/var/lib/dpkg/status corrupt!
Help! Something happened to my /var/lib/dpkg/status file, and now everytime I try to do anything with apt-get or dselect I get parsing errors, and it just quits. Is there any way to correct this? TIA, jdk
Re: Fwd: File updates req'd for network(2nd try)
On Mon, Jan 29, 2001 at 04:57:06PM -0600, ktb wrote: > On Mon, Jan 29, 2001 at 05:41:57PM -0500, Noah L. Meyerhans wrote: > > On Mon, Jan 29, 2001 at 02:47:00PM -0700, JD Kitch wrote: > > > iface eth1 inet static > > > address 192.168.1.1 > > > netmask 255.255.255.0 > > > network 192.168.0.0 > > > broadcast 192.168.1.255 > > > > This is wrong. Well, I don't have experience that indicates that it > > doesn't *work*, but it's still wrong. Look closely at the values...one > > of them doesn't match the others. Network is not compatible with the > > rest of the values. You say you're on network 192.168.0.0, but your IP > > address is 192.168.1.1 with a netmask of 255.255.255.0. You should > > change network to 192.168.0.0 > > > > Did you mean change the network to 192.168.1.0 ? OK, I did make this change and it seemed to make some difference, but the connectivity is VERY "iffy", meaning most everything times out. I'm now showing a TRUCKLOAD of errors on eth1 if I run an ifconfig. eth1 Link encap:Ethernet HWaddr 00:A0:CC:E8:2A:BD inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500Metric:1 RX packets:0 errors:682 dropped:0 overruns:0 frame:0 TX packets:0 errors:15 dropped:0 overruns:0 carrier:30 collisions:0 txqueuelen:100 Interrupt:10 Base address:0xe800 Any more ideas. Intersting that with only the one other PC on a crossover cable, that the "Network" setting did not seem to make a difference... Are there route commands that need to be issued?(That's a wild guess, based on answers I've seen to similar questions) I'm clueless about route, and the man page went right over my head. :( jdk
Re: Fwd: File updates req'd for network(2nd try)
On Mon, Jan 29, 2001 at 04:30:54PM -0600, ktb wrote: > > > > # The loopback interface > > iface lo inet loopback > > > > # The ethernet interface, configured by etherconf > > iface eth0 inet static > > address 24.14.246.95 > > netmask 255.255.255.128 > > gateway 24.14.246.1 > > > > iface eth1 inet static > > address 192.168.1.1 > > netmask 255.255.255.0 > > network 192.168.0.0 > > broadcast 192.168.1.255 > > Can you access the "outside" from your debian box? This list isn't for > windows but all you have to do is set up tcp/ip pointing them to your > gateway 192.168.1.1, give them an ip and reboot. If that didn't or > doesn't work then I would open your firewall rules wide open to see > if there is a block there. Next the masquerading. Also you mentioned > all was working until you added another nic. Are all your indicator > lights (nic and hub) all lit up? That is exactly how I have the 2 windows PC's configured, with one as 192.168.1.100 and the other as 192.168.1.102 I've had the same results with or without the firewall rules. Incidentally, I'm still running the same rules as when I just had one other PC attached, and they worked fine then. jdk
Fwd: File updates req'd for network(2nd try)
Trying again No response on first attempt, which is odd for this list, so I'm sending again. Any help is HUGELY appreciated. - Forwarded message from JD Kitch <[EMAIL PROTECTED]> - After considerable mucking around and a great deal of help from this group some time back, I had connected a second PC to my Linux box using a second NIC and a crossover cable. And really all I did at that time is add the second entry to my /etc/network/interfaces, and setup the attached PC with an internal(192.168.1.100) IP address pointing to eth1(192.168.1.1) as it's gateway. Now I have need to add another PC. I added a 5 port hub, and now go >from the second NIC in my Debian box out to the hub, and then from there out to the other 2 PC's all using straight-through cables. I configured the PC's that I attached(both windows machines) the same as before, but they don't see network connectivity. Are there other files that I need to change on my Debian setup to make this work now? I kind of assumed it would be no different, but that's apparently not the case. My exact setup is: /->Windows PC cable modem -> (eth0)Debian box(eth1) -> Hub \->Windows PC My /etc/network/interfaces auto lo eth0 eth1 # The loopback interface iface lo inet loopback # The ethernet interface, configured by etherconf iface eth0 inet static address 24.14.246.95 netmask 255.255.255.128 gateway 24.14.246.1 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.1.255 I am also running ipchains and masquerading, but have no restrictions on the local interface traffic. The same ipchains setup worked fine with the single PC attached via crossover. Any help would be greatly appreciated. TIA, jdk
