Re: 2.4.0 and shared memory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Hi all, > >I am using Potato with 2.4.0 right now. I have noticed that 'free' > command now reports 0 shared memory and 0 swap usage. With kernel > 2.2.18, it used to report few megabytes of shared memory. My box has > half a gig of RAM, but when I was using 2.2.18 kernel, the system used > at least some swap space, especially after I ran one of my memory > hungry Fortran programs or after creating a CD image. But now it's 0 > no matter. Has anyone else noticed this behavior? This is normal for 2.4. Some fields in /proc/meminfo (which 'free' uses to gather it's information) are not longer used, thus read 0 (totally removing those unused fields will totally break 'free'). 'free' just doesn't know that those fields are used any more. 2.4 also totally re-did the VM subsystem, and moves unused stuff to swap much less often. Primarily because the VM subsystem is more efficient. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6ZwX8/ZTSZFDeHPwRAgNsAJ42tEafjwdQdBkU30uAk4vhO9NN6wCfWYHt N/6hEfbXVNvGeqxdnGvXIA8= =+mUb -END PGP SIGNATURE-
RE: Debian is safer than this ? I REALLY HOPE SO !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > WELL, i'm might have been somewhat too eager to spark a discussion ... > the thing i'm wondering/confused about is that the 'worm' infects only > redhat systems, according to this article at least ... strange eh ? I don't have many details on the worm. Its possible it relies on a combination of programs. I've not had a chance to investigate. *I* know my systems aren't vulnerable - I'm running non-vunlerable versions, not running those programs at all, or it's all behind a restrictive firewall anyway :) > i only now had the time to read the securityfocus report, and yes indeed all > linux's with these versions are vulnerable. > > anyway, good to know i turned of my machine this morning :) Great way to not get your computer hacked :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Zx/Z/ZTSZFDeHPwRAp4AAKDhJorjbPqH/ECwU1E1werwRQyhTACfSp1N ir+Rzzda6MHKAHsp/joo/OU= =sTye -END PGP SIGNATURE-
Re: NIC identification
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > OK i've got a NIC that i need to get working. > > its PCI appears to support Co-ax as well as cat-45 > > it has a netware approved sticker on it > > it has 3 components on it made by Delta > > the most comprehensible component proclaims itself to be > > Delta LANF7236 9701F > > has anyone got any ideas what driver i should use? > > it has worked with slackware (which does auto-detect) but the HD it was > working with has gone to heaven. > > thanks for any help that can be proferred If it's a PCI nic just pop it into a computer with a PCI bus and see what you get. On Linux you should find this ethernet card listed under /proc/pci someplace. You can also try to do "modprobe ne2k-pci" as root - it sounds awfully similar to a NE2000 PCI card I have here someplace. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6ZT9b/ZTSZFDeHPwRAjnnAKDb7KxH51ZEKviopEYjQh/fz+RQTwCg0SBW u1q/+zKhCWvv1Re7/cz78Nc= =XLXn -END PGP SIGNATURE-
Re: IMAP MUA and filtering
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Dear all! > > I have recently managed to set up Postfix, and get it to feed to the > Cyrus IMAP server. At the moment I'm using TkRat, but am finding it a > little restrictive. Ok > Could anyone reccomment a good MUA with good support for IMAP and > filtering of incomming mail. Netscape can. Whether or not it's a good MUA is highly subjective :) Pine can. Whether or not it's a good MUA is also highly subjective :) Dunno about anything else. > I'm assuming one can't use procmail to filter mail as it won't work in > a IMAPd (I think!), so which MUAs are there out there that both > support IMAP and filtering? Actually you can use procmail (or whatever) to filter IMAP. I use exim's native filtering capabilities to sort my mail into various maildirs before I use courier-imap to read my email with pine. It's just a question of whether or not Cyrus IMAP has a mechanism to filter email into various folders. > I am interested in functionality rather than a pretty GUI, and am more > than happy with a console app if it does everything I need it to. pine (no flames, please :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6ZNrW/ZTSZFDeHPwRAhY7AKCjBFKPA4+161Cf3UdglnGZ8SK08gCg4G8x ptbz139baDDs9I+L/1hw3+4= =HSfz -END PGP SIGNATURE-
Re: cannot boot laptop after kernel upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I don't know how that could happen, I did "make oldconfig" That would do it... The driver file system struture changed quite a bit in 2.4 > > Um... what errors did you get when you tried the boot disk? > > It stalls after LILO. That's not right. Could it have been a bad floppy? Did you try the Debian rescue floppy? > > > > Can you tell us anything about the hardware of your laptop? > > > It is a ThinkPad 560 > I think I will have to reinstall in the morning. I'd hate to say it (as I almost *never* re-install, unless it's Windows :) but you might have to. And be carefull with the 2.4 kernel next time :) - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Y9Go/ZTSZFDeHPwRAuZWAJ4+tcguDpywqcxP0Cax+xtEpXmCUQCgzeNU CfnEs5u+zHrtpFlj83feueg= =6ur3 -END PGP SIGNATURE-
Re: cannot boot laptop after kernel upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I installed kernel 2.4.0 on my ThinkPad 560 and after I was done, I > made sure /etc/lilo.conf was correct and ran lilo, and I rebooted. > This is what I got: > > request_module[block-major-3] root fs not mounted > > VFS: cannot open root device "301" or 03:01 > > Please append a correct "root= " boot option > > Kernel Apnic: VFS: Unable to mount root fs on 03:01 Looks like you forgot to compile in the IDE drivers :) > I then rebooted to the old kernel, 2.2.16 successfully and tried > installing the new kernel image again, but when I rebooted, I could no > longer boot either kernel. Uh oh. Better get out the rescue disk :) > I smell a reinstall; not even my boot disk could start Linux. Is there > a way out of a reinstall? Um... what errors did you get when you tried the boot disk? Can you tell us anything about the hardware of your laptop? - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Y8p0/ZTSZFDeHPwRAoc8AKCMgjmRvSYF8AyPsT0pgmgLtMQc1gCgs857 xT/3QCidmajsdnu/w+V8tps= =B8ts -END PGP SIGNATURE-
Re: raid
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Hi > > I trying to setup software raid on a debian system. > > I using kernel 2.2.18 > but the newest raid patch at www.kernel.org > seams to be to for 2.2.11. > Can this patch be used for 2.2.18 ??? No. RAID patches for 2.2.18 are at http://www.linux-raid.org. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6YyLD/ZTSZFDeHPwRAmiuAJ4gKG7K4Lf+s8c0JCoHQlfkxlhXcwCggMc2 35NE3Q0GQ9/t8PrPheMVktE= =9flp -END PGP SIGNATURE-
Re: Machine/Domain Name
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > My Debian system has a name of "darkstar.localdomain" > When I'm at home I can no longer send email to my office > because of "spam" filters that were setup to reject any > mail from rdsomains that are unresolvable. > > I have exim setup with my ISP's smtp server for outgoing > mail. Mail gets delivered to everyone I send to except > to my office. > > How do I change the name of my machine to darkstar.cwaiken.com? > cwaiken.com is my domain name at a re-director service and is > resolvable and should work. As long as darkstar.cwaiken.com is resolvable (which it is) you won't have any problems. To get exim to do what you want, take a look at the section in /etc/exim.conf labeled: ## # REWRITE CONFIGURATION # ## Also read chapter 34 or so (labeled "Address Rewriting") of the exim specification. You should have a gzip'ed copy under /usr/share/doc/exim. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6X0n7/ZTSZFDeHPwRAkFDAKDZo6mgDM2Vgt93eGvno6BC1wc+DgCfUlro x0cwft9Mm6psDcxP1AFhEVY= =wFtE -END PGP SIGNATURE-
