keep it > private?o What about customer databases? > > This may not be the place for this; can someone suggest other resources? > > Thanks, > > cfm This is a very important issue, particularly in light of the draconian bill just passed and, even though not Debian specific, should be of great interest to many ISPs. Be aware that simply encrypting mail and erasing old logs will not shield your customers very well and may inadvertently create a worse situation. Whatever policies you implement, be sure to thoroughly think through the possible outcomes and be sure to have a well thought out and rational reason for them. Deleting server logs to "protect my customers' privacy" could easily be transformed by today's "witch hunt" mentality into deleting server logs to "intentionally erase evidence that could be used against the terrorists using my system" A policy to quickly erase server logs to enhance system security and maintain adequate disk space may be perceived to be more rational and "patriotic." For PGP, the government could easily recover the PGP keys from either your servers or the customers machines - perhaps even without your or the customer's knowledge since the government is allowed to ask for "secret" search warrants. Hmmm.. I wonder if the FBI would be violating the DMCA if they circumvented the encryption of your email, which after all is a "published" work and therefore copyrighted. :-) Deleting the log files, and even writing all zeros to the disk, doesn't make the files irretrievable. This policy may actually make things *worse* for your customers because law enforcement may assume, because of your actions, that you are attempting to hide something. The "innocent until proven guilty" thing is just lip service. Law enforcement may even more deeply invade your customers privacy by doing a more thorough search then they would have done otherwise. They may seize the computer to do forensic work to recover the logs, which means your customers lose data all their data and service or they may shut you down completely to prevent you from destroying more "evidence." Perhaps writing logs to /dev/shm would be a way to go, if you are really intent on total erasure of the logs, but that has security ramifications. Having said all the above, I'd hope that all ISPs have a policy to discontinue service to anyone using their system for "wrong" purposes and that includes terrorism and SPAM! Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: policies for securing privacy systemwide against random wiretap/nettap
[EMAIL PROTECTED] wrote: > > Given recent passage of the Patriot Act here in US, I'm re-evaluating > privacy policies at the ISP I run. > > I'm curious what mechanisms and policies we might keep/implement > to preserve the privacy and integrity of our clients. Some are obvious: > * gnpgp/pgp email > * quick and regular deletion of logs after our system security checks > > What about protecting client data? Suppose someone with a name like > "Saddam" signs up for a mailing list; what can be done to protect everyone > else on that mailing list. (I did not make up that example.) Are > there ways of handling data like that mailing list that would keep it > private?o What about customer databases? > > This may not be the place for this; can someone suggest other resources? > > Thanks, > > cfm This is a very important issue, particularly in light of the draconian bill just passed and, even though not Debian specific, should be of great interest to many ISPs. Be aware that simply encrypting mail and erasing old logs will not shield your customers very well and may inadvertently create a worse situation. Whatever policies you implement, be sure to thoroughly think through the possible outcomes and be sure to have a well thought out and rational reason for them. Deleting server logs to "protect my customers' privacy" could easily be transformed by today's "witch hunt" mentality into deleting server logs to "intentionally erase evidence that could be used against the terrorists using my system" A policy to quickly erase server logs to enhance system security and maintain adequate disk space may be perceived to be more rational and "patriotic." For PGP, the government could easily recover the PGP keys from either your servers or the customers machines - perhaps even without your or the customer's knowledge since the government is allowed to ask for "secret" search warrants. Hmmm.. I wonder if the FBI would be violating the DMCA if they circumvented the encryption of your email, which after all is a "published" work and therefore copyrighted. :-) Deleting the log files, and even writing all zeros to the disk, doesn't make the files irretrievable. This policy may actually make things *worse* for your customers because law enforcement may assume, because of your actions, that you are attempting to hide something. The "innocent until proven guilty" thing is just lip service. Law enforcement may even more deeply invade your customers privacy by doing a more thorough search then they would have done otherwise. They may seize the computer to do forensic work to recover the logs, which means your customers lose data all their data and service or they may shut you down completely to prevent you from destroying more "evidence." Perhaps writing logs to /dev/shm would be a way to go, if you are really intent on total erasure of the logs, but that has security ramifications. Having said all the above, I'd hope that all ISPs have a policy to discontinue service to anyone using their system for "wrong" purposes and that includes terrorism and SPAM! Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Project 2000 on Debian (under Wine) ?
