from:"Peter Billson"

Re: Still Considering Debian - But Stuck!

2004-02-02 Thread Peter Billson

Just to follow up:
   If you do want to install Debian with the 2.4 kernel just use the
BF24 boot option when installing from CD. A complete list of boot
options is available when installing from CD.

  You then will have 2.4 options (i.e. drivers, ext3, etc.) available
during the install process.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: Still Considering Debian - But Stuck!

2004-02-02 Thread Peter Billson

Just to follow up:
   If you do want to install Debian with the 2.4 kernel just use the
BF24 boot option when installing from CD. A complete list of boot
options is available when installing from CD.

  You then will have 2.4 options (i.e. drivers, ext3, etc.) available
during the install process.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: 2.6 kernel network interface assignment order

2004-01-29 Thread Peter Billson

Take a look at:
http://www.xenotime.net/linux/doc/network-interface-names.txt

This seems to be what you want.

Pete

-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting



Tommy Moore wrote:
> 
> You won't be able to do this I don't think if the cards you are using
> operate off the same module.
> 
> Tommy
> 
> On Thu, Jan 29, 2004 at 10:15:09PM +0100, Franz Georg K??hler wrote:
> > On Do, Jan 29, 2004 at 03:47:26 -0500, Eric Sproul <[EMAIL PROTECTED]> 
> > wrote:
> > > On Thu, 2004-01-29 at 14:55, Franz Georg K??hler wrote:
> > >> This occasionally happens with new kernel releases.
> > >
> > > I'd like to know why.
> >
> > I think this is related to the pci-bus initialization-, ACPI-code, etc.
> > Upgrading to a new major release also means experiencing major changes.
> >
> > I noticed this when I upgraded from 2.2 to 2.4 .
> >
> > If you're using a modular kernel you should be able to influence the
> > device names by loading the modules in a specific order.
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> >
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: 2.6 kernel network interface assignment order

2004-01-29 Thread Peter Billson

Take a look at:
http://www.xenotime.net/linux/doc/network-interface-names.txt

This seems to be what you want.

Pete

-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting



Tommy Moore wrote:
> 
> You won't be able to do this I don't think if the cards you are using
> operate off the same module.
> 
> Tommy
> 
> On Thu, Jan 29, 2004 at 10:15:09PM +0100, Franz Georg K??hler wrote:
> > On Do, Jan 29, 2004 at 03:47:26 -0500, Eric Sproul <[EMAIL PROTECTED]> wrote:
> > > On Thu, 2004-01-29 at 14:55, Franz Georg K??hler wrote:
> > >> This occasionally happens with new kernel releases.
> > >
> > > I'd like to know why.
> >
> > I think this is related to the pci-bus initialization-, ACPI-code, etc.
> > Upgrading to a new major release also means experiencing major changes.
> >
> > I noticed this when I upgraded from 2.2 to 2.4 .
> >
> > If you're using a modular kernel you should be able to influence the
> > device names by loading the modules in a specific order.
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> >
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: SOP for debian isp/corporate server...

2004-01-20 Thread Peter Billson

Prasad,
1)   There is a manual on securing Debian at:
http://www.debian.org/doc/manuals/securing-debian-howto

2) There really is no SOP on "bloat" because one man's bloat is another's needed
service.

   You, however, can create your own. Basically do an install and add/strip
whatever packages you want. Once you have your "perfect" set of packages do a:

dpkg --get-selections '*' > {some-file-name}

  You will now have a list of the status of all Debian packages (i.e. installed,
purged, etc.) on your system.


  Next time you do an install do a:

dpkg --set-selections < {some-file-name}

then run apt-get dselect-upgrade


This will add and remove packages as needed to bring the packages on your new
system exactly like the base system.


Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Ho



Quoting prasad <[EMAIL PROTECTED]>:

> hi,
> 
> As many of you must have experienced, there are usual SOPs for setting
> up
> non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
> 
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find any
> old
> message,
> 
> What applies for isp-servers also applies for corporate servers which
> are
> 24/7 connected to net for things like mail etc, which need to take
> similar
> precautions. One of the reasons I have found, one company took a policy
> decision to not deploy to linux servers some time back, is becuse these
> rapidly moving distros like RH with insecure preinstalled bloat, was
> causing
> major maintainance & security hasle. Now that RH is out of picture, and
> debian just the kind of thing made for such a configuration, SOP will
> help.
> 
> regards,
> prasad
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> 
> 


sting

Re: SOP for debian isp/corporate server...

2004-01-20 Thread Peter Billson

Prasad,
1)   There is a manual on securing Debian at:
http://www.debian.org/doc/manuals/securing-debian-howto

2) There really is no SOP on "bloat" because one man's bloat is another's needed
service.

   You, however, can create your own. Basically do an install and add/strip
whatever packages you want. Once you have your "perfect" set of packages do a:

dpkg --get-selections '*' > {some-file-name}

  You will now have a list of the status of all Debian packages (i.e. installed,
purged, etc.) on your system.


  Next time you do an install do a:

dpkg --set-selections < {some-file-name}

then run apt-get dselect-upgrade


This will add and remove packages as needed to bring the packages on your new
system exactly like the base system.


Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Ho



Quoting prasad <[EMAIL PROTECTED]>:

> hi,
> 
> As many of you must have experienced, there are usual SOPs for setting
> up
> non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
> 
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find any
> old
> message,
> 
> What applies for isp-servers also applies for corporate servers which
> are
> 24/7 connected to net for things like mail etc, which need to take
> similar
> precautions. One of the reasons I have found, one company took a policy
> decision to not deploy to linux servers some time back, is becuse these
> rapidly moving distros like RH with insecure preinstalled bloat, was
> causing
> major maintainance & security hasle. Now that RH is out of picture, and
> debian just the kind of thing made for such a configuration, SOP will
> help.
> 
> regards,
> prasad
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> 
> 


sting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Root Hints Problem after Security Update

2004-01-08 Thread Peter Billson

Hello All,
  After applying the latest Debian Woody security update to BIND I am getting 
sysquery errors logged to the daemon log complaining that bind can't get an 
address for any of the root servers.

  Everything I can find says that the problem is an out-of-date root hints 
file but I have downloaded the latest one from Internic and also used dig to 
create one, but both produce the same errors.

  I should also note that bind was happy with the old root hints file before 
the security update.

  Anyone else having this problem? Any suggestions?

Pete Billson
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Root Hints Problem after Security Update

2004-01-08 Thread Peter Billson

Hello All,
  After applying the latest Debian Woody security update to BIND I am getting 
sysquery errors logged to the daemon log complaining that bind can't get an 
address for any of the root servers.

  Everything I can find says that the problem is an out-of-date root hints 
file but I have downloaded the latest one from Internic and also used dig to 
create one, but both produce the same errors.

  I should also note that bind was happy with the old root hints file before 
the security update.

  Anyone else having this problem? Any suggestions?

Pete Billson
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian on a Dell-Server???

2004-01-02 Thread Peter Billson

Daniel,
  Debain works fine on Dells. A couple tips assuming you are installing
from the Woody CD:

1) Use the BF24 boot option so that you are installing a 2.4 kernel and
not the default 2.2 kernel

2) You may run into problems with your RAID array due to a chicken/egg
problem with the driver. There is a perfect "how-to" at
http://lists.us.dell.com/pipermail/linux-poweredge/2002-September/003971.html
to work around the problem.

   The how-to says you can do it on the system during install but I have
found it is *much* easier to make the driver floppy on another system
first.

3) There is more info on Matt Domsch's page at http://domsch.com/linux

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Daniel Holze wrote:
> 
> Hello debian-isp,
> 
>   Anyone know, if i can Debian on an Dell-Server?
>   Dell says olny RedHat9 :-/
> 
> --
> Best wishes,
> 
> DWL-Deutsche Webleasing oHG
> Daniel Holze
> Technical Director
> Hanauer Landstrasse 320
> D-60314 Frankfurt
> 
> Telefon: +49 (0)69 403 57 990
> Telefax: +49 (0)69 403 57 991
> 
> http://www.dwleasing.de
> mailto:[EMAIL PROTECTED]
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian on a Dell-Server???

2004-01-02 Thread Peter Billson

Daniel,
  Debain works fine on Dells. A couple tips assuming you are installing
from the Woody CD:

1) Use the BF24 boot option so that you are installing a 2.4 kernel and
not the default 2.2 kernel

2) You may run into problems with your RAID array due to a chicken/egg
problem with the driver. There is a perfect "how-to" at
http://lists.us.dell.com/pipermail/linux-poweredge/2002-September/003971.html
to work around the problem.

   The how-to says you can do it on the system during install but I have
found it is *much* easier to make the driver floppy on another system
first.

3) There is more info on Matt Domsch's page at http://domsch.com/linux

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Daniel Holze wrote:
> 
> Hello debian-isp,
> 
>   Anyone know, if i can Debian on an Dell-Server?
>   Dell says olny RedHat9 :-/
> 
> --
> Best wishes,
> 
> DWL-Deutsche Webleasing oHG
> Daniel Holze
> Technical Director
> Hanauer Landstrasse 320
> D-60314 Frankfurt
> 
> Telefon: +49 (0)69 403 57 990
> Telefax: +49 (0)69 403 57 991
> 
> http://www.dwleasing.de
> mailto:[EMAIL PROTECTED]
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: two ethernet ports on one PCI NIC?

2003-10-09 Thread Peter Billson

Steven,
   Intel makes duel and quad port NIC cards that are fully supported and
have worked great for me.
http://www.intel.com/network/connectivity/products/server_adapters.htm

  BTW - if you only need one Intel will sell you one "evaluation" card
for a great price!

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting



"Jones, Steven" wrote:
> 
> Think you will have to go to a 4 port NIC, Im not aware of a 2 port one,
> 
> I know of 2 made but I have not tried either, one is a dlink unit (the other
> intel or 3com?)and Ive used the single port version so the chipset works,
> but not if 4 are seen by Debian (you can send me one to try if you want
> ).
> 
> regards
> 
> Steven
> 
> -Original Message-
> From: Chris Evans [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2003 8:58 AM
> To: [EMAIL PROTECTED]
> Subject: two ethernet ports on one PCI NIC?
> 
> I run a small postfix/ecartis Email list service (double opt in) for
> some charities.  My firewall is due to be replaced and I'd like to go
> for one of these new tiny, very quiet boxes since the old things I've
> got do create a great racket in my study and take up space.  All the
> tiny boxes I'm considering have one ethernet port on the motherboard
> but only one PCI slot.  Anyone know of a reliable dual ethernet NIC
> for PCI that has linux drivers (Debian tested ideally)?
> 
> TIA,
> 
> Chris
> PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling
>and Therapeutic Communities; practice, research,
>teaching and consultancy.
> Chris Evans & Jo-anne Carlyle
> http://psyctc.org/ Email: [EMAIL PROTECTED]
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: multi-terabyte disks

2003-10-08 Thread Peter Billson

Noah,
  The 2.4.x kernels do have a 2Tb limit but that is "fixed" in => 2.5.40
/ 2.6 kernels.