Re: Anonymous FTP
A long time ago, in a galaxy far, far way, someone said... > Hi all, > Due to a bug in FTP, we're going to lose our anonymous ftp privileges at > my place of work. Out of curiosity, why are the FTP privileges going away? > We depend heavily upon anonymous ftp to update certain files and such > on a machine that is outside our firewall. What kind of replacements > are available to allow unattended transfer of files from a secure > network to an unsecure network? It depends on the host on the unsecure network. If it's running Windows, I don't know any way to do it. If it's running some type of unix, I've used rsync (with ssh as the transport, ie "rsync -e ssh ...") with good results. -- ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
Re: help: 2.4.0 kernel and /dev/shm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > To quote Phil Brutsche <[EMAIL PROTECTED]>, > # Don't worry about /var/shm vs /dev/shm - it's just a mountpoint and > # will work fine either way. > > Just out of curiosity, what does a 'shm' filesystem accomplish? I peek > through what kernel docs I'm familiar with didn't explain much :( I > don't even know what it's *supposed* to do :) Without it stuff that uses shared memory segments (like apache and samba) won't work. I don't recall why it's needed. If you search google for "linux shmfs" you'll find some pages that may answer that question. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6XcY//ZTSZFDeHPwRAsJ8AKCJAwrqP6InT8ci9fU8Uhg8B/1kpQCfYmeo QhHDGrjJJtyapbc0g7VrVfc= =h6zE -END PGP SIGNATURE-
Re: help: 2.4.0 kernel and /dev/shm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I'm trying out the new 2.4 kernel on my Potato box. I upgrade > modutils to the version currently in Woody (2.4.1). Works real nice > except for a slight problem I ran into. I can't mount the System V IP > shared memory on /dev/shm at bootup. I get this error message: > > shmem fs invalid option > mount: wrong fs type, bad option, bad superblock or none, >or too many mounted file systems > > I said YES to 'General setup'->'System V IPC' and NO to 'File > systems'->'/dev file system support' when running 'make menuconfig' > > I added this line to /etc/fstab as the > linux-2.4.0/Documentation/Changes says to: > > none /dev/shmshm defaults0 0 Well my workstation says: shm /var/shmshm defaults0 0 ^^^ Don't worry about /var/shm vs /dev/shm - it's just a mountpoint and will work fine either way. > I created a directory /dev/shm with permissions 755. The 2.4 docs > don't say to, but didn't say not to. A mistake? It won't matter - the permissions on /dev/shm will be changed to 1777 by the kernel. > The kernel boots and even though it can't mount this virtual filesystem, > everything else seems to work--so far. The shm filesystem is needed for stuff that uses shared memory segmets (ie apache, samba, etc) to work. > Can't believe how much faster the machine boots and runs compared to > 2.2.18!! Nice work Linus and all the other kernel developers!! Yea, I noticed that too. I see you haven't tried to push on it yet. You'll get blown away by the results of some speed trials with dbench compared to 2.2.x:) But it seems a bit slow compared to 2.4.0-prerelease. Maybe it's just me. > Can someone tell me where I went wrong. I tried searching the 'net > for a clue to no avail. I'm sure it's something stupidly simple I'm > overlooking. Can anyone point it out? Thanks for the help. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6XVb8/ZTSZFDeHPwRAliwAJ943l6aBnG/vbrkXBGFnVbXAPA32wCg21g9 M1iF+bv4bcCKadqAJDNMhmU= =80Hd -END PGP SIGNATURE-
Re: Kernel 2.4.0 support for potato 2.2r2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I've compiled 2.4.0 on my potato firewall, and it seems to be booting > nicely. However, there seems to be some issues with the location of the > kernel modules. I'm sure that there are other issues like the support for > netfilter and the reconfiguration of the ipmasq package for that. The modutils and iptables packages in unstable compile nicely on Debian potato. I have a slightly old modutils compiled from unstable sources at http://tux.creighton.edu/~pbrutsch/modutils_2.3.22-1_i386.deb. There is also a iptables .deb for potato at http://tux.creighton.edu/~pbrutsch/iptables_1.1.2-1.0_i386.deb. The ipmasq package is obsolete for kernel 2.4.0 - the iptables command takes the place of the kernel 2.2 ipchains and ipmasqadm commands. > Is there anybody that has taken the task of figuring out everything that > needs to be done in order to support kernel 2.4.0 on potato? Right off the top of my head: * modutils * compile and install iptables if you're going to do firewalling * compile and install devfsd from unstable if you're going to use devfs * ppp will probably need to be upgraded - definitely upgrade if you plan on using the new multilink mechanism * There's a shmfs filesystem that needs to be mounted someplace for shm segments to work. Put shm /var/shmshm defaults0 0 in /etc/fstab and reboot. Be sure that /var/shm exists, obviously. The /var/shm is arbitrary, btw - a lot of people like to put this filesystem under /dev/shm. * some drivers were rewritten (and renamed) for 2.4.x (eg the rtl8139 driver is now 8139too) so be sure to double check it all before you reboot that server that's 3000 miles away in a co-location facility :) * if you use the kernel-level NFS server you may need to upgrade the nfs-utils package, but I've never needed to. I'm positive I'm missing something, though :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6W2Yb/ZTSZFDeHPwRAjgsAJ9CVhIoxLZJWUMUn+DqsXM9UytrxgCfQTdn v3Rw/EtdnZFVt+OOIaKg8Ms= =wgzC -END PGP SIGNATURE-
Re: [2.4.0] migration to devfs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > On Sat, Jan 06, 2001 at 06:09:54PM +0100, Andreas Jellinghaus wrote: > > 2.) boot. fsck will fail. do manual fsck, remount / rw, edit /etc/fstab: > > /dev/ide/host0/bus0/target0/lun0/part1 /boot ext2 defaults 0 2 > > /dev/ide/host0/bus0/target0/lun0/part2 none swap sw 0 > > 0 > > /dev/ide/host0/bus0/target0/lun0/part5 / ext2 defaults 0 > > 1 > > /dev/ide/host0/bus0/target0/lun0/part6 /local ext2 defaults 0 2 > > /dev/ide/host0/bus0/tagret1/lun0/cd /cdrom iso9660 ro,user,noauto > > all i can say is if this hideous thing is ever forced down our throats > i will switch to another OS. Note that the names under /dev/ are administrator configurable. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6V9Wv/ZTSZFDeHPwRAmSUAKCOG5I8fejmMUIrWH4gKd7AxGObZQCdFe75 CW0RdOaUVVD1lyXl+zpuV9o= =IYPq -END PGP SIGNATURE-
Re: 2.4.0 and 3com 905c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > i've been using stock kernel 2.2.17 that came with potato. it > recognized my 3com nic (as 3com 3c905c) and works wonderfully. > > i would like to ungrade to kernel 2.4.0 (now that it's stable). > after rebooting a custom 2.4.0, i can't seem to get the nic recognized > by the kernel. in the recompile, i specified 3com (and the 900 > series). > > does anyone know how i can get the 3com nic (that 2.2.17 sees as > 3c905c) to be recognized by 2.4.0? 2.4.0 has known problems with 3com PCI ethernet cards. I think there are patches available, but I don't know where. The 3c59x driver in 2.4.0-test11 works great through - maybe you could drop that in and see what you get. Beyond that your options are: * stick with 2.2.x * wait for 2.4.1 - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6V5NZ/ZTSZFDeHPwRAhsSAKChbAfgMoUPmYZ8SswNIeCPueAF3wCghE8f 4odr41bokeK3mAuktf40S7M= =3vTS -END PGP SIGNATURE-
