Re: Streaming Video Server
On Fri, 9 Jul 2004 at 10:56:32, Marcel Hicking wrote: > --Thursday, July 08, 2004 21:00:09 -0500 Rod Rodolico > <[EMAIL PROTECTED]>: > > I just talked myself into a corner. A client called and asked if we > > can do a streaming video server and I said "Yes, of course." > [...] > > Depends on what you/your customer wnats exactly. > Maybe check out Apple's Darwin Streaming Server: > http://developer.apple.com/darwin/projects/streaming/ > "can both serve on-disk QuickTime, MPEG-4, and 3GPP files > and reflect live broadcasts". Apple claims it runs under > Red Hat, so it probably will compile under Debain as well. > > It's "free" although incompatible with the GPL. See > http://www.gnu.org/philosophy/apsl.html Or you might want to try out the Helix Server (from Real Networks) - which is afaik not really "free" either. Have a look at: http://www.helixcommunity.org/ Haven't yet played with it. But I heared the developer-tools they offer allow easy configuration and compilation. The server allows you to do streaming of RealAudio/-Video if needed. I'd appreciate to hear from you about your test-results on streaming-video- servers (private mail) - or maybe others here are interested as well. Good luck, Stefan
Re: Streaming Video Server
On Fri, 9 Jul 2004 at 10:56:32, Marcel Hicking wrote: > --Thursday, July 08, 2004 21:00:09 -0500 Rod Rodolico > <[EMAIL PROTECTED]>: > > I just talked myself into a corner. A client called and asked if we > > can do a streaming video server and I said "Yes, of course." > [...] > > Depends on what you/your customer wnats exactly. > Maybe check out Apple's Darwin Streaming Server: > http://developer.apple.com/darwin/projects/streaming/ > "can both serve on-disk QuickTime, MPEG-4, and 3GPP files > and reflect live broadcasts". Apple claims it runs under > Red Hat, so it probably will compile under Debain as well. > > It's "free" although incompatible with the GPL. See > http://www.gnu.org/philosophy/apsl.html Or you might want to try out the Helix Server (from Real Networks) - which is afaik not really "free" either. Have a look at: http://www.helixcommunity.org/ Haven't yet played with it. But I heared the developer-tools they offer allow easy configuration and compilation. The server allows you to do streaming of RealAudio/-Video if needed. I'd appreciate to hear from you about your test-results on streaming-video- servers (private mail) - or maybe others here are interested as well. Good luck, Stefan
MySQL with temporary high load on shared server
Hi folks, does anybody have with MySQL running on a shared server, which gets temporary high load? My problem is that a friend uses an online-shop on a shared-sytem. No problem with that - but when he uses update-scripts to upload his products/prices/... from scratch the system almost goes down due to heavy load. There are about 10.000 products in the DB - not *so* much I always thought. System performance degrades for other services (mail, ftp, ...) as well as other users trying to access their databases. Has anybody got an idea? Please let me know urgently! Kind regards, Stefan Neufeind
MySQL with temporary high load on shared server
Hi folks, does anybody have with MySQL running on a shared server, which gets temporary high load? My problem is that a friend uses an online-shop on a shared-sytem. No problem with that - but when he uses update-scripts to upload his products/prices/... from scratch the system almost goes down due to heavy load. There are about 10.000 products in the DB - not *so* much I always thought. System performance degrades for other services (mail, ftp, ...) as well as other users trying to access their databases. Has anybody got an idea? Please let me know urgently! Kind regards, Stefan Neufeind
Re: Problem with rare cases where browser seems to use HTTP 1.0 instead of 1.1
Hi Russell, well, it's a server on the internet. Neither is the webserver itself connected by a proxy nor is the person connecting to the server connected using a proxy. That's what really strikes me. I also took a look at the "downgrade-1.0"-switches in httpd.conf etc. - but they are just normal and only affect MSIE 4.x regarding the BrowserMatch-regex. Hmm - any ideas why IE all of a sudden might "fallback" to HTTP/1.0 instead of the HTTP/1.1 it always used? A really, really strange thing to me and I don't know where to search unfortunately :-( Stefan On 22 Oct 2003 at 1:30, Russell Coker wrote: > On Wed, 22 Oct 2003 00:36, Stefan Neufeind wrote: > > My question is just: Why does the browser (MS IE 6.0, Windows 98, > > ...) query the Apache 1.3.28-server with HTTP 1.0? It occurs only > > under rare and non-reproducable circumstances but "from time to > > time". When the problem occurs it's possible to reproduce the > > problem for some time and after a few minutes it's gone again. > > > > When the problem occurs on PC1, it's at the same time reproduceable > > on my PC as well. After a few minutes the problem is gone. But on > > both PCs I have IE 6.0 with latest patches applied. > > Do you administer all routers between the PCs and the server in > question? > > If not then are you certain that someone hasn't installed a broken > transperant proxy/cache? > > One time I was working for an ISP and suddenly we started having some > weird web browsing errors. It took about a day to realise that our > "colleagues" who ran the routers had installed a transperant caching > proxy without bothering to inform us. > > The main symptom of a hostile proxy deployment is when groups of > machines suddenly stop/start working in unison.