File updates req'd for network
After considerable mucking around and a great deal of help from this group some time back, I had connected a second PC to my Linux box using a second NIC and a crossover cable. And really all I did at that time is add the second entry to my /etc/network/interfaces, and setup the attached PC with an internal(192.168.1.100) IP address pointing to eth1(192.168.1.1) as it's gateway. Now I have need to add another PC. I added a 5 port hub, and now go from the second NIC in my Debian box out to the hub, and then from there out to the other 2 PC's all using straight-through cables. I configured the PC's that I attached(both windows machines) the same as before, but they don't see network connectivity. Are there other files that I need to change on my Debian setup to make this work now? I kind of assumed it would be no different, but that's apparently not the case. My exact setup is: /->Windows PC cable modem -> (eth0)Debian box(eth1) -> Hub \->Windows PC My /etc/network/interfaces auto lo eth0 eth1 # The loopback interface iface lo inet loopback # The ethernet interface, configured by etherconf iface eth0 inet static address 24.14.246.95 netmask 255.255.255.128 gateway 24.14.246.1 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.1.255 I am also running ipchains and masquerading, but have no restrictions on the local interface traffic. The same ipchains setup worked fine with the single PC attached via crossover. Any help would be greatly appreciated. TIA, jdk
Firewall Rules
I have 2 nics in my Linux box. One connected to my cable modem, and the other has a windows machine attached to it, which I do masquerading for. I need to be able to connection via VPN from the windows box to an outside host. Is there a way to easily determine what ports needs to be opened to accomplish this, or is there a way to masquerade for the windows machine, but not do any firewalling for that machine specifically, while still protecting my linux box? And lastly, can any one tell me what rule I could implement to still be able to use Napster? TIA, jdk
Re: Tracking down IP's
On Sun, Dec 31, 2000 at 08:32:48PM -0600, Richard Cobbe wrote: > Uh oh. And you're still getting these log messages? That's probably not > good. It's possible that lsof could slip through the cracks, so to speak, > but it's pretty unlikely. > > > Just yesterday I got another machine connected to this one via a > > second nic, and I have a windows machine attched that I'm > > masquerading for, but that is not the IP i configured that machine > > to be. I'm certainly not knowingly running anything for SNMP, hell, > > I don't even know what it is. :P Any ideas, what I might be running > > that would cause this? > > I've not worked with masquerading much; I use ipchains primarily for > firewalling. It's possible (though, I think, fairly unlikely) that this > record is due to packets you're relaying for the Windows box. That's easy > to test: > > ipchains -I input 1 -s -p udp -d 0.0.0.0/0 161 -l -j DENY Thanks to everyone for all the assistance. I actually took the lazy way out on this one. Once Richard explained SNMP, it made total sense that it was coming from the attached windows machine, since it was my "corperate" laptop which is typically connected at work to the office LAN. So, I just disconnected the laptop, and sure enough all the messages stopped. Thanks again!! jdk
Re: Tracking down IP's
On Sun, Dec 31, 2000 at 04:18:30PM -0600, Richard Cobbe wrote: > JD Kitch <[EMAIL PROTECTED]> wrote: > > Security Violations > > =-=-=-=-=-=-=-=-=-= > > Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 > > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127 > > (#43) > > Dec 31 11:06:53 tower kernel: Packet log: output REJECT eth0 PROTO=17 > > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7712 F=0x T=127 > > (#43) > > Dec 31 11:06:59 tower kernel: Packet log: output REJECT eth0 PROTO=17 > > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7713 F=0x T=127 > > (#43) > > Dec 31 11:07:06 tower kernel: Packet log: output REJECT eth0 PROTO=17 > > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7716 F=0x T=127 > > (#43) > > Dec 31 11:07:13 tower kernel: Packet log: output REJECT eth0 PROTO=17 > > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7724 F=0x T=127 > > (#43) > > Dec 