authentication with courier-authdaemon 0.37.3 on Woody
Hi, I've installed courier-authdaemon, courier-base, courier-pop and courier-imap on my Woody server yesterday, and without really changing the configuration (much), I'm able to access my e-mail from within my LAN, but a user cannot access his account from outside (he uses a dial-up connection to his ISP, he's configured to use POP and gets an error indicating invalid password). One thing I did add to the configuration was the following line to my hosts.allow : couriertcpd : ALL Not sure if that's a good idea, or really necessary.? I don't know what else you might need to know... I have Exim 4.32 configured to use Maildir, and as I said, I can get to my mail with both IMAP and POP no problem. Thanks for all help with this problem! Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: authentication with courier-authdaemon 0.37.3 on Woody
Sorry, I gotta take something back... I just checked again, closer, and I'm not able to collect my mail either, using POP. I however do not get any kind of connection error, and the log file shows: Nov 22 20:56:13 lion courierpop3login: Connection, ip=[:::192.168.1.13] Nov 22 20:56:13 lion courierpop3login: LOGIN, user=robcat, ip=[:::192.168.1.13] Nov 22 20:56:13 lion courierpop3login: LOGOUT, user=robcat, ip=[:::192.168.1.13], top=0, retr=0 any ideas? Thanks again! - Original Message - From: Robert Cates [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 22, 2004 8:54 PM Subject: authentication with courier-authdaemon 0.37.3 on Woody Hi, I've installed courier-authdaemon, courier-base, courier-pop and courier-imap on my Woody server yesterday, and without really changing the configuration (much), I'm able to access my e-mail from within my LAN, but a user cannot access his account from outside (he uses a dial-up connection to his ISP, he's configured to use POP and gets an error indicating invalid password). One thing I did add to the configuration was the following line to my hosts.allow : couriertcpd : ALL Not sure if that's a good idea, or really necessary.? I don't know what else you might need to know... I have Exim 4.32 configured to use Maildir, and as I said, I can get to my mail with both IMAP and POP no problem. Thanks for all help with this problem! Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: authentication with courier-authdaemon 0.37.3 on Woody
On Monday 22 November 2004 15:04, Robert Cates wrote: Sorry, I gotta take something back... I just checked again, closer, and I'm not able to collect my mail either, using POP. I however do not get any kind of connection error, and the log file shows: Nov 22 20:56:13 lion courierpop3login: Connection, ip=[:::192.168.1.13] Nov 22 20:56:13 lion courierpop3login: LOGIN, user=robcat, ip=[:::192.168.1.13] Nov 22 20:56:13 lion courierpop3login: LOGOUT, user=robcat, ip=[:::192.168.1.13], top=0, retr=0 any ideas? maybe pop3d has the wrong idea about the user's home directory? regards, mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Woody and Java with lots of threads
Dear list, Has anyone managed to get java 1.4.2 running with 1100 + threads on Woody (with 2.4.25smp)? I currently have the following ulimits set... :~$ ulimit -a core file size(blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files(-n) 8192 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes(-u) 4096 virtual memory(kbytes, -v) unlimited :~$ The machine has 1G of RAM. With SARGE I am able to get 3500 processes runnning... Any suggestions on how I should set -Xms -Xss -Xmx ? Is this a problem with glibc on woody? Thanks Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
(Partial) solution: Woody on Proliant ML35 G3 (smartarray 641)
Hello everybody, First, the solution, thanks to Matt Taggart: http://people.debian.org/~taggart/boot-floppies/ The story: In February, I ask on this list how to install woody on a HP/Compaq Proliant ML350G3 with: - 2 CPU (Xeon 3.06 GHz) and 2 GB RAM - hardware RAID (smartarray 641) - giga NIC (Broadcom 5702/NC7760) The archive of the post is: http://lists.debian.org/debian-isp/2004/02/msg00105.html The woody install disk has to have a = 2.4.21 kernel with cciss driver built-in. People on this list adviced me to build a custom woody install CD with the boot-floppies package. I found valuable information at http://wiki.osuosl.org/display/LNX/Debian+on+Dell+Servers. (I can see that this page has got more infos since February) I tried to build myself a custom boot CD but fails on the size limit of 2.88 MB of the boot-floppies. Matt Taggart, on the link above, has released a woody boot CD with: - 2.4.25 minimal kernel - cciss driver as built-in - tg3 driver as module The woody install was smooth on my box. Thanks Matt! Of course, the job is now to build a custom kernel to replace the minimal kernel, or to use a backported kernel-image as he recommends. Cheers, -- Emmanuel Halbwachs Labo. de Photonique et Nanostructures tel : (+33)1 69 63 61 34 CNRS UPR 20 fax : (+33)1 69 63 60 06 Route de Nozay F 91460 Marcoussis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: (Partial) solution: Woody on Proliant ML35 G3 (smartarray 641)
Hello again, While rereading my post, I realize that I did not explain the partial in the subject. To have a fully-fonctionnal HP Proliant woody, we need the hpasm kernel module that manage the server health. Some other french colleagues told me that without this module fans will be stuck at full speed all the time. I will send another post to the list to ask more about this topic (new thread). Cheers, -- Emmanuel Halbwachs Labo. de Photonique et Nanostructures tel : (+33)1 69 63 61 34 CNRS UPR 20 fax : (+33)1 69 63 60 06 Route de Nozay F 91460 Marcoussis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Woody+Testing Apache Segmentation Fault
Hi I have a problem with my webserver. It was originally setup with Potato (or earlier version) of Debian a few years back. Currently it has been fully upgraded to Woody, plus selected packages have been upgraded to Testing. These include php(4.3.4-4) and all its dependencies including apache(1.3.31-2). and libapache-mod-perl(1.29.0.2-9). These are the latest testing release versions. Recently I did an apt-get upgrade and it downloaded and installed the above version of apache. Afterwards it would not start, it failed without showing an error on either the screen or the log files. Running apache -F I got a segmentation fault. After a bit of playing, I discovered if I comment out either the php4 or mod-perl in the new modules.conf (imported from httpd.conf) the server starts normally. With both modules loaded the server get a segmentation fault. I am wondering if there is a version conflict between the modules, or if there is a restriction on permissions or resources, inherited from the earlier version, which prevents the apache server from starting? Has anybody seen this before? Thanks Ian -- Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa
Re: Woody+Testing Apache Segmentation Fault
On Thu, 5 Aug 2004 15:41:50 +0200 Ian Forbes [EMAIL PROTECTED] wrote: Hi I have a problem with my webserver. It was originally setup with Potato (or earlier version) of Debian a few years back. Currently it has been fully upgraded to Woody, plus selected packages have been upgraded to Testing. These include php(4.3.4-4) and all its dependencies including apache(1.3.31-2). and libapache-mod-perl(1.29.0.2-9). These are the latest testing release versions. Recently I did an apt-get upgrade and it downloaded and installed the above version of apache. Afterwards it would not start, it failed without showing an error on either the screen or the log files. Running apache -F I got a segmentation fault. After a bit of playing, I discovered if I comment out either the php4 or mod-perl in the new modules.conf (imported from httpd.conf) the server starts normally. With both modules loaded the server get a segmentation fault. I am wondering if there is a version conflict between the modules, or if there is a restriction on permissions or resources, inherited from the earlier version, which prevents the apache server from starting? Has anybody seen this before? I have not experienced this problem before, but I have seen several threads here on Debian-user that resolved it by uninstalling the php4-imap package. Alternatively, you should be able to simply disable php4-imap in your php.ini file to see if it is the problem. HTH, Jacob -- GnuPG Key: 1024D/16377135 Random .signature #7: Microsoft is not the answer. Microsoft is the question. Linux is the answer. pgpgdNYWthVS7.pgp Description: PGP signature
Re: Woody+Testing Apache Segmentation Fault
Jacob S. wrote: Has anybody seen this before? I have not experienced this problem before, but I have seen several threads here on Debian-user that resolved it by uninstalling the php4-imap package. Alternatively, you should be able to simply disable php4-imap in your php.ini file to see if it is the problem. HTH, Jacob I've seen this problem as well; I don't remember what module it was, but try commenting out all modules from the php.ini and enabling them one by one if it's not the php-imap module. Maarten
Re: FW: Woody and HP DL320G2
Am Di, den 03.08.2004 schrieb IT-at-Challenge um 7:56: I am preparing to buy a new HP server, a HP DL320G2, and would like to install Woody onto it. The questions I have relate to the: - On-board NICs, given on the HP site as Two NC7760 PCI Gigabit Server Adapters (embedded) - the ATA RAID controller, given as Integrated Dual Channel Ultra ATA/100 Adapter with Integrated ATA RAID 0, 1 - video, given as Integrated ATI RAGE XL Video Controller with 8-MB SDRAM Video Memory Will woody with the standard bf2.4 kernel detect the NIC's and RAID controller? No. The onboard NICs will probably not work with bf24 as they are afaik based on the bcm57xx chipset which is supported starting from 2.4.19 - Woody bf24 is 2.4.18. But this is not a real problem... The ATARAID may or may not work - I have no idea which chipset they are currently using. Can anyone shed some light on this? As I'm currently building a website about running Debian on ProLiant this information would be really appreciated... Will I need to compile my own kernel to do this? You can, but won't have to - at least for the NIC part. Just download the drivers from Broadcom and compile them against 2.4.18-bf24 and load them during setup (preload modules from floppy). Or got to my website, grab the modules I've prepared for Woody: http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/ Or, should I try to use Sarge? Sarge will probably work out of the box. At least the last time I tried I could install a DL140 without any problems... best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
IpSec with Debian woody and kernel 2.6.6
Hi, I needed to use kernel 2.6.* on a new firewall machine (to handle the hardware). I've used FreeS/WAN for IPSec over the past years, but it seems like I have to use the new Linux kernel support for IPSec on this machine. It will use VPN to other Linux based firewalls, and some Cisco routers. What packages do I need in order to get ipsec up and running on kernel 2.6.6, and where can I get them? (I found no match on ipsec on backports.org). Also - where do I find documentation for the new kernel based IPSec? Jarle -- Jarle Aase email: [EMAIL PROTECTED] Author of freeware. http://www.jgaa.com news:alt.comp.jgaa War FTP Daemon: http://www.warftp.org War FTP Daemon FAQ: http://www.warftp.org/faq/warfaq.htm Jgaa's PGP key: http://war.jgaa.com/pgp NB: If you reply to this message, please include all relevant information from the conversation in your reply. Thanks. no need to argue - just kill'em all! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IpSec with Debian woody and kernel 2.6.6
re On Mon, 2004-08-02 at 15:36, Jarle Aase wrote: What packages do I need in order to get ipsec up and running on kernel 2.6.6, and where can I get them? (I found no match on ipsec on backports.org). Also - where do I find documentation for the new kernel based IPSec? Use native ipsec in 2.6.x kernel and openswan (for woody you might need to backport package or rebuild openswan (ipsec-tools) package for woody), but at least you won't have to patch the kernel. regards, Andraz -- BOFH excuse #316: Elves on strike. (Why do they call EMAG Elf Magic) signature.asc Description: This is a digitally signed message part
Re: IpSec with Debian woody and kernel 2.6.6
On Mon, 02 Aug 2004 15:36:25 +0200, Jarle wrote in message [EMAIL PROTECTED]: Hi, I needed to use kernel 2.6.* on a new firewall machine (to handle the hardware). I've used FreeS/WAN for IPSec over the past years, but it seems like I have to use the new Linux kernel support for IPSec on this machine. It will use VPN to other Linux based firewalls, and some Cisco routers. What packages do I need in order to get ipsec up and running on kernel 2.6.6, and where can I get them? (I found no match on ipsec on backports.org). Also - where do I find documentation for the new kernel based IPSec? Jarle ..first cat /etc/apt/sources.list |grep ^deb # your site is different, I run off my own mirrors. deb http://192.168.2.222/debian/ stable main non-free contrib deb http://192.168.2.222/debian-backports/debian stable all # all for _everything_ in backports. deb http://192.168.2.222/debian-non-US/ stable/non-US main \ non-free contrib deb http://security.debian.org stable/updates main contrib non-free [EMAIL PROTECTED]:~ # ..then apt-get update ;apt-cache search ipsec kernel-patch-usagi - Another IPv6 implementation for Linux shorewall-doc - Shoreline Firewall (Shorewall) Documentation freeswan - IPSEC utilities for FreeSWan freeswan-modules-source - IPSEC kernel modules source for FreeSWan kernel-patch-freeswan - IPSEC kernel support for FreeSWan shorewall - Shoreline Firewall (Shorewall) ..this is also relevant to backport'ers, so I cc. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