  You could, of course, partition your 10Tb array into 5 logical drives
to solve the problem with the 2.4.x kernel.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting



"Noah L. Meyerhans" wrote:
> 
> Am I correctly interpreting pages such as
> http://www.gelato.unsw.edu.au/IA64wiki/LargeBlockDevices in my
> understanding that Linux 2.4 can not address the entire capacity of a 3
> terabyte disk?  I find this very surprising if it's true.  I would have
> expected there to be some demand for such a feature, especially since
> multiple-terabyte disk arrays can be found $10k or less these days.
> 
> noah
> 
>   
>Part 1.2Type: application/pgp-signature


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: splitting a subnet in an odd way

2003-09-27 Thread Peter Billson

Leonardo,
  I may not exactly understand what you are trying to do but if the only
thing you are trying to accomplish is firewalling the machines
differently, couldn't you just:

  1) assign them different gateways. The "open" machines would use the
"real" gateway. The other two groups would use the trusted side of the
two firewalls as gateways. The firewalls would use your "real" gateway
to forward the packets to/from the world.

The "two" firewalls could be one Linux box with a couple interfaces
and appropriate firewall rules.

  2) just write the firewall rules to do what you want. Why not just
write your firewall rules to do what you want? Pass IPs x to y without
filtering, etc., etc. This seems most straight forward.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

> > On Wednesday 24 September 2003 10:47, Leonardo Boselli wrote:
> >
> > > I have a /24 subnet.
> > > .1 is the gateway and almost all IP from 2 to 254 are occupied.
> > > I would like to split the host in three groups:
> > > 12 that can have full access, 12 thought one firewall and the other 205
> > > throught a second firewall.
> > > I cannot chanmge the number of some machines, so the only option is
> > > that the first 12 and the two firewalls are .2 to .14
> > > the second group is .18 to .29 and the third vould keep is present
> > > numbers between .36 and .254.

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Routingtable vulnerability

2003-05-26 Thread Peter Billson

Thomas,
  My brother tells me that there has been some discussion about this on
the kernel list. RedHat's patch was applied to 2.4.21 (plus 2.5.69) but
people are reporting that the patch breaks other things so it is not yet
ready for prime time.

  At this point this remains only a theoretical flaw which someone
noticed while hacking on the kernel. No one has shown an actual exploit.

  Until the kernel hackers can do their thing, there isn't much the
Debian project can do. You may want to monitor the kernel list for more
up-to-date information.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Thomas Hebinck wrote:
> 
> Hi,
> 
> is there really nobody who knows anything about this vulnerability?
> We use Debian Woody as firewall ...
> 
> Sincerely,
> Thomas
> 
> >-Original Message-
> >From: www-data [mailto:[EMAIL PROTECTED] Behalf Of
> >[EMAIL PROTECTED]
> >Sent: Wednesday, May 21, 2003 11:50 AM
> >To: debian-isp@lists.debian.org
> >Subject: Routingtable vulnerability
> >
> >
> >
> >
> >Due to the fact that I'm only subscribed to two Debian related Mailinglists
> >(debian-isp and security-announce) I haven't heard of any discussions about 
> >the
> >newly discoverd Kernel vulnerability (Routingtables,
> >http://rhn.redhat.com/errata/RHSA-2003-172.html).
> >Has this been discussed on Debian-Lists and are there any countermesasures
> >recommended?
> >
> >Best Regards,
> >Dominik Schulz
> >
> >-
> >This mail sent through IMP: http://horde.org/imp/
> >
> >
> >--
> >To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> >
> >
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Procmail weirdness

2003-04-26 Thread Peter Billson

Hello *,
  I'm having some procmail weirdness that I can't get my brain around.

  I have a box running exim with two domains that sort to various system users.

   Every user has a procmailrc file in their home directory like this:
LINEBUF=4096
MAILDIR=$HOME/Maildir/

:0 c
*
$HOME/MailBU/Inbound/

:0
$MAILDIR

  This works perfectly for the primary domain but not the virtual domain. For 
the "broken" domain, if I put this procmailrc file in a user's home directory 
their mail gets delivered in mbox format to /var/spool/mail/{username}. If I 
remove it it gets
delivered in maildir format to /home/{username}/Maildir/new as it should.

  Any suggestions as to where to look for the problem?


Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: NON-US can anyone reach aljazeera.net?

2003-03-25 Thread Peter Billson

>From New York area of US I can resolve www.aljazeera.net, but not 
>english.aljazeera.net.

 My traceroute dies on a nice.francetelecom hop.

Pete


Martin Wheeler wrote:
> 
> On Tue, 25 Mar 2003 [EMAIL PROTECTED] wrote:
> 
> > Can anyone reach aljazeera.net or english.aljazeera.net from outside
> > of US?  Or any nameservers for it?
> 
> 2003-03-26 01:15 GMT
> 
> OK -- looks like we in the UK are going to be allowed to read it in Arabic.

Re: NON-US can anyone reach aljazeera.net?

2003-03-25 Thread Peter Billson

>From New York area of US I can resolve www.aljazeera.net, but not 
>english.aljazeera.net.

 My traceroute dies on a nice.francetelecom hop.

Pete


Martin Wheeler wrote:
> 
> On Tue, 25 Mar 2003 [EMAIL PROTECTED] wrote:
> 
> > Can anyone reach aljazeera.net or english.aljazeera.net from outside
> > of US?  Or any nameservers for it?
> 
> 2003-03-26 01:15 GMT
> 
> OK -- looks like we in the UK are going to be allowed to read it in Arabic.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Denial of Service via UCE

2003-01-30 Thread Peter Billson

Pulu,
  You may want to ask someone with a fatter pipe to act as your MX where they can 
bit-bucket the UCE then forward on the good stuff to you.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


Pulu 'Anau wrote:
> 
> Hi, this is not particularly a debian related question but this is the
> most knowledgable list that I track, and I hope someone here might have a
> "miracle answer" that we can't think of.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: cybercafe management software

2002-12-16 Thread Peter Billson

Remi,
  You may want to check out the LTSP (Linux Terminal Server Project - www.ltsp.org) 
mailing list. There has been several threads about public kiosks. 

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Rémi Letot wrote:
> 
> Hi all,
> 
> don't know if this is the right list for such problems, but after all
> a cybercafe is also an isp, so here it is:
> 
> I'm in search of a management software for a cybercafe. The firewall
> will be debian, the stations will multiboot win/lin.
> 
> I'd like to be able to manage who can login on which machine, until
> when, and if internet connectivity is granted. So clients pay, then
> they are given a machine number and a username/password pair which is
> valid on that machine until the time expires. Idem for internet
> connectivity for that machine.
> 
> Client <-> machine mapping is a plus but not a requirement (but I
> think it's easier to tell which machine can connect through the fw
> than which client).
> 
> The most basic setup would be management of the firewall rules in a
> clean interface, time management being done by hand. The system has to
> be usable by a complete non techie, so no way to do it with a real
> firewall management program.
> 
> Well, I think you get the idea of what I'd like. It does not have to
> be a complete killer solution (although that would be best :-), but it
> has to tackle the job and be simple to use.
> 
> Does it exist in the free world? Note that if it exists but not in
> debian, I would be willing to package it.
> 
> Thanks,
> --
> Rémi
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Problem while compiling wanpipe.o

2002-12-10 Thread Peter Billson

Michelle,
  As I understand it you do not compile Wanpipe into the kernel you compile wanpipe 
separately but you must have the kernel source that you used to compile your current 
kernel. My guess is that the symbols complaint is due to that fact that your kernel
source does not match your running kernel.

  BTW - Sangoma's tech support is *great*. I have found that questions emailed to them 
(during business hours) are returned very quickly and actually help! :-)

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


Michelle Konzack wrote:
> 
> Hello,
> 
> I have a Sangoma Wanpipe and need to compile a new Kernel which support
> it. I have tried to compile the module and compiled into the kernel.
> 
> But I get every time I compile it many error messages about 'symboles'
> or something like this. Sorry, I can not give you better informations,
> because curently I have NO internet access at home and I am writing
> this E-Mail in a cyber-center.
> 
> Please can anyone help me out ?
> 
> I need the module urgently, becaue I must install it at a client.
> 
> Please note:This error ocures in Kernel 2.4.18 and 2.4.19
> 
> Many thanks in advance
> Michelle
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Backup Web Server

2002-11-25 Thread Peter Billson

Rizal,
  Check out HA (High Availability) http://linux-ha.org

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


[EMAIL PROTECTED] wrote:
> 
>Can anyone pls tell me how to setup a Backup Web Server..meaning if the
> primary Web Server fails, it will  automatically go to a seperate Web
> Server.
> 
>   ex.
> 
>  Home User - www.abc.com
> 
>   Server Unit 1 - www.abc.com : but if the unit bogs down
>  it will go to,
> 
>   Server Unit 2 - www.abc.com
> 
> Can this be possible?
> 
> Rizal
> 
> "If you think you play too much, play more"
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bind8 to Bind9

2002-11-16 Thread Peter Billson

Hey *,
  I am planning the move from Bind8 to Bind9 on woody and was wondering if 
anyone has any tips, gotchas or pointers I should know before the move.

  Thanks in advance.

Pete

Bind8 to Bind9

2002-11-16 Thread Peter Billson

Hey *,
  I am planning the move from Bind8 to Bind9 on woody and was wondering if anyone has 
any tips, gotchas or pointers I should know before the move.

  Thanks in advance.

Pete


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Pipeline internet help

2002-11-08 Thread Peter Billson

Johnno,
  That depends on where the second pipe is coming from. If it is coming
from a different NOC of the same upstream company then they should take
care of all the messy routing details.

 If you use multiple providers then use BGP to provide multiple routes
for your IP blocks.   Your upstream should be able to help you with
this.

  BTW - be sure that your redundant connection is truly redundant. Here
in the US many providers rent equipment space in the telcos office so
one fire in a telco can take out all the different providers. You backup
connection should take a *completely* different route from start to end,
including the wires to your building (of course a totally separate
building is even better :-) otherwise a single falling tree somewhere
along the path could eliminate both connections.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Johnno wrote:
> 
> Hello All,
> 
> At the moment the servers I ran has only one pipline to the net, Now I am
> looking at adding other one as a backup..
> 
> How do I go about make the second as a backup so if the first goes down the
> second will take over??
> 
> Then when the first one goes back online that will be used putting the
> second back into backup
> 
> will our ip addresses work with both feeds?
> 
> Thanks,
> Johnno
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Pipeline internet help

2002-11-08 Thread Peter Billson

Johnno,
  That depends on where the second pipe is coming from. If it is coming
from a different NOC of the same upstream company then they should take
care of all the messy routing details.

 If you use multiple providers then use BGP to provide multiple routes
for your IP blocks.   Your upstream should be able to help you with
this.