Re: Problem with rare cases where browser seems to use HTTP 1.0 instead of 1.1
Hi Russell, well, it's a server on the internet. Neither is the webserver itself connected by a proxy nor is the person connecting to the server connected using a proxy. That's what really strikes me. I also took a look at the "downgrade-1.0"-switches in httpd.conf etc. - but they are just normal and only affect MSIE 4.x regarding the BrowserMatch-regex. Hmm - any ideas why IE all of a sudden might "fallback" to HTTP/1.0 instead of the HTTP/1.1 it always used? A really, really strange thing to me and I don't know where to search unfortunately :-( Stefan On 22 Oct 2003 at 1:30, Russell Coker wrote: > On Wed, 22 Oct 2003 00:36, Stefan Neufeind wrote: > > My question is just: Why does the browser (MS IE 6.0, Windows 98, > > ...) query the Apache 1.3.28-server with HTTP 1.0? It occurs only > > under rare and non-reproducable circumstances but "from time to > > time". When the problem occurs it's possible to reproduce the > > problem for some time and after a few minutes it's gone again. > > > > When the problem occurs on PC1, it's at the same time reproduceable > > on my PC as well. After a few minutes the problem is gone. But on > > both PCs I have IE 6.0 with latest patches applied. > > Do you administer all routers between the PCs and the server in > question? > > If not then are you certain that someone hasn't installed a broken > transperant proxy/cache? > > One time I was working for an ISP and suddenly we started having some > weird web browsing errors. It took about a day to realise that our > "colleagues" who ran the routers had installed a transperant caching > proxy without bothering to inform us. > > The main symptom of a hostile proxy deployment is when groups of > machines suddenly stop/start working in unison. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Problem with rare cases where browser seems to use HTTP 1.0 instead of 1.1
Hi, I was recently pointed to some rare problems where people (from time to time) are unable to access their websites. They don't get the content for their website but the content of the "default host". I'm using name-based virtual hosting (requiring HTTP 1.1) which normally is no problem afaik today and widely used. >From the logs I can confirm that his requests come in with HTTP/1.0 instead of 1.1 - which is the main root of the problem why he does get the wrong website content returned. My question is just: Why does the browser (MS IE 6.0, Windows 98, ...) query the Apache 1.3.28-server with HTTP 1.0? It occurs only under rare and non-reproducable circumstances but "from time to time". When the problem occurs it's possible to reproduce the problem for some time and after a few minutes it's gone again. When the problem occurs on PC1, it's at the same time reproduceable on my PC as well. After a few minutes the problem is gone. But on both PCs I have IE 6.0 with latest patches applied. Did anybody experience such problems? What could be the root for these? Apache? IE 6.0? Or a combination of both? I'd be much happier if I was able to reproduce the problem when I want - not just "rare circumstances" under which the problem occurs :-((( Begging for help. Yours sincerely, Stefan Neufeind
Problem with rare cases where browser seems to use HTTP 1.0 instead of 1.1
Hi, I was recently pointed to some rare problems where people (from time to time) are unable to access their websites. They don't get the content for their website but the content of the "default host". I'm using name-based virtual hosting (requiring HTTP 1.1) which normally is no problem afaik today and widely used. >From the logs I can confirm that his requests come in with HTTP/1.0 instead of 1.1 - which is the main root of the problem why he does get the wrong website content returned. My question is just: Why does the browser (MS IE 6.0, Windows 98, ...) query the Apache 1.3.28-server with HTTP 1.0? It occurs only under rare and non-reproducable circumstances but "from time to time". When the problem occurs it's possible to reproduce the problem for some time and after a few minutes it's gone again. When the problem occurs on PC1, it's at the same time reproduceable on my PC as well. After a few minutes the problem is gone. But on both PCs I have IE 6.0 with latest patches applied. Did anybody experience such problems? What could be the root for these? Apache? IE 6.0? Or a combination of both? I'd be much happier if I was able to reproduce the problem when I want - not just "rare circumstances" under which the problem occurs :-((( Begging for help. Yours sincerely, Stefan Neufeind -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
How to modify input-chain to simulate "lost packets"?