FW: Woody and HP DL320G2
[This was sent to debian-user but as I am running ISP-like services for about 200 users so I think I sh ould have sent it to this list. Please let me know if this was incorrect] Hi, I am preparing to buy a new HP server, a HP DL320G2, and would like to install Woody onto it. The questions I have relate to the: - On-board NICs, given on the HP site as Two NC7760 PCI Gigabit Server Adapters (embedded) - the ATA RAID controller, given as Integrated Dual Channel Ultra ATA/100 Adapter with Integrated ATA RAID 0, 1 - video, given as Integrated ATI RAGE XL Video Controller with 8-MB SDRAM Video Memory Will woody with the standard bf2.4 kernel detect the NIC's and RAID controller? Will I need to compile my own kernel to do this? Or, should I try to use Sarge? Thanks, Adrian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Woody Install disks do not detect my LSILOGIC RAID Controller
On Thu, 2004-07-29 at 15:11 -0400, Theodore Knab wrote: Hello I am stuck. Knoppix finds this device. My debian woody image does not. :01:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 07) Subsystem: IBM: Unknown device 026d Flags: bus master, 66MHz, medium devsel, latency 72, IRQ 22 I/O ports at 2300 [size=256] Memory at fbff (64-bit, non-prefetchable) [size=64K] Memory at fbfe (64-bit, non-prefetchable) [size=64K] Expansion ROM at unassigned [disabled] [size=1M] Capabilities: available only to root Where should I look for the driver disks ? Here are nice install disk images: http://wiki.osuosl.org/display/LNX/Debian+on+Dell+Servers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Woody Install disks do not detect my LSILOGIC RAID Controller
Thanks that was very helpful. Debian is now being installed. On 30/07/04 16:19 +0200, Jeroen Coekaerts wrote: On Thu, 2004-07-29 at 15:11 -0400, Theodore Knab wrote: Hello I am stuck. Knoppix finds this device. My debian woody image does not. :01:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 07) Subsystem: IBM: Unknown device 026d Flags: bus master, 66MHz, medium devsel, latency 72, IRQ 22 I/O ports at 2300 [size=256] Memory at fbff (64-bit, non-prefetchable) [size=64K] Memory at fbfe (64-bit, non-prefetchable) [size=64K] Expansion ROM at unassigned [disabled] [size=1M] Capabilities: available only to root Where should I look for the driver disks ? Here are nice install disk images: http://wiki.osuosl.org/display/LNX/Debian+on+Dell+Servers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- -- Ted Knab Chester, Maryland 21619 USA -- Conquest is easy. Control is not. -- Kirk, Mirror, Mirror, stardate unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Debian Woody Install disks do not detect my LSILOGIC RAID Controller
Hello I am stuck. Knoppix finds this device. My debian woody image does not. :01:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 07) Subsystem: IBM: Unknown device 026d Flags: bus master, 66MHz, medium devsel, latency 72, IRQ 22 I/O ports at 2300 [size=256] Memory at fbff (64-bit, non-prefetchable) [size=64K] Memory at fbfe (64-bit, non-prefetchable) [size=64K] Expansion ROM at unassigned [disabled] [size=1M] Capabilities: available only to root Where should I look for the driver disks ? -- -- Ted Knab Chester, Maryland 21619 USA -- Conquest is easy. Control is not. -- Kirk, Mirror, Mirror, stardate unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Woody Install disks do not detect my LSILOGIC RAID Controller
Thanks that looks the most promising info I have found. On 29/07/04 21:49 +0200, Rasmus Glud wrote: Hiya, did you see this thread on the debian list archive ? http://lists.debian.org/debian-boot/2003/02/msg00586.html * Theodore Knab ([EMAIL PROTECTED]) wrote: Hello I am stuck. Knoppix finds this device. My debian woody image does not. :01:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 07) Subsystem: IBM: Unknown device 026d Flags: bus master, 66MHz, medium devsel, latency 72, IRQ 22 I/O ports at 2300 [size=256] Memory at fbff (64-bit, non-prefetchable) [size=64K] Memory at fbfe (64-bit, non-prefetchable) [size=64K] Expansion ROM at unassigned [disabled] [size=1M] Capabilities: available only to root Where should I look for the driver disks ? -- -- Ted Knab Chester, Maryland 21619 USA -- Conquest is easy. Control is not. -- Kirk, Mirror, Mirror, stardate unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- .glud N53 15.9150/W006 12.6304/185.80m -- -- Ted Knab Chester, Maryland 21619 USA -- Conquest is easy. Control is not. -- Kirk, Mirror, Mirror, stardate unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Woody Install disks do not detect my LSILOGIC RAID Controller
## Theodore Knab ([EMAIL PROTECTED]): :01:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 07) Subsystem: IBM: Unknown device 026d Flags: bus master, 66MHz, medium devsel, latency 72, IRQ 22 I/O ports at 2300 [size=256] Memory at fbff (64-bit, non-prefetchable) [size=64K] Memory at fbfe (64-bit, non-prefetchable) [size=64K] Expansion ROM at unassigned [disabled] [size=1M] Capabilities: available only to root Where should I look for the driver disks ? Just create a modules disk with the Fusion MPT SCSI modules, that did the job for me. LSI1030 SCSI controllers are supported as of Linux 2.4.20 or earlier, I'm currently running 2.4.26. Regards, Christoph -- Spare Space -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Francisco Castillo wrote: Then i do a apt-get install kernel-image-2.18.14-686, and this installations works fine. Then it puts me a entry on the lilo in order to load the new kernel (the old kernel is a 2.2 original woody, it has a 686 ) but the problem for me now is that when i reboot the kernel can´t load. It give me a kernel panic message , unable to load the boot.1006. It seems like this new kernel dont works on my hard plataform, but it happens the same with the kernel-image.2.18-14-586tsc. This could be true? I've heard of this happening (typically with Compaq servers, for some reason), but I've yet to have it happen to me. If you really want to run a 2.4 kernel, or you really want iptables, you'll probably have to compile a custom kernel. :/ IIRC you *can* use iptables with a 2.2 kernel, but it's a pain to get up and running. How can i Knew what is the soft or version of kernel-image i must use in my hard system? Anyone else? I've found stock kernels work fine for me, but I've occasionally run into hardware that doesn't run with them. Could be posible to has a kernel 2.2 of woody and a nat configuration (ipmasquerade) ? Could i do it with ipchanis? It can be done; it also has some very specific flaws and limitations that make it less flexible than iptables. What could be this procedure to setup this configuration? Here's a very trimmed-down version of a firewall script I used to use; for a variety of reasons I no longer use this particular script or anything like it on most of my systems. (Among other reasons, all my systems are running 2.4 kernels, and so I'm using iptables instead of ipchains.) You'll need to modify interface names and IPs to your setup, and decide whether to use the kernel TCP tuning listed here (I've never seen problems with it, but...) =BEGIN rc.firewall= #!/bin/sh case $1 in start|stop|restart) # Setting up firewall variables #External Interface EXT_IF=eth0 EXT_IP=10.10.10.24 #Internal Interface INT_IF=eth1 INT_IP=192.168.2.1 #Network stuff INT_NET=192.168.0.0/16 BROADCAST_SRC=0.0.0.0 BROADCAST_DEST=255.255.255.255 CWD=`pwd` echo -n Doing assorted network shiznit... #Disable TCP source routing for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 $f; done #Turn on source address verification for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 $f; done #Disable ICMP redirection for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 $f; done #Turn on packet forwarding (for masquerading) echo 1 /proc/sys/net/ipv4/ip_forward #Turn OFF ICMP replies #echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all #Use TCP SYN cookies echo 1 /proc/sys/net/ipv4/tcp_syncookies #Assorted TCP/IP crap (turning off unused extensions, etc.) echo 30 /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 /proc/sys/net/ipv4/tcp_keepalive_time echo 0 /proc/sys/net/ipv4/tcp_window_scaling echo 0 /proc/sys/net/ipv4/tcp_sack echo 0 /proc/sys/net/ipv4/tcp_timestamps echo done. #Adding masquerading modules to make life easier. echo -n Adding masquerading modules... /sbin/modprobe ip_masq_ftp.o /sbin/modprobe ip_masq_irc.o /sbin/modprobe ip_masq_quake.o /sbin/modprobe ip_masq_raudio.o /sbin/modprobe ip_masq_vdolive.o /sbin/modprobe ip_masq_portfw.o /sbin/modprobe ip_masq_autofw.o /sbin/modprobe ip_masq_user.o echo done. # Check to see how this script was called. case $1 in stop) echo Stopping FIREWALL services. echo -nFlushing chains... /sbin/ipchains -F echo done. echo FIREWALL services stopped. ;; start) echo Starting FIREWALL services. echo -nSetting forwarding rules... /sbin/ipchains -A forward -j MASQ -s $INT_NET echo done. echoSetting input filter rules... echo -n regular input rules... /sbin/ipchains -A input -j ACCEPT -s any/0 domain -p tcp -i $EXT_IF /sbin/ipchains -A input -j ACCEPT -s any/0 domain -p udp -i $EXT_IF /sbin/ipchains -A input -j ACCEPT -s any/0 time -p tcp -i $INT_IF /sbin/ipchains -A input -j ACCEPT -s any/0 time -p udp -i $INT_IF /sbin/ipchains -A input -j REJECT -d $EXT_IP tftp -p udp -i $EXT_IF -l /sbin/ipchains -A input -j REJECT -d $EXT_IP sunrpc -p tcp -i $EXT_IF -l /sbin/ipchains -A input -j REJECT -d $EXT_IP auth -p tcp -i $EXT_IF -l # Since we don't use nntp anyway... /sbin/ipchains -A input -j REJECT -d $EXT_IP nntp -p tcp -i $EXT_IF -l # Samba and friends; we don't want to have anything to do with # these over the public interface /sbin/ipchains -A input -j REJECT -d $EXT_IP 134 -p tcp -i $EXT_IF -l /sbin/ipchains -A input -j REJECT -d $EXT_IP 135
Re: nat ipchains on debian woody
Francisco Castillo wrote: Then i do a apt-get install kernel-image-2.18.14-686, and this installations works fine. Then it puts me a entry on the lilo in order to load the new kernel (the old kernel is a 2.2 original woody, it has a 686 ) but the problem for me now is that when i reboot the kernel can´t load. It give me a kernel panic message , unable to load the boot.1006. It seems like this new kernel dont works on my hard plataform, but it happens the same with the kernel-image.2.18-14-586tsc. This could be true? I've heard of this happening (typically with Compaq servers, for some reason), but I've yet to have it happen to me. If you really want to run a 2.4 kernel, or you really want iptables, you'll probably have to compile a custom kernel. :/ IIRC you *can* use iptables with a 2.2 kernel, but it's a pain to get up and running. How can i Knew what is the soft or version of kernel-image i must use in my hard system? Anyone else? I've found stock kernels work fine for me, but I've occasionally run into hardware that doesn't run with them. Could be posible to has a kernel 2.2 of woody and a nat configuration (ipmasquerade) ? Could i do it with ipchanis? It can be done; it also has some very specific flaws and limitations that make it less flexible than iptables. What could be this procedure to setup this configuration? Here's a very trimmed-down version of a firewall script I used to use; for a variety of reasons I no longer use this particular script or anything like it on most of my systems. (Among other reasons, all my systems are running 2.4 kernels, and so I'm using iptables instead of ipchains.) You'll need to modify interface names and IPs to your setup, and decide whether to use the kernel TCP tuning listed here (I've never seen problems with it, but...) =BEGIN rc.firewall= #!/bin/sh case $1 in start|stop|restart) # Setting up firewall variables #External Interface EXT_IF=eth0 EXT_IP=10.10.10.24 #Internal Interface INT_IF=eth1 INT_IP=192.168.2.1 #Network stuff INT_NET=192.168.0.0/16 BROADCAST_SRC=0.0.0.0 BROADCAST_DEST=255.255.255.255 CWD=`pwd` echo -n Doing assorted network shiznit... #Disable TCP source routing for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 $f; done #Turn on source address verification for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 $f; done #Disable ICMP redirection for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 $f; done #Turn on packet forwarding (for masquerading) echo 1 /proc/sys/net/ipv4/ip_forward #Turn OFF ICMP replies #echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all #Use TCP SYN cookies echo 1 /proc/sys/net/ipv4/tcp_syncookies #Assorted TCP/IP crap (turning off unused extensions, etc.) echo 30 /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 /proc/sys/net/ipv4/tcp_keepalive_time echo 0 /proc/sys/net/ipv4/tcp_window_scaling echo 0 /proc/sys/net/ipv4/tcp_sack echo 0 /proc/sys/net/ipv4/tcp_timestamps echo done. #Adding masquerading modules to make life easier. echo -n Adding masquerading modules... /sbin/modprobe ip_masq_ftp.o /sbin/modprobe ip_masq_irc.o /sbin/modprobe ip_masq_quake.o /sbin/modprobe ip_masq_raudio.o /sbin/modprobe ip_masq_vdolive.o /sbin/modprobe ip_masq_portfw.o /sbin/modprobe ip_masq_autofw.o /sbin/modprobe ip_masq_user.o echo done. # Check to see how this script was called. case $1 in stop) echo Stopping FIREWALL services. echo -nFlushing chains... /sbin/ipchains -F echo done. echo FIREWALL services stopped. ;; start) echo Starting FIREWALL services. echo -nSetting forwarding rules... /sbin/ipchains -A forward -j MASQ -s $INT_NET echo done. echoSetting input filter rules... echo -n regular input rules... /sbin/ipchains -A input -j ACCEPT -s any/0 domain -p tcp -i $EXT_IF /sbin/ipchains -A input -j ACCEPT -s any/0 domain -p udp -i $EXT_IF /sbin/ipchains -A input -j ACCEPT -s any/0 time -p tcp -i $INT_IF /sbin/ipchains -A input -j ACCEPT -s any/0 time -p udp -i $INT_IF /sbin/ipchains -A input -j REJECT -d $EXT_IP tftp -p udp -i $EXT_IF -l /sbin/ipchains -A input -j REJECT -d $EXT_IP sunrpc -p tcp -i $EXT_IF -l /sbin/ipchains -A input -j REJECT -d $EXT_IP auth -p tcp -i $EXT_IF -l # Since we don't use nntp anyway... /sbin/ipchains -A input -j REJECT -d $EXT_IP nntp -p tcp -i $EXT_IF -l # Samba and friends; we don't want to have anything to do with # these over the public interface /sbin/ipchains -A input -j REJECT -d $EXT_IP 134 -p tcp -i $EXT_IF -l /sbin/ipchains -A input -j REJECT -d