  BTW - be sure that your redundant connection is truly redundant. Here
in the US many providers rent equipment space in the telcos office so
one fire in a telco can take out all the different providers. You backup
connection should take a *completely* different route from start to end,
including the wires to your building (of course a totally separate
building is even better :-) otherwise a single falling tree somewhere
along the path could eliminate both connections.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Johnno wrote:
> 
> Hello All,
> 
> At the moment the servers I ran has only one pipline to the net, Now I am
> looking at adding other one as a backup..
> 
> How do I go about make the second as a backup so if the first goes down the
> second will take over??
> 
> Then when the first one goes back online that will be used putting the
> second back into backup
> 
> will our ip addresses work with both feeds?
> 
> Thanks,
> Johnno
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: APC PowerChute on Linux

2002-06-28 Thread Peter Billson

Andreas,
  It has been a while since I played with it, but if I remember
correctly the documentation said that Linux can't be the master only a
slave.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


Andreas Rabus wrote:
> 
> Hi,
> 
> It's not free software, but i think i need it as master for two for the
> Windoze Servers on the UPS.
> So i tried to install PowerChute for linux on my debian box.
> 
> Did not work for now
> 
> Anybody managed it already?
> 
> I searched the web and found a page:
> http://homepage2.nifty.com/drpanda/tech/opensource/debian-ups.html
> But i can't read it.
> Can any body help by translating this page?
> 
> Thanks in advance,
> 
> ar
> 
> Andreas Rabus
> entity38 AG
> 
> Isartalstr. 44b/Rgb.
> 80469 München
> 
> Tel +49 (89) 286772-27
> Fax +49 (89) 286772-21
> ISDN +49 (89) 286772-30
> ICQ #132675697
> 
> [EMAIL PROTECTED]
> www.entity38.de
> 
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: rm: cannot unlink `sendmail': Operation not permitted

2002-05-23 Thread Peter Billson

try chattr -i /usr/sbin

Even if sendmail is set -i, if the directory is immutable you will not
be able to rm it.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting



Jason Lim wrote:
> 
> Hi all,
> 
> This is happening on a Redhat 7.2 system, but i think it would apply
> across all Linux distros.
> 
> [EMAIL PROTECTED] sbin]# pwd
> /usr/sbin
> [EMAIL PROTECTED] sbin]# chattr -iu sendmail
> [EMAIL PROTECTED] sbin]# rm sendmail
> rm: remove `sendmail'? y
> rm: cannot unlink `sendmail': Operation not permitted
> 
> [EMAIL PROTECTED] sbin]# ls -al sendmail
> -rwxr-xr-x   1 root root99161 May  1 01:21 sendmail
> 
> That is happening for all the files in that directory.
> 
> strace rm sendmail:
> 
> lstat64("sendmail", {st_mode=S_IFREG|0755, st_size=99161, ...}) = 0
> access("sendmail", W_OK)= 0
> unlink("sendmail")  = -1 EPERM (Operation not
> permitted)
> 
> Any ideas as to what may be happening?
> 
> Sincerely,
> Jason
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: rm: cannot unlink `sendmail': Operation not permitted

2002-05-23 Thread Peter Billson


try chattr -i /usr/sbin

Even if sendmail is set -i, if the directory is immutable you will not
be able to rm it.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting



Jason Lim wrote:
> 
> Hi all,
> 
> This is happening on a Redhat 7.2 system, but i think it would apply
> across all Linux distros.
> 
> [root@linux1 sbin]# pwd
> /usr/sbin
> [root@linux1 sbin]# chattr -iu sendmail
> [root@linux1 sbin]# rm sendmail
> rm: remove `sendmail'? y
> rm: cannot unlink `sendmail': Operation not permitted
> 
> [root@linux1 sbin]# ls -al sendmail
> -rwxr-xr-x   1 root root99161 May  1 01:21 sendmail
> 
> That is happening for all the files in that directory.
> 
> strace rm sendmail:
> 
> lstat64("sendmail", {st_mode=S_IFREG|0755, st_size=99161, ...}) = 0
> access("sendmail", W_OK)= 0
> unlink("sendmail")  = -1 EPERM (Operation not
> permitted)
> 
> Any ideas as to what may be happening?
> 
> Sincerely,
> Jason
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How fast can Linux-Firewalls be?

2002-02-23 Thread Peter Billson

[EMAIL PROTECTED] wrote:
> What minimum characteristics would a Linux IP Masquerading Firewall
> Box need, to run a 100 Mbps link without slowing down traffic.

  There was some discussion last January (2001) about this type of
thing. The problem you will run into if you are using POTS Intel
hardware is the PCI bus speed, so you are going to have a tough time
filling one 100Mbs connection with an old Pentium - assuming an old
66Mhz PCI bus. You can forget about filling two or more. Also, cheap
NICs will do more to kill your max. throughput.
  That being said, I run old Pentium 133s with 64Mb RAM in several
applications as routers and can notice no network latency on a 100BaseT
network, but I have never benchmarked the machines. Usually the
bottlenecks are elsewhere - i.e. server hard drive throughput. Packet
routing, filtering, masquerading really doesn't require much CPU
horsepower.

> With two old Pentium boxes and Debian, I could set up a Firewall and a
> network traffic watcher within a few hours, thus relieving some
> tecnical flaws of the University Network.

Linux. World domination... fast.

Pete Billson
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: How fast can Linux-Firewalls be?

2002-02-23 Thread Peter Billson

[EMAIL PROTECTED] wrote:
> What minimum characteristics would a Linux IP Masquerading Firewall
> Box need, to run a 100 Mbps link without slowing down traffic.

  There was some discussion last January (2001) about this type of
thing. The problem you will run into if you are using POTS Intel
hardware is the PCI bus speed, so you are going to have a tough time
filling one 100Mbs connection with an old Pentium - assuming an old
66Mhz PCI bus. You can forget about filling two or more. Also, cheap
NICs will do more to kill your max. throughput.
  That being said, I run old Pentium 133s with 64Mb RAM in several
applications as routers and can notice no network latency on a 100BaseT
network, but I have never benchmarked the machines. Usually the
bottlenecks are elsewhere - i.e. server hard drive throughput. Packet
routing, filtering, masquerading really doesn't require much CPU
horsepower.

> With two old Pentium boxes and Debian, I could set up a Firewall and a
> network traffic watcher within a few hours, thus relieving some
> tecnical flaws of the University Network.

Linux. World domination... fast.

Pete Billson
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: exim question

2002-02-21 Thread Peter Billson

Ward,
  Yes, it really does work for me.

  I thought the point of the original poster is that he wanted any
address that didn't match a real user (and I assume another alias) to be
delivered to a particular mailbox. He wanted the alias file to never
fail.

  The original poster didn't mention that he was doing virtual domains
on the box. To do virtual hosts I configure exim to use multiple alias
files (one for each domain) and then the *: rule would go in the
appropriate alias file. Trying to do virtual domains in one alias file
is troublesome and the *: rule in that case would probably be bad.

Pete

Ward Willats wrote:
> 
> Pete:
> 
> >In your alias file, as your last rule, put
> >
> >*:   username
> >
> 
> Does that really work for you? I had trouble with it because
> with a line like this, the alias file can never fail. Exim would
> qualify "username" and run it through again, it would also run
> any aliases generated by other rules in the file through a
> second time, and wind up mapping lots of addresses to
> "[EMAIL PROTECTED]"
> 
> Maybe I just ran into trouble since I have include_domain on
> and explicitly handle several virtual domains in my aliases
> filebut the *: construct was a big enough gun that I
> sure blew my foot off with it!
> 
> -- Ward
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: exim question

2002-02-21 Thread Peter Billson

Ward,
  Yes, it really does work for me.

  I thought the point of the original poster is that he wanted any
address that didn't match a real user (and I assume another alias) to be
delivered to a particular mailbox. He wanted the alias file to never
fail.

  The original poster didn't mention that he was doing virtual domains
on the box. To do virtual hosts I configure exim to use multiple alias
files (one for each domain) and then the *: rule would go in the
appropriate alias file. Trying to do virtual domains in one alias file
is troublesome and the *: rule in that case would probably be bad.

Pete

Ward Willats wrote:
> 
> Pete:
> 
> >In your alias file, as your last rule, put
> >
> >*:   username
> >
> 
> Does that really work for you? I had trouble with it because
> with a line like this, the alias file can never fail. Exim would
> qualify "username" and run it through again, it would also run
> any aliases generated by other rules in the file through a
> second time, and wind up mapping lots of addresses to
> "username@qualify_domian"
> 
> Maybe I just ran into trouble since I have include_domain on
> and explicitly handle several virtual domains in my aliases
> filebut the *: construct was a big enough gun that I
> sure blew my foot off with it!
> 
> -- Ward
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: exim question

2002-02-21 Thread Peter Billson

In your alias file, as your last rule, put

*:   username

where username is the account the mail should goto. Username can also be
a remote address i.e. [EMAIL PROTECTED]

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


Bernie Berg wrote:
> 
> im running potato with the unstable packages.  How do I get exim to spit all 
> mail that there isn't a user defined for to a certain mail box? so "[EMAIL 
> PROTECTED]" goes to "[EMAIL PROTECTED]"
> 
> thanks!
> bernie
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: exim question

2002-02-20 Thread Peter Billson


In your alias file, as your last rule, put

*:   username

where username is the account the mail should goto. Username can also be
a remote address i.e. [EMAIL PROTECTED]

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


Bernie Berg wrote:
> 
> im running potato with the unstable packages.  How do I get exim to spit all mail 
>that there isn't a user defined for to a certain mail box? so 
>"[EMAIL PROTECTED]" goes to "[EMAIL PROTECTED]"
> 
> thanks!
> bernie
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Missing /proc/sys

2002-02-15 Thread Peter Billson

Jacob,
  Thanks! I forgot the golden rule: "Use the Source." A quick grep through the
source would have saved the public humiliation. :-/

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


> CONFIG_SYSCTL=y
> 
> -- 
> Jacob Elder
> http://www.lucidpark.net/

Missing /proc/sys

2002-02-15 Thread Peter Billson

Hello *,
   I have a weird problem on a server, the /proc/sys directory is not there. The
/proc filesystem is mounted and the rest of /proc seems to be fine, but 
/proc/sys and it's sub-directories are MIA.

   I have turned up a few people that have had this problem, but no answers.

   I'm running a 2.4.9 kernel on a modified potato machine (I have a similar set
up on half-a-dozen other machines without a problem) and discovered the problem
after running out of file descriptors. The machine runs fine otherwise.

  Help?

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: Missing /proc/sys

2002-02-15 Thread Peter Billson


Jacob,
  Thanks! I forgot the golden rule: "Use the Source." A quick grep through the
source would have saved the public humiliation. :-/

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


> CONFIG_SYSCTL=y
> 
> -- 
> Jacob Elder
> http://www.lucidpark.net/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Missing /proc/sys

2002-02-15 Thread Peter Billson


Hello *,
   I have a weird problem on a server, the /proc/sys directory is not there. The
/proc filesystem is mounted and the rest of /proc seems to be fine, but 
/proc/sys and it's sub-directories are MIA.

   I have turned up a few people that have had this problem, but no answers.

   I'm running a 2.4.9 kernel on a modified potato machine (I have a similar set
up on half-a-dozen other machines without a problem) and discovered the problem
after running out of file descriptors. The machine runs fine otherwise.

  Help?

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

SLow server

2002-02-11 Thread Peter Billson

Hello *,
  Got a weird server problem that I could use some pointers where to look. I 
have a PIII 600 Dell server with 1 IDE HD and 128Mb or RAM running 2.2.19Pre17 
potato. The server is lightly loaded - basically IMAP and Apache Web mail for 
about 20 users.

  The problem is the thing is *Slow*. The users keep pretty large mailboxes 
(mbox not maildir) and use Outlook to access them but that doesn't seem to 
account for the slowness. Top shows plenty of free memory (74Mb buffers, 16Mb 
cached), an idle CPU
(90-95%) and vmstat shows little disk activity and no swapping but the load 
will shoot up to 7 or 8 while someone opens their mailbox.

  Any disk I/O seems to drag (i.e. 'less /var/log/messages') even when nothing 
else is going on. I'm stumped. Any suggestions on what to look at would be 
helpful.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: Raid 1 + lilo

2002-01-31 Thread Peter Billson


Earlier in this thread, there was a question of how hardware RAID would
handle the failure of a drive on reboot. While at LinuxWorld I asked the
Intel team how their controller would handle it. 

   The answer was that the card would note the disk failure, notify you
of the problem, rebuild the array once you replaced the bad drive and
then the system would boot. Of course if you had a hot swap on line the
rebuild would be automatic.