31 11:07:19 tower kernel: Packet log: output REJECT eth0 PROTO=17 > > xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7725 F=0x T=127 > > (#43) > > > > I've been unable to track it down. I've had pages and pages of this > > every hour since early yesterday, always coming from the same IP, to > > the same port. > > (It's still useful, of course, if you get unexplained crud from an input > chain.) > > You're not getting scanned, JD. You're actually trying to *send* a packet > to 172.16.72.113, port 161/udp (SNMP), from IP xx.xx.xx.xx, port 61662/udp. > Your firewall rules don't allow this traffic to leave your machine. (If > xx.xx.xx.xx isn't your IP, then you're forwarding it instead---I think. I > can't check that, since I've only got the one machine.) Correct, the IP I blocked out was actually my own. > Now, find out *who's* sending this traffic. Make sure you've got the > lsof-2.2 package installed. As root, run > > lsof | grep 61662 | grep -i udp I do have that package, but this command turned up no output. > The first and second fields are the name and pid, respectively, of the > program(s) which have this socket open. The next step depends on what you > find there. If you're actually trying to run an SNMP manager, then it > looks like you've misconfigured it. Otherwise, you'll need to revisit your > firewall rules to allow outgoing traffic to the SNMP agents you're trying > to administer. If you're *not* trying to run SNMP, then you may have a > fairly serious problem---somebody may have managed to get onto your system > and run a process that probably shouldn't be there. > > I'm a little surprised by the fact that you're trying to send from 61662; I > thought that was a port in the range reserved by the kernel for IP > masquerading. I could be wrong, though, so I wouldn't worry about that too > much. Just yesterday I got another machine connected to this one via a second nic, and I have a windows machine attched that I'm masquerading for, but that is not the IP i configured that machine to be. I'm certainly not knowingly running anything for SNMP, hell, I don't even know what it is. :P Any ideas, what I might be running that would cause this? > Also, I *think* I've figured out what the (#43) means. I'm fairly, but not > completely, certain that this is the index number of the ruleset in the > named chain (here, output) which caused the packet to be blocked. This may > be helpful in rewriting your firewall rules. (I do wish that ipchain's log > output format was documented better.) > > Sorry for the misinformation, Not a problem, I'll take any information at this point. ;) TIA, jdk
Tracking down IP's
Can anyone tell me what this person is looking for here, and how I can find out where this is coming from? Security Violations =-=-=-=-=-=-=-=-=-= Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x T=127 (#43) Dec 31 11:06:53 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7712 F=0x T=127 (#43) Dec 31 11:06:59 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7713 F=0x T=127 (#43) Dec 31 11:07:06 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7716 F=0x T=127 (#43) Dec 31 11:07:13 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7724 F=0x T=127 (#43) Dec 31 11:07:19 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xxx.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7725 F=0x T=127 (#43) I've been unable to track it down. I've had pages and pages of this every hour since early yesterday, always coming from the same IP, to the same port. TIA, jdk
Re: Home network with Debian
On Fri, Dec 29, 2000 at 06:24:26PM -0600, will trillich wrote: > right. here's my setup: > mac 192.168.1.100 > mac2 192.168.1.101 > mac3 192.168.1.102 > win 192.168.1.200 > all pointing to '192.168.1.1' (as above) for their gateway > (aka default route). > linux 192.168.1.1 > which is also 208.33.90.85 > points to 208.33.90.84 as its default, being the cmodem > > with my setup, i get a static ip and it never changes. > if yours moves around, you'll need dhcp, which is not > something i've needed, and not something i even begin > to understand... WooHoo!! It's working for the most part, I have just one more hurdle. I was able to tweak my firewall settings to allow all the basic stuff in and out for the internal machines, but one machine I connected is my laptop from work that needs to be able to make a VPN connection to works intranet and exchange servers. Anyone have a clue what I would need to allow to get that done, or if it's even possible. I would actually like to just open it wide up for that IP if its possible. Any ideas? Thanks for everyones help thus far!! jdk
Re: Home network with Debian
On Fri, Dec 29, 2000 at 12:01:25AM -0600, will trillich wrote: > On Thu, Dec 28, 2000 at 10:35:33PM -0700, JD Kitch wrote: > > Is that the only file that needs to be changed? How do I determine > > the IP, netmask, and gateway for eth1, and then for the internal > > machine? > i use 192.168.*.* for mine. my public linux box is also > privately 192.168.1.1, which is what all the other boxes > around here refer to as their gateway or default route. > other machines are anything from 192.168.1.2 to 192.168.254.254 > and anything else in between. > > # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) > > # The loopback interface > iface lo inet loopback > > # my internal / private LAN section: > iface eth0 inet static > address 192.168.1.1 > netmask 255.255.255.0 > network 192.168.0.0 > broadcast 192.168.1.255 > > # the part the 'rest of the world' can see > iface eth1 inet static > address 208.33.90.85 > netmask 255.255.255.0 > network 208.33.90.0 > broadcast 208.33.90.255 > gateway 208.33.90.84 > # the gateway there is actually my cablemodem! OK, this all helps. I'm guessing I'll just pick an IP from that same block for the wife's machine. Is that true, and if so will I point to my cable providers DNS server, or do I need to do something else internally? > ALSO be sure to get the ipmasq package > > apt-get install ipmasq Did this. Now it suggests a different package for Identd, which I tried, but gave up on, so hopefully the "normal" pkg will work ok. > one problem we ran into -- my wife's windo~1 box seems to be > scanning for some service when it first starts up, and she can't > get connected for more than a minute. after a few minutes, she's > fine. we can't figure out what the drag is. if you have this > too, and can solve it, LEMME KNOW! I'll let you know I get everything working. Thanks! jdk
Re: Home network with Debian
On Thu, Dec 28, 2000 at 06:39:46PM -0800, Bob Nielsen wrote: > On Thu, Dec 28, 2000 at 07:22:23PM -0700, JD Kitch wrote: > > I've been running Debian Potato\Progeny for some time now, with a > > single nic attached to cable modem. I'm also running an ipchains > > firewall. I have added a second nic, which I would like to connect > > the wife's windows machine to, and have my debian box do ip masq'ing > > for the windows box. > > > > I do already have the additional kernel module loading for the > > second nic, and both are recognized. Can anyone tell me how, or point > > me to a reference on doing all this the Debian way? I found a > > pretty in depth howto based on Red Hat, but apparently the systems > > are quite a bit different, and I could not make the translation. > > I'm guessing I need to make changes to the files in /etc/network, > > but I saw indications that these were setup by debian tools and > > should not be hand edited. Is there a config tool I can call to do > > these changes? > I have a similar setup to yours and edited /etc/network/interfaces to > add the address, netmask and broadcast address for my second ethernet > card. After doing this running (as root) '/etc/init.d/networking > restart' should initialize the interfaces. For masquerading, you need > to make sure your kernel has firewall, ip firewall and ip masquerade > support included. I compiled these into the kernel instead of using > modules, but that should work as well. If you install the ipchains > package, it should set up a reasonable set of firewall rules for you. Is that the only file that needs to be changed? How do I determin the IP, netmask, and gateway for eth1, and then for the internal machine? TIA, jdk
Home network with Debian
I've been running Debian Potato\Progeny for some time now, with a single nic attached to cable modem. I'm also running an ipchains firewall. I have added a second nic, which I would like to connect the wife's windows machine to, and have my debian box do ip masq'ing for the windows box. I do already have the additional kernel module loading for the second nic, and both are recognized. Can anyone tell me how, or point me to a reference on doing all this the Debian way? I found a pretty in depth howto based on Red Hat, but apparently the systems are quite a bit different, and I could not make the translation. I'm guessing I need to make changes to the files in /etc/network, but I saw indications that these were setup by debian tools and should not be hand edited. Is there a config tool I can call to do these changes? Thanks, jdk
POP server recomendations?
I running a Debain Potato system, and only serving mail for a handfull of users. I see a few different POP server packages available, and was wondering which one is most recomended/easiest to configure/most secure...etc, etc... Thanks in advance, jdk
Re: Can't run X after upgrade
On Wed, Dec 06, 2000 at 09:41:22PM -0600, Cheng H. Lee wrote: > On Wed, Dec 06, 2000 at 08:22:46PM -0700, JD Kitch wrote: > > > X: user not authorized to run the X server, aborting. > > > For the recent XFree86 4.0.x package, check in /etc/X11/Xwrapper.config > Set "allowed_users=console". If you run xdm (or gdm), it has to be set > to "anybody" > Thanks! That fixed it. jdk
Can't run X after upgrade
I'm currently running a Potato install that I've "upgraded" to the Progeny beta. I ran an update earlier today and frankly I didn't pay much attention to what all packages updated, but something must have changed related to X, because now I am unable to run X as any user but root as seen below: X: user not authorized to run the X server, aborting. I've tried the old delete of .Xauthority, and it was promptly recreated but still didn't work. I've verified /etc/X11/Xserver is usable by Console. What else could I check? Thanks! jdk
Re: Keyboard inactive during lilo
On Sun, Nov 26, 2000 at 09:06:12AM -0800, Larry Clay wrote: > This is a very strange problem. Before lilo runs my keyboard works just > fine. I can get into BIOS by pressing the del key. After linux (or windoz) > boots the keyboard works just fine. I have delay=100 to give me plenty of > time to type in my selection. The system that gets booted is the one that is > set as default in lilo.conf. As a work-around I have windows as the default > and use a boot floppy to bring up linux. > Someone else recently helped me with exactly the same issue. You just need to add "prompt", and you'll be good to go. jdk
Re: Unidentified subject!
On Tue, Nov 21, 2000 at 01:35:09PM -0600, Amit Patil wrote: > > Hi .. > > i am trying to install an rpm package. > but i get the following error. > " > failed to open /var/lib/rpm/packages.rpm: No such file or directory > error: cannot open /var/lib/rpm/packages.rpm > " That looks like the error you get if you run RPM as a non-root user. HTH, jdk
Couple of questions from a recent convert
Does the default install support an SB AWE32 for sound without recompiling the kernel? And if so, what do I need to do to get it working? I've not had any luck getting it to make any noise. :P Secondly, can anyone point me to a place I could get the most recent version of PostgreSQL complied for Potato? I saw 7.0.2 in Woody, but don't think I'm ready for that yet, since I enjoy my stability, and have only been running Debian for a couple of weeks. TIA, jdk
Re: keyboard lock at boot
On Thu, Nov 09, 2000 at 08:01:01AM +0100, Moritz Schulte wrote: > > I guess, you haven't set the `prompt' option in lilo.conf. > Your right. I had only set delay, and forgot prompt. Thank you, jdk