Re: nat ipchains on debian woody
Hi, I has installed a lilo on my master record so i ran my debian woody with lilo. Then i do a apt-get install kernel-image-2.18.14-686, and this installations works fine. Then it puts me a entry on the lilo in order to load the new kernel (the old kernel is a 2.2 original woody, it has a 686 ) but the problem for me now is that when i reboot the kernel can´t load. It give me a kernel panic message , unable to load the boot.1006. It seems like this new kernel dont works on my hard plataform, but it happens the same with the kernel-image.2.18-14-586tsc. This could be true? How can i Knew what is the soft or version of kernel-image i must use in my hard system? In other way (because i has had too much problem with the new kernel install) i answer: Could be posible to has a kernel 2.2 of woody and a nat configuration (ipmasquerade) ? Could i do it with ipchanis? What could be this procedure to setup this configuration? Thanks in advance. Francisco. - Original Message - From: Kris Deugau [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 02, 2004 10:55 PM Subject: Re: nat ipchains on debian woody Francisco Castillo wrote: But my problem now is another different. When I installed my woody i put a floppy disk bootting system in order to load my debian woody kernel (this is a large history because i have 2 hard disk on this machine and I cant start debian in a classic lilo) Why not? Does LILO just exit with an error trying to install itself? Does GRUB work (assuming you can find it and get it installed...)? I've yet to meet a system that wouldn't boot off the hard drive eventually, although one or two have had trouble booting certain kernels from CD. , so my bootting disk gone to run my old kernel (2.2) and i dont now how i can create a new floppy disk in order to load the new kernel You need to run mkboot. man mkboot for more details. -kgd -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. - Unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Hi, I has installed a lilo on my master record so i ran my debian woody with lilo. Then i do a apt-get install kernel-image-2.18.14-686, and this installations works fine. Then it puts me a entry on the lilo in order to load the new kernel (the old kernel is a 2.2 original woody, it has a 686 ) but the problem for me now is that when i reboot the kernel can´t load. It give me a kernel panic message , unable to load the boot.1006. It seems like this new kernel dont works on my hard plataform, but it happens the same with the kernel-image.2.18-14-586tsc. This could be true? How can i Knew what is the soft or version of kernel-image i must use in my hard system? In other way (because i has had too much problem with the new kernel install) i answer: Could be posible to has a kernel 2.2 of woody and a nat configuration (ipmasquerade) ? Could i do it with ipchanis? What could be this procedure to setup this configuration? Thanks in advance. Francisco. - Original Message - From: Kris Deugau [EMAIL PROTECTED] To: debian-isp@lists.debian.org Sent: Friday, July 02, 2004 10:55 PM Subject: Re: nat ipchains on debian woody Francisco Castillo wrote: But my problem now is another different. When I installed my woody i put a floppy disk bootting system in order to load my debian woody kernel (this is a large history because i have 2 hard disk on this machine and I cant start debian in a classic lilo) Why not? Does LILO just exit with an error trying to install itself? Does GRUB work (assuming you can find it and get it installed...)? I've yet to meet a system that wouldn't boot off the hard drive eventually, although one or two have had trouble booting certain kernels from CD. , so my bootting disk gone to run my old kernel (2.2) and i dont now how i can create a new floppy disk in order to load the new kernel You need to run mkboot. man mkboot for more details. -kgd -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. - Unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Hi,
I have been outside this days, excuse me to respond later.
Now i have done apt-get install kernel-image-2.4.18... it seems to go fine
because i have see no errors while installing and i has got a /boot/kernel
2.4
But my problem now is another different. When I installed my woody i put a
floppy disk bootting system in order to load my debian woody kernel (this is
a large history because i have 2 hard disk on this machine and I cant start
debian in a classic lilo) , so my bootting disk gone to run my old kernel
(2.2) and i dont now how i can create a new floppy disk in order to load the
new kernel so, this options of create a new floppy disk didnt appear when i
install the kernel-image2.4 package (only offer me to put on my lilo load
system). So in order to solve this problem,
how could i do a new floppy boot disk (i want to save my boot with the old
kernel) to load a new kernel which have been installed on /boot/kernel 2.4
?
Thanks for your previous numerous interested response.
Francisco.
- Original Message -
From: Kris Deugau [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 29, 2004 5:30 PM
Subject: Re: nat ipchains on debian woody
Francisco Castillo wrote:
I'm novice on debian, i have decided recently to change from redhat
or mandrake (fatal experiencie in two years), so excuse my ignorance.
Having recently gone through a similar change, I may be able to help a
little more.
First i dont know how to do this step The first thinng you must do
is to install a kernel with IPTABLES support
Debian Woody (aka stable, currently), installs with a 2.2.x kernel by
default. You'll need to find a 2.4.x kernel- either installed from
source, or from a stock kernel package.
First, install aptitude. It makes life much easier searching for a
particular package IMO.
# apt-get install aptitude
This may bring in a number of other dependencies; some of them will
definitely look a little odd. :/
Run aptitude. Search for kernel packages: press /, then enter
kernel in the search box. Hit Enter. You'll see the display change
in the top section to show a kernel-{something} package. This is
*probably* either the installed kernel, or a kernel-source package. Hit
\ to repeat the search until you find a whole series of
kernel-image-2.{something} packages. You should also be able to use
the arrow keys here to select a package.
I can't offer any particular advice on which 2.4 kernel to install;
I've been using kernel-image-2.4.18-1-686, but there are three or four
others that appear to be IDENTICAL. (WTF? Maybe someone else can
explain that!)
You *may* be able to get a suitable 2.4.x kernel image installed with
apt-get install kernel-image-2.4, but I can't comment on whether that
would actually install a usable kernel for you.
How can I do it ? How can i test if it is on my server?
dpkg -l |grep kern should list any packages with kern in the name or
short description.
Second, I have see this on my server
morpheo:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, iptables is already the newest version.
It seems to be iptables installed but the previos errors said that
iptables where not avaliable.
iptables is not usually available in 2.2-series kernels; ipchains is.
The original error message you got with iptables:
modprobe: Can't locate module ip_tables
iptables v1.2.6a: can't initialize iptables table `nat': iptables
who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
indicates that modprobe was unable to load the kernel module ip_tables.
I've long since switched all systems I administer over to a 2.4-series
kernel; iptables is more flexible than ipchains, and allows (for
instance) connection state tracking for SSH sessions that just go
*through* the NAT host (rather than starting or ending there).
-kgd
--
Sendmail administration is not black magic. There are legitimate
technical reasons why it requires the sacrificing of a live chicken.
- Unknown
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Francisco Castillo wrote: But my problem now is another different. When I installed my woody i put a floppy disk bootting system in order to load my debian woody kernel (this is a large history because i have 2 hard disk on this machine and I cant start debian in a classic lilo) Why not? Does LILO just exit with an error trying to install itself? Does GRUB work (assuming you can find it and get it installed...)? I've yet to meet a system that wouldn't boot off the hard drive eventually, although one or two have had trouble booting certain kernels from CD. , so my bootting disk gone to run my old kernel (2.2) and i dont now how i can create a new floppy disk in order to load the new kernel You need to run mkboot. man mkboot for more details. -kgd -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. - Unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Francisco Castillo wrote: But my problem now is another different. When I installed my woody i put a floppy disk bootting system in order to load my debian woody kernel (this is a large history because i have 2 hard disk on this machine and I cant start debian in a classic lilo) Why not? Does LILO just exit with an error trying to install itself? Does GRUB work (assuming you can find it and get it installed...)? I've yet to meet a system that wouldn't boot off the hard drive eventually, although one or two have had trouble booting certain kernels from CD. , so my bootting disk gone to run my old kernel (2.2) and i dont now how i can create a new floppy disk in order to load the new kernel You need to run mkboot. man mkboot for more details. -kgd -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. - Unknown
Re: nat ipchains on debian woody
Francisco Castillo wrote:
I'm novice on debian, i have decided recently to change from redhat
or mandrake (fatal experiencie in two years), so excuse my ignorance.
Having recently gone through a similar change, I may be able to help a
little more.
First i dont know how to do this step The first thinng you must do
is to install a kernel with IPTABLES support
Debian Woody (aka stable, currently), installs with a 2.2.x kernel by
default. You'll need to find a 2.4.x kernel- either installed from
source, or from a stock kernel package.
First, install aptitude. It makes life much easier searching for a
particular package IMO.
# apt-get install aptitude
This may bring in a number of other dependencies; some of them will
definitely look a little odd. :/
Run aptitude. Search for kernel packages: press /, then enter
kernel in the search box. Hit Enter. You'll see the display change
in the top section to show a kernel-{something} package. This is
*probably* either the installed kernel, or a kernel-source package. Hit
\ to repeat the search until you find a whole series of
kernel-image-2.{something} packages. You should also be able to use
the arrow keys here to select a package.
I can't offer any particular advice on which 2.4 kernel to install;
I've been using kernel-image-2.4.18-1-686, but there are three or four
others that appear to be IDENTICAL. (WTF? Maybe someone else can
explain that!)
You *may* be able to get a suitable 2.4.x kernel image installed with
apt-get install kernel-image-2.4, but I can't comment on whether that
would actually install a usable kernel for you.
How can I do it ? How can i test if it is on my server?
dpkg -l |grep kern should list any packages with kern in the name or
short description.
Second, I have see this on my server
morpheo:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, iptables is already the newest version.
It seems to be iptables installed but the previos errors said that
iptables where not avaliable.
iptables is not usually available in 2.2-series kernels; ipchains is.
The original error message you got with iptables:
modprobe: Can't locate module ip_tables
iptables v1.2.6a: can't initialize iptables table `nat': iptables
who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
indicates that modprobe was unable to load the kernel module ip_tables.
I've long since switched all systems I administer over to a 2.4-series
kernel; iptables is more flexible than ipchains, and allows (for
instance) connection state tracking for SSH sessions that just go
*through* the NAT host (rather than starting or ending there).