   It sounds like, for high availability with no hot swap, that software
RAID with LILO on both drives could be a better choice. Your system
would come back, although crippled, faster and be running while
rebuilding the array.

   Seems from the discussions there is no "right" answer to which is
better. A lot of factors weigh in such as availability of a hot swap,
cost, availability vs. data integrity, etc.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian in 100 MB ?

2002-01-31 Thread Peter Billson


  We are running a router/firewall from a standard Debian distro using
111Mb, but this includes keeping a local set of logs so getting to your
100Mb mark should be easy.

  To duplicate the machine after the first set up either dd to a second
disk, and change config files, or do a standard install and do a dpkg
--get-selections '*' > package.list from the master and a dpgk
--set-selections < package.list on the second, third, etc. machine.
Finish up with a apt-get dselect-upgrade and you have a second machine
with all the same packages.

  You also could burn the system to a CD and run from there.

  I'm curious where your 100Mb goal came from?

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


[EMAIL PROTECTED] wrote:
> 
> Hi List !
> 
> I´d like to get a Firewalling LINUX with IPTABLES into 100 MB for use on a
> couple of ADSL/ISDN/ETH Firewalls.
> For this I`d like to use a stock debian, install onto a slightly larger
> partition and (scripted) remove excess software to make the 100 MB image.
> Advantage for me would be  the use of APT on the larger partition to keep
> the software up to date.
> 
> Is this the right way to do it ? I could not find a small debian based
> distro with IPTABLES/DSL/ISDN support...
> 
> Cu
> Pete
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Webalizer

2002-01-29 Thread Peter Billson


> I can't suggest alternative loggers, but one of the reasons that
> my webalizer kept breaking is because I had logrotate in the
> /etc/cron.daily as well. l comes before w. I changed the name of
> the logrotate script to 'zlogrotate' and webalizer hasn't had a
> problem since.

Alternately, you could configure webalizer to parse the access.log.0
file instead of access.log.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ftp.uk.debian.org

2002-01-29 Thread Peter Billson


Steve Wright wrote:
> 
> Anyone else having problems reaching ftp.uk.debian.org ??
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

I can't even resolve that name from here, but I can resolve
ftp.debian.org...

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: new photos from my party!

2002-01-28 Thread Peter Billson


Bummer man,
   I clicked on this SPAM link in mutt hoping to see p0rn and it trashed
my Linux box! Hope nobody else did that! :-)

Pete

PS what's with all the SPAM to this list lately... admins? I'll bet it's
that WoW guy that's suing Russell! :-)


> My party... It was absolutely amazing!
> I have attached my web page with new photos!
> If you can please make color prints of my photos. Thanks!
> 
> Name: www.myparty.yahoo.com
>www.myparty.yahoo.comType: unspecified type (application/octet-stream)



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Rsync

2002-01-26 Thread Peter Billson


Hey *,
  I just applied the security fix to rsync and now it is dumping core.
Before I report this as a bug, I thought I'd check to see if anyone else
is having trouble.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: rsync backup scipt

2002-01-26 Thread Peter Billson


Hereward Cooper wrote:
> 
> >  Using the --exclude-from={FILE} switch then listing the things you want
> > excluded in a separate file works well for me.
> 
> Is this recursive? Can I just put in the line /mnt/ and it'll ignore everything
> in there?

  Yes it is. /cdrom will eliminate everything on the cdrom, /mnt will
eliminate everything under /mnt, etc.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [BAD] the whole server down with a red-alert-like attack

2002-01-25 Thread Peter Billson


> IMHO something that runs every minute should not be in cron, even something
> that runs every 5 minutes possibly shouldn't be in cron.

  Could you tell me why that is so? I often run things from cron that
run every 5 mins and have never run into a problem... but then again I
often do stupid things repeatedly! :-) 

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: rsync backup scipt

2002-01-25 Thread Peter Billson


 
> On Friday 25 January 2002 03:09, Hereward Cooper wrote:
> > I've used rsync ok, (using one from a previous thread) but i'm
> > not sure how to do the rotation system? Also when backing up /
> > on the server, what stops it from copying the contents of a
> > mounted cd aswell?
> 
>  --exclude=PATTERN exclude   filesmatching
> PATTERN

   There are a number other files that you will want to exclude that are
machine specific, such as hostname, /etc/network/interfaces, etc.

   I also exclude /boot so that a kernel upgrade will not break LILO
when rsync runs, but if you use grub this may not be a problem.

 Using the --exclude-from={FILE} switch then listing the things you want
excluded in a separate file works well for me.
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting
q


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: user-agent log problem

2002-01-12 Thread Peter Billson

Hmmm, seems right. A couple thoughts:

1) Do you have any other CustomLog directives that are not commented out
2) Are you running NameVirtualHosts where you'd have to define a
CustomLog for each?

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


[EMAIL PROTECTED] wrote:
> 
> hi, in my logs files don't aper the user-agent (Mozilla, lynx ecc...) logs
> ..
> 
> why ?
> 
> example:
> 
> debian - - [12/Jan/2002:14:03:02 +0100] "GET /doc/HTML/web/w3/index.html
> HTTP/1.1" 200 5208
> 
> and in my httpd.conf
> 
> ...
> ...
> LogFormat "%h %l %u %t \"%r\" %>s %b
> \"%{Referer}i\" \"%{User-Agent}i\"" combined
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
> LogFormat "%{Referer}i -> %U" referer
> LogFormat "%{User-agent}i" agent
> 
> # The location of the access logfile (Common Logfile Format).
> # If this does not start with /, ServerRoot is prepended to it.
> 
> CustomLog /var/log/apache/access.log combined

Re: EXIM, LDAP and some pop3 stuff?

2002-01-12 Thread Peter Billson

> But I think this is an inherent UNIX / LDAP problem. LDAP seems
> a very powerful tool doing for UNIX everything the 'Regestry' has
> done for windows - and more. Whats missing here is some standardized
> way of how to do it.

  Now there is something to strive for. One monolithic, incomprehensible
mess that will cause your entire system to stop functioning if one byte
is out of order.
  If using a Windows-like registry is "fixing" it, I'll keep the *nix's
"broken" method, thank you. 

Pete Billson
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: user-agent log problem

2002-01-12 Thread Peter Billson


Hmmm, seems right. A couple thoughts:

1) Do you have any other CustomLog directives that are not commented out
2) Are you running NameVirtualHosts where you'd have to define a
CustomLog for each?

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


[EMAIL PROTECTED] wrote:
> 
> hi, in my logs files don't aper the user-agent (Mozilla, lynx ecc...) logs
> ..
> 
> why ?
> 
> example:
> 
> debian - - [12/Jan/2002:14:03:02 +0100] "GET /doc/HTML/web/w3/index.html
> HTTP/1.1" 200 5208
> 
> and in my httpd.conf
> 
> ...
> ...
> LogFormat "%h %l %u %t \"%r\" %>s %b
> \"%{Referer}i\" \"%{User-Agent}i\"" combined
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
> LogFormat "%{Referer}i -> %U" referer
> LogFormat "%{User-agent}i" agent
> 
> # The location of the access logfile (Common Logfile Format).
> # If this does not start with /, ServerRoot is prepended to it.
> 
> CustomLog /var/log/apache/access.log combined


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: EXIM, LDAP and some pop3 stuff?

2002-01-12 Thread Peter Billson


> But I think this is an inherent UNIX / LDAP problem. LDAP seems
> a very powerful tool doing for UNIX everything the 'Regestry' has
> done for windows - and more. Whats missing here is some standardized
> way of how to do it.

  Now there is something to strive for. One monolithic, incomprehensible
mess that will cause your entire system to stop functioning if one byte
is out of order.
  If using a Windows-like registry is "fixing" it, I'll keep the *nix's
"broken" method, thank you. 

Pete Billson
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: HP LC2000r trouble

2002-01-11 Thread Peter Billson

> I suspect the same problem !
> So I write 3 floppies with resue.bin root.bin and drivers-1.bin from the
> debian 2.2r5 "compact flavor" of kernel. The kernel is 2.2.19. The boot
> works, the dboostrap start, but when I want to read the drivers from the
> third floppy the message is that this floppy doesn't contain a
> filesistem.
> 
> Perhaps I done something wrong ...
> I cannot use the third floppy in any way !
> And to eliminate the problem of a bad floppy I tried to mount the image:
> mount -o loop ./driver-1.bin /mnt
> ... but ...
> kernel: FAT: bogus logical sector size 8308
> kernel: VFS: Can't find a valid FAT filesystem on dev 07:00
> 
> I hope this is not a RTFM problem :)


H... HP has a install help guide for Debian available at
http://netserver.hp.com/support/manuals.asp?pid=lpr

Is that of any help to you?

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: OT: secondary dns

2002-01-11 Thread Peter Billson

Stability of the Web in general. A domain should resolve regardless if
it is reachable.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


> i guess negative TTL, but is there
> another reason? after all, what use is it to me to be able to resolve
> e.g. metrosophia.com to its IP, if the IP and the backup MX are down?

Re: HP LC2000r trouble

2002-01-11 Thread Peter Billson


> I suspect the same problem !
> So I write 3 floppies with resue.bin root.bin and drivers-1.bin from the
> debian 2.2r5 "compact flavor" of kernel. The kernel is 2.2.19. The boot
> works, the dboostrap start, but when I want to read the drivers from the
> third floppy the message is that this floppy doesn't contain a
> filesistem.
> 
> Perhaps I done something wrong ...
> I cannot use the third floppy in any way !
> And to eliminate the problem of a bad floppy I tried to mount the image:
> mount -o loop ./driver-1.bin /mnt
> ... but ...
> kernel: FAT: bogus logical sector size 8308
> kernel: VFS: Can't find a valid FAT filesystem on dev 07:00
> 
> I hope this is not a RTFM problem :)


H... HP has a install help guide for Debian available at
http://netserver.hp.com/support/manuals.asp?pid=lpr

Is that of any help to you?

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: OT: secondary dns

2002-01-11 Thread Peter Billson


Stability of the Web in general. A domain should resolve regardless if
it is reachable.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


> i guess negative TTL, but is there
> another reason? after all, what use is it to me to be able to resolve
> e.g. metrosophia.com to its IP, if the IP and the backup MX are down?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: HP LC2000r trouble

2002-01-11 Thread Peter Billson

Adrian,
  I've not played with a HP with megaraid but I can point you to a
Dell/Redhat specific site that may get you started
http://domsch.com/linux/ - see the megaraid section.

  The basic problem is that you need the correct driver for your card to
get the install to work and the older kernels didn't have great RAID
support. You may have better success with a newer kernel (i.e. 2.4.9)
but that doesn't help with your install.

  Your 2.2.19 problem sounds like you have the RAID or SCSI driver(s)
compiled as modules and not into the kernel. The bootstrapping obviously
works, since the kernel loads.

  You need to either compile the drivers into the kernel or set up an
initrd to provide the modules in an initial ramdisk.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Adrian Minta wrote:
> 
> I am trying to install Debian potato onto Netserver LC
> 2000r machine from HP.
> With kernel 2.2.18pre21 (potato 2.2r3) the kernel
> hangs with last message :
> scsi2: Found a MegaRAID controller
> 
> With kernel 2.2.19 the kernel boots, but no hardrives
> are detected.
> 
> Does anyone found this situation ?
> Please HELP ME!
> 
> __
> Do You Yahoo!?
> Send FREE video emails in Yahoo! Mail!
> http://promo.yahoo.com/videomail/
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: HP LC2000r trouble

2002-01-11 Thread Peter Billson

Adrian,
  I've not played with a HP with megaraid but I can point you to a
Dell/Redhat specific site that may get you started
http://domsch.com/linux/ - see the megaraid section.