Hi, this is not directly ISP-related but maybe someone has already done some sort of thing like this for simultion or otherwise has an idea: How could I achieve to randomly drop UDP-packets on the input-chain of a server? My problem is that I need to test a few tools which shall still work is some UDP-packets are lost ... those will be retransmitted. So what I basically need is something like: - drop every 17th (or other) packet on the input chain OR - drop aprox. 2% of traffic but vary a bit Anybody got an idea how to achieve this? Thank you for your help. Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Count traffic
Just add one common logfile for all virtual hosts in which you account all file-requests. Writing a small script you can get domain => customer-relations for billing. That's your only chance for virtual hosts. Stefan On 13 Aug 2003 at 11:08, Domainbox, Tim Abenath wrote: > > I'm searching a solution to count in- and outgoing traffic for each > > virtual user (domain). > > I searched for a solution some Month ago. All accounting i could find > is based on ipchains/iptables who are not working on the needed Layer > to seperate virtual Hosts. They just work up to the tcp Layer, so you > can only seperate between ip's. There are Solutions to Account virtual > Hosts, but the are not free. I now patched iptables to get an promisc > chains on which i account the traffic ip-based. > http://idea.hosting.lv/a/iptables-promisc/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: R: linux pci PRI cards
For real PRI-solutions have a look at the AVM T1-B (with S2M- interface, internal PCI-card in server, full Linux drivers). If you just need an active ISDN-board I'd recommend an AVM B1 v4.0- controller. For 2 or 4 ISDN-lines get a AVM C2 or C4. The AVM-boards run smoothly here, are active ISDN-boards (with capi in the firmware of the boards) and all feature interface-drivers in the kernel-tree. Have an AVM B1 v4.0 working here as a two-channel-faxserver ... brilliant! And also heard good things about the AVM T1-B-solution for S2M-lines. Stefan On 5 Aug 2003 at 17:12, Adam Henry wrote: > Thanks for the link. They really sound like a great company, and I > spoke at length with a tech engineer. Unfortunately my boss is > dazzled by the V.92 standard, and since the PC400 cards don't support > it, I will continue my search. > > I remember reading somewhere of a 4-port PRI card that is supported by > Linux. Once I find it I'll let you all know who is selling them. > > thanks again, > hank -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic Accounting
On 21 Jul 2003 at 8:50, Volker Tanger wrote: > On 19 Jul 2003 23:35:08 +0300 kgb <[EMAIL PROTECTED]> wrote: > > > Which is best way for traffic accounting i use ipac-ng but i don't > > like it anymore because it make my system under high load. > > If you don't want to mess around with IPtables just to do traffic > accounting, you could try > > http://wyae.de/software/trafan/ > > which works even from a third machine - just plug in and be happy. I > do not have any experiences with high load scenarios, though. Or have you maybe given netacctd a thought? Works fine here - even with a constant stream of about 30 MBit on the wire ... sometimes even higher. http://exorsus.net/projects/net-acct/ It can report traffic in regular intervals and write them to disk. Then you can write a separate tool to sum up the information you like before writing them to a database. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian Co-location in USA
Yes, Germany is in these days connected with best connections to various international backbones all over the world. If you choose a good connection here you can't expect the "500 GB for 1$"-offers some companies in the US might give you - but who cares about "cheap" when: - server is done multiple times - connection is slow or unreachable - servers are cheap and maybe old -> no data mirrored -> data-loss I'd propose that you might want to take a look at SpeedPartner. They offer very good 24/7-service for reasonable prices, excellent reliability and offer Debian as well. [EMAIL PROTECTED] Stefan On 15 Jul 2003 at 13:03, IMAC, Sebastian Mangelkramer wrote: > why don`t you choose germany for an co-location ? > german connections are one of the best in global connectivity. > > our servers were hosted by GATEL / Frankfurt. > you get your own debian box with an uplink 10/100/1000 whatever you > need for an good price. > > our hoster is aixit.com > they are professional and very competent with debian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sarge CD-ROM installation