Re: upgrading the kernel to 2.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > it didn't help me! version in unstable(testing) is still 2.3.11 and 2.4 > kernels need at least 2.3.18 (from Changes). unstable != testing You need the modutils from unstable (sid). Keep in mind that that you can just plop the binary package in to a woody system - you'll need to compile your own .deb. I have a .deb of modutils 2.3.21 I've been using at http://tux.creighton.edu/~pbrutsch/modutils_2.3.21-1.1_i386.deb - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6U0S7/ZTSZFDeHPwRAhxDAJ96vAxDm7REOC121EckIMGb0ntUFACfU7ud cHC4KOFDvy26ccdqxib3SPE= =KnwP -END PGP SIGNATURE-
Re: Network config...why so many??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Hi all, I'm just curious. why are there so many files that apparently > hold the same information? I thought the network configuration were > kept in files hosts, hostname, gateways, route.something, and a few > others that I can't think of the names.. now there's this file called > interfaces? There are really only two or three files that you need to pay attention to. 1) /etc/hostname 2) /etc/hosts 3) /etc/network/interfaces /etc/hostname is the computer's name /etc/hosts is a local name database /etc/network/interfaces contains I've never needed to use /etc/gateways and I don't have any /etc/route.* files > how will I know which files to change and which ones not to change? Experience and asking people questions > I have been looking through many many books and docs and this is the > first time I've heard of the interfaces file. It's specific to Debian. Besides, most of those books are specific to RedHat. > why have all of the other files if everything can be configured in > this one interfaces file? But that would make it too easy :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6SLTk/ZTSZFDeHPwRAoqnAKCNoopwxjwziOaWsmNyV33jGaE4MgCffPUh AsB/ddOJ0zJpuc11P/7fodU= =9dOO -END PGP SIGNATURE-
Re: FreeBSD --> Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I've been using FreeBSD for a long time now and would > like to try out Debian. The install looks to be confusing. If you think it's confusing now you should have seen it when Debian 2.0 came out :) > I'd like to do a network install. I can't find a straight answer > in the docs... > Can anyone tell me can I install via FTP? You can't install Debian off FTP. You're "limited" to http and nfs. > Exactly which floppies will I need to get going? You need the rescue disk, root disk, and driver disks. After that everything can be retrieved off the network. Basically write the rescue, root, driver-1, driver-2, driver-3, driver-4 floppy images from http://tux.creighton.edu/debian/dists/potato/main/disks-i386/current/images-1.44/. And use those to install from. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6QGII/ZTSZFDeHPwRAhLSAKDUV7IEz7i7wT/3IKbWWSytYhwkrQCfXHF/ tA1J5X3rsaqdVBq39lUUWjk= =JxQE -END PGP SIGNATURE-
Re: exim-configuration--relaying mail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I have my two machines setup. One Debian server, one Debian > workstation. The server is called server.mynetwork.net and the > workstation is called ws.onmynetwork.net. I have pointed my email > client (balsa) on ws.onmynetwork.net at server.onmynetwork.net but for > some reason exim is not relaying the mail. I realize it's probably > something in my exim.conf but I can't seem to figure it out. Is this > controlled with the local_domains option? If so here's what mine > looks like: > > local_domains = localhost:server.onmynetwork.net > > Do I need to add ws.onmynetwork.net to that? No. You need to add ws.onmynetwork.net to "host_accept_relay". Even better: add your private network scheme to "host_accept_relay". Let's assume that you're using the 192.168.0 private network. Rather than adding every workstation to "host_accept_relay": host_accept_relay = localhost:192.168.0.1:192.168.0.2:192.168.0.3... add the entire private network using CIDR (network/netmask-length) notation, like this: host_accept_relay = localhost:192.168.0.0/24 Using network/netmask (ie 192.168.0.0/255.255.255.0) notation might also word: host_accept_relay = localhost:192.168.0.0/255.255.255.0 > If so, how do I do that? The reason I need to send it to exim on the > server is to rewrite the addresses. If you're using balsa address rewriting probably isn't needed. But, in any case, look for the section in exim.conf that starts like this: ## # REWRITE CONFIGURATION # ## Take a look at the sample exim.conf that has provided you with so much help in the past for some examples. However, I believe that address rewriting is only effective for locally generated addresses (ie for programs that run /usr/lib/sendmail to send outgoing email). At least, that's the case for Exim 3.13, the version distributed with Debian 2.2. Therefore, re-writing will have to be done on the local machine. There is another alternative: upgrade Exim. The version in woody (the latest-and-greatest, Exim 3.20) has the capabilities you seek, and compiles very nicely on a potato system, provided you have the needed -dev packages installed. If you desire it, I compiled Exim 3.20 for potato over the weeked for my own machines; I've put the .deb on the 'net under ftp://tux.creighton.edu/pub/pbrutsch/ (sorry, no apt-get'table archive yet). It has dependencies on the following packages: libc6 libdb2 libgdbmg1 libident libopenldap1 libpam0g libpcre2 libpgsql2 cron netbase libssl096 With the exception of needing to compile and install libssl from woody (very painless, btw: I put the .deb under ftp://tux.creighton.edu/pub/pbrutsch/), every one of those packages are the potato versions. The necessity for SSL is to support the STARTTLS extension many mail clients support. (The PostgreSQL client libraries and SSL libraries are not included in the woody binary, hence the 1.1 version number) > I realize I could set this up on the workstation but I plan on adding > another one soon and would like to just maintain one exim.conf. It's still possible: consider investigating a package called cfengine. It will allow you to keep a central copy of a exim.conf, and have that file automatically copied around on a regular (configurable) basis. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6QEPh/ZTSZFDeHPwRApgIAJ9lIUqQSVtBje+LCAlmCypaZBqSWgCfV5J8 qUHIl7Wrw6NWYgcZUbPI3io= =pmie -END PGP SIGNATURE-
Re: exim configuration--maildir-NFS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Great explanation. I asked the same question on my local LUG mailing list > and got a dissertation on the benefits/problems of NFS. Thank you very much. You're welcome :) > Does using IMAP (this is the potato package called imap) mean I won't have > the ability to have multiple folders? The reason I'm asking is I read the > following in /usr/share/doc/exim/README.Debian: Actually, you will have that ability. > The following is an example of what you can do with .forward files in exim; > you might find it useful. It matches any of the debian mailing lists and > saves mails from them in appropriate mailboxes: > > # Exim filter > if $h_x-mailing-list matches "^" > then seen save $home/Mail/debian/$1 endif > > I'm subscribed to several mailing lists and I'd like to keep them all > seperate if I could (using this filter). This appears to be a .forward > filter which works on maildir format. Is that a correct assumption? Actually, this example won't work on a maildir - it will put each mail in a single file. The filter is easier to read like this: # Exim filter if $h_x-mailing-list matches "^" then seen save $home/Mail/debian/$1 endif With this filter, all mail messages from debian-user will go into the folder $home/Mail/debian/user; all messages from debian-security-announce will go to $home/Mail/debian/security-announce, and so on. If you wanted to make that a maildir, the filter should