-kgd
--
Sendmail administration is not black magic. There are legitimate
technical reasons why it requires the sacrificing of a live chicken.
- Unknown
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ttysnoop openssh woody
On Sun, Jun 27, 2004 at 02:35:55PM -0400, Dan MacNeil said The primary goal is collaberation not spying so I could setup telnet limited to local host follow the fine man, but this seems an extra step... Screen does an excellent job of this; read the multiuser session section of it's info page for more information. -- Words of the day: Freeh emc PLO NSA CIDA CISU UK Elvis csim sniper genetic signature.asc Description: Digital signature
..wee nit on nat ipchains on debian woody
On Mon, 28 Jun 2004 15:09:09 -0500, Enrique wrote in message [EMAIL PROTECTED]: On Mon, 28 Jun 2004 21:35:40 +0200 Christoph Löffler [EMAIL PROTECTED] wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2.4. ..here I guess you _meant_ to say ipchains is not recommendable for kernels after 2.2, to match what I guess you say in Spanish: ;-) ---/\/\/\-/\/\-- Lo primero que tienes que hacer es bajar un kernel que soporte iptables, ipchains esta desconntinuado. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
Re: nat ipchains on debian woody
Francisco Castillo wrote:
I'm novice on debian, i have decided recently to change from redhat
or mandrake (fatal experiencie in two years), so excuse my ignorance.
Having recently gone through a similar change, I may be able to help a
little more.
First i dont know how to do this step The first thinng you must do
is to install a kernel with IPTABLES support
Debian Woody (aka stable, currently), installs with a 2.2.x kernel by
default. You'll need to find a 2.4.x kernel- either installed from
source, or from a stock kernel package.
First, install aptitude. It makes life much easier searching for a
particular package IMO.
# apt-get install aptitude
This may bring in a number of other dependencies; some of them will
definitely look a little odd. :/
Run aptitude. Search for kernel packages: press /, then enter
kernel in the search box. Hit Enter. You'll see the display change
in the top section to show a kernel-{something} package. This is
*probably* either the installed kernel, or a kernel-source package. Hit
\ to repeat the search until you find a whole series of
kernel-image-2.{something} packages. You should also be able to use
the arrow keys here to select a package.
I can't offer any particular advice on which 2.4 kernel to install;
I've been using kernel-image-2.4.18-1-686, but there are three or four
others that appear to be IDENTICAL. (WTF? Maybe someone else can
explain that!)
You *may* be able to get a suitable 2.4.x kernel image installed with
apt-get install kernel-image-2.4, but I can't comment on whether that
would actually install a usable kernel for you.
How can I do it ? How can i test if it is on my server?
dpkg -l |grep kern should list any packages with kern in the name or
short description.
Second, I have see this on my server
morpheo:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, iptables is already the newest version.
It seems to be iptables installed but the previos errors said that
iptables where not avaliable.
iptables is not usually available in 2.2-series kernels; ipchains is.
The original error message you got with iptables:
modprobe: Can't locate module ip_tables
iptables v1.2.6a: can't initialize iptables table `nat': iptables
who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
indicates that modprobe was unable to load the kernel module ip_tables.
I've long since switched all systems I administer over to a 2.4-series
kernel; iptables is more flexible than ipchains, and allows (for
instance) connection state tracking for SSH sessions that just go
*through* the NAT host (rather than starting or ending there).
-kgd
--
Sendmail administration is not black magic. There are legitimate
technical reasons why it requires the sacrificing of a live chicken.
- Unknown
Re: ttysnoop openssh woody
On Sun, Jun 27, 2004 at 02:35:55PM -0400, Dan MacNeil said The primary goal is collaberation not spying so I could setup telnet limited to local host follow the fine man, but this seems an extra step... Screen does an excellent job of this; read the multiuser session section of it's info page for more information. -- Words of the day: Freeh emc PLO NSA CIDA CISU UK Elvis csim sniper genetic signature.asc Description: Digital signature
..wee nit on nat ipchains on debian woody
On Mon, 28 Jun 2004 15:09:09 -0500, Enrique wrote in message [EMAIL PROTECTED]: On Mon, 28 Jun 2004 21:35:40 +0200 Christoph Löffler [EMAIL PROTECTED] wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2.4. ..here I guess you _meant_ to say ipchains is not recommendable for kernels after 2.2, to match what I guess you say in Spanish: ;-) ---/\/\/\-/\/\-- Lo primero que tienes que hacer es bajar un kernel que soporte iptables, ipchains esta desconntinuado. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
nat ipchains on debian woody
Hello Gurus, I have installed a debian woody with to interfaces eth0 and eth1. I has configuredthe internet conexionon eth0 which has got a static ip on internet. And on eth1 i want to put a interface to do a proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it). I have read doc to do it but when i apply this doc i have a "your kernel seems to not support ipchains" messages when i try to do this. After this i have a 192.168.0.1 ip on eth1 but my pc´s on the internal lan can´t have internet access througth the eth0 (internet conexion). Ithink that the problem is that the kernel do not have a ipmasquerade support (NAT suppport), so i think that this is the only steep i need to do in order to apply correct the steps of the configuration that i has a problem with. So Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? What do exactly the command "apt-get install ipmasq" in this context ? Thanks in advance, Francisco.
Re: nat ipchains on debian woody
Have you tried iptables instead? If your kernel supports iptables, then: echo 1 /proc/sys/net/ipv4/ip_forward echo 1 /proc/sys/net/ipv4/conf/$both_eth_devs/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j MASQUERADE iptables also does the firewalling in other chains, btw Mark --- Francisco Castillo [EMAIL PROTECTED] wrote: Hello Gurus, I have installed a debian woody with to interfaces eth0 and eth1. I has configured the internet conexion on eth0 which has got a static ip on internet. And on eth1 i want to put a interface to do a proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it). I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. After this i have a 192.168.0.1 ip on eth1 but my pc´s on the internal lan can´t have internet access througth the eth0 (internet conexion). I think that the problem is that the kernel do not have a ipmasquerade support (NAT suppport), so i think that this is the only steep i need to do in order to apply correct the steps of the configuration that i has a problem with. So Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? What do exactly the command apt-get install ipmasq in this context ? Thanks in advance, Francisco. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Hi Mark, I have test your script but my woody give me this response: morpheo:~# cat compartir2 echo 1 /proc/sys/net/ipv4/ip_forward echo 1 /proc/sys/net/ipv4/conf/eth0/rp_filter echo 1 /proc/sys/net/ipv4/conf/eth1/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j MASQUERADE morpheo:~# ./compartir2 modprobe: Can't locate module ip_tables iptables v1.2.6a: can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. morpheo:~# What can i do to solve this new issue? My fisrt script which use ipchains was this: morpheo:~# cat compartir echo 1 /proc/sys/net/ipv4/ip_forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -j MASQ -s 192.168.0.0/16 Thanks in advance, - Original Message - From: MB [EMAIL PROTECTED] To: Francisco Castillo [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, June 28, 2004 9:16 PM Subject: Re: nat ipchains on debian woody Have you tried iptables instead? If your kernel supports iptables, then: echo 1 /proc/sys/net/ipv4/ip_forward echo 1 /proc/sys/net/ipv4/conf/$both_eth_devs/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j MASQUERADE iptables also does the firewalling in other chains, btw Mark --- Francisco Castillo [EMAIL PROTECTED] wrote: Hello Gurus, I have installed a debian woody with to interfaces eth0 and eth1. I has configured the internet conexion on eth0 which has got a static ip on internet. And on eth1 i want to put a interface to do a proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it). I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. After this i have a 192.168.0.1 ip on eth1 but my pc´s on the internal lan can´t have internet access througth the eth0 (internet conexion). I think that the problem is that the kernel do not have a ipmasquerade support (NAT suppport), so i think that this is the only steep i need to do in order to apply correct the steps of the configuration that i has a problem with. So Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? What do exactly the command apt-get install ipmasq in this context ? Thanks in advance, Francisco. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
On Mon, 28 Jun 2004 21:35:40 +0200 Christoph Löffler [EMAIL PROTECTED] wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2.4. The kernel packages of woody distro have this support Next you MUST install iptables: ip-tables apt-get install iptables Then you should enable ip forward and ipfilter, with the instructions early mentioned by Mark, but if you want to run a proxy ip forward is not necesary You must read a lot of documentation of Squid and IPtables Enrique Dorantes Ahora en español, Hola franciso: Lo primero que tienes que hacer es bajar un kernel que soporte iptables, ipchains esta desconntinuado. Despues tienes que instalar ip-tables apt-get install iptables Deespues hacer lo que te indicaron con anterioridad habilitar el ip forward quee no es necesario si vas a poner un proxxy y el ipfilter. Hay que leer mucha documentaciion de Squid y de IPtabless. Saludos Enrique Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Enrique, Im novice on debian, i have decided recently to change from redhat or mandrake (fatal experiencie in two years), so excuse my ignorance. First i dont know how to do this step The first thinng you must do is to install a kernel with IPTABLES support How can I do it ? How can i test if it is on my server? Second, I have see this on my server morpheo:~# apt-get install iptables Reading Package Lists... Done Building Dependency Tree... Done Sorry, iptables is already the newest version. 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. morpheo:~# It seems to be iptables installed but the previos errors said that iptables where not avaliable. Thanks in advance, and for your spanish response, I have a poor english too, Francisco. - Original Message - From: Enrique Dorantes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 28, 2004 10:09 PM Subject: Re: nat ipchains on debian woody On Mon, 28 Jun 2004 21:35:40 +0200 Christoph Lffler [EMAIL PROTECTED] wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2.4. The kernel packages of woody distro have this support Next you MUST install iptables: ip-tables apt-get install iptables Then you should enable ip forward and ipfilter, with the instructions early mentioned by Mark, but if you want to run a proxy ip forward is not necesary You must read a lot of documentation of Squid and IPtables Enrique Dorantes Ahora en espaol, Hola franciso: Lo primero que tienes que hacer es bajar un kernel que soporte iptables, ipchains esta desconntinuado. Despues tienes que instalar ip-tables apt-get install iptables Deespues hacer lo que te indicaron con anterioridad habilitar el ip forward quee no es necesario si vas a poner un proxxy y el ipfilter. Hay que leer mucha documentaciion de Squid y de IPtabless. Saludos Enrique Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Christoph, You are right. Looks like he should also modprobe or insmod iptables and many other modules. I insmod a whole list of routing modules: ipt_REDIRECT ipt_MASQUERADE iptable_mangle iptable_nat ipt_REJECT iptable_filter ip_tables ( and some others... ) Mark --- Enrique Dorantes [EMAIL PROTECTED] wrote: On Mon, 28 Jun 2004 21:35:40 +0200 Christoph Löffler [EMAIL PROTECTED] wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2.4. The kernel packages of woody distro have this support Next you MUST install iptables: ip-tables apt-get install iptables Then you should enable ip forward and ipfilter, with the instructions early mentioned by Mark, but if you want to run a proxy ip forward is not necesary You must read a lot of documentation of Squid and IPtables Enrique Dorantes Ahora en español, Hola franciso: Lo primero que tienes que hacer es bajar un kernel que soporte iptables, ipchains esta desconntinuado. Despues tienes que instalar ip-tables apt-get install iptables Deespues hacer lo que te indicaron con anterioridad habilitar el ip forward quee no es necesario si vas a poner un proxxy y el ipfilter. Hay que leer mucha documentaciion de Squid y de IPtabless. Saludos Enrique Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Hola Francisco Francisco Castillo wrote: Enrique, Im novice on debian, i have decided recently to change from redhat or mandrake (fatal experiencie in two years), so excuse my ignorance. First i dont know how to do this step The first thinng you must do is to install a kernel with IPTABLES support How can I do it ? How can i test if it is on my server? all stock kernels 2.4.x have iptables support. if you would compile one for your needs you must make sure that iptables support is checked. But for the kernel images you can install with apt this is true. perhaps it helps you to test some things with helper scripts. you can search the available packages with apt-cache search debian:~# apt-cache search iptables |less acidlab - Analysis Console for Intrusion Databases ferm - maintain and setup complicated firewall rules firewall-easy - Easy to use packet filter firewall (usually zero config) fwanalog - iptables log-file report generator (using analog) fwbuilder-iptables - Linux iptables policy compiler for Firewall Builder fwlogwatch - Firewall log analyzer ipac-ng - IP Accounting for iptables( kernel =2.4) ipmenu - A cursel iptables/iproute2 GUI kernel-patch-ttl - TTL matching and setting kernel-patch-ulog - Netfilter userspace logging patch. knetfilter - A GUI for configuring the 2.4 kernel IP Tables ulogd - The Userspace Logging Daemon iptables - Linux kernel 2.4+ iptables administration tools iptables-dev - development files for iptable's libipq and libiptc reaim - Enable AIM and MSN file transfer on Linux iptables based NAT shorewall - Shoreline Firewall (Shorewall) shorewall-doc - Shoreline Firewall (Shorewall) Documentation then apt-cache show tells you more on a specific package: i.e.: apt-cache show shorewall perhaps you can install this and look how it works. read the documentation and look at the source to see what is installed by a package do dpkg -L shorewall | less greetings chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
nat ipchains on debian woody
Hello Gurus, I have installed a debian woody with to interfaces eth0 and eth1. I has configuredthe internet conexionon eth0 which has got a static ip on internet. And on eth1 i want to put a interface to do a proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it). I have read doc to do it but when i apply this doc i have a "your kernel seems to not support ipchains" messages when i try to do this. After this i have a 192.168.0.1 ip on eth1 but my pc´s on the internal lan can´t have internet access througth the eth0 (internet conexion). Ithink that the problem is that the kernel do not have a ipmasquerade support (NAT suppport), so i think that this is the only steep i need to do in order to apply correct the steps of the configuration that i has a problem with. So Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? What do exactly the command "apt-get install ipmasq" in this context ? Thanks in advance, Francisco.
Re: nat ipchains on debian woody
Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris
Re: nat ipchains on debian woody
Hi Mark, I have test your script but my woody give me this response: morpheo:~# cat compartir2 echo 1 /proc/sys/net/ipv4/ip_forward echo 1 /proc/sys/net/ipv4/conf/eth0/rp_filter echo 1 /proc/sys/net/ipv4/conf/eth1/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j MASQUERADE morpheo:~# ./compartir2 modprobe: Can't locate module ip_tables iptables v1.2.6a: can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. morpheo:~# What can i do to solve this new issue? My fisrt script which use ipchains was this: morpheo:~# cat compartir echo 1 /proc/sys/net/ipv4/ip_forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -j MASQ -s 192.168.0.0/16 Thanks in advance, - Original Message - From: MB [EMAIL PROTECTED] To: Francisco Castillo [EMAIL PROTECTED]; debian-isp@lists.debian.org Sent: Monday, June 28, 2004 9:16 PM Subject: Re: nat ipchains on debian woody Have you tried iptables instead? If your kernel supports iptables, then: echo 1 /proc/sys/net/ipv4/ip_forward echo 1 /proc/sys/net/ipv4/conf/$both_eth_devs/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j MASQUERADE iptables also does the firewalling in other chains, btw Mark --- Francisco Castillo [EMAIL PROTECTED] wrote: Hello Gurus, I have installed a debian woody with to interfaces eth0 and eth1. I has configured the internet conexion on eth0 which has got a static ip on internet. And on eth1 i want to put a interface to do a proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it). I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. After this i have a 192.168.0.1 ip on eth1 but my pc´s on the internal lan can´t have internet access througth the eth0 (internet conexion). I think that the problem is that the kernel do not have a ipmasquerade support (NAT suppport), so i think that this is the only steep i need to do in order to apply correct the steps of the configuration that i has a problem with. So Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? What do exactly the command apt-get install ipmasq in this context ? Thanks in advance, Francisco.
Re: nat ipchains on debian woody
On Mon, 28 Jun 2004 21:35:40 +0200 Christoph Löffler [EMAIL PROTECTED] wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2.4. The kernel packages of woody distro have this support Next you MUST install iptables: ip-tables apt-get install iptables Then you should enable ip forward and ipfilter, with the instructions early mentioned by Mark, but if you want to run a proxy ip forward is not necesary You must read a lot of documentation of Squid and IPtables Enrique Dorantes Ahora en español, Hola franciso: Lo primero que tienes que hacer es bajar un kernel que soporte iptables, ipchains esta desconntinuado. Despues tienes que instalar ip-tables apt-get install iptables Deespues hacer lo que te indicaron con anterioridad habilitar el ip forward quee no es necesario si vas a poner un proxxy y el ipfilter. Hay que leer mucha documentaciion de Squid y de IPtabless. Saludos Enrique Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Enrique, Im novice on debian, i have decided recently to change from redhat or mandrake (fatal experiencie in two years), so excuse my ignorance. First i dont know how to do this step The first thinng you must do is to install a kernel with IPTABLES support How can I do it ? How can i test if it is on my server? Second, I have see this on my server morpheo:~# apt-get install iptables Reading Package Lists... Done Building Dependency Tree... Done Sorry, iptables is already the newest version. 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. morpheo:~# It seems to be iptables installed but the previos errors said that iptables where not avaliable. Thanks in advance, and for your spanish response, I have a poor english too, Francisco. - Original Message - From: Enrique Dorantes [EMAIL PROTECTED] To: debian-isp@lists.debian.org Sent: Monday, June 28, 2004 10:09 PM Subject: Re: nat ipchains on debian woody On Mon, 28 Jun 2004 21:35:40 +0200 Christoph Lffler [EMAIL PROTECTED] wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2.4. The kernel packages of woody distro have this support Next you MUST install iptables: ip-tables apt-get install iptables Then you should enable ip forward and ipfilter, with the instructions early mentioned by Mark, but if you want to run a proxy ip forward is not necesary You must read a lot of documentation of Squid and IPtables Enrique Dorantes Ahora en espaol, Hola franciso: Lo primero que tienes que hacer es bajar un kernel que soporte iptables, ipchains esta desconntinuado. Despues tienes que instalar ip-tables apt-get install iptables Deespues hacer lo que te indicaron con anterioridad habilitar el ip forward quee no es necesario si vas a poner un proxxy y el ipfilter. Hay que leer mucha documentaciion de Squid y de IPtabless. Saludos Enrique Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Christoph, You are right. Looks like he should also modprobe or insmod iptables and many other modules. I insmod a whole list of routing modules: ipt_REDIRECT ipt_MASQUERADE iptable_mangle iptable_nat ipt_REJECT iptable_filter ip_tables ( and some others... ) Mark --- Enrique Dorantes [EMAIL PROTECTED] wrote: On Mon, 28 Jun 2004 21:35:40 +0200 Christoph Löffler [EMAIL PROTECTED] wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2.4. The kernel packages of woody distro have this support Next you MUST install iptables: ip-tables apt-get install iptables Then you should enable ip forward and ipfilter, with the instructions early mentioned by Mark, but if you want to run a proxy ip forward is not necesary You must read a lot of documentation of Squid and IPtables Enrique Dorantes Ahora en español, Hola franciso: Lo primero que tienes que hacer es bajar un kernel que soporte iptables, ipchains esta desconntinuado. Despues tienes que instalar ip-tables apt-get install iptables Deespues hacer lo que te indicaron con anterioridad habilitar el ip forward quee no es necesario si vas a poner un proxxy y el ipfilter. Hay que leer mucha documentaciion de Squid y de IPtabless. Saludos Enrique Hello Francisco, Francisco Castillo wrote: I have read doc to do it but when i apply this doc i have a your kernel seems to not support ipchains messages when i try to do this. For what reason do you want to use ipchains? If you just set up debian successfully i think you have also an actual kernel ( 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nat ipchains on debian woody
Hola Francisco Francisco Castillo wrote: Enrique, Im novice on debian, i have decided recently to change from redhat or mandrake (fatal experiencie in two years), so excuse my ignorance. First i dont know how to do this step The first thinng you must do is to install a kernel with IPTABLES support How can I do it ? How can i test if it is on my server? all stock kernels 2.4.x have iptables support. if you would compile one for your needs you must make sure that iptables support is checked. But for the kernel images you can install with apt this is true. perhaps it helps you to test some things with helper scripts. you can search the available packages with apt-cache search debian:~# apt-cache search iptables |less acidlab - Analysis Console for Intrusion Databases ferm - maintain and setup complicated firewall rules firewall-easy - Easy to use packet filter firewall (usually zero config) fwanalog - iptables log-file report generator (using analog) fwbuilder-iptables - Linux iptables policy compiler for Firewall Builder fwlogwatch - Firewall log analyzer ipac-ng - IP Accounting for iptables( kernel =2.4) ipmenu - A cursel iptables/iproute2 GUI kernel-patch-ttl - TTL matching and setting kernel-patch-ulog - Netfilter userspace logging patch. knetfilter - A GUI for configuring the 2.4 kernel IP Tables ulogd - The Userspace Logging Daemon iptables - Linux kernel 2.4+ iptables administration tools iptables-dev - development files for iptable's libipq and libiptc reaim - Enable AIM and MSN file transfer on Linux iptables based NAT shorewall - Shoreline Firewall (Shorewall) shorewall-doc - Shoreline Firewall (Shorewall) Documentation then apt-cache show tells you more on a specific package: i.e.: apt-cache show shorewall perhaps you can install this and look how it works. read the documentation and look at the source to see what is installed by a package do dpkg -L shorewall | less greetings chris
ttysnoop openssh woody
Does anyone have a recipe for getting ttysnoop working with openssh on woody w/o recompiling openssh? This guide: http://64.233.161.104/search?q=cache:ieeFRmtUJ-AJ:www.forty-two.nl/documentation/HOWTOOPENSSHwithTTYSNOOP.pdf+ttysnoop/++ssh+snooptab++login+programhl=enlr=lang_en ...will do it but I am too lazy to recompile open ssh. The primary goal is collaberation not spying so I could setup telnet limited to local host follow the fine man, but this seems an extra step... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ttysnoop openssh woody
Does anyone have a recipe for getting ttysnoop working with openssh on woody w/o recompiling openssh? This guide: http://64.233.161.104/search?q=cache:ieeFRmtUJ-AJ:www.forty-two.nl/documentation/HOWTOOPENSSHwithTTYSNOOP.pdf+ttysnoop/++ssh+snooptab++login+programhl=enlr=lang_en ...will do it but I am too lazy to recompile open ssh. The primary goal is collaberation not spying so I could setup telnet limited to local host follow the fine man, but this seems an extra step...
Re: Re: module via-rhine for woody (3.0) using both onboard LANs on a VIA-EPIA mini-ITX CL1000 motherboard
Sorry... I just realised that there's a debian package modules-scyld-source-0.1 Juan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: module via-rhine for woody (3.0) using both onboard LANs on a VIA-EPIA mini-ITX CL1000 motherboard
Sorry... I just realised that there's a debian package modules-scyld-source-0.1 Juan
Re: module via-rhine for woody (3.0) using both onboard LANs on a VIA-EPIA mini-ITX CL1000 motherboard
can anybody send me the .c files referred? (I coudn't get them from www.scyld.com) cheers, Juan
woody stable and imagemagick
Hi, we're running debian woody stable and are currently building a photo album with apache+mod_perl+imagemagick. Preliminary tests indicate that the thumbnails generated by IM are rather large. Doing the same transformations with IM 5.5.7 make them a lot smaller, so i'm trying to upgrade IM to a more recent version. However, I'm running into problems I do not know how to handle: I found backports at www.apt-get.org, but they do not have some of the required libraries. Using the version from unstable or testing scares me because it means libc is going to be upgraded, as well as perl (and I definitely don't want that). Can anyone tell me if it is possible to install Imagemagick 5.5.7 on debian stable, without having to upgrade all kinds of other stuff? Thanks in advance, Rhesa Rozendaal www.exposuremanager.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody stable and imagemagick
On Wed, 2004-03-03 at 13:30, Rhesa Rozendaal wrote: Hi, we're running debian woody stable and are currently building a photo album with apache+mod_perl+imagemagick. Preliminary tests indicate that the thumbnails generated by IM are rather large. Doing the same transformations with IM 5.5.7 make them a lot smaller, so i'm trying to upgrade IM to a more recent version. Another thing you might want to try (if they're digital photos) is stripping the EXIF headers/thumbnails with jhead. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part
woody stable and imagemagick
Hi, we're running debian woody stable and are currently building a photo album with apache+mod_perl+imagemagick. Preliminary tests indicate that the thumbnails generated by IM are rather large. Doing the same transformations with IM 5.5.7 make them a lot smaller, so i'm trying to upgrade IM to a more recent version. However, I'm running into problems I do not know how to handle: I found backports at www.apt-get.org, but they do not have some of the required libraries. Using the version from unstable or testing scares me because it means libc is going to be upgraded, as well as perl (and I definitely don't want that). Can anyone tell me if it is possible to install Imagemagick 5.5.7 on debian stable, without having to upgrade all kinds of other stuff? Thanks in advance, Rhesa Rozendaal www.exposuremanager.com
Re: woody stable and imagemagick
On Wed, 2004-03-03 at 13:30, Rhesa Rozendaal wrote: Hi, we're running debian woody stable and are currently building a photo album with apache+mod_perl+imagemagick. Preliminary tests indicate that the thumbnails generated by IM are rather large. Doing the same transformations with IM 5.5.7 make them a lot smaller, so i'm trying to upgrade IM to a more recent version. Another thing you might want to try (if they're digital photos) is stripping the EXIF headers/thumbnails with jhead. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part
module via-rhine for woody (3.0) using both onboard LANs on a VIA-EPIA mini-ITX CL1000 motherboard
This is just a report for the archives, skip unless you've been watching this saga. As members of netdrivers, debian-users and debian-isp know, I was failing to get the three ethernet ports I need to use a VIA EPIA CL1000 working as a replacement home firewall. Since it is an internet-facing firewall, I wanted to stay with Debian stable, preferably not even going for a backports.org kernel upgrade so as to be sure that debian security upgrades would keep working for me. Thanks to a lot of people, ultimately Nick Jacobs, I have this working I'm documenting this for all three list archives as I suspect I won't be the last to have difficulties here and as the solution is fairly easy in the end, but hell to find if you can't see what's wrong, and the final product is nice to have. First thing: you must have the LANs switched on in the BIOS (not the LAN ROM: that attempts DHCP from the BIOS). Next: the driver for the dual port VT6103/6105 ethernet controller that is on this motherboard needs the via-rhine driver available from Scyld at http://www.scyld.com/network/updates.html#pci-scan thanks to Donald Becker. The via-rhine driver is in all the kernel images for woody. I started with the bf24 install, i.e. kernel 2.4.18-bf2.4. However, none of the woody kernels (except possibly the 2.4.19 which is only in the distro as source as far as I can see) are sufficiently recent to detect both LAN ports. So you have to compile your own new driver. To do this you download from scyld: via-rhine.c pci-scan.c pci-scan.h kern-compat.h or contact me and I'll send you slightly hacked ones (see below). Now (thanks Nick) you copy your kernel header module.h and version.h to wherever you're compiling your new driver and you edit them: Change the 1st line of version.h in your local copy to #define UTS_RELEASE 2.4.18-bf2.4 (replacing 2.4.18) n module.h, replace the line #include linux/version.h with #include version.h (So that it will use the local copy: for those who've never touched C hashed lines aren't comments, they're handled precompilation, references in angle brackets are sought relative to the include location the compiler is using and those just in quotes are absolute.) In via-rhine.c and pci-scan.c replace: #include linux/version.h wiith #include version.h and #include linux/module.h with #include module.h (again so that it will use the local copies). In addition, I found that I now needed to hard code the location of modversions.h so lines that had called that now refer to: /usr/src/kernel-headers-2.4.18-bf2.4/include/linux/modversions.h not to linux/modversions.h you compile with gcc -DMODULE -D__KERNEL__ -DEXPORT_SYMTAB -Wall \ -Wstrict-prototypes -O6 -c pci-scan.c \ -I /usr/src/kernel-headers-2.4.18-1/include gcc -DMODULE -Wall -Wstrict-prototypes -O6 -c via-rhine.c \ -I /usr/src/kernel-headers-2.4.18-1/include/ (I've used the backslashes to indicate line continuation) You get a warning both times: /kernel-headers-2.4.18-1/include In file included from module.h:297, from pci-scan.c:56: /usr/include/linux/version.h:1: warning: `UTS_RELEASE' redefined version.h:1: warning: this is the location of the previous definition but the via-rhine.o and pci-scan.o that you get are good and can be copied to where they need to be: cp *.o /lib/modules/2.4.18-bf2.4/kernel/drivers/net/ and then depmod and modprobe via-rhine should show things working fine and you can put via-rhine in /etc/modules to get it loaded at boot Clearly if you're using a different kernel, you'll have to modify some of the header locations above but this should work. Now to sort out booting from a software RAID-1 array of two drives and install shorewall and a few other things from the old machine and I'll have the robust, near silent, firewall I want! Thanks again to everyone who helped and to everyone who offered advice on multiport LAN cards: for now I think I can avoid that extra expense. Chris PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling and Therapeutic Communities; practice, research, teaching and consultancy. Chris Evans Jo-anne Carlyle http://psyctc.org/ Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
module via-rhine for woody (3.0) using both onboard LANs on a VIA-EPIA mini-ITX CL1000 motherboard
This is just a report for the archives, skip unless you've been watching this saga. As members of netdrivers, debian-users and debian-isp know, I was failing to get the three ethernet ports I need to use a VIA EPIA CL1000 working as a replacement home firewall. Since it is an internet-facing firewall, I wanted to stay with Debian stable, preferably not even going for a backports.org kernel upgrade so as to be sure that debian security upgrades would keep working for me. Thanks to a lot of people, ultimately Nick Jacobs, I have this working I'm documenting this for all three list archives as I suspect I won't be the last to have difficulties here and as the solution is fairly easy in the end, but hell to find if you can't see what's wrong, and the final product is nice to have. First thing: you must have the LANs switched on in the BIOS (not the LAN ROM: that attempts DHCP from the BIOS). Next: the driver for the dual port VT6103/6105 ethernet controller that is on this motherboard needs the via-rhine driver available from Scyld at http://www.scyld.com/network/updates.html#pci-scan thanks to Donald Becker. The via-rhine driver is in all the kernel images for woody. I started with the bf24 install, i.e. kernel 2.4.18-bf2.4. However, none of the woody kernels (except possibly the 2.4.19 which is only in the distro as source as far as I can see) are sufficiently recent to detect both LAN ports. So you have to compile your own new driver. To do this you download from scyld: via-rhine.c pci-scan.c pci-scan.h kern-compat.h or contact me and I'll send you slightly hacked ones (see below). Now (thanks Nick) you copy your kernel header module.h and version.h to wherever you're compiling your new driver and you edit them: Change the 1st line of version.h in your local copy to #define UTS_RELEASE 2.4.18-bf2.4 (replacing 2.4.18) n module.h, replace the line #include linux/version.h with #include version.h (So that it will use the local copy: for those who've never touched C hashed lines aren't comments, they're handled precompilation, references in angle brackets are sought relative to the include location the compiler is using and those just in quotes are absolute.) In via-rhine.c and pci-scan.c replace: #include linux/version.h wiith #include version.h and #include linux/module.h with #include module.h (again so that it will use the local copies). In addition, I found that I now needed to hard code the location of modversions.h so lines that had called that now refer to: /usr/src/kernel-headers-2.4.18-bf2.4/include/linux/modversions.h not to linux/modversions.h you compile with gcc -DMODULE -D__KERNEL__ -DEXPORT_SYMTAB -Wall \ -Wstrict-prototypes -O6 -c pci-scan.c \ -I /usr/src/kernel-headers-2.4.18-1/include gcc -DMODULE -Wall -Wstrict-prototypes -O6 -c via-rhine.c \ -I /usr/src/kernel-headers-2.4.18-1/include/ (I've used the backslashes to indicate line continuation) You get a warning both times: /kernel-headers-2.4.18-1/include In file included from module.h:297, from pci-scan.c:56: /usr/include/linux/version.h:1: warning: `UTS_RELEASE' redefined version.h:1: warning: this is the location of the previous definition but the via-rhine.o and pci-scan.o that you get are good and can be copied to where they need to be: cp *.o /lib/modules/2.4.18-bf2.4/kernel/drivers/net/ and then depmod and modprobe via-rhine should show things working fine and you can put via-rhine in /etc/modules to get it loaded at boot Clearly if you're using a different kernel, you'll have to modify some of the header locations above but this should work. Now to sort out booting from a software RAID-1 array of two drives and install shorewall and a few other things from the old machine and I'll have the robust, near silent, firewall I want! Thanks again to everyone who helped and to everyone who offered advice on multiport LAN cards: for now I think I can avoid that extra expense. Chris PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling and Therapeutic Communities; practice, research, teaching and consultancy. Chris Evans Jo-anne Carlyle http://psyctc.org/ Email: [EMAIL PROTECTED]
Re: Woody on Proliant ML350 G3 (smartarray 641)
Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. I don't know for sure about the RAID controller [1] but to get the NIC in a ProLiant DL380G3 (a BMC57xx too) working I compiled the driver from Broadcom against a 2.4.18-bf24 source. This way I get modules which can be used with the woody bf24 kernel so I can setup the system and download a newer kernel to the system. Beginning with 2.4.19 you can use the tg3.o module supplied by the kernel... You can grab the compiled modules from my repository (http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/) or the source directly from Broadcom (http://www.broadcom.com/drivers/) [1] It may work with the cciss module just as the SmartArray 5i does - but I read somewhere about a bug in the driver which wasn't fixed until 2.4.21. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody on Proliant ML350 G3 (smartarray 641)
On Thu, 2004-02-12 at 09:00, Markus Oswald wrote: Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. Woody works just fine on an ML350 with SmartArray 641 - I had to install on one last year and it was great fortitude that kernel 2.4.21 had just been released a little while beforehand, because only 2.4.21 and above supports the SmartArray 64x series RAID controllers. I would imagine some kind soul somewhere has created a mini-install CD for the Compaqs as many people have done for Dell equipment. Cheers, Gavin. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody on Proliant ML350 G3 (smartarray 641)
On Thu, 2004-02-12 at 10:00, Markus Oswald wrote: Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. As of kernel 2.4.23/4 i have been getting some problems with the bcm5700 driver (card's not detected and other things) so i would recommend using the tg3 drivers. I don't know for sure about the RAID controller [1] but to get the NIC in a ProLiant DL380G3 (a BMC57xx too) working I compiled the driver from Broadcom against a 2.4.18-bf24 source. This way I get modules which can be used with the woody bf24 kernel so I can setup the system and download a newer kernel to the system. Beginning with 2.4.19 you can use the tg3.o module supplied by the kernel... You can grab the compiled modules from my repository (http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/) or the source directly from Broadcom (http://www.broadcom.com/drivers/) [1] It may work with the cciss module just as the SmartArray 5i does - Please note that with the standard Debian 3.0 cd the SmartArray only works in single channel mode. If you use a dual channel config you will get a error like 'can't get controller into duplex mode'. I don't know if this if also true for the 641, but since it uses the same driver i think it is. Another thing with the DL380G3 (and maybe also the ML350) is that the (raid) performance is very disappointing. This might have something todo with hyperthreading / SMP. But i am not sure. I have tested with a single CPU and in some cases the performance was (much) better. but I read somewhere about a bug in the driver which wasn't fixed until 2.4.21. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody on Proliant ML350 G3 (smartarray 641)
Peter Visser wrote: On Thu, 2004-02-12 at 10:00, Markus Oswald wrote: Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. As of kernel 2.4.23/4 i have been getting some problems with the bcm5700 driver (card's not detected and other things) so i would recommend using the tg3 drivers. I don't know for sure about the RAID controller [1] but to get the NIC in a ProLiant DL380G3 (a BMC57xx too) working I compiled the driver from Broadcom against a 2.4.18-bf24 source. This way I get modules which can be used with the woody bf24 kernel so I can setup the system and download a newer kernel to the system. Beginning with 2.4.19 you can use the tg3.o module supplied by the kernel... You can grab the compiled modules from my repository (http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/) or the source directly from Broadcom (http://www.broadcom.com/drivers/) [1] It may work with the cciss module just as the SmartArray 5i does - Please note that with the standard Debian 3.0 cd the SmartArray only works in single channel mode. If you use a dual channel config you will get a error like 'can't get controller into duplex mode'. I don't know if this if also true for the 641, but since it uses the same driver i think it is. Another thing with the DL380G3 (and maybe also the ML350) is that the (raid) performance is very disappointing. This might have something todo with hyperthreading / SMP. But i am not sure. I have tested with a single CPU and in some cases the performance was (much) better. There are older threads in this mailing list about poor raid performance with SMP and 1 gig ram, try reducing your ram to 1 or 2 gig, and browse the archives for more information on how to really fix it. //Pierre but I read somewhere about a bug in the driver which wasn't fixed until 2.4.21. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody on Proliant ML350 G3 (smartarray 641)
Hello and thanks to everybody for those answers, Gavin Hamill wrote : Woody works just fine on an ML350 with SmartArray 641 - I had to install on one last year and it was great fortitude that kernel 2.4.21 had just been released a little while beforehand, because only 2.4.21 and above supports the SmartArray 64x series RAID controllers. May I ask you how did you manage this ? With an other plain disk ? I would imagine some kind soul somewhere has created a mini-install CD for the Compaqs as many people have done for Dell equipment. That was my fisrt idea, but I didn't succeeded in finding one. Anyway, I've just found a document that could be the solution for me : Debian Linux Root filesystem on a hardware RAID controller http://www.pocock.com.au/linux-doc/debian-raid-hw.html I will head on in this direction. I will drop a message to the list if I succeed. Cheers, Emmanuel -- Emmanuel HalbwachsLaboratoire de Photonique et Nanostructures tel : (+33)1 69 63 61 34 CNRS UPR 20 fax : (+33)1 69 63 60 06 Route de Nozay mailto:[EMAIL PROTECTED] 91460 Marcoussis France -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody on Proliant ML350 G3 (smartarray 641)
On Thursday 12 February 2004 17:21, Emmanuel Halbwachs wrote: May I ask you how did you manage this ? With an other plain disk ? Sure, I made a custom kernel bootfloppy (rescue floppy) then used the normal bf2.4 root.bin after that :) I used information from various sources at the time (this was 8 months ago...) but this URL seems to use the same method: http://ttul.org/~rrsadler/linux-promise/ Cheers, Gavin, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody on Proliant ML350 G3 (smartarray 641)
Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. I don't know for sure about the RAID controller [1] but to get the NIC in a ProLiant DL380G3 (a BMC57xx too) working I compiled the driver from Broadcom against a 2.4.18-bf24 source. This way I get modules which can be used with the woody bf24 kernel so I can setup the system and download a newer kernel to the system. Beginning with 2.4.19 you can use the tg3.o module supplied by the kernel... You can grab the compiled modules from my repository (http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/) or the source directly from Broadcom (http://www.broadcom.com/drivers/) [1] It may work with the cciss module just as the SmartArray 5i does - but I read somewhere about a bug in the driver which wasn't fixed until 2.4.21. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development
Re: Woody on Proliant ML350 G3 (smartarray 641)
On Thu, 2004-02-12 at 09:00, Markus Oswald wrote: Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. Woody works just fine on an ML350 with SmartArray 641 - I had to install on one last year and it was great fortitude that kernel 2.4.21 had just been released a little while beforehand, because only 2.4.21 and above supports the SmartArray 64x series RAID controllers. I would imagine some kind soul somewhere has created a mini-install CD for the Compaqs as many people have done for Dell equipment. Cheers, Gavin.
Re: Woody on Proliant ML350 G3 (smartarray 641)
On Thu, 2004-02-12 at 10:00, Markus Oswald wrote: Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. As of kernel 2.4.23/4 i have been getting some problems with the bcm5700 driver (card's not detected and other things) so i would recommend using the tg3 drivers. I don't know for sure about the RAID controller [1] but to get the NIC in a ProLiant DL380G3 (a BMC57xx too) working I compiled the driver from Broadcom against a 2.4.18-bf24 source. This way I get modules which can be used with the woody bf24 kernel so I can setup the system and download a newer kernel to the system. Beginning with 2.4.19 you can use the tg3.o module supplied by the kernel... You can grab the compiled modules from my repository (http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/) or the source directly from Broadcom (http://www.broadcom.com/drivers/) [1] It may work with the cciss module just as the SmartArray 5i does - Please note that with the standard Debian 3.0 cd the SmartArray only works in single channel mode. If you use a dual channel config you will get a error like 'can't get controller into duplex mode'. I don't know if this if also true for the 641, but since it uses the same driver i think it is. Another thing with the DL380G3 (and maybe also the ML350) is that the (raid) performance is very disappointing. This might have something todo with hyperthreading / SMP. But i am not sure. I have tested with a single CPU and in some cases the performance was (much) better. but I read somewhere about a bug in the driver which wasn't fixed until 2.4.21. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development Peter
Re: Woody on Proliant ML350 G3 (smartarray 641)
Peter Visser wrote: On Thu, 2004-02-12 at 10:00, Markus Oswald wrote: Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. As of kernel 2.4.23/4 i have been getting some problems with the bcm5700 driver (card's not detected and other things) so i would recommend using the tg3 drivers. I don't know for sure about the RAID controller [1] but to get the NIC in a ProLiant DL380G3 (a BMC57xx too) working I compiled the driver from Broadcom against a 2.4.18-bf24 source. This way I get modules which can be used with the woody bf24 kernel so I can setup the system and download a newer kernel to the system. Beginning with 2.4.19 you can use the tg3.o module supplied by the kernel... You can grab the compiled modules from my repository (http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/) or the source directly from Broadcom (http://www.broadcom.com/drivers/) [1] It may work with the cciss module just as the SmartArray 5i does - Please note that with the standard Debian 3.0 cd the SmartArray only works in single channel mode. If you use a dual channel config you will get a error like 'can't get controller into duplex mode'. I don't know if this if also true for the 641, but since it uses the same driver i think it is. Another thing with the DL380G3 (and maybe also the ML350) is that the (raid) performance is very disappointing. This might have something todo with hyperthreading / SMP. But i am not sure. I have tested with a single CPU and in some cases the performance was (much) better. There are older threads in this mailing list about poor raid performance with SMP and 1 gig ram, try reducing your ram to 1 or 2 gig, and browse the archives for more information on how to really fix it. //Pierre but I read somewhere about a bug in the driver which wasn't fixed until 2.4.21. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development Peter
Re: Woody on Proliant ML350 G3 (smartarray 641)
Hello and thanks to everybody for those answers, Gavin Hamill wrote : Woody works just fine on an ML350 with SmartArray 641 - I had to install on one last year and it was great fortitude that kernel 2.4.21 had just been released a little while beforehand, because only 2.4.21 and above supports the SmartArray 64x series RAID controllers. May I ask you how did you manage this ? With an other plain disk ? I would imagine some kind soul somewhere has created a mini-install CD for the Compaqs as many people have done for Dell equipment. That was my fisrt idea, but I didn't succeeded in finding one. Anyway, I've just found a document that could be the solution for me : Debian Linux Root filesystem on a hardware RAID controller http://www.pocock.com.au/linux-doc/debian-raid-hw.html I will head on in this direction. I will drop a message to the list if I succeed. Cheers, Emmanuel -- Emmanuel HalbwachsLaboratoire de Photonique et Nanostructures tel : (+33)1 69 63 61 34 CNRS UPR 20 fax : (+33)1 69 63 60 06 Route de Nozay mailto:[EMAIL PROTECTED] 91460 Marcoussis France
Re: Woody on Proliant ML350 G3 (smartarray 641)
On Thursday 12 February 2004 17:21, Emmanuel Halbwachs wrote: May I ask you how did you manage this ? With an other plain disk ? Sure, I made a custom kernel bootfloppy (rescue floppy) then used the normal bf2.4 root.bin after that :) I used information from various sources at the time (this was 8 months ago...) but this URL seems to use the same method: http://ttul.org/~rrsadler/linux-promise/ Cheers, Gavin,
Woody on Proliant ML350 G3 (smartarray 641)
Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. There is a workaround described in http://www.riedmann.it/linux/linux-proliant.htm : using an additionnal scsi card, an additionnal scsi drive an an additionnal NIC, all well known by the woody installer. But this seems a little complicated to me. Well, if this is the price... Is anybody there that have more or less painlessly succeeded a woody install on ML350 G3 or similar hardware? If yes, how? Any clue/tip/link will be warmly welcomed :-) Cheers, Emmanuel -- Emmanuel HalbwachsLaboratoire de Photonique et Nanostructures tel : (+33)1 69 63 61 34 CNRS UPR 20 fax : (+33)1 69 63 60 06 Route de Nozay mailto:[EMAIL PROTECTED] 91460 Marcoussis France -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Woody on Proliant ML350 G3 (smartarray 641)
Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. There is a workaround described in http://www.riedmann.it/linux/linux-proliant.htm : using an additionnal scsi card, an additionnal scsi drive an an additionnal NIC, all well known by the woody installer. But this seems a little complicated to me. Well, if this is the price... Is anybody there that have more or less painlessly succeeded a woody install on ML350 G3 or similar hardware? If yes, how? Any clue/tip/link will be warmly welcomed :-) Cheers, Emmanuel -- Emmanuel HalbwachsLaboratoire de Photonique et Nanostructures tel : (+33)1 69 63 61 34 CNRS UPR 20 fax : (+33)1 69 63 60 06 Route de Nozay mailto:[EMAIL PROTECTED] 91460 Marcoussis France
RE: upgrading to MySQL 4 on woody (final)
Thanks to all - it works great with backports.org! Oh, how I love the Debian Universe... They have been thinking of everything, haven't they? Andreas Check out the www.backports.org website. P.S.: Of cource, security is an important issue and will get lower when using testing or backported packages. But, in this particular case, it doesn't matter that much (there are only very little shell accounts on the box in question, no MySQL networking a.s.o.) Thanks again for nice help and discussion. -- procommerz - Internet fuer Unternehmen http://www.procommerz.de | 033925-90710 Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)
I'm no expert. I run chkrootkit on a regular basis. Run a virus scanner it will find some exploits. Hacafee found a few rootkits and known kernel exploits. I use mcafee for linux. Analyze history files for certain keywords. The best way would be to analyze command frequency in history files and look for infrequently occuring commands that are good indications of hack attempts. Look at anyone running command: uname -a Install grsecurity, and laugh at the attempts to do buffer overruns. Enable grsecurity acl subsystem and continue laughing. Analyze login frequency, what country are they logging in from? Have they logged in from this address before? Analyze login time, 2-6am is when most exploits occur. Look at tripwire or sash logs. (still use tripwire have not learned how to use sash) Look at when root logins. Check for processes initiating outgoing connections, hackers love to wget their files. Check for process using a lot of memory or processor time. Jason Lim said: One of my hats is a junior sys admin in an academic environment. I'm curious as to how you know when shell users are trying to exploit a kernel hole. chkrootkit? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
shell access exploits (was Re: upgrading to MySQL 4 on woody)
I have at most a week from a known kernel exploit to when one of my users tries to exploit via shell access. One of my hats is a junior sys admin in an academic environment. I'm curious as to how you know when shell users are trying to exploit a kernel hole. In another non academic environment and based on info from this list, I've been running snoopy with an eye to grepping the logs for naughiness # On Mon, 19 Jan 2004, Lucas Albers wrote: Rod Rodolico said: Becoming a firm believer that you CAN have it all, stability and the latest packages :) There are other places to get backports, BTW. This one works for me. Rod, Yes I agree with your statements. Thanks for the link I'll use it on one of my systems... But you don't explicitly have security, you have the testing delay for security updates, combined with the propagation time to backports from testing. I'm still leery of using testing for any publicly exposed service, or for machines with shell access. I have at most a week from a known kernel exploit to when one of my users tries to exploit via shell access. --Luke CS Sysadmin, Montana State University-Bozeman
Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)
One of my hats is a junior sys admin in an academic environment. I'm curious as to how you know when shell users are trying to exploit a kernel hole. chkrootkit?
RE: upgrading to MySQL 4 on woody (final)
Thanks to all - it works great with backports.org! Oh, how I love the Debian Universe... They have been thinking of everything, haven't they? Andreas Check out the www.backports.org website. P.S.: Of cource, security is an important issue and will get lower when using testing or backported packages. But, in this particular case, it doesn't matter that much (there are only very little shell accounts on the box in question, no MySQL networking a.s.o.) Thanks again for nice help and discussion. -- procommerz - Internet fuer Unternehmen http://www.procommerz.de | 033925-90710 Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com
Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)
I'm no expert. I run chkrootkit on a regular basis. Run a virus scanner it will find some exploits. Hacafee found a few rootkits and known kernel exploits. I use mcafee for linux. Analyze history files for certain keywords. The best way would be to analyze command frequency in history files and look for infrequently occuring commands that are good indications of hack attempts. Look at anyone running command: uname -a Install grsecurity, and laugh at the attempts to do buffer overruns. Enable grsecurity acl subsystem and continue laughing. Analyze login frequency, what country are they logging in from? Have they logged in from this address before? Analyze login time, 2-6am is when most exploits occur. Look at tripwire or sash logs. (still use tripwire have not learned how to use sash) Look at when root logins. Check for processes initiating outgoing connections, hackers love to wget their files. Check for process using a lot of memory or processor time. Jason Lim said: One of my hats is a junior sys admin in an academic environment. I'm curious as to how you know when shell users are trying to exploit a kernel hole. chkrootkit? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- --Luke CS Sysadmin, Montana State University-Bozeman
upgrading to MySQL 4 on woody
Hi, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). Is there a mysql-4.0.17.deb or something like that out there in space? I didn't find such things on the mysql.com website... (Well, it is: in the *testing* distribution. Can I mix this, and if so: how to do this?) Thanks in advance, Andreas Vent-Schmidt -- procommerz - Internet fuer Unternehmen http://www.procommerz.de | 033925-90710 Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: upgrading to MySQL 4 on woody
Hi, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? Check out the www.backports.org website. Thanks in advance, Andreas Vent-Schmidt -- Ole Hansen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: upgrading to MySQL 4 on woody
On Monday 19 January 2004 08:43, Andreas Vent-Schmidt wrote: is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). Two ways that I can think of: - find or build a package designed for woody (check http://www.backports.org/ and http://www.apt-get.org/) - set up sources.list with stable, testing and unstable sources. Set up apt to prefer the stable distribution but selectively install what you want from testing or unstable (apt-get -t testing install mysql-server) I prefer the first solution if it's available (and it is for mysql-server). -- Fraser Campbell [EMAIL PROTECTED] http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: upgrading to MySQL 4 on woody
Hi, I provide MySQL 4.0.16 backported packages on www.dotdeb.org Have fun with them Gui Le Mon, Jan 19, 2004 at 14:43:52 +0100, Andreas Vent-Schmidt a écrit: Hi, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). -- Guillaume Plessis [EMAIL PROTECTED] GnuPG Key-ID: BA729AD0 signature.asc Description: Digital signature
Re: upgrading to MySQL 4 on woody
On Mon, Jan 19, 2004 at 02:43:52PM +0100, Andreas Vent-Schmidt wrote: Hi, Hello, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). Is there a mysql-4.0.17.deb or something like that out there in space? I didn't find such things on the mysql.com website... (Well, it is: in the *testing* distribution. Can I mix this, and if so: how to do this?) Fetching packages from testing or unstable is an option. But then you would probably need to deal with apt pinning and I'm not that experienced with this particular feature of apt to guide you on how you could achieve such a setup. Another option is to look for a backport of mysql. I've just found that backports.org have a backported package of mysql version 4.0.16 properly built to work under a stable (woody) system. I cannot speak for the robustness of the package as I never used it, but then it seems to me that the whole idea of backport.org's existence is to then it seems to be the same codebase adn the same packaging from the provide the same Debian package as released to unstable/testing with a minimal change only to allow it to be installed fine under stable. Have a look at www.backports.org to find out how you could fetch the packages from there. Regards, -- ++--++ || Andr Lus Lopes [EMAIL PROTECTED]|| || http://people.debian.org/~andrelop || || Debian-BR Projecthttp://www.debian-br.org || || Public GPG KeyID 9D1B82F6 || signature.asc Description: Digital signature
Re: upgrading to MySQL 4 on woody
This is exactly what I did a few months ago, for the same reason. Add the following line to your /etc/apt/sources.list deb http://www.backports.org/debian woody mysql-dfsg Works like a charm. FYI, I also added: deb http://www.backports.org/debian woody spamassassin Becoming a firm believer that you CAN have it all, stability and the latest packages :) There are other places to get backports, BTW. This one works for me. Rod Hi, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). Is there a mysql-4.0.17.deb or something like that out there in space? I didn't find such things on the mysql.com website... (Well, it is: in the *testing* distribution. Can I mix this, and if so: how to do this?) Thanks in advance, Andreas Vent-Schmidt -- procommerz - Internet fuer Unternehmen http://www.procommerz.de | 033925-90710 Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Media Ethics is an oxymoron, much like Jumbo Shrimp and Microsoft Works. Not to mention NT Security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: upgrading to MySQL 4 on woody
Rod Rodolico said: Becoming a firm believer that you CAN have it all, stability and the latest packages :) There are other places to get backports, BTW. This one works for me. Rod, Yes I agree with your statements. Thanks for the link I'll use it on one of my systems... But you don't explicitly have security, you have the testing delay for security updates, combined with the propagation time to backports from testing. I'm still leery of using testing for any publicly exposed service, or for machines with shell access. I have at most a week from a known kernel exploit to when one of my users tries to exploit via shell access. --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: upgrading to MySQL 4 on woody
Sorry, I forget sometimes that security is different for different installations. Yes, it would be an issue in a cs department at a college :) I remember when . . . In my case, db access is limited to the web server, via cgi scripts I write or are relatively easy to keep patched. And, there are at most a half dozen accounts with shell access . . . everyone else has a shell of /bin/false. If I am living in a fantasy land thinking that gives me a little leeway, please tell me (God, I know what I've let myself in for here). Rod BTW, I know what you mean about someone attempting cracks. Turned ProFTP on one of my servers at a clients request. Several dozen attempts at a login within the first 24 hours. I hadn't even told the client it was on yet! RWR Rod Rodolico said: Becoming a firm believer that you CAN have it all, stability and the latest packages :) There are other places to get backports, BTW. This one works for me. Rod, Yes I agree with your statements. Thanks for the link I'll use it on one of my systems... But you don't explicitly have security, you have the testing delay for security updates, combined with the propagation time to backports from testing. I'm still leery of using testing for any publicly exposed service, or for machines with shell access. I have at most a week from a known kernel exploit to when one of my users tries to exploit via shell access. --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Media Ethics is an oxymoron, much like Jumbo Shrimp and Microsoft Works. Not to mention NT Security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
shell access exploits (was Re: upgrading to MySQL 4 on woody)
I have at most a week from a known kernel exploit to when one of my users tries to exploit via shell access. One of my hats is a junior sys admin in an academic environment. I'm curious as to how you know when shell users are trying to exploit a kernel hole. In another non academic environment and based on info from this list, I've been running snoopy with an eye to grepping the logs for naughiness # On Mon, 19 Jan 2004, Lucas Albers wrote: Rod Rodolico said: Becoming a firm believer that you CAN have it all, stability and the latest packages :) There are other places to get backports, BTW. This one works for me. Rod, Yes I agree with your statements. Thanks for the link I'll use it on one of my systems... But you don't explicitly have security, you have the testing delay for security updates, combined with the propagation time to backports from testing. I'm still leery of using testing for any publicly exposed service, or for machines with shell access. I have at most a week from a known kernel exploit to when one of my users tries to exploit via shell access. --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: shell access exploits (was Re: upgrading to MySQL 4 on woody)
One of my hats is a junior sys admin in an academic environment. I'm curious as to how you know when shell users are trying to exploit a kernel hole. chkrootkit? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
upgrading to MySQL 4 on woody
Hi, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). Is there a mysql-4.0.17.deb or something like that out there in space? I didn't find such things on the mysql.com website... (Well, it is: in the *testing* distribution. Can I mix this, and if so: how to do this?) Thanks in advance, Andreas Vent-Schmidt -- procommerz - Internet fuer Unternehmen http://www.procommerz.de | 033925-90710 Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com
RE: upgrading to MySQL 4 on woody
Hi, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? Check out the www.backports.org website. Thanks in advance, Andreas Vent-Schmidt -- Ole Hansen
Re: upgrading to MySQL 4 on woody
On Monday 19 January 2004 08:43, Andreas Vent-Schmidt wrote: is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). Two ways that I can think of: - find or build a package designed for woody (check http://www.backports.org/ and http://www.apt-get.org/) - set up sources.list with stable, testing and unstable sources. Set up apt to prefer the stable distribution but selectively install what you want from testing or unstable (apt-get -t testing install mysql-server) I prefer the first solution if it's available (and it is for mysql-server). -- Fraser Campbell [EMAIL PROTECTED] http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
Re: upgrading to MySQL 4 on woody
Hi, I provide MySQL 4.0.16 backported packages on www.dotdeb.org Have fun with them Gui Le Mon, Jan 19, 2004 at 14:43:52 +0100, Andreas Vent-Schmidt a écrit: Hi, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). -- Guillaume Plessis [EMAIL PROTECTED] GnuPG Key-ID: BA729AD0 signature.asc Description: Digital signature
Re: upgrading to MySQL 4 on woody
On Mon, Jan 19, 2004 at 02:43:52PM +0100, Andreas Vent-Schmidt wrote: Hi, Hello, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). Is there a mysql-4.0.17.deb or something like that out there in space? I didn't find such things on the mysql.com website... (Well, it is: in the *testing* distribution. Can I mix this, and if so: how to do this?) Fetching packages from testing or unstable is an option. But then you would probably need to deal with apt pinning and I'm not that experienced with this particular feature of apt to guide you on how you could achieve such a setup. Another option is to look for a backport of mysql. I've just found that backports.org have a backported package of mysql version 4.0.16 properly built to work under a stable (woody) system. I cannot speak for the robustness of the package as I never used it, but then it seems to me that the whole idea of backport.org's existence is to then it seems to be the same codebase adn the same packaging from the provide the same Debian package as released to unstable/testing with a minimal change only to allow it to be installed fine under stable. Have a look at www.backports.org to find out how you could fetch the packages from there. Regards, -- ++--++ || Andr Lus Lopes [EMAIL PROTECTED]|| || http://people.debian.org/~andrelop || || Debian-BR Projecthttp://www.debian-br.org || || Public GPG KeyID 9D1B82F6 || signature.asc Description: Digital signature
Re: upgrading to MySQL 4 on woody
This is exactly what I did a few months ago, for the same reason. Add the following line to your /etc/apt/sources.list deb http://www.backports.org/debian woody mysql-dfsg Works like a charm. FYI, I also added: deb http://www.backports.org/debian woody spamassassin Becoming a firm believer that you CAN have it all, stability and the latest packages :) There are other places to get backports, BTW. This one works for me. Rod Hi, is there any way to do an upgrade for a single Deb package which is NOT listed in the stable package list? I want to upgrade only MySQL to version 4.0.x (because of the fine transaction feature), but want not to change the apt source list in general (I want to keep the *stable* system). Is there a mysql-4.0.17.deb or something like that out there in space? I didn't find such things on the mysql.com website... (Well, it is: in the *testing* distribution. Can I mix this, and if so: how to do this?) Thanks in advance, Andreas Vent-Schmidt -- procommerz - Internet fuer Unternehmen http://www.procommerz.de | 033925-90710 Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Media Ethics is an oxymoron, much like Jumbo Shrimp and Microsoft Works. Not to mention NT Security
Re: upgrading to MySQL 4 on woody
Rod Rodolico said: Becoming a firm believer that you CAN have it all, stability and the latest packages :) There are other places to get backports, BTW. This one works for me. Rod, Yes I agree with your statements. Thanks for the link I'll use it on one of my systems... But you don't explicitly have security, you have the testing delay for security updates, combined with the propagation time to backports from testing. I'm still leery of using testing for any publicly exposed service, or for machines with shell access. I have at most a week from a known kernel exploit to when one of my users tries to exploit via shell access. --Luke CS Sysadmin, Montana State University-Bozeman
Re: upgrading to MySQL 4 on woody
Sorry, I forget sometimes that security is different for different installations. Yes, it would be an issue in a cs department at a college :) I remember when . .
Woody packages for nagios?
Hi, are there any woody packages for nagios? Thanks! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody packages for nagios?
On Mon, 2004-01-12 at 16:18, Peter wrote: Hi, are there any woody packages for nagios? Thanks! http://www.apt-get.org/search.php?query=nagiossubmit=arch%5B%5D=i386arch%5B%5D=all Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody packages for nagios?
On Mon, 12 Jan 2004 16:56:06 +0100, you wrote: http://www.apt-get.org/search.php?query=nagiossubmit=arch%5B%5D=i386arch%5B%5D=all thank you very much! Fortunately I found nagios on backports.org, that enables me to only use that package from backports! GREAT! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