On 20 Jun 2003 at 14:25, John Ackermann N8UR wrote: > I just downloaded an ISO image of Sarge disk 1 (a June 1 snapshot) and > when booting it acts differently than any Debian CD I've used before. > I'm at a loss as to how to install the system with it. > > After the kernel boots, it comes up with a very simple text menu with > five choices: 1) choose language ; 2) detect keyboard; 3) detect > CDROM; 4) Load installer modules; and 5) Verify CD contents. > > I step through the first three choices OK, but when you get to choice > 4 you are presented with a list of about 38 modules and given no > information about which ones might be necessary. I've tried selecting > various combinations (including all 38) but always get various errors > about modules not being found. > > Has anyone here tried installing a sarge ISO? If so, can you help me > get past this and into the main installlation program? Had problemens installing Sarge directy under VMWare some time ago. Then I decided to install Woody and upgrade to Sarge afterwards ... works fine. Maybe a good way for you? The Sarge installation tool doesn't seem that rock-solid as the Woody one. Stefan
Re: Sarge CD-ROM installation
On 20 Jun 2003 at 14:25, John Ackermann N8UR wrote: > I just downloaded an ISO image of Sarge disk 1 (a June 1 snapshot) and > when booting it acts differently than any Debian CD I've used before. > I'm at a loss as to how to install the system with it. > > After the kernel boots, it comes up with a very simple text menu with > five choices: 1) choose language ; 2) detect keyboard; 3) detect > CDROM; 4) Load installer modules; and 5) Verify CD contents. > > I step through the first three choices OK, but when you get to choice > 4 you are presented with a list of about 38 modules and given no > information about which ones might be necessary. I've tried selecting > various combinations (including all 38) but always get various errors > about modules not being found. > > Has anyone here tried installing a sarge ISO? If so, can you help me > get past this and into the main installlation program? Had problemens installing Sarge directy under VMWare some time ago. Then I decided to install Woody and upgrade to Sarge afterwards ... works fine. Maybe a good way for you? The Sarge installation tool doesn't seem that rock-solid as the Woody one. Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Router appears in tracert but can't ping?
On 17 Jun 2003 at 22:02, Russell Coker wrote: > On Tue, 17 Jun 2003 21:27, Stefan Neufeind wrote: > > What I'm looking for is a possibility to see if this router (that > > denies ping- packets) is still available? I have Nagios running and > > normally it monitors hosts via ping. So I need a replacement that > > would tell me if this router on the way to a server is reachable. I > > want to test the whole path to see where an error occured. Well, is > > it possible to "simulate" traceroute-like packets? What would you do > > to achive this? > > Pinging a machine that is beyond the router should be a strong > indication that the router is still functioning. ;) Well but you don't know if the machine behind is "dead" :-) I need to ping the last router in front of a machine. So incase the machine fails I can see if the backbone-router is still alive.
Re: Router appears in tracert but can't ping?
On 17 Jun 2003 at 22:02, Russell Coker wrote: > On Tue, 17 Jun 2003 21:27, Stefan Neufeind wrote: > > What I'm looking for is a possibility to see if this router (that > > denies ping- packets) is still available? I have Nagios running and > > normally it monitors hosts via ping. So I need a replacement that > > would tell me if this router on the way to a server is reachable. I > > want to test the whole path to see where an error occured. Well, is > > it possible to "simulate" traceroute-like packets? What would you do > > to achive this? > > Pinging a machine that is beyond the router should be a strong > indication that the router is still functioning. ;) Well but you don't know if the machine behind is "dead" :-) I need to ping the last router in front of a machine. So incase the machine fails I can see if the backbone-router is still alive. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Router appears in tracert but can't ping?
On Tue, 17 Jun 2003 at 10:15:49, Russell Coker wrote: > On Tue, 17 Jun 2003 16:05, Stefan Neufeind wrote: > > both tracert and ping use ICMP. So did they just block some kind of > > ICMP-message (ping) for this router? How could I solve this problem? > > Your message was not clear, but it seems that you can see the router on a > traceroute but can't ping it. > > Ping sends ICMP-ECHO packets and solicits a direct response. traceroute > sends > an ICMP-ECHO or a UDP packet destined for some machine beyond the router and > > the router sends back an ICMP time-exceeded if it's hop count has expired. > Configuring a router to not respond to any packets addressed to itself is not > > uncommon, but having it send ICMP messages about packets addressed to other > machines that it can't deliver is expected. > > For this reason it's not uncommon to see traceroute show 10.x.x.x or > 192.168.x.x addresses (which are obviously not pingable). > > I'm not sure how the Windows program tracert compares in functionality to > traceroute. What I'm looking for is a possibility to see if this router (that denies ping- packets) is still available? I have Nagios running and normally it monitors hosts via ping. So I need a replacement that would tell me if this router on the way to a server is reachable. I want to test the whole path to see where an error occured. Well, is it possible to "simulate" traceroute-like packets? What would you do to achive this? Stefan
Re: Router appears in tracert but can't ping?
On Tue, 17 Jun 2003 at 10:15:49, Russell Coker wrote: > On Tue, 17 Jun 2003 16:05, Stefan Neufeind wrote: > > both tracert and ping use ICMP. So did they just block some kind of > > ICMP-message (ping) for this router? How could I solve this problem? > > Your message was not clear, but it seems that you can see the router on a > traceroute but can't ping it. > > Ping sends ICMP-ECHO packets and solicits a direct response. traceroute > sends > an ICMP-ECHO or a UDP packet destined for some machine beyond the router and > > the router sends back an ICMP time-exceeded if it's hop count has expired. > Configuring a router to not respond to any packets addressed to itself is not > > uncommon, but having it send ICMP messages about packets addressed to other > machines that it can't deliver is expected. > > For this reason it's not uncommon to see traceroute show 10.x.x.x or > 192.168.x.x addresses (which are obviously not pingable). > > I'm not sure how the Windows program tracert compares in functionality to > traceroute. What I'm looking for is a possibility to see if this router (that denies ping- packets) is still available? I have Nagios running and normally it monitors hosts via ping. So I need a replacement that would tell me if this router on the way to a server is reachable. I want to test the whole path to see where an error occured. Well, is it possible to "simulate" traceroute-like packets? What would you do to achive this? Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Router appears in tracert but can't ping?
Hi, both tracert and ping use ICMP. So did they just block some kind of ICMP-message (ping) for this router? How could I solve this problem? I need to check if the route to this router is alive - namely if the router is up. Can I trick this into working by choosing a TOS for ping manually? Stefan
Router appears in tracert but can't ping?
Hi, both tracert and ping use ICMP. So did they just block some kind of ICMP-message (ping) for this router? How could I solve this problem? I need to check if the route to this router is alive - namely if the router is up. Can I trick this into working by choosing a TOS for ping manually? Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Visitor based netoworking
I took a look at nocat and it really seems to do almost the things I'm looking for *g* Thank you. But I have a recommendation / question: Wouldn't it be possible to also check the MAC of clients on the net? This way we could make IP- hijacking (as written in the nocat-whitepaper) a lot harder I think. Unfortunately I don't know if this is possible with something like iptables - since mac-addresses work on a different (lower) layer. On 10 Jun 2003 at 16:02, Keegan Quinn wrote: > On Tuesday 10 June 2003 10:53 am, Stefan Neufeind wrote: > > But what if you need an "open" system? Not loggin into domain but > > loggin in via webinterface? E.g. when they try to surf the net they > > get redirected to "authenticate here first". > > I think what you're looking for is implemented in a system called > NoCatAuth, which was also mentioned by John Keimel. It's fairly > simple Perl, and is easily extensible to authenticate against just > about any database. Patches already exist for Radius, and others. > There is also a C version called NoCatSplash. See http://nocat.net/ > > This system is in wide use here in Portland, Oregon, for displaying > messages to anonymous clients of public wireless networks. It is > easily adaptable. > > Neither NoCatAuth or NoCatSplash are yet in Debian, due primarily to a > complete disregard for the FHS, but if anyone is sufficiently > motivated, this could be changed...
Re: Visitor based netoworking
I took a look at nocat and it really seems to do almost the things I'm looking for *g* Thank you. But I have a recommendation / question: Wouldn't it be possible to also check the MAC of clients on the net? This way we could make IP- hijacking (as written in the nocat-whitepaper) a lot harder I think. Unfortunately I don't know if this is possible with something like iptables - since mac-addresses work on a different (lower) layer. On 10 Jun 2003 at 16:02, Keegan Quinn wrote: > On Tuesday 10 June 2003 10:53 am, Stefan Neufeind wrote: > > But what if you need an "open" system? Not loggin into domain but > > loggin in via webinterface? E.g. when they try to surf the net they > > get redirected to "authenticate here first". > > I think what you're looking for is implemented in a system called > NoCatAuth, which was also mentioned by John Keimel. It's fairly > simple Perl, and is easily extensible to authenticate against just > about any database. Patches already exist for Radius, and others. > There is also a C version called NoCatSplash. See http://nocat.net/ > > This system is in wide use here in Portland, Oregon, for displaying > messages to anonymous clients of public wireless networks. It is > easily adaptable. > > Neither NoCatAuth or NoCatSplash are yet in Debian, due primarily to a > complete disregard for the FHS, but if anyone is sufficiently > motivated, this could be changed... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Visitor based netoworking
But what if you need an "open" system? Not loggin into domain but loggin in via webinterface? E.g. when they try to surf the net they get redirected to "authenticate here first". On 10 Jun 2003 at 9:06, Bastian Winkler wrote: > perhaps the following could fit your needs: > http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/ > personally i use pam_iptables in combination with a samba PDC to > control network access with iptables+htb for windoze-clients on domain > logon. its a nice way to control some special kaazaa users whatever > machine they use ;-) > > buz > > On Mon, 2003-06-09 at 22:36, Alex (LEX) Borges wrote: > > I know this is doable by hand, but im wondering if anyone knows of a > > cool set of scripts or something for visitor based netoworking > > (something like dhcp+cbq+iptables to control whos accesing what and > > to allow acces to a network where you should on a time basis...etc. > > Think hotels with eth access or airports with wifi)
Re: Visitor based netoworking
But what if you need an "open" system? Not loggin into domain but loggin in via webinterface? E.g. when they try to surf the net they get redirected to "authenticate here first". On 10 Jun 2003 at 9:06, Bastian Winkler wrote: > perhaps the following could fit your needs: > http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/ > personally i use pam_iptables in combination with a samba PDC to > control network access with iptables+htb for windoze-clients on domain > logon. its a nice way to control some special kaazaa users whatever > machine they use ;-) > > buz > > On Mon, 2003-06-09 at 22:36, Alex (LEX) Borges wrote: > > I know this is doable by hand, but im wondering if anyone knows of a > > cool set of scripts or something for visitor based netoworking > > (something like dhcp+cbq+iptables to control whos accesing what and > > to allow acces to a network where you should on a time basis...etc. > > Think hotels with eth access or airports with wifi) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Visitor based netoworking
Really interesting question. Just thought about that some time ago. Are you planning to have a login-page to authenticate (or maybe use a credit-based system) for surfing? What I'm looking for is a solution that allows several websites to be accessible (e.g. hotel-website etc.) but disallows regular internet-usage until you buy some credits. Did anybody already "hack together" such a solution? Does a project for such a thing exist or maybe would anyone vamp one up? On 9 Jun 2003 at 15:36, Alex (LEX) Borges wrote: > I know this is doable by hand, but im wondering if anyone knows of a > cool set of scripts or something for visitor based netoworking > (something like dhcp+cbq+iptables to control whos accesing what and to > allow acces to a network where you should on a time basis...etc. Think > hotels with eth access or airports with wifi)
Re: Visitor based netoworking
Really interesting question. Just thought about that some time ago. Are you planning to have a login-page to authenticate (or maybe use a credit-based system) for surfing? What I'm looking for is a solution that allows several websites to be accessible (e.g. hotel-website etc.) but disallows regular internet-usage until you buy some credits. Did anybody already "hack together" such a solution? Does a project for such a thing exist or maybe would anyone vamp one up? On 9 Jun 2003 at 15:36, Alex (LEX) Borges wrote: > I know this is doable by hand, but im wondering if anyone knows of a > cool set of scripts or something for visitor based netoworking > (something like dhcp+cbq+iptables to control whos accesing what and to > allow acces to a network where you should on a time basis...etc. Think > hotels with eth access or airports with wifi) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail architecture for up 30.000 accounts
JawMail: Give the free JawMail A try. I'm using it here and it's great. Also, if you have any problems, the programmer will assist you quite quickly. It's worth trying. It directly connects to the IMAP- Server, supports folders etc. as well. On 30 May 2003 at 10:33, Carlos L.M. wrote: > I need a sample of mail architecture for up 30.000 > accounts. Can you help me ?? > > For software, I would use this: > > SMTP: Postfix > IMAP: Courier > POP3: Courier > Authtentication and user preferences: MySQL > Webmail: IMP > Anti-spam: spamassassin > Anti-virus: F-Prot > > Any help are welcome, and sorry for my bad english. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail architecture for up 30.000 accounts
JawMail: Give the free JawMail A try. I'm using it here and it's great. Also, if you have any problems, the programmer will assist you quite quickly. It's worth trying. It directly connects to the IMAP- Server, supports folders etc. as well. On 30 May 2003 at 10:33, Carlos L.M. wrote: > I need a sample of mail architecture for up 30.000 > accounts. Can you help me ?? > > For software, I would use this: > > SMTP: Postfix > IMAP: Courier > POP3: Courier > Authtentication and user preferences: MySQL > Webmail: IMP > Anti-spam: spamassassin > Anti-virus: F-Prot > > Any help are welcome, and sorry for my bad english.
Re: Selecting source ip
On 28 May 2003 at 15:30, brian moore wrote:
> On Wed, May 28, 2003 at 11:02:27PM +0200, Stefan Neufeind wrote:
> > when I request a file from a linux box using lynx the source ip of
> > my request is the ip of eth0. But how can I change the source ip to
> > other ips which are also bound to eth0 (via eth0:0 etc.)? Do I need
> > to change the default gate from eth0 to eth0:0 for example? Isn't
> > there a way to just change the source ip for all programs I will
> > execute in my current environment / bash without affecting other
> > programs / tasks?
>
> Not without rewriting the programs.
>
> In geekese, the programs open their socket with code like this:
>
> my_addr = sa_zero;
> my_addr.sin_family = AF_INET;
> my_addr.sin_addr.s_addr = INADDR_ANY;
> if ( ( bind( fd, (struct sockaddr *) &my_addr,
>sizeof(struct sockaddr_in))) < 0 ) {
> fprintf(stderr,"bind failed\n");
> exit(1);
> }
>
> (Pretty standard socket code...)
>
> The catch is the 'INADDR_ANY', which tells the kernel "hey, just grab
> any handy IP and use that!". On most systems (not just Linux, most
> Unix systems and probably Windows as well), that means "use the IP
> nearest to the destination", or for single-homed machines, the IP of
> eth0 or whatever your default gateway sits on.
>
> This value is filled in by the kernel, in other words.
>
> You could change how it behaves be swapping eth0 and eth0:1, assuming
> they are both on the same subnet.
You mean swapping through which "network card" the traffic goes out,
right? Hmm, are there kernel patches or something so you can set the
"right IP" for the current environment? Like setting it in a bash for
all subsequent programs? So you could have different settings in
different environments?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Selecting source ip
On 28 May 2003 at 15:30, brian moore wrote:
> On Wed, May 28, 2003 at 11:02:27PM +0200, Stefan Neufeind wrote:
> > when I request a file from a linux box using lynx the source ip of
> > my request is the ip of eth0. But how can I change the source ip to
> > other ips which are also bound to eth0 (via eth0:0 etc.)? Do I need
> > to change the default gate from eth0 to eth0:0 for example? Isn't
> > there a way to just change the source ip for all programs I will
> > execute in my current environment / bash without affecting other
> > programs / tasks?
>
> Not without rewriting the programs.
>
> In geekese, the programs open their socket with code like this:
>
> my_addr = sa_zero;
> my_addr.sin_family = AF_INET;
> my_addr.sin_addr.s_addr = INADDR_ANY;
> if ( ( bind( fd, (struct sockaddr *) &my_addr,
>sizeof(struct sockaddr_in))) < 0 ) {
> fprintf(stderr,"bind failed\n");
> exit(1);
> }
>
> (Pretty standard socket code...)
>
> The catch is the 'INADDR_ANY', which tells the kernel "hey, just grab
> any handy IP and use that!". On most systems (not just Linux, most
> Unix systems and probably Windows as well), that means "use the IP
> nearest to the destination", or for single-homed machines, the IP of
> eth0 or whatever your default gateway sits on.
>
> This value is filled in by the kernel, in other words.
>
> You could change how it behaves be swapping eth0 and eth0:1, assuming
> they are both on the same subnet.
You mean swapping through which "network card" the traffic goes out,
right? Hmm, are there kernel patches or something so you can set the
"right IP" for the current environment? Like setting it in a bash for
all subsequent programs? So you could have different settings in
different environments?
Selecting source ip
Hi, when I request a file from a linux box using lynx the source ip of my request is the ip of eth0. But how can I change the source ip to other ips which are also bound to eth0 (via eth0:0 etc.)? Do I need to change the default gate from eth0 to eth0:0 for example? Isn't there a way to just change the source ip for all programs I will execute in my current environment / bash without affecting other programs / tasks? Yours sincerely, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Selecting source ip
Hi, when I request a file from a linux box using lynx the source ip of my request is the ip of eth0. But how can I change the source ip to other ips which are also bound to eth0 (via eth0:0 etc.)? Do I need to change the default gate from eth0 to eth0:0 for example? Isn't there a way to just change the source ip for all programs I will execute in my current environment / bash without affecting other programs / tasks? Yours sincerely, Stefan
Re: OT: German KK-applications and domain transfers
On 23 May 2003 at 15:14, Cameron Moore wrote: > A customer of mine is wanting to buy a domain from a German citizen. > They tell me that the German told them to fill out a KK-application to > get the domain transferred. Can anyone tell me where to get more info > on this KK-application (preferrably in English)? My googling has > turned up nothing informative. > > Also, does anyone know if this is really necessary? Can we not just > request the tranfer with our Registrar and let the registrars take > care of the authentication and validation? No, you normally fill out a KK form for transfering a domain to a new host. Changing the owner at the same time is normally to difficult. So I would propose: Well the original owner (German) to change the owner to your customer (with address etc.) and then your client can initiate a transfer of the domain since he is the new owner. The KK simply outlines "please transfer domain kjahaskdh.de owned by me (Peter Paul Something), living at kjhkashdkjh" "currently connected to the DNS at XXX" "to the company YYY which will take over the domain in a few days". Send this form to the company currently servicing the DNS for that domain so that he knows to whom the domain will be transfered and that he will allow the transfer to take place. Then you can easily request the domain-transfer. If you have further questions simply ask. Hope my explanations were not too difficult to figure out :-) Stefan
Random slight html-errors with latest Apache 1.3.x and mod_ssl
Hi, hope not to be too far OT. But it's a typical ISP-question ... so excuse if MIGHT be OT. does anybody have (or had) a similar problem than me? When using http everything works fine, but with https I randomly get html-errors (like "Arial, Helvetica, sans-serif" in front of the beginning - tag). Unfortunately these errors are randomly, occur with various applications / situations and occur both in Internet Explorer and Opera. Anybody had something similar? I read through the forums - but the "normal" two entries disallowing ssl-connection-reusage (or what was it) with Internet Explorer and Netscape are already in the httpd.conf (as proposed on several websites - to workaround buggy IE- implementations). This doesn't seem to help. If anybody could generate a testcase that would surely help a lot but unfortunately the problems are randomly. Yours sincerely, Stefan