Jeff Waugh wrote: > > > > > I am looking for a Linux based tool that is designed to help manage a > > variety of projects. This tool needs to be able to schedule and track > > tasks > > MrProject from CodeFactory (codefactory.se) is kicking arse at the moment; > perhaps you could pitch in and help out? > > > and interface with Outlook clients. Anybody know one? > > Interface with Outlook? Ain't going to happen. Unless everything is done via > iCal, etc. I don't believe Project and Oulook use this as their primary > interface on Windows anyway. You won't be getting this feature any time > soon. > > - Jeff There is a Company at http://www.bynari.net/Products/TradeServer/trade_server.html that has info on using Outlook with Linux. I have never used it but it looks interesting. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: Project 2000 on Debian (under Wine) ?
Jeff Waugh wrote: > > > > > I am looking for a Linux based tool that is designed to help manage a > > variety of projects. This tool needs to be able to schedule and track > > tasks > > MrProject from CodeFactory (codefactory.se) is kicking arse at the moment; > perhaps you could pitch in and help out? > > > and interface with Outlook clients. Anybody know one? > > Interface with Outlook? Ain't going to happen. Unless everything is done via > iCal, etc. I don't believe Project and Oulook use this as their primary > interface on Windows anyway. You won't be getting this feature any time > soon. > > - Jeff There is a Company at http://www.bynari.net/Products/TradeServer/trade_server.html that has info on using Outlook with Linux. I have never used it but it looks interesting. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Webalizer
> Hassle with upgrading to 2.0 is that, AFAIK, it'll trash your history for > that year (could be wrong...) Actually, the repaired .deb package has made it to proposed updates in stable and apt-get update, apt-get upgrade will install the fixed package. The README.1st file has a few, simple steps to save all your old history. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: A few questions
Assuming you are using Apache as your Web server you want to add the following to your /etc/apache/http.conf file (where 192.168.1.2:80 is the IP and port you are using): NameVirtualHost 192.168.1.2:80 ServerName www.domain1.com {any other directives for this domain} ServerName www.domain2.com {any other directives for this domain} Take a look at http://www.apache.org for complete docs. qmail is a Mail Transport Agent (MTA). That is, it serves the purpose of sending and receiving mail between mail servers and uses SMTP. You are looking for a server to service clients (i.e. Eudora) via POP3. There are a number including qpopper and courier. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting "[EMAIL PROTECTED]" wrote: > > Hi All, > > I have a few questions regarding email servers, web servers, etc. > > I know that it is possible to set up virtual hosting by giving one box > multiple IP addresses. Is it possible to make www.domain1.com and > www.domain2.com resolve to the same IP but have some way of going to the > right page on the server? > > I was going to try qmail, but from what I have read on the qmail site (but I > probably interpreted it incorrectly), it is an SMTP server only. Is there > some addon to allow it to act as a POP3 server as well? > > Thanks in advance, > > Michael Jager > [EMAIL PROTECTED] > > > mail2web - Check your email from the web at > http://mail2web.com/ . > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Webalizer
> Hassle with upgrading to 2.0 is that, AFAIK, it'll trash your history for > that year (could be wrong...) Actually, the repaired .deb package has made it to proposed updates in stable and apt-get update, apt-get upgrade will install the fixed package. The README.1st file has a few, simple steps to save all your old history. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: A few questions
Assuming you are using Apache as your Web server you want to add the following to your /etc/apache/http.conf file (where 192.168.1.2:80 is the IP and port you are using): NameVirtualHost 192.168.1.2:80 ServerName www.domain1.com {any other directives for this domain} ServerName www.domain2.com {any other directives for this domain} Take a look at http://www.apache.org for complete docs. qmail is a Mail Transport Agent (MTA). That is, it serves the purpose of sending and receiving mail between mail servers and uses SMTP. You are looking for a server to service clients (i.e. Eudora) via POP3. There are a number including qpopper and courier. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting "[EMAIL PROTECTED]" wrote: > > Hi All, > > I have a few questions regarding email servers, web servers, etc. > > I know that it is possible to set up virtual hosting by giving one box multiple IP >addresses. Is it possible to make www.domain1.com and www.domain2.com resolve to the >same IP but have some way of going to the right page on the server? > > I was going to try qmail, but from what I have read on the qmail site (but I >probably interpreted it incorrectly), it is an SMTP server only. Is there some addon >to allow it to act as a POP3 server as well? > > Thanks in advance, > > Michael Jager > [EMAIL PROTECTED] > > > mail2web - Check your email from the web at > http://mail2web.com/ . > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Portable Web Server Mirror
Hey all, Here is a mind exercise for you all: I would like to provide my sales rep with a portable mirror of a Web server. The idea is that they'd be able to live demo our abilities without the need for any connection to the net. She's already got a Thinkpad running woody and I'd like to have the her be able to just sync the notebook up to the real server and away they go. The snyc process should add and delete any new domains, content, etc. during the sync process with little or no interaction. The notebook would need to be totally stand alone, running all needed services (MySQL, DNS, Apache, etc.) but still be able to interact with the Web server (which means I can't simply clone the whole machine). Any and all ideas, suggestions, etc. are welcome. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: problem with php-cgi
> and this is the output: > > ./prova.cgi > X-Powered-By: PHP/4.0.3pl1 > Content-type: text/html > > Questo e' solo una prova > > why apache tel me: Premature end of script headers: ?? I can't tell you why your script isn't working correctly but Apache is upset because you are returning the X-Powered-By header before the Content-type header. The Content-type header *must* be first. The script works from the command line because the command line couldn't care less what you return. The script works as a handler because Apache takes care of sending the Content-type header. The script fails as a cgi because the Content-type header is not returned first. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Portable Web Server Mirror
Hey all, Here is a mind exercise for you all: I would like to provide my sales rep with a portable mirror of a Web server. The idea is that they'd be able to live demo our abilities without the need for any connection to the net. She's already got a Thinkpad running woody and I'd like to have the her be able to just sync the notebook up to the real server and away they go. The snyc process should add and delete any new domains, content, etc. during the sync process with little or no interaction. The notebook would need to be totally stand alone, running all needed services (MySQL, DNS, Apache, etc.) but still be able to interact with the Web server (which means I can't simply clone the whole machine). Any and all ideas, suggestions, etc. are welcome. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: problem with php-cgi
> and this is the output: > > ./prova.cgi > X-Powered-By: PHP/4.0.3pl1 > Content-type: text/html > > Questo e' solo una prova > > why apache tel me: Premature end of script headers: ?? I can't tell you why your script isn't working correctly but Apache is upset because you are returning the X-Powered-By header before the Content-type header. The Content-type header *must* be first. The script works from the command line because the command line couldn't care less what you return. The script works as a handler because Apache takes care of sending the Content-type header. The script fails as a cgi because the Content-type header is not returned first. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: problem with php-cgi
Sebastian Ezequiel Ovide wrote: > > Hi, > > just installed php4-cgi, fixed bad symlink in /usr/lib/cgi-bin > > The prob is, > > running as a standar cgi does not work ie > > #!/usr/bin/php > > apache complains > > [Thu Dec 21 20:18:36 2000] [error] [client 192.168.1.169] Premature end of > script headers: /var/www/home/felipe/Proyectos/hola.php4.cgi > > running from the comand line works great and with > > AddHandler bla bla > Action bla bla bla > > also works fine. > > Any clue > > I'm running potato > Your script is not send the magic Content-type: line before it's output. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: problem with php-cgi
Sebastian Ezequiel Ovide wrote: > > Hi, > > just installed php4-cgi, fixed bad symlink in /usr/lib/cgi-bin > > The prob is, > > running as a standar cgi does not work ie > > #!/usr/bin/php > > apache complains > > [Thu Dec 21 20:18:36 2000] [error] [client 192.168.1.169] Premature end of > script headers: /var/www/home/felipe/Proyectos/hola.php4.cgi > > running from the comand line works great and with > > AddHandler bla bla > Action bla bla bla > > also works fine. > > Any clue > > I'm running potato > Your script is not send the magic Content-type: line before it's output. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ppp problem
> I am new to debian and I am having problem pinging outside my remote > server when I dial-out. I've used the pppconfig > to setup my dial-out. When I do an ifconfig ppp0 my ip addresses match > but it says that Point -To-Point running NOARP MULTICAST. I can used > my dial-out for Windows 2000 and my old FreeBSD box. My > /etc/resolv.conf has my DNS addresses and my isp domain name. I cannot > ping, for example, www.google.com, etc. If there is anything else that > needs setting up or I have overlooked anything else let me know. Thanx Please don't post to the mailing list using HTML mail. Impossible to read in all text mail clients. :-( Is your problem with name resolution or routing? Can you ping to an outside ip but not to a name or do both ways give you problems? Things to check: Are your routes correct after ppp comes up? Are your running a firewall? is it blocking packets? Can you ping your side of the ppp interface after it comes up? Can you ping your ISPs gateway? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: duplicate network filesystems (was: HA mailserver (smtp, pop3, imap,imap/ssl))
> Then if one fileserver was down (even temporarily), then all the other > fileservers (all four) would have to queue a message about the data and > task and some heartbeat between fileservers could alert it when back up > and then make sure that the particular filesystem is properly updated. > > What do you all think about this? Sounds exactly like RAID except that the disks are in physically different machines. I wonder if you can set up software RAID to use NFS mounted drives... h... may be worth playing with. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: ppp problem
> I am new to debian and I am having problem pinging outside my remote > server when I dial-out. I've used the pppconfig > to setup my dial-out. When I do an ifconfig ppp0 my ip addresses match > but it says that Point -To-Point running NOARP MULTICAST. I can used > my dial-out for Windows 2000 and my old FreeBSD box. My > /etc/resolv.conf has my DNS addresses and my isp domain name. I cannot > ping, for example, www.google.com, etc. If there is anything else that > needs setting up or I have overlooked anything else let me know. Thanx Please don't post to the mailing list using HTML mail. Impossible to read in all text mail clients. :-( Is your problem with name resolution or routing? Can you ping to an outside ip but not to a name or do both ways give you problems? Things to check: Are your routes correct after ppp comes up? Are your running a firewall? is it blocking packets? Can you ping your side of the ppp interface after it comes up? Can you ping your ISPs gateway? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: duplicate network filesystems (was: HA mailserver (smtp, pop3, imap,imap/ssl))
> Then if one fileserver was down (even temporarily), then all the other > fileservers (all four) would have to queue a message about the data and > task and some heartbeat between fileservers could alert it when back up > and then make sure that the particular filesystem is properly updated. > > What do you all think about this? Sounds exactly like RAID except that the disks are in physically different machines. I wonder if you can set up software RAID to use NFS mounted drives... h... may be worth playing with. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: webalizer
Take a look at your webalizer.current file. The second line will be the date of the last record processed. Webalizer will not process any files before that date to prevent duplication. I have manually changed the date to process older log files with success. Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: webalizer
Take a look at your webalizer.current file. The second line will be the date of the last record processed. Webalizer will not process any files before that date to prevent duplication. I have manually changed the date to process older log files with success. Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: iptables and routing
Take a look at using iproute2. http://www.linuxguruz.org/iptables/howto/Adv-Routing-HOWTO.html#s4 Robert Davidson wrote: > > Hi Everyone :) > > I've got a problem and I can't seem to find a solution without putting > another computer in the works as a router, which isn't really a good > solution. > > I'm using kernel 2.4.10, iptables and some policy routing. > > What I would like to do (if it's possible) is decide which network > interface a packet goes out depending on which program generated it > locally. For example, if Apache generates a packet, I always want it > to go out of cipcb0 (vpn interface). > > I have some live IP's routed over the cipcb0 interface, and that goes > over my cable link. I'm not allowed to simply serve pages on the > cable modem IP because it's against their acceptable use policy, and > I've already had my account suspended once for doing that. Anyway, > the problem is, when someone is using the same cable provider as I do, > if their proxy server gets the request it will ask my server to give > it the page, but the server won't send the data out of cipcb0 because > there is a host route pointing to the cable providers proxy/dns server > as I want to be able to use their proxy/dns servers myself, and > because the packet comes back to the cable provider through the cable > modem, it gets dropped, thus there is a large area around me where > users on the same cable provider that I use can not access any of my > web pages. > > Does anyone know how to fix this problem? I've had a play with > marking packets based on UID and so on in an effort to use the policy > routing stuff to route the packets up to the cipcb0 interface, but I > havn't has any success yet. > > -- > Regards, > Robert Davidson. > http://www.mlug.org.au/ > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Roach Motel For Packets...
Let me see if bad drawings help any: eth0(to Internet IP "A.A.A.A")--|--| |Router|--eth2(192.168.1.1) eth1(to Internet IP "B.B.B.B")--|--| eth2:0(10.0.0.1) and |---| <<--to router --eth0(192.168.1.2)---|PC #1 -localnet| eth0:0 (10.0.0.2) |---| All traffic to and from 192.168.1.0/27 goes over A.A.A.A All traffic to and from 10.0.0.0/27 goes over B.B.B.B A.A.A.A is the default gateway for all other traffic If I log into the router I can ping any IP, on any interface including my telco's first hop out eth0 and eth1. Packets get routed as expected. If I log into PC#1 I can ping any interface on the router, anything on the localnet and anything on the Internet (through the router's eth0 which is the default gateway) but I can not ping anything on the remote side of the router's eth1. If I log into a remote machine I can ping any IP serviced by eth0, can ping my telco's side of the eth1 connection but can not reach any IPs serviced by eth1, including eth1 itself. I'm using ipchains to log *all* packets on every interface and in all the above examples I can see the ping packets come in eth1 but that's it. They never attempt to leave through any interface. Note the IPs in the example are fake. The real IPs are in the public IP space so the problem isn't trying to route these private IPs over the internet. :-) The ipchains rules are: # Rules for eth0 these work! ipchains -A input -i eth2 -s 192.168.1.0/27 -j ACCEPT ipchains -A output -i eth2 -d 192.168.1.0/27 -j ACCEPT ipchains -A forward -i eth0 -s 192.168.1.0/27 -j ACCEPT ipchains -A forward -i eth2 -d 192.168.1.0/27 -j ACCEPT # Rules for eth1 these don't! ipchains -A input -i eth2 -s 10.0.0.0/27 -j ACCEPT ipchains -A output -i eth2 -d 10.0.0.0/27 -j ACCEPT ipchains -A forward -i eth1 -s 10.0.0.0/27 -j ACCEPT ipchains -A forward -i eth2 -d 10.0.0.0/27 -j ACCEPT # And of course there are other rules allowing traffic in and out eth0 and eth1. I'm stumped! I'd be happy if it was a routing problem that I could see or firewall rule screwing things up. Is there, maybe, something I need to do when I give the NIC an alias? Pete > I am not sure if I understand this exactly. It may help to have more > information. > > I have a feeling your replies are being sent out but are being firewalled > by another router, since they appear to have a source address that doesn't > belong to its network (i.e. address spoofing, SMURF attack). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Roach Motel For Packets...
> as is required by RFC, routing is disabled by default. to enable > routing: > > echo 1 >/proc/sys/net/ipv4/ip_forward > > use /etc/sysctl.conf to have it enabled automatically at boot. 100% correct you are, but I have already done this. Note that "stuff" coming in eth0 is getting forwarded correctly, only packets coming in eth1 are not. Even eth1 itself does not respond to pings even though I can log the packets coming in. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Roach Motel For Packets...
Hi all, I have successfully created a Linux "Roach Motel"... packets check in, but they don't check out! Unfortunately, I was trying to create a router! :-) I have a Linux router with two connections from different service providers (eth0 and eth1) coming in and want to route all traffic to go out eth2. Eth0 is the router's default gateway I assigned eth2 two ips (eth2=192.168.0.1 and eth2:0=10.0.0.1)The (important) routes are set to Networkgatewaynetmaskiface 192.168.0.0 * 255.255.255.0eth2 10.0.0.1 * 255.255.255.0eth2 (eth1 net)* 255.255.255.0eth1 default(eth0 ip) 0.0.0.0 eth0 Ips have been changed to protect the innocent. All ips are really in the public IP space. I am *not* trying to load balance, do BGP or anything like that. I basically want the boxen on the network to respond to packets coming from either network. I'm using IPChains to get this all working nice. If I ping any of the IPs serviced by eth0 (remotely or locally) everything works fine. I can ping eth0, eth2 or any of the boxes on the network. From the router I can ping eth0, eth1, eth2, and IPs that should be serviced by eth1 on the network and I can ping the provider going out eth1. From the local network I can ping any other machine and *any* IP on the router. But if I try to ping eth1, or any of the IPs serviced by eth1, from a remote machine the packets come into the router and disappear. They do not get DENYed, ACCEPTed or FORWARDed by IPChains on any interface. The rules relating to eth0 and eth1 are identical. It is as if the packets coming in eth1 are not getting forwarded but I can't figure out why not, particularly when the IPChains rules work for eth0. Any suggestions where to look? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: server mirroring spam
> PLL is a nice theory...{et al} I second that. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim remote outgoing mail
matt wrote: > > nevermind my last post, i think i got it working:) > -matt Matt, You should post your solution to the list for the archives. It will help others in the future who have a similar problem. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]