look like this: # Exim filter if $h_x-mailing-list matches "^" then seen save $home/Maildir/debian/$1/ endif Or something like that. > Maybe a better question is this: > I'd like to be able to keep my mail on the server, filter and organize it > into manageable directories (i.e. keep my personal email seperate from the > lists), and access it from other workstations. What is the "best" way to do > this? You're doing fine so far :) > I'm not asking for "the" way just "a" way I can accomplish it with > minimal fuss. I want to keep my email and important documents on the > server as I do (destructive) testing on my workstation frequently, > which in turn needs to be documented. *One* of the ways to do this is to keep all your mail on a centralized server (it doesn't matter whether it's via IMAP or NFS), as well as your documentation, and maybe even your home directory. Which is precisely what you're doing now :) > P.S. I have already learned a great deal from this list and I'd like to > thank anyone who takes the time to answer these. Especially you Phil. Hey, no problem. That's what we try to be here for :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6PVla/ZTSZFDeHPwRAtHZAJ4iRHtzZC1LHPjOTQSDYjmNodPMDQCgqTKG W9Jf61uC1T3c9I+jSGv5srY= =Ibke -END PGP SIGNATURE-
Re: exim (probably broken thread)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > On Sat, Dec 16, 2000 at 04:02:04PM +0100, Carel Fellinger wrote: > > > > okee, this probably means that your /etc/inetd.conf got hoosed, > > unless you are running exim in daemon mode. > > Somewhere you need to find lines like: > > > > Hi, > I didn't know taht one could run exim in naything but daemon mode? How > can I set it upotherwise and have it work with fetchmail? exim can be configured to run from inetd - I have the commented-out line smtpstream tcp nowait mail/usr/sbin/exim exim -bs in /etc/inetd.conf. fetchmail can be told to deliver mail by calling an external program (ie /usr/sbin/exim with the appropriate command-line parameters) rather than try to connect to an SMTP server. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6PPy9/ZTSZFDeHPwRArMTAJ4nLZNoSbYsgBbrD3GP2hfIRsB89ACdHNx1 12laQUuJ+b5o4x/ta8XfPmA= =4lx3 -END PGP SIGNATURE-
Re: exim configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I noticed my exim.conf is different than yours. Specifically, after the > received_header_text part you have: > > sender_verify = true > receiver_verify = true I find that a lot of spam comes through with faked domains - this also guarantees that I won't get an email that I can't respond to because the mail domain doesn't exist. > local_interfaces = 127.0.0.1 This tells exim to bind *only* to 127.0.0.1 (localhost) - any connect attempts to any other IP address will be futile since there's nothing there to connect to. This one and the *_verify lines are purely optional and having them set or not really shouldn't affect how exim works. > end signifies the end of a section > What is the purpose of those options? > > I also noticed you used the maildir format. What is the most desirable > format to use with IMAP? The most desireable format for use with IMAP depends entirely on your situation - I used maildir because I do a lot of stuff over NFS at home, and maildir is a good mailbox format to use over NFS. You can get by perfectly well without maildir - I did for 2 years on tux.creighton.edu before I switched that to maildir. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6PPs//ZTSZFDeHPwRArfmAKCzWT69w61laRQWDLgzoe+eNa7/XQCgi/vM ZeGP5Uv3gbVtTCX8MNTttyU= =UNO8 -END PGP SIGNATURE-
Re: exim configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I'm trying to setup a server on my home network and I need some advice > on how to setup exim. Sample config: http://tux.creighton.edu/~pbrutsch/exim.conf > Here's my network config: > One Debian server, one debian workstation, fiance's winbox. I use a > 56k modem to connect to the internet. (Currently only 3 users, root, > me, and fiance) s/56k modem/cable modem/ and you'll have a lot of people's home setups. > I'm trying to keep all my mail on the server (I do a lot of testing > with my workstation and reinstall quite often, and no, putting my mail > on the winbox is not an option.) > > Here's my plan in plain english: > 1. Logon to the internet. If you want to do it manually do it with masqdialer ("apt-get install masqdialer") and go to http://cpwright.villagenet.com/mserver/ for Wintel, Mac, and X11 clients. If you want it done automagically investigate diald. > 2. *Automatically* grab email from 2 different ISPs and put on local > Debian server. Put the script to run fetchmail under /etc/ppp/ip-up.d. More info is needed on how these 2 ISPs relate to users on the Debian server, though. > 3. Access email on local Debian server from Debian workstation and > winbox. > 4. *Leave* email on Debian server, do not transport to workstations. Configure workstations for IMAP. Which imap server you use depends on the mailbox format you choose. Depending on the mail client and mailbox format you use on the Debian workstation you may be able to get by with NFS between workstation and server (ie mutt + maildir). But IMAP is a good blanket statement :) > 5. Send email using smtp. You'd do best to use you're ISPs SMTP server as a smarthost. See the sample config file. If you mean "send queued email using smtp" there's already a /etc/ppp/ip-up.d/exim (at least on my computer) that does that. Check the spec (I have slightly out-of-date HTML documentation at http://tux.creighton.edu/doc/exim/manual.html/) and the listserv archives at http://www.exim.org for info on delaying delivery. > 6. Rewrite all local network addresses to reflect ISP email addresses. See the sample exim.conf. > 7. Log off of internet. masqdialer can hang up for you when you're done. I'd imagine diald will hang up automatically after a period of inactivity. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6O/NI/ZTSZFDeHPwRAkRqAJwK8EmN0e5HrHJKBUdZ/fDUYWSiVgCgl+oA neSK5AjJYUCFncMYZsamqJw= =BJKM -END PGP SIGNATURE-
Re: Exim, RBL/ORBS, fetchmail and POP3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Are you absolutely sure? I ask because the fetchmail man page makes it > sound like it can do just that. Pretty sure - exim (at least on my computer) gets mail from fetchmail via 127.0.0.1. Considering that's where exim considers 127.0.0.1 to be the source of the spam I don't think it'll work to blackhole 127.0.0.1 :) I'm trying to say that the spam detection wouldn't happen at the point where exim gets the mail from fetchmail but rather during the stage where exim would be processing the email in .forward - hence someone else's suggestion to use procmail. > > Obviously the answer (to me, at least :) is to detect if the mail message > > was delivered to your ISP via an open relay. > > Yes, Exim has rbl functionality. But of course. I use it on servers (like tux.creighton.edu) directly connected to the internet. But exim's rbl functionality is useless when the messages are coming from 127.0.0.1. > OK. Some excerpts from man fetchmail: > > >-Z nnn, --antispam nnn[,nnn[,nnn...]] > > (Keyword: antispam) Specifies the list of numeric > > SMTP errors that are to be interpreted as a spam- > > > > block response from the listener. A value of -1 > > disables this option. For the command-line option, > > the list values should be comma-separated. Interesting; hadn't thought of that route. How to you propose that exim detect the spam? Yes, exim can give fetchmail a delivery failure response code, but you need need to get exim to figure out the IP of the mail server that had it two (or more - I have 4) hops ago. Last I checked exim isn't in the business of parsing people's email messages, just delivering/transferring them. [snip] > > If you search freshmeat.net I think you'll find one program that does so > > (I don't recall what it's called), but I havent' yet found a way to make > > it work nicely with exim's filtering language, which I rely on to filter > > my email. Actually, I found the program I'm looking for - rblfilter. I put it up at http://tux.creighton.edu/~pbrutsch/rblfilter.tgz. > This fetchmail/MTA/RBL thing seems so natural to me that I can't believe > it hasn't been done, or is being done for POP3 users. Yes, it does seem natural. But you run into the following problem: how does the MTA determine what's spam and what isn't? A neural-net heuristic examining the text of the message? (seriously. someone wrote one, but it depends on java which shrinks my interest quite a bit...) That's why someone else suggested procmail... it can put suspected spams into their own folder, or delete them, etc. Upon taking my own jaunt through the fetchmail manpage fetchmail can call external programs (ie procmail, maildrop, /usr/lib/sendmail, etc) to do mail delivery. Combining fetchmail++rblfilter (and leaving exim out of the equation) will probably do what you want. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Oa9C/ZTSZFDeHPwRAipcAJ4j827P3Q5HgeCutcLpK2GDBaUmIQCfUez0 NNOHAD0+IAZLv/woJQHvzk8= =HdPX -END PGP SIGNATURE-
Re: Exim, RBL/ORBS, fetchmail and POP3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > BTW, is it possible to use Exim's RBL/ORBS blackholing with fetchmail > _and_ POP3? exim's blackholing only works if the messages are delivered direct to your computer and not via fetchmail. Obviously the answer (to me, at least :) is to detect if the mail message was delivered to your ISP via an open relay. If you search freshmeat.net I think you'll find one program that does so (I don't recall what it's called), but I havent' yet found a way to make it work nicely with exim's filtering language, which I rely on to filter my email. If you find a way to make it work I'd sure like to know :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6OYC5/ZTSZFDeHPwRAnjlAJ9TA6Ddu1klJJBnEvXT/+SKOUKIeQCfQ2sU G+SQcdzZy2zKFEqnsPd/mpk= =hAp3 -END PGP SIGNATURE-
Re: IP problems with 2.4.0-test12
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Hi, > I'm using 2.4.0-test12-pre7 (compiled it on my own, not through a > .deb) and I've encountered a very strange problem. There are certain > websites that my system now refuses to connect to. I know that these > sites are up because other systems can connect to them. And I can > even ping these same sites from my machine! However, HTTP connections > seem to go nowhere. Examples of these are: > > www.compubank.com > bank.netbank.com (but www.netbank.com works!) > www.exchangepath.com > www.zanybrainy.com > www.barnesandnoble.com > counters.honesty.com Your getting bit by ECN (explicit congestion notification). The sites in question have broken firewalls that are blocking valid (but little used until now) optional TCP flags. Do "sysctl -w net.ipv4.tcp_ecn=0" as root and see what you get. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6NYK1/ZTSZFDeHPwRAk3XAJ4rTdNXURF2fwcQmSDS5wQx8iDIDACggqGl nOj03yeTj+VzwG4dPBlYJDs= =MmDF -END PGP SIGNATURE-
RE: exim (II)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Gregory, > thank you very much for your comment. Below is the first part of my > exim.conf file. Could you take a look to it please? is it OK? After Tim's > comment I realized that my ISP username and the name of my account > (localhost?) in my system are the same. Could be this a problem? Please > note that "centroin.com.br" is my ISP. (I think I missed the real meaning > of the word localhost) > Thanks in advance for your help and time!! :) > > Regards > Marcelo > > > qualify_domain = centroin.com.br This looks ok > # qualify_recipient = > local_domains = localhost:centroin.com.br This should be: local_domains = localhost Otherwise a mail from to to an address at your ISP (ie [EMAIL PROTECTED]) will go to your computer. > local_domains_include_host = true > local_domains_include_host_literals = true > #relay_domains = > #relay_domains_include_local_mx = true > never_users = root > host_lookup = * > # headers_check_syntax > #rbl_domains = rbl.maps.vix.com > #rbl_reject_recipients = false > #rbl_warn_header = true > host_accept_relay = localhost > # percent_hack_domains=* > trusted_users = mail > smtp_verify = false > gecos_pattern = ^([^,:]*) > gecos_name = $1 > smtp_accept_queue_per_connection = 100 > freeze_tell_mailmaster = true Everything else looks ok. I put the exim.conf I use at home at http://tux.creighton.edu/~pbrutsch/exim.conf. I'm on a cable modem at home, but that's an irrevelant detail since I'm still using POP3 to get the messages for exim to deliver. Note, however, that exim doesn't speak POP3. I use fetchmail (a POP3 client) to download the messages. I put an example config file at http://tux.creighton.edu/~pbrutsch/fetchmailrc. When fetchmail downloads the message, it will connect to port 25 on localhost, and deliver all messages it gets to [EMAIL PROTECTED] In the example config file, be sure to replace local.user.name with your login ID on your Linux box. Also note that it's not a good idea to deliver direct from your dialup line - many people (including me) reject such messages. You should set exim to send outgoing email via a "smarthost" - I have an example in the exim config file I pointed you to. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6NVNb/ZTSZFDeHPwRAqg9AJ90maTgKmA5tU6KRb3kKx4kthARywCgicJ/ Q9WXOKk04FuE0hQg9viV6+s= =IWu6 -END PGP SIGNATURE-
Re: WinModem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Is there any possibility to configure Debian to work with "WinModem" (any > drivers?) If it's a Lucent winmodem, check the information at http://www.linmodems.org. Note that to get an internet connection working with this driver and the Debian-supplied kernel, you'll need to patch and recompile your kernel. Check the list archives for more information. If it's not a Lucent winmodem, you're out of luck. Go get yourself a real one. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6NAZP/ZTSZFDeHPwRAmOzAJ4pU8TTwdKBd0CyOhOefAJlpWZtpgCgz9zL mtB0UrRK3uJRTwcYNK0+gQQ= =1LX+ -END PGP SIGNATURE-
Re: Q: Using apt-get upgrade-Any way to get list first?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Using apt-get upgrade on my http line I get 44 packages and 23MB, now > ona 56k It I'll be here until Xmas, so is therea way of seeig what it > wants to upgarde and can I then just specify that package? A couple ways of doing that: * apt-get -u upgrade will tell you what it will basically do * running "apt-get -d -y -u upgrade" overnight should do a download-only upgrade - the packages won't be installed until you do "apt-get upgrade" - this is what I did until I got a cable modem. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6MoBg/ZTSZFDeHPwRAr15AJ9YNrGzmi1RNBCmvV4cXljLzFXWHgCbBJXf FLk9DctElEBz+vjupC7ruzo= =5lUT -END PGP SIGNATURE-
Re: This list is rudderless, damn it, damn it, damn it
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Henrique M Holschuh wrote: > > > .forward somewhere else? That would mean you're not even subscribed to this > > list (someone else whom dislikes you is automatically forwarding crap to > > your account). Check the Received: readers. > > sounds like a good idea ..hmm just need to setup an alias in > sendmail > let me count the mail servers i can do this on!! > > :) Hey now. Don't even *start* giving people ideas! By the time Mr Kroger gets this straightened out, he'll have a couple thousand messages a day, at this rate. :) - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6MduS/ZTSZFDeHPwRAjb+AJ9APAJogltWkaeGSDMtmp87g1/GPQCgrTy8 BCopOZuovFZHRrSenFvgV80= =sPkU -END PGP SIGNATURE-
Re: vnc problem: unable to connect to vnc server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Thank you Phil, that was it!. Now, one more question, how do I make the > connection "through an ssh tunnel" (I can make a "terminal" ssh connection - > via putty - I just don't know how to use ssh to connect to the vnc > server). Thanks again If you're going to use putty to ssh to the Linux box I think you're out of luck - putty doesn't know how to do TCP forwarding (needed for X11 forwarding), and the author isn't planning on implementing that functionality (according to the author's wishlist web page at http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist.html). SecureCRT 3.x *does* do TCP forwarding, however, but it's payware. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6MSul/ZTSZFDeHPwRAtH5AKCLjBJ+LsPepcQttk+NU9tvlmfSQACg0DnB TafDIcHQhV5yop0OMIoPnTw= =qAfg -END PGP SIGNATURE-
Re: vnc problem: unable to connect to vnc server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I am trying, unsuccessfully, to make a VNC connection from Windows98 (office > of > my client) to my woody machine. Perhaps I am misunderstanding something about > the usage of VNC, and if anyone could help, I would really appreciate it. > > I start the vncserver by > $ vncserver :4, > then check for my password in ~/.vnc/passwd. I discover it to be > \111A\222\333P\444L\555, > > I then launch vncviewer from the windows machine, and am prompted for the > address I wish to establish a connection to, I type in "my dynamic ip > address:4", and I am then prompted for "session password", and type > \111A\222\333P\444L\555, > and I get a notification: VNC authentication failed! The text you see in ~/.vnc/passwd is the encrypted form of the password you assigned the connection - something is very wrong if you can enter the encrypted password and gain access to the X11 session. Try running vncpasswd to re-assign your password. [snip] > 08/12/00 10:42:15 rfbAuthProcessClientMessage: authentication failed from > 205.xxx.xx.xxx Umm... wrong password? [snip] > Any thoughts will be much appreciated. Also, one trivial question, what is the > easiest way for me to determine my ip address. Currently, I check the ppp log > which identifies the address of the local and remote machines when a connetion > is established. This involves "su"ing, opening and scanning the log, looking > for a smarter way. Sorry for the dumb question. Several ways: * /sbin/ifconfig ppp0 * add yourself to the adm group so that you can read many of the files under /var/log with impunity - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6MRhX/ZTSZFDeHPwRAmgbAJ0V1r6yThJz9CxiL1KYDOqOTY7+bQCcCf/i 73KksTPW8GNJefC4vrrlPP4= =d48f -END PGP SIGNATURE-
Re: ot: best filesystem for small files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > i am going to be building 3 new mail servers using cyrus imap on debian > 2.2 and linux 2.2. looks like cyrus stores each mail in a file which > means the filesystem will have tens, or even hundreds of thousands of > really small files. > > so, what is the best filesystem for something like this? or should i > just tune ext2 to do the job. reiserfs has been known to slaughter ext2 in this situation > features beyond decent performance(same level as ext2 i hope) and > being able to effectivly handle these files while running in software > raid 1 are the most important. Except that the reiserfs patches wreak havoc on Ingo Molnar's raid patches (which are IMO needed to get any decent software raid setup working), or they did the last time I tried them together (during the summer). All that is moot if you use a hardware raid controller. > journalling, and whatever other fancy shit is a nice plus but near the > bottom of the list. IMO the journaling capabilities of reiserfs are one of the biggest reasons people use it :) > i took a look at reiserfs's homepage but found little or no > information that i found useful. specifically i'm lookin for a webpage > or document that says something along the lines of "Why use XXX > filesystem? because ..." or a site comparing filesystems, or an idea > on what filesystem may be best. I don't think there's been one available for 5-6 years (when ext2 won out over xiafs and ext in the heards and minds of developers and users). > i should note that i am not able/willing to upgrade to woody, and the > same goes for linux 2.4. woody isn't necessary don't be so quick to rule out 2.4, though - test11 is working *really* well for me in production environments (once I do stuff like "echo 0 > /proc/sys/net/ipv4/tcp_ecn" :) > if it comes down to the wire i will just use ext2 and deal with > whatever issues may comeup. i plan to have /var/spool/cyrus on it's > own partition which may have the different filesystem, all other > partitions will be ext2. ext2 will serve you fine. Just be patient if you ever need to fsck the filesystem. I have >1 messages in ~/Maildir (qmail's maildir format is very similar to the mail folder format of cyrus, from what I hear) here on my workstation, and the only performance problem I have is the fact that it's on a 5400 RPM narrow Ultra-SCSI HD. If you get *fast* drives (ie 10k or 15k RPM SCSI) you shouldn't have any trouble. BTW in such situations I find it's worthwhile to have a fair amount of memory in the mail server - it helps performance *a lot* when you can cache most (or all) of the mail boxes on the mail server in RAM. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6MHeQ/ZTSZFDeHPwRAguDAKDaBH6dlfdJoYw/sbQ8lRu5SkwL3ACfZxZv 9VvN3v/VKH8k2Zv7Yla5+bM= =004f -END PGP SIGNATURE-
Re: setting up dns
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I have managed to get named running, but there is no /vary/named dir. Debian keeps the zone files under /var/cache/bind The named config file is /etc/bind/named.conf > Can someone help me start building the zone files etc, or run through > what I need to do. I've got the template zone file that I use at work at http://tux.creighton.edu/~pbrutsch/TEMPLATE. The named.conf entry for the zone looks something like this: zone "domainname" { type master; file "zone-file-name"; }; - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6L8ie/ZTSZFDeHPwRAo2DAKCy9w42kAWR+qmN8d8p//5xlPFpiACeIb7B VHf7q4HQ9cg6FfNwrrgcrpk= =AGNJ -END PGP SIGNATURE-
Re: Exim questions..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Greetings, > > I have a pototo(2.2) debian system on which I'm trying out exim_3-12-10 > as the Mail Transport Agent. > > Questions/Problems: > > 1. How do I delete a frozen email messages from the queue. ( I have >several test messages which are sitting there when I was trying out >/etc/aliases.) exim -Mrm ... You need to do that as root, though > 2. eximstats, exiqsumm seem to hang indefinitely. Why would this be? They're waiting for input. Try using them like this: cat /var/log/exim/mainlog | eximstats or mailq | exiqsumm > Other than these things, I'm quite happy with exim, particularly from > somone who has read the Bat book, but still needed to have it open > when configuring sendmail. I find that the exim equivalent of "the Bat book" (installed on Debian systems as /usr/share/doc/exim/spec.txt.gz) is one hell of a lot more helpful :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6LvjB/ZTSZFDeHPwRApt3AJ9VZxXdrwDOAM/bSu0L5vhaLISJlgCgvdyf 1iW48Gx/rtWFHDrByeUbFSU= =CYyU -END PGP SIGNATURE-
Re: Number of processors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Nope. We have to use some "C" or "C++" system/function call. Our > programmers don't want to depend on the /proc file system being > available. If you're looking for an OS independant way of doing such things (ie the same between Linux, *BSD, Windows, BeOS, Solaris, etc) the interfaces don't exist. On Linux the method for userspace to know about the hardware is to use the files under /proc. That's what they're there for. BTW most system utilities require access to /proc anyway, making a Linux system without /proc a pain in the butt to administer. IMO you have no choice but to rely on it. Hope you don't need to rely on the processor features enumerated in /proc/cpuinfo - it is not consistent for all architectures Linux supports :( - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6LVh2/ZTSZFDeHPwRAsVdAKDhIY/B95acLSzy+NT/MoEmuDrxQQCgyens h4tsm1+bNtT5c2VzLAwpPd8= =fDby -END PGP SIGNATURE-
Re: samba 2.0.7 vs. 2.0.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Shouldn?t samba 2.0.7 depend on a kernel >= 2.2 then? This seems like a > bug to me (I ran into the same problem but have put samba on hold since > then). IMO that would break when you don't havea 2.2 kernel package installed and do everything the old fasioned way :) But you really should ask the samba package maintainer that question. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6LSRS/ZTSZFDeHPwRAkI7AKDbVijlopsl7O+IM9UlUT1Yh4PG3gCg4YUa LD9wR8uoCxo7ovaI4t6e8Wo= =DS2M -END PGP SIGNATURE-
Re: Boot Module Error Message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I just did a fresh install of Debian 2.2 When I boot the system I get > the following error: It's a non-fatal warning that can safely be ignored > insmod: /lib/modules/2.2.17/misc/unix.o: cannot create > /var/log/ksymoops/20001201182539.ksyms Read-only file system > > Any one know what this is about? It's long and complex... > > How to fix or remove. Compile a custom modutils package that has the printf statement commented out. I have one such package at http://tux.creighton.edu/~pbrutsch/modutils_2.3.21-1.1_i386.deb > What is "unix.o" module? Is it needed? unix.o implements unix domain sockets on a Linux system. There isn't much that will work without it. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6LEXS/ZTSZFDeHPwRAk3HAJ93umRDRT2/O+BGt0osk41lDRKSHwCg35TO leXWamWhZRI5IisZsgTBwws= =uWaN -END PGP SIGNATURE-
Re: samba 2.0.7 vs. 2.0.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I thought I saw some sort of posting here or elsewhere that mentioned > that 2.0.7 works with kernels 2.2.x but not 2.0.x (mine) ? If you're trying to use the distributed samba 2.0.7 on a 2.0.x kernel it won't work - you'll need to recompile samba or upgrade the kernel to 2.2.x. > Does this sound about right, or is there something wrong with my > smb.conf? Also, is there any particular compelling reason to upgrade > to 2.0.7 as 2.0.5 seems to work pretty well for us? If 2.0.5 works I would say stick with it. You only really need 2.0.7 if you have any Win2k machines that need to connect to the samba server. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6LCDi/ZTSZFDeHPwRAun2AJ43cTqMYuavshxuNrJpktYKQ9axLwCgt7vK lHIuaSwyXZGuWZPc2GF5sgI= =bJ64 -END PGP SIGNATURE-
Re: fetchmail not communicating with exim.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I'm working on it. Just recompiled my kernel the other day to support > firewalling but haven't had time to work on the iptables and other > configuration issues. I find it easier to configure exim to listen only on 127.0.0.1 (with the "local_interfaces" setting) - it's all fetchmail needs - than fudge with firewalling. Much cleaner that way, I think. But that's just me :) > @home is way too broad in their description of "server". I understand > that their intent is to limit bandwidth since it is a shared resource > but their one-size-fits-all policy is ridiculous. Tell me about it. Why doesn't anyone consider special cases like hobbyists any more? I would willingly pay a small premium to be able to run "servers" as a private person. > They would not go for it. They were especially not helpful after I, point > blank, told them that their policy only served to conserve bandwidth for > use by teenagers pirating software, stolen music and porn. Hmmm...maybe > I shouldn't have told them that, huh? :) :) Back to your problem with fetchmail: would it help to see a working config? My exim.conf is at http://tux.creighton.edu/~pbrutsch/exim.conf This is my .fetchmailrc: set postmaster "phil" poll with proto POP3 user "" there with password "" is phil here I put a fetchmail entry in my crontab to check my email every 5 mins. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6HcVC/ZTSZFDeHPwRAvdLAKCHJY6EVB5XjkLjVAKSNUbkWiqO1QCgjae5 ArRjLmmnyoCaYBnPXn3EZZw= =Sj40 -END PGP SIGNATURE-
Re: 2.4 kernel on potato, what userland needs updating
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > hi, > > I am needing to put a 2.4-test kernel on a potato box, is anyone else > doing this as well? I've got a variety of 2.4.0-test{10|11pre6|11} kernels on largely stock potato systems. > is there any gotchas? You need the modutils from woody - the layout of /lib/modules/ changed as of 2.4.0-test6. The woody sources compile fine on potato. Oh and some drivers have been renamed - rtl8139 is now 8139too, etc. > looking at the Documentation/Changes file it seems to suggest using > glibc 2.2 is this required? No it's not required Documentation/Changes is better looked as a "guideline" as to what you whould be running - often you won't have any trouble running with slightly old packages; ie e2fsprogs 1.18 vs e2fsprogs 1.19. Just keep in mind that if you have trouble with a certain feature and you are using the older userland programs the kernel developers will tell you to upgrade. > and if so is there any gotchas installing glibc from woody on potato? Um... somehow I think you would be better off switching to woody :) - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6HUNn/ZTSZFDeHPwRAjtUAKCYT/6V/eU1cJSm4EeqJPs3iau1PACglljd PHWmV0KFLOfETbpVxMHxc6Y= =AD9g -END PGP SIGNATURE-
Re: file large than 2 GB ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Does anybody how to maintain a file large than 2 GB ? Depending on your hardware, the kernel revision, and how the system library was compiled, it may or may not be possible. We need more details. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GqII/ZTSZFDeHPwRAt4UAJ95fpsgdd2x4CCblQpN7kZ4U9XjnwCgqzkY 8x1ifnNUfRgghWPQ0gAGnO4= =wugj -END PGP SIGNATURE-
Re: 10/100 LAN card
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Curious question for you all. What's the best 10/100 LAN card for > Linux. Currently, I'm using a tulip (Netgear something or another). I've had nothing but good luck with tulip cards, and all are well supported. Personally, I wouldn't switch :) I've had good experiences with RTL-8139 based cards, but quite a few people will disagree with me, on debian-user and otherwise :) 3com's 3c905, 3c905b, 3c905c cards work well. I've heard that Intel's EtherExpress PRO/100 (the eepro100 driver) work well, too. > I would like it to have good linux support and have fast transfer > rates and be stable and all that good stuff. Perferably nothing over > $150. The only thing I can think of > $150 US is a 4-port ethernet card :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GfTr/ZTSZFDeHPwRAildAKCY6uWhY5kF/f/j3y7bW5wc7KMTzwCcCWxw ttTFZdX27MYFH0h//jB2K7Q= =VM88 -END PGP SIGNATURE-
Re: exim masquerading problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Ok, another question: Can you still send mail to users at fury.brutsche.com? yes > I > originally had > local_domains = localhost:linux.wku.edu > but, I couldn't send mail to other users at linux.wku.edu, it would just try > to > deliver the mail locally. I removed linux.wku.edu from local_domains and I > could then it would work, but as the admin of linux.wku.edu let me know later, > mail from debconf and a cron error went to him instead me. I made that mistake once - qualify_domain was: qualify_domain = creighton.edu rather than qualify_domain = localhost and thus messages meant for me ([EMAIL PROTECTED]) went to [EMAIL PROTECTED] > I didn't noticed the /etc/email-addresses file before so I added: > rvf: [EMAIL PROTECTED] > > Would that help at all? Exactly what I have. > Other than the local_domains var, my config file is pretty much the same as > yours. Beyond qualify_domain and local_domains, I can't think of anything that would cause this. Are you able to post your exim.conf? - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GMIV/ZTSZFDeHPwRAhnqAKCnnqD5s0/eKlOk5RUytnT79U9/pwCghUWR aeca0XQQJxYBwAYqoLtNr4Q= =Vt6H -END PGP SIGNATURE-
Re: exim masquerading problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I somehow lost the last message in this thread, but to whomever mentioned if > looking at a perfect config file would help: Yes, that would be great, if > you're using a similar smarthost configuration. It's at http://tux.creighton.edu/~pbrutsch/exim.conf (it's for a different computer than tux, btw) A couple notes: * I'm set up for Maildir * I fake the domain "brutsche.com" behind my firewall * I use a smarthost (eventually :) to deliver messages via my ISP rather than directly * I also use email address rewriting in exim to make sure everything comes out ok - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GLJH/ZTSZFDeHPwRAtVmAJ4rniMFQk8A0Jj2jXJm4F4QfFmo5QCfUa83 gmTrTMa2a9vM02aGId26s5M= =rNRR -END PGP SIGNATURE-
Re: exim masquerading problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > That's what I was doing and it worked fine, except that debconf was sending > mail to [EMAIL PROTECTED], which most definitely isn't me. I would like to > know a way to stop that without having to stop exim from doing that for me, > since I've yet to find a way to set the from address in mutt. In that case it's probably something simple like qualify_domain being set to something weird. Would it help to look at other config that works perfect? - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GJRp/ZTSZFDeHPwRAi9JAJ9yNRCjlGGoRpkXNbyjwcZ35slrJwCeKJFi Ed15kDDQFpY/3Lldu+v2+Xg= =wwci -END PGP SIGNATURE-
Re: exim masquerading problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I'm on a dialup, so I really have no domain to speak of (if that is what you > mean). 'localhost' usually suffices. > At installation, I had set up exim to masquerade as linux.wku.edu and > use a smarthost (mail.mindspring.com) to actually send mail. How would > I tell mutt to use [EMAIL PROTECTED] as my from address? That I don't know - I don't use mutt. > I would assume that if I could just set it through mutt, then > masquerading in exim would be pointless wouldn't it? If you're unable to set the correct email address in mutt, it's very simple to get exim on your local machine to re-write references to [EMAIL PROTECTED] (or whatever your login name is) in the email headers to be [EMAIL PROTECTED] - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GF84/ZTSZFDeHPwRAkYxAJ9LszSRTdL/Fuu7O/ytgLG6SHx29wCgkQh3 oRGDttmxJoq8BrrKn4RMXUA= =DY8Q -END PGP SIGNATURE-
Re: Exim - mail delivery on a LAN
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > No, you've just not yet realized it. 8^) Read > /usr/share/doc/exim/spec.txt.gz and skip to section 29 on the > lookuphost router. One of the options there is called 'gethostbyname' > and causes exim to use the gethostbyname() function instead of relying > on DNS (of course, gethostbyname can use DNS, in addition to > /etc/hosts, LDAP, NIS, whatever). Doh! You're right - I didn't look very closely at the spec ;) > There is one major problem with using this option, though: using > gethostbyname prevents MX records from being used as that library > function doesn't handle any MX stuff. That isn't a good thing at all. No, it's not. But it is simpler for those who don't want to be bothered to implement DNS for everything to work right. > There is a way to handle this, and to use gethostbyname only for mail > matching a specific domain. I don't know off hand how to do this, > though, and I don't have the time to read through spec.txt in as much > detail as I need. I do believe, however, that it would result in a much > cleaner and easier to maintain exim.conf than the solution you're using > now. It would probably involve LDAP or MySQL (or some other database type) to match which host handles which domain name in a virtual-hosting- type setup. Hrm - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6FDXU/ZTSZFDeHPwRAuM6AJ9I5GOZcu7qB5Xe444p2F+C5b6ISgCg4Lv8 wwFHnZ69jDyhDkwZow9xjEU= =jb/3 -END PGP SIGNATURE-
Re: Exim - mail delivery on a LAN
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > What I can't figure out is how to configure Exim to send mail from one > machine to the other on the LAN. And I suspect there is some basic > fundamental of email/networking that I don't understand that is blocking > the way. > > My home network setup is very simple: > - I call the network 'home' (192.168.1.0) > - each host obviously has it's own hostname > - so I have newdebian.home and olddebian.home > - and those names/addresses are in /etc/hosts on each machine > - I don't run a local name server - I use my IPS's name servers > - and those IP addresses are in /etc/resolv.conf. > - other services such as telnet, ftp, ping work fine using hostnames > > But I can't get email to work between the two hosts. When I try, Exim > just returns it to the same machine, with this message included: > > A message that you sent could not be delivered to one or more of its > recipients. The following address(es) failed: > > [EMAIL PROTECTED]: > unrouteable mail domain "newdebian.home" You need to get exim to know about the "newdebian.home" name. > The problem based on the error message, is that Exim doesn't know about > *.home hostnames. My question is: How do I get it to know about them? You need to run a private DNS server on one of your Linux systems. Both of your Linux systems needs to use your private DNS server for *all* name lookups. As me or on the mailing list if you need help setting that up. When delivering email, SMTP systems tend to use what's called the "MX record" for a certain DNS name (whether it's tux.creighton.edu or creighton.edu) to know what host should be handling that email. I have yet to find a SMTP agent that can use just the straight /etc/hosts file. > I have run eximconfig on both machines, choosing option #1 which is > "Internet machine". That sets up 2 default router entries in > /etc/exim.config as shown at the end of this post. I understand that for > non-local mail, a router has to be configured in /etc/exim.conf, which > then hands it off to a transport, which I assume would be "remote-smtp". > Or no? Close. This is what I do to my exim config at home to make this work (obviously the values you use will be different): 1) set "local_domains" to be the domains you want to route. I have "local_domains = /etc/exim/local-domains"; /etc/exim/local-domains is a file that contains: localhost kaitain.brutsche.com brutsche.com druid.obix.com kaitain.obix.com giedi.obix.com arrakis.obix.com fury.obix.com aeryn.obix.com 2) create transport definitions to define how to get mail to the destination. I have in the Transports configuration: druid_smtp: driver = smtp hosts = druid.brutsche.com giedi_smtp: driver = smtp hosts = giedi.brutsche.com arrakis_smtp: driver = smtp hosts = arrakis.brutsche.com fury_smtp: driver = smtp hosts = fury.brutsche.com aeryn_smtp: driver = smtp hosts = aeryn.brutsche.com 3) create directors to do the actual routing. I have in the Directors configuration: druid: driver = smartuser transport = druid_smtp domains = druid.obix.com no_more giedi: driver = smartuser transport = giedi_smtp domains = giedi.obix.com no_more arrakis: driver = smartuser transport = arrakis_smtp domains = arrakis.obix.com no_more fury: driver