  The basic problem is that you need the correct driver for your card to
get the install to work and the older kernels didn't have great RAID
support. You may have better success with a newer kernel (i.e. 2.4.9)
but that doesn't help with your install.

  Your 2.2.19 problem sounds like you have the RAID or SCSI driver(s)
compiled as modules and not into the kernel. The bootstrapping obviously
works, since the kernel loads.

  You need to either compile the drivers into the kernel or set up an
initrd to provide the modules in an initial ramdisk.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Adrian Minta wrote:
> 
> I am trying to install Debian potato onto Netserver LC
> 2000r machine from HP.
> With kernel 2.2.18pre21 (potato 2.2r3) the kernel
> hangs with last message :
> scsi2: Found a MegaRAID controller
> 
> With kernel 2.2.19 the kernel boots, but no hardrives
> are detected.
> 
> Does anyone found this situation ?
> Please HELP ME!
> 
> __
> Do You Yahoo!?
> Send FREE video emails in Yahoo! Mail!
> http://promo.yahoo.com/videomail/
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: netscape o cosa ?

2002-01-09 Thread Peter Billson

> There are products, that just runs under IE. But IE is freeware. So
> why not download it and intergrate with wine to your linux...

  Have you tried this? I'm wondering if IE runs reliably under WINE...
at least as (un)reliably as it does under Windoze.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: netscape o cosa ?

2002-01-09 Thread Peter Billson


> There are products, that just runs under IE. But IE is freeware. So
> why not download it and intergrate with wine to your linux...

  Have you tried this? I'm wondering if IE runs reliably under WINE...
at least as (un)reliably as it does under Windoze.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: netscape o cosa ?

2002-01-08 Thread Peter Billson

If you don't like Netscape, try http://www.opera.com

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


[EMAIL PROTECTED] wrote:
> 
> cosa usate voi per navigare in internet senza problemi ? (e non mi dite
> lynx perche non supporta ne java ne tutte le altre cose !!!)
> 
> io ho provato sia netscape che opera e con tutti e due ho problemi nella
> magior parte dei siti che quindi mi tocca vederli con IE (soto W$)
> 
> _
> 
> Sebastian Ezequiel Ovide
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: netscape o cosa ?

2002-01-08 Thread Peter Billson


If you don't like Netscape, try http://www.opera.com

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


[EMAIL PROTECTED] wrote:
> 
> cosa usate voi per navigare in internet senza problemi ? (e non mi dite
> lynx perche non supporta ne java ne tutte le altre cose !!!)
> 
> io ho provato sia netscape che opera e con tutti e due ho problemi nella
> magior parte dei siti che quindi mi tocca vederli con IE (soto W$)
> 
> _
> 
> Sebastian Ezequiel Ovide
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

NFS Problem

2001-12-15 Thread Peter Billson

Hello *,
  I am having permissions problems with a NFS mount that I just can't
figure out
and I'm hoping someone can help.

  I am NFS mounting a drive on machine A by using automount on
machine B. The drive shows it is mounted rwxrwxrwx and owned root.root.

  Any user can read and write to the disk (as I want) but only root can
create a
new file. I need to give other users the ability to write a new file to
the disk.

  I am exporting the drive (rw,no_root_squash) and automounting it

-fstype=nfs,retry=1,soft

Any suggestions why a normal user can not create a file and how to let
them?

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

NFS Problem

2001-12-15 Thread Peter Billson


Hello *,
  I am having permissions problems with a NFS mount that I just can't
figure out
and I'm hoping someone can help.

  I am NFS mounting a drive on machine A by using automount on
machine B. The drive shows it is mounted rwxrwxrwx and owned root.root.

  Any user can read and write to the disk (as I want) but only root can
create a
new file. I need to give other users the ability to write a new file to
the disk.

  I am exporting the drive (rw,no_root_squash) and automounting it

-fstype=nfs,retry=1,soft

Any suggestions why a normal user can not create a file and how to let
them?

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Strange apache behaviour?

2001-12-08 Thread Peter Billson

Jason,
  Apaches log file ownership and permissions are set when they rotate in
/etc/cron.daily/apache (about line 90 or so). As pointed out there are
security issues to worry about so be careful.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


Jason Lim wrote:
> 
> Anyone figured out my apache problem (log file permissions)?
> 
> I still haven't figured this one out yet.
> 
> TIA,
> 
> Jas
> 
> - Original Message -
> From: "Jason Lim" <[EMAIL PROTECTED]>
> To: 
> Sent: Saturday, December 08, 2001 1:52 AM
> Subject: Re: Strange apache behaviour?
> 
> > Thats not very good security-wise to run webalizer as www-data, because
> if
> > a user ever finds a way to poison the log files, then webalizer will run
> > them as www-data, and possibly be able to fool around with apache too
> > (because they now run as the same user).
> >
> > A far better way (and much more direct) would be to have a way to change
> > apache's log files BACK to the previous permissions.
> >
> > I think if no one knows the answer i'll have to ask netgod himself... (i
> > think he is still the package maintainer?)
> >
> > Sincerely,
> > Jason
> >
> > - Original Message -
> > From: "Denis A. Kulgeyko" <[EMAIL PROTECTED]>
> > To: "Jason Lim" <[EMAIL PROTECTED]>
> > Sent: Friday, December 07, 2001 9:10 PM
> > Subject: Re: Strange apache behaviour?
> >
> >
> > >  Hello !
> > >
> > > > Do you know how to change the permissions of the log files apache
> > > > generates?
> > > >
> > > > -rw-r-1 www-data www-data  1372461 Dec  7 13:04
> > apache-access.log
> > > > -rw-r-1 www-data www-data   740269 Dec  2 06:21
> > > > apache-access.log.0
> > > > -rw-r-1 www-data www-data44414 Nov 25 05:52
> > > > apache-access.log.1.gz
> > > > -rw-rw-r--1 www-data www-data   167114 Sep 23 06:10
> > > > apache-access.log.10.gz
> > > > -rw-rw-r--1 www-data www-data13069 Sep 16 06:06
> > > > apache-access.log.11.gz
> > > > -rw-rw-r--1 www-data www-data14357 Sep  9 06:04
> > > > apache-access.log.12.gz
> > > > -rw-rw-r--1 www-data www-data21209 Sep  2 06:24
> > > > apache-access.log.13.gz
> > > > -rw-rw-r--1 www-data www-data 5979 Nov 19  2000
> > > > apache-access.log.14.gz
> > > > -rw-rw-r--1 www-data www-data36771 Nov 18 06:23
> > > > apache-access.log.2.gz
> > > >
> > > > It USED to be readable by all, now the persmissions have changed
> > (which in
> > > > my case screws up the webalizer processes run by users).
> > > >
> > > > Having a look at the changelog...
> > > >
> > > > apache (1.3.22-1) unstable; urgency=low
> > > >   * Default ownership of logfiles is root/adm, perms 640 (closes:
> > > > #112675).
> > > >
> > > > Thats all nice a good... but how to I get it 644? I looked and can't
> > > > appear to find it. Closest thing I could find was in
> > > > /etc/apache/cron.conf, but that only sets the uid/gid, not the file
> > > > permissions of the logfiles.
> > > >
> > > > Any ideas?
> > >
> > > Run webalizer with permissions of group www-data and set appropriate
> > umask to
> > > user www-data (may be to loogrotate daemon too).
> > >
> > > --
> > > With Best Regards,
> > > Denis A. Kulgeyko
> > > DK666-UANIC
> > > e-mail: [EMAIL PROTECTED]
> > > ICQ: 81607525
> > > SMS: [EMAIL PROTECTED]
> > > --
> > > UNIXes ... they are VERY friendly.
> > > But .. they chooses their friends VERY carefully ... :)
> > > ^]:wq!
> > >
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> >
> >
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Strange apache behaviour?

2001-12-08 Thread Peter Billson


Jason,
  Apaches log file ownership and permissions are set when they rotate in
/etc/cron.daily/apache (about line 90 or so). As pointed out there are
security issues to worry about so be careful.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


Jason Lim wrote:
> 
> Anyone figured out my apache problem (log file permissions)?
> 
> I still haven't figured this one out yet.
> 
> TIA,
> 
> Jas
> 
> - Original Message -
> From: "Jason Lim" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, December 08, 2001 1:52 AM
> Subject: Re: Strange apache behaviour?
> 
> > Thats not very good security-wise to run webalizer as www-data, because
> if
> > a user ever finds a way to poison the log files, then webalizer will run
> > them as www-data, and possibly be able to fool around with apache too
> > (because they now run as the same user).
> >
> > A far better way (and much more direct) would be to have a way to change
> > apache's log files BACK to the previous permissions.
> >
> > I think if no one knows the answer i'll have to ask netgod himself... (i
> > think he is still the package maintainer?)
> >
> > Sincerely,
> > Jason
> >
> > - Original Message -
> > From: "Denis A. Kulgeyko" <[EMAIL PROTECTED]>
> > To: "Jason Lim" <[EMAIL PROTECTED]>
> > Sent: Friday, December 07, 2001 9:10 PM
> > Subject: Re: Strange apache behaviour?
> >
> >
> > >  Hello !
> > >
> > > > Do you know how to change the permissions of the log files apache
> > > > generates?
> > > >
> > > > -rw-r-1 www-data www-data  1372461 Dec  7 13:04
> > apache-access.log
> > > > -rw-r-1 www-data www-data   740269 Dec  2 06:21
> > > > apache-access.log.0
> > > > -rw-r-1 www-data www-data44414 Nov 25 05:52
> > > > apache-access.log.1.gz
> > > > -rw-rw-r--1 www-data www-data   167114 Sep 23 06:10
> > > > apache-access.log.10.gz
> > > > -rw-rw-r--1 www-data www-data13069 Sep 16 06:06
> > > > apache-access.log.11.gz
> > > > -rw-rw-r--1 www-data www-data14357 Sep  9 06:04
> > > > apache-access.log.12.gz
> > > > -rw-rw-r--1 www-data www-data21209 Sep  2 06:24
> > > > apache-access.log.13.gz
> > > > -rw-rw-r--1 www-data www-data 5979 Nov 19  2000
> > > > apache-access.log.14.gz
> > > > -rw-rw-r--1 www-data www-data36771 Nov 18 06:23
> > > > apache-access.log.2.gz
> > > >
> > > > It USED to be readable by all, now the persmissions have changed
> > (which in
> > > > my case screws up the webalizer processes run by users).
> > > >
> > > > Having a look at the changelog...
> > > >
> > > > apache (1.3.22-1) unstable; urgency=low
> > > >   * Default ownership of logfiles is root/adm, perms 640 (closes:
> > > > #112675).
> > > >
> > > > Thats all nice a good... but how to I get it 644? I looked and can't
> > > > appear to find it. Closest thing I could find was in
> > > > /etc/apache/cron.conf, but that only sets the uid/gid, not the file
> > > > permissions of the logfiles.
> > > >
> > > > Any ideas?
> > >
> > > Run webalizer with permissions of group www-data and set appropriate
> > umask to
> > > user www-data (may be to loogrotate daemon too).
> > >
> > > --
> > > With Best Regards,
> > > Denis A. Kulgeyko
> > > DK666-UANIC
> > > e-mail: [EMAIL PROTECTED]
> > > ICQ: 81607525
> > > SMS: [EMAIL PROTECTED]
> > > --
> > > UNIXes ... they are VERY friendly.
> > > But .. they chooses their friends VERY carefully ... :)
> > > ^]:wq!
> > >
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> >
> >
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: host & DNS

2001-11-26 Thread Peter Billson

> I am trying to understand how the hosts.allow and hosts.deny files work as
> well as DNS.
> 
> So far, I have a nameserver, but kept getting an error:
> 
> warning: /etc/hosts.allow, line 11: can't verify hostname:  gethostbyname
> (gomez.star.cd) failed
> 
> I finally figured out that something was wrong as one of this ISP's user
> complained that they couldn't send an email to my mailserver (which is the
> nameserver as well).
> 
> I did a host lookup and got the following:
> 
> host 203.36.43.17
> Name: gomez.star.cd
> Address: 203.36.43.17
> 
> then later:
> 
> host gomez.star.cd
> gomez.star.cd does not exist, try again


It sounds like you have two problems.

DNS shouldn't be affected by the hosts.allow/deny files since it is not
run out of inet.d and the "can't verify hostname" indicates that you
have a DNS problem.
Check the daemon log to see if bind is complaining. Does it stay running
after you start it? Do you have reverse DNS working properly?

Second, you really can't filter connections to your mail server if you
are running a public mailserver, since you want everyone in the world to
be able to send you mail. Of course you could try to filter out spammers
that way, but that would be like playing wack-a-mole.

There is a lot of reference material. Check out
http://www.google.com/search?hl=en&q=linux+tcpwrappers

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: host & DNS

2001-11-26 Thread Peter Billson


> I am trying to understand how the hosts.allow and hosts.deny files work as
> well as DNS.
> 
> So far, I have a nameserver, but kept getting an error:
> 
> warning: /etc/hosts.allow, line 11: can't verify hostname:  gethostbyname
> (gomez.star.cd) failed
> 
> I finally figured out that something was wrong as one of this ISP's user
> complained that they couldn't send an email to my mailserver (which is the
> nameserver as well).
> 
> I did a host lookup and got the following:
> 
> host 203.36.43.17
> Name: gomez.star.cd
> Address: 203.36.43.17
> 
> then later:
> 
> host gomez.star.cd
> gomez.star.cd does not exist, try again


It sounds like you have two problems.

DNS shouldn't be affected by the hosts.allow/deny files since it is not
run out of inet.d and the "can't verify hostname" indicates that you
have a DNS problem.
Check the daemon log to see if bind is complaining. Does it stay running
after you start it? Do you have reverse DNS working properly?

Second, you really can't filter connections to your mail server if you
are running a public mailserver, since you want everyone in the world to
be able to send you mail. Of course you could try to filter out spammers
that way, but that would be like playing wack-a-mole.

There is a lot of reference material. Check out
http://www.google.com/search?hl=en&q=linux+tcpwrappers

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: debian/cyclades .vs. cisco

2001-11-20 Thread Peter Billson

John Hawley wrote:
> 
> Hi.
> 
> I just priced out a Cisco to handle multiple T1's for our Internet access.
> $15K+, ack!
> 
> Just wondering.  Anyone have any experience using the Cyclades-PC300 boards?
> I've already converted the my network services from M$ to Debian/Linux and 
> have
> nothing against converting our router from Ci$co if Linux can match the
> stability.

  I don't have experience with the Cyclades boards but I use Sangoma
(www.sangoma.com) cards in a POTS PIII box and it doesn't even register
a load average saturating multiple T's and multiple NICS.

  Sangoma's support has been fantastic and the box has never failed to
operate properly in over a year... for 10% of the cost of a Cisco.

 We are currently working to get it running off of a CD-ROM so that we
can eliminate the hard drive as a possible point of failure. Linux
routers are so cheap to build, you can incorporate a couple into your
network design (assuming you are running BGP or the like) and one can
fail, or be taken one out of service for maintenance, and not affect
your connectivity.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: debian/cyclades .vs. cisco

2001-11-20 Thread Peter Billson

John Hawley wrote:
> 
> Hi.
> 
> I just priced out a Cisco to handle multiple T1's for our Internet access.
> $15K+, ack!
> 
> Just wondering.  Anyone have any experience using the Cyclades-PC300 boards?
> I've already converted the my network services from M$ to Debian/Linux and have
> nothing against converting our router from Ci$co if Linux can match the
> stability.

  I don't have experience with the Cyclades boards but I use Sangoma
(www.sangoma.com) cards in a POTS PIII box and it doesn't even register
a load average saturating multiple T's and multiple NICS.

  Sangoma's support has been fantastic and the box has never failed to
operate properly in over a year... for 10% of the cost of a Cisco.

 We are currently working to get it running off of a CD-ROM so that we
can eliminate the hard drive as a possible point of failure. Linux
routers are so cheap to build, you can incorporate a couple into your
network design (assuming you are running BGP or the like) and one can
fail, or be taken one out of service for maintenance, and not affect
your connectivity.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: DELL perc3/di users

2001-11-19 Thread Peter Billson

   The install that I did was using RedHat so it is a bit different then
Debian but what I did was download the PERCRAID driver module from
Dell's download area and loaded it during install when asked if you have
any drivers on floppies.

  Once the module was loaded the rest of the install went as usual.

Compiling your own bootable kernel would be a much better solution since
the Dell driver is probably compiled against one of RedHat's
hyper-patched kernels.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

alexis bory wrote:
> 
> >Did you check out http://www.merilus.com/~kevin/aacraid.html ? He
> > has Debian boot disks with the kernel you're looking for. I'd do a
> > potato install then change your apt sources to woody and do a
> dist-upgrade.
> 
> I already used Kevin Traas's disks image to install potato on some 2450
> and it works perfectly with aacraid 1.0.6 . 2450 have perc3/si (single
> RAID chanel). When I try these disk on a 2550 (perc3/di dual RAID chanel)
> I got this message :
> 
>user.err dbootstrap[28]: No hard disk drive could de found. blahblah...
> 
> Did you experience it?
> 
> I'm going to 'try' to build some new images with the latest aacraid driver
> version (1.0.7) which should be complient with 2550 servers.
> 
> alexis
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: DELL perc3/di users

2001-11-19 Thread Peter Billson


   The install that I did was using RedHat so it is a bit different then
Debian but what I did was download the PERCRAID driver module from
Dell's download area and loaded it during install when asked if you have
any drivers on floppies.

  Once the module was loaded the rest of the install went as usual.

Compiling your own bootable kernel would be a much better solution since
the Dell driver is probably compiled against one of RedHat's
hyper-patched kernels.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


alexis bory wrote:
> 
> >Did you check out http://www.merilus.com/~kevin/aacraid.html ? He
> > has Debian boot disks with the kernel you're looking for. I'd do a
> > potato install then change your apt sources to woody and do a
> dist-upgrade.
> 
> I already used Kevin Traas's disks image to install potato on some 2450
> and it works perfectly with aacraid 1.0.6 . 2450 have perc3/si (single
> RAID chanel). When I try these disk on a 2550 (perc3/di dual RAID chanel)
> I got this message :
> 
>user.err dbootstrap[28]: No hard disk drive could de found. blahblah...
> 
> Did you experience it?
> 
> I'm going to 'try' to build some new images with the latest aacraid driver
> version (1.0.7) which should be complient with 2550 servers.
> 
> alexis
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: DELL perc3/di users

2001-11-19 Thread Peter Billson

   Did you check out http://www.merilus.com/~kevin/aacraid.html ? He has Debian 
boot disks with the kernel you're looking for. I'd do a potato install then 
change your apt sources to woody and do a dist-upgrade.

  I have done a RedHat install on a similar machine and there really are no big 
surprises. Just like any SCSI install you need to either build the hard drive 
driver (in this case the PERCRAID driver) into the kernel or make an initrd if 
the driver is only
available as a module.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

alexis bory wrote:
> 
> hi,
> 
> I'm looking for the easiest way to manage 'testing' installation on the
> 2550 Dell servers.
> I think i have to boot them with a rescue disk with
> aacraid 1.0.7 already ennabled and I'm looking for a patched kernel.
> 
> Matt Domsch's ( http://domsch.com/linux/ ) page gives a link on
> ftp://ftp.debian.org/pub/mirrors/debian/pool/main/k/kernel-source-2.2.19/ker
> nel-source-2.2.19_2.2.19-7_all.deb but I'm blind or this doesn't exist.
> 
> Does someone did this install, and could help me ?
> 
> Thanks, Alexis
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: DELL perc3/di users

2001-11-19 Thread Peter Billson

   Did you check out http://www.merilus.com/~kevin/aacraid.html ? He has Debian boot 
disks with the kernel you're looking for. I'd do a potato install then change your apt 
sources to woody and do a dist-upgrade.

  I have done a RedHat install on a similar machine and there really are no big 
surprises. Just like any SCSI install you need to either build the hard drive driver 
(in this case the PERCRAID driver) into the kernel or make an initrd if the driver is 
only
available as a module.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting

alexis bory wrote:
> 
> hi,
> 
> I'm looking for the easiest way to manage 'testing' installation on the
> 2550 Dell servers.
> I think i have to boot them with a rescue disk with
> aacraid 1.0.7 already ennabled and I'm looking for a patched kernel.
> 
> Matt Domsch's ( http://domsch.com/linux/ ) page gives a link on
> ftp://ftp.debian.org/pub/mirrors/debian/pool/main/k/kernel-source-2.2.19/ker
> nel-source-2.2.19_2.2.19-7_all.deb but I'm blind or this doesn't exist.
> 
> Does someone did this install, and could help me ?
> 
> Thanks, Alexis
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: policies for securing privacy systemwide against random wiretap/nettap

2001-10-26 Thread Peter Billson

[EMAIL PROTECTED] wrote:
> 
> Given recent passage of the Patriot Act here in US, I'm re-evaluating
> privacy policies at the ISP I run.
> 
> I'm curious what mechanisms and policies we might keep/implement
> to preserve the privacy and integrity of our clients.  Some are obvious:
>  *  gnpgp/pgp email
>  *  quick and regular deletion of logs after our system security checks
> 
> What about protecting client data?  Suppose someone with a name like
> "Saddam" signs up for a mailing list; what can be done to protect everyone
> else on that mailing list.  (I did not make up that example.)  Are
> there ways of handling data like that mailing list that would keep it
> private?o  What about customer databases?
> 
> This may not be the place for this; can someone suggest other resources?
> 
> Thanks,
> 
> cfm

  This is a very important issue, particularly in light of the draconian
bill just passed and, even though not Debian specific, should be of
great interest to many ISPs.

  Be aware that simply encrypting mail and erasing old logs will not
shield your customers very well and may inadvertently create a worse
situation. Whatever policies you implement, be sure to thoroughly think
through the possible outcomes and be sure to have a well thought out and
rational reason for them.

  Deleting server logs to "protect my customers' privacy" could easily
be transformed by today's "witch hunt" mentality into deleting server
logs to "intentionally erase evidence that could be used against the
terrorists using my system" A policy to quickly erase server logs to
enhance system security and maintain adequate disk space may be
perceived to be more rational and "patriotic."

 For PGP, the government could easily recover the PGP keys from either
your servers or the customers machines - perhaps even without your or
the customer's knowledge since the government is allowed to ask for
"secret" search warrants.

   Hmmm.. I wonder if the FBI would be violating the DMCA if they
circumvented the encryption of your email, which after all is a
"published" work and therefore copyrighted. :-)

  Deleting the log files, and even writing all zeros to the disk,
doesn't make the files irretrievable. This policy may actually make
things *worse* for your customers because law enforcement may assume,
because of your actions, that you are attempting to hide something. The
"innocent until proven guilty" thing is just lip service.

   Law enforcement may even more deeply invade your customers privacy by
doing a more thorough search then they would have done otherwise.  They
may seize the computer to do forensic work to recover the logs, which
means your customers lose data all their data and service or they may
shut you down completely to prevent you from destroying more "evidence."

  Perhaps writing logs to /dev/shm would be a way to go, if you are
really intent on total erasure of the logs, but that has security
ramifications.

  Having said all the above, I'd hope that all ISPs have a policy to
discontinue service to anyone using their system for "wrong" purposes
and that includes terrorism and SPAM!

Pete Billson
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: policies for securing privacy systemwide against random wiretap/nettap

2001-10-26 Thread Peter Billson

[EMAIL PROTECTED] wrote:
> 
> Given recent passage of the Patriot Act here in US, I'm re-evaluating
> privacy policies at the ISP I run.
> 
> I'm curious what mechanisms and policies we might keep/implement
> to preserve the privacy and integrity of our clients.  Some are obvious:
>  *  gnpgp/pgp email
>  *  quick and regular deletion of logs after our system security checks
> 
> What about protecting client data?  Suppose someone with a name like
> "Saddam" signs up for a mailing list; what can be done to protect everyone
> else on that mailing list.  (I did not make up that example.)  Are
> there ways of handling data like that mailing list that would keep it
> private?o  What about customer databases?
> 
> This may not be the place for this; can someone suggest other resources?
> 
> Thanks,
> 
> cfm

  This is a very important issue, particularly in light of the draconian
bill just passed and, even though not Debian specific, should be of
great interest to many ISPs.

  Be aware that simply encrypting mail and erasing old logs will not
shield your customers very well and may inadvertently create a worse
situation. Whatever policies you implement, be sure to thoroughly think
through the possible outcomes and be sure to have a well thought out and
rational reason for them.

  Deleting server logs to "protect my customers' privacy" could easily
be transformed by today's "witch hunt" mentality into deleting server
logs to "intentionally erase evidence that could be used against the
terrorists using my system" A policy to quickly erase server logs to
enhance system security and maintain adequate disk space may be
perceived to be more rational and "patriotic."

 For PGP, the government could easily recover the PGP keys from either
your servers or the customers machines - perhaps even without your or
the customer's knowledge since the government is allowed to ask for
"secret" search warrants.

   Hmmm.. I wonder if the FBI would be violating the DMCA if they
circumvented the encryption of your email, which after all is a
"published" work and therefore copyrighted. :-)

  Deleting the log files, and even writing all zeros to the disk,
doesn't make the files irretrievable. This policy may actually make
things *worse* for your customers because law enforcement may assume,
because of your actions, that you are attempting to hide something. The
"innocent until proven guilty" thing is just lip service.

   Law enforcement may even more deeply invade your customers privacy by
doing a more thorough search then they would have done otherwise.  They
may seize the computer to do forensic work to recover the logs, which
means your customers lose data all their data and service or they may
shut you down completely to prevent you from destroying more "evidence."

  Perhaps writing logs to /dev/shm would be a way to go, if you are
really intent on total erasure of the logs, but that has security
ramifications.

  Having said all the above, I'd hope that all ISPs have a policy to
discontinue service to anyone using their system for "wrong" purposes
and that includes terrorism and SPAM!

Pete Billson
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Project 2000 on Debian (under Wine) ?

2001-10-25 Thread Peter Billson

Jeff Waugh wrote:
> 
> 
> 
> > I am looking for a Linux based tool that is designed to help manage a
> > variety of projects. This tool needs to be able to schedule and track
> > tasks
> 
> MrProject from CodeFactory (codefactory.se) is kicking arse at the moment;
> perhaps you could pitch in and help out?
> 
> > and interface with Outlook clients. Anybody know one?
> 
> Interface with Outlook? Ain't going to happen. Unless everything is done via
> iCal, etc. I don't believe Project and Oulook use this as their primary
> interface on Windows anyway. You won't be getting this feature any time
> soon.
> 
> - Jeff

There is a Company at
http://www.bynari.net/Products/TradeServer/trade_server.html that has
info on using Outlook with Linux. I have never used it but it looks
interesting.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: Project 2000 on Debian (under Wine) ?

2001-10-25 Thread Peter Billson


Jeff Waugh wrote:
> 
> 
> 
> > I am looking for a Linux based tool that is designed to help manage a
> > variety of projects. This tool needs to be able to schedule and track
> > tasks
> 
> MrProject from CodeFactory (codefactory.se) is kicking arse at the moment;
> perhaps you could pitch in and help out?
> 
> > and interface with Outlook clients. Anybody know one?
> 
> Interface with Outlook? Ain't going to happen. Unless everything is done via
> iCal, etc. I don't believe Project and Oulook use this as their primary
> interface on Windows anyway. You won't be getting this feature any time
> soon.
> 
> - Jeff

There is a Company at
http://www.bynari.net/Products/TradeServer/trade_server.html that has
info on using Outlook with Linux. I have never used it but it looks
interesting.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Webalizer

2001-10-18 Thread Peter Billson


> Hassle with upgrading to 2.0 is that, AFAIK, it'll trash your history for
> that year (could be wrong...)


  Actually, the repaired .deb package has made it to proposed updates in
stable and apt-get update, apt-get upgrade will install the fixed
package.
  The README.1st file has a few, simple steps to save all your old
history.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: A few questions

2001-10-18 Thread Peter Billson

Assuming you are using Apache as your Web server you want to add the
following to your /etc/apache/http.conf file (where 192.168.1.2:80 is
the IP and port you are using):

NameVirtualHost 192.168.1.2:80


ServerName www.domain1.com
{any other directives for this domain}



ServerName www.domain2.com
{any other directives for this domain}


Take a look at http://www.apache.org for complete docs.


qmail is a Mail Transport Agent (MTA). That is, it serves the purpose of
sending and receiving mail between mail servers and uses SMTP. You are
looking for a server to service clients (i.e. Eudora) via POP3. There
are a number including qpopper and courier.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


"[EMAIL PROTECTED]" wrote:
> 
> Hi All,
> 
> I have a few questions regarding email servers, web servers, etc.
> 
> I know that it is possible to set up virtual hosting by giving one box 
> multiple IP addresses. Is it possible to make www.domain1.com and 
> www.domain2.com resolve to the same IP but have some way of going to the 
> right page on the server?
> 
> I was going to try qmail, but from what I have read on the qmail site (but I 
> probably interpreted it incorrectly), it is an SMTP server only. Is there 
> some addon to allow it to act as a POP3 server as well?
> 
> Thanks in advance,
> 
> Michael Jager
> [EMAIL PROTECTED]
> 
> 
> mail2web - Check your email from the web at
> http://mail2web.com/ .
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Webalizer

2001-10-18 Thread Peter Billson



> Hassle with upgrading to 2.0 is that, AFAIK, it'll trash your history for
> that year (could be wrong...)


  Actually, the repaired .deb package has made it to proposed updates in
stable and apt-get update, apt-get upgrade will install the fixed
package.
  The README.1st file has a few, simple steps to save all your old
history.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: A few questions

2001-10-18 Thread Peter Billson


Assuming you are using Apache as your Web server you want to add the
following to your /etc/apache/http.conf file (where 192.168.1.2:80 is
the IP and port you are using):

NameVirtualHost 192.168.1.2:80


ServerName www.domain1.com
{any other directives for this domain}



ServerName www.domain2.com
{any other directives for this domain}


Take a look at http://www.apache.org for complete docs.


qmail is a Mail Transport Agent (MTA). That is, it serves the purpose of
sending and receiving mail between mail servers and uses SMTP. You are
looking for a server to service clients (i.e. Eudora) via POP3. There
are a number including qpopper and courier.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


"[EMAIL PROTECTED]" wrote:
> 
> Hi All,
> 
> I have a few questions regarding email servers, web servers, etc.
> 
> I know that it is possible to set up virtual hosting by giving one box multiple IP 
>addresses. Is it possible to make www.domain1.com and www.domain2.com resolve to the 
>same IP but have some way of going to the right page on the server?
> 
> I was going to try qmail, but from what I have read on the qmail site (but I 
>probably interpreted it incorrectly), it is an SMTP server only. Is there some addon 
>to allow it to act as a POP3 server as well?
> 
> Thanks in advance,
> 
> Michael Jager
> [EMAIL PROTECTED]
> 
> 
> mail2web - Check your email from the web at
> http://mail2web.com/ .
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Portable Web Server Mirror

2001-10-14 Thread Peter Billson

Hey all,
  Here is a mind exercise for you all:

  I would like to provide my sales rep with a portable mirror of a Web
server. The idea is that they'd be able to live demo our abilities
without the need for any connection to the net.

  She's already got a Thinkpad running woody and I'd like to have the
her be able to just sync the notebook up to the real server and away
they go. The snyc process should add and delete any new domains,
content, etc. during the sync process with little or no interaction.

  The notebook would need to be totally stand alone, running all needed
services (MySQL, DNS, Apache, etc.) but still be able to interact with
the Web server (which means I can't simply clone the whole machine).

  Any and all ideas, suggestions, etc. are welcome.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: problem with php-cgi

2001-10-14 Thread Peter Billson

> and this is the output:
> 
> ./prova.cgi
> X-Powered-By: PHP/4.0.3pl1
> Content-type: text/html
> 
> Questo e' solo una prova
> 
> why apache tel me: Premature end of script headers: ??

I can't tell you why your script isn't working correctly but Apache is
upset because you are returning the X-Powered-By header before the
Content-type header. The Content-type header *must* be first.

The script works from the command line because the command line couldn't
care less what you return.

The script works as a handler because Apache takes care of sending the
Content-type header.

The script fails as a cgi because the Content-type header is not
returned first.


Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Portable Web Server Mirror

2001-10-14 Thread Peter Billson


Hey all,
  Here is a mind exercise for you all:

  I would like to provide my sales rep with a portable mirror of a Web
server. The idea is that they'd be able to live demo our abilities
without the need for any connection to the net.

  She's already got a Thinkpad running woody and I'd like to have the
her be able to just sync the notebook up to the real server and away
they go. The snyc process should add and delete any new domains,
content, etc. during the sync process with little or no interaction.

  The notebook would need to be totally stand alone, running all needed
services (MySQL, DNS, Apache, etc.) but still be able to interact with
the Web server (which means I can't simply clone the whole machine).

  Any and all ideas, suggestions, etc. are welcome.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: problem with php-cgi

2001-10-14 Thread Peter Billson


> and this is the output:
> 
> ./prova.cgi
> X-Powered-By: PHP/4.0.3pl1
> Content-type: text/html
> 
> Questo e' solo una prova
> 
> why apache tel me: Premature end of script headers: ??

I can't tell you why your script isn't working correctly but Apache is
upset because you are returning the X-Powered-By header before the
Content-type header. The Content-type header *must* be first.

The script works from the command line because the command line couldn't
care less what you return.

The script works as a handler because Apache takes care of sending the
Content-type header.

The script fails as a cgi because the Content-type header is not
returned first.


Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: problem with php-cgi

2001-10-12 Thread Peter Billson

Sebastian Ezequiel Ovide wrote:
> 
> Hi,
> 
> just installed php4-cgi, fixed bad symlink in /usr/lib/cgi-bin
> 
> The prob is,
> 
> running as a standar cgi does not work ie
> 
> #!/usr/bin/php
> 
> apache complains
> 
> [Thu Dec 21 20:18:36 2000] [error] [client 192.168.1.169] Premature end of
> script headers: /var/www/home/felipe/Proyectos/hola.php4.cgi
> 
> running from the comand line works great and with
> 
> AddHandler bla bla
> Action bla bla bla
> 
> also works fine.
> 
> Any clue
> 
> I'm running potato
> 

Your script is not send the magic Content-type: line before it's output.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: problem with php-cgi

2001-10-12 Thread Peter Billson


Sebastian Ezequiel Ovide wrote:
> 
> Hi,
> 
> just installed php4-cgi, fixed bad symlink in /usr/lib/cgi-bin
> 
> The prob is,
> 
> running as a standar cgi does not work ie
> 
> #!/usr/bin/php
> 
> apache complains
> 
> [Thu Dec 21 20:18:36 2000] [error] [client 192.168.1.169] Premature end of
> script headers: /var/www/home/felipe/Proyectos/hola.php4.cgi
> 
> running from the comand line works great and with
> 
> AddHandler bla bla
> Action bla bla bla
> 
> also works fine.
> 
> Any clue
> 
> I'm running potato
> 

Your script is not send the magic Content-type: line before it's output.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ppp problem

2001-10-10 Thread Peter Billson

> I am new to debian and I am having problem pinging outside my remote
> server when I dial-out. I've used the pppconfig
> to setup my dial-out. When I do an ifconfig ppp0 my ip addresses match
> but it says that Point -To-Point running NOARP MULTICAST. I can used
> my dial-out for Windows 2000 and my old FreeBSD box. My
> /etc/resolv.conf has my DNS addresses and my isp domain name. I cannot
> ping, for example, www.google.com, etc. If there is anything else that
> needs setting up or I have overlooked anything else let me know. Thanx

   Please don't post to the mailing list using HTML mail. Impossible to
read in all text mail clients. :-(

   Is your problem with name resolution or routing? Can you ping to an
outside ip but not to a name or do both ways give you problems?

Things to check:
  Are your routes correct after ppp comes up?
  Are your running a firewall? is it blocking packets?
  Can you ping your side of the ppp interface after it comes up?
  Can you ping your ISPs gateway?


Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: duplicate network filesystems (was: HA mailserver (smtp, pop3, imap,imap/ssl))

2001-10-10 Thread Peter Billson

> Then if one fileserver was down (even temporarily), then all the other
> fileservers (all four) would have to queue a message about the data and
> task and some heartbeat between fileservers could alert it when back up
> and then make sure that the particular filesystem is properly updated.
> 
> What do you all think about this?

Sounds exactly like RAID except that the disks are in physically
different machines. I wonder if you can set up software RAID to use NFS
mounted drives... h... may be worth playing with.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: ppp problem

2001-10-10 Thread Peter Billson


> I am new to debian and I am having problem pinging outside my remote
> server when I dial-out. I've used the pppconfig
> to setup my dial-out. When I do an ifconfig ppp0 my ip addresses match
> but it says that Point -To-Point running NOARP MULTICAST. I can used
> my dial-out for Windows 2000 and my old FreeBSD box. My
> /etc/resolv.conf has my DNS addresses and my isp domain name. I cannot
> ping, for example, www.google.com, etc. If there is anything else that
> needs setting up or I have overlooked anything else let me know. Thanx

   Please don't post to the mailing list using HTML mail. Impossible to
read in all text mail clients. :-(

   Is your problem with name resolution or routing? Can you ping to an
outside ip but not to a name or do both ways give you problems?

Things to check:
  Are your routes correct after ppp comes up?
  Are your running a firewall? is it blocking packets?
  Can you ping your side of the ppp interface after it comes up?
  Can you ping your ISPs gateway?


Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: duplicate network filesystems (was: HA mailserver (smtp, pop3, imap,imap/ssl))

2001-10-10 Thread Peter Billson


> Then if one fileserver was down (even temporarily), then all the other
> fileservers (all four) would have to queue a message about the data and
> task and some heartbeat between fileservers could alert it when back up
> and then make sure that the particular filesystem is properly updated.
> 
> What do you all think about this?

Sounds exactly like RAID except that the disks are in physically
different machines. I wonder if you can set up software RAID to use NFS
mounted drives... h... may be worth playing with.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: webalizer

2001-10-08 Thread Peter Billson

  Take a look at your webalizer.current file. The second line will be
the date of the last record processed. Webalizer will not process any
files before that date to prevent duplication. I have manually changed
the date to process older log files with success.


Pete Billson
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Re: webalizer

2001-10-08 Thread Peter Billson


  Take a look at your webalizer.current file. The second line will be
the date of the last record processed. Webalizer will not process any
files before that date to prevent duplication. I have manually changed
the date to process older log files with success.


Pete Billson
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: iptables and routing

2001-10-07 Thread Peter Billson


Take a look at using iproute2.
http://www.linuxguruz.org/iptables/howto/Adv-Routing-HOWTO.html#s4


Robert Davidson wrote:
> 
> Hi Everyone :)
> 
> I've got a problem and I can't seem to find a solution without putting
> another computer in the works as a router, which isn't really a good
> solution.
> 
> I'm using kernel 2.4.10, iptables and some policy routing.
> 
> What I would like to do (if it's possible) is decide which network
> interface a packet goes out depending on which program generated it
> locally.  For example, if Apache generates a packet, I always want it
> to go out of cipcb0 (vpn interface).
> 
> I have some live IP's routed over the cipcb0 interface, and that goes
> over my cable link.  I'm not allowed to simply serve pages on the
> cable modem IP because it's against their acceptable use policy, and
> I've already had my account suspended once for doing that.  Anyway,
> the problem is, when someone is using the same cable provider as I do,
> if their proxy server gets the request it will ask my server to give
> it the page, but the server won't send the data out of cipcb0 because
> there is a host route pointing to the cable providers proxy/dns server
> as I want to be able to use their proxy/dns servers myself, and
> because the packet comes back to the cable provider through the cable
> modem, it gets dropped, thus there is a large area around me where
> users on the same cable provider that I use can not access any of my
> web pages.
> 
> Does anyone know how to fix this problem?  I've had a play with
> marking packets based on UID and so on in an effort to use the policy
> routing stuff to route the packets up to the cipcb0 interface, but I
> havn't has any success yet.
> 
> --
> Regards,
> Robert Davidson.
> http://www.mlug.org.au/
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Roach Motel For Packets...

2001-09-30 Thread Peter Billson


Let me see if bad drawings help any:

eth0(to Internet IP "A.A.A.A")--|--|
|Router|--eth2(192.168.1.1)
eth1(to Internet IP "B.B.B.B")--|--|  eth2:0(10.0.0.1) 


and

|---|
<<--to router --eth0(192.168.1.2)---|PC #1 -localnet|
eth0:0 (10.0.0.2)   |---|

All traffic to and from 192.168.1.0/27 goes over A.A.A.A
All traffic to and from 10.0.0.0/27 goes over B.B.B.B
A.A.A.A is the default gateway for all other traffic

If I log into the router I can ping any IP, on any interface including
my telco's first hop out eth0 and eth1. Packets get routed as expected.

If I log into PC#1 I can ping any interface on the router, anything on
the localnet and anything on the Internet (through the router's eth0
which is the default gateway) but I can not ping anything on the remote
side of the router's eth1.

If I log into a remote machine I can ping any IP serviced by eth0, can
ping my telco's side of the eth1 connection but can not reach any IPs
serviced by eth1, including eth1 itself.

I'm using ipchains to log *all* packets on every interface and in all
the above examples I can see the ping packets come in eth1 but that's
it. They never attempt to leave through any interface.

Note the IPs in the example are fake. The real IPs are in the public IP
space so the problem isn't trying to route these private IPs over the
internet. :-)

The ipchains rules are:
# Rules for eth0 these work!
ipchains -A input   -i eth2 -s 192.168.1.0/27 -j ACCEPT
ipchains -A output  -i eth2 -d 192.168.1.0/27 -j ACCEPT
ipchains -A forward -i eth0 -s 192.168.1.0/27 -j ACCEPT
ipchains -A forward -i eth2 -d 192.168.1.0/27 -j ACCEPT

# Rules for eth1 these don't!
ipchains -A input   -i eth2 -s 10.0.0.0/27 -j ACCEPT
ipchains -A output  -i eth2 -d 10.0.0.0/27 -j ACCEPT
ipchains -A forward -i eth1 -s 10.0.0.0/27 -j ACCEPT
ipchains -A forward -i eth2 -d 10.0.0.0/27 -j ACCEPT

# And of course there are other rules allowing traffic in and out eth0
and eth1.

I'm stumped! I'd be happy if it was a routing problem that I could see
or  firewall rule screwing things up.

Is there, maybe, something I need to do when I give the NIC an alias?

Pete
 

> I am not sure if I understand this exactly. It may help to have more
> information.
> 
> I have a feeling your replies are being sent out but are being firewalled
> by another router, since they appear to have a source address that doesn't
> belong to its network (i.e. address spoofing, SMURF attack).


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Roach Motel For Packets...

2001-09-29 Thread Peter Billson


> as is required by RFC, routing is disabled by default. to enable
> routing:
> 
> echo 1 >/proc/sys/net/ipv4/ip_forward
> 
> use /etc/sysctl.conf to have it enabled automatically at boot.

100% correct you are, but I have already done this. Note that "stuff"
coming in eth0 is getting forwarded correctly, only packets coming in
eth1 are not. Even eth1 itself does not respond to pings even though I
can log the packets coming in.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Roach Motel For Packets...

2001-09-29 Thread Peter Billson


Hi all,
  I have successfully created a Linux "Roach Motel"... packets check in,
but they don't check out! Unfortunately, I was trying to create a
router! :-)

  I have a Linux router with two connections from different service
providers (eth0 and eth1) coming in and want to route all traffic to go
out eth2. Eth0 is the router's default gateway

  I assigned eth2 two ips (eth2=192.168.0.1 and eth2:0=10.0.0.1)The
(important) routes are set to

 Networkgatewaynetmaskiface
192.168.0.0   *   255.255.255.0eth2
10.0.0.1  *   255.255.255.0eth2
(eth1 net)*   255.255.255.0eth1
default(eth0 ip)   0.0.0.0 eth0

  Ips have been changed to protect the innocent. All ips are really in
the public IP space.

  I am *not* trying to load balance, do BGP or anything like that. I
basically want the boxen on the network to respond to packets coming
from either network.

  I'm using IPChains to get this all working nice.

  If I ping any of the IPs serviced by eth0 (remotely or locally)
everything works fine. I can ping eth0, eth2 or any of the boxes on the
network.

  From the router I can ping eth0, eth1, eth2, and IPs that should be
serviced by eth1 on the network and I can ping the provider going out
eth1.

  From the local network I can ping any other machine and *any* IP on
the router.

  But if I try to ping eth1, or any of the IPs serviced by eth1, from a
remote machine the packets come into the router and disappear. They do
not get DENYed, ACCEPTed or FORWARDed by IPChains on any interface. The
rules relating to eth0 and eth1 are identical.

  It is as if the packets coming in eth1 are not getting forwarded but I
can't figure out why not, particularly when the IPChains rules work for
eth0. 

  Any suggestions where to look?  


Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: server mirroring spam

2001-09-28 Thread Peter Billson


> PLL is a nice theory...{et al}

I second that.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: exim remote outgoing mail

2001-09-28 Thread Peter Billson


matt wrote:
> 
> nevermind my last post, i think i got it working:)
> -matt


Matt,
  You should post your solution to the list for the archives. It will
help others in the future who have a similar problem.

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

1 2 3 >

1 - 100 of 207 matches

Mail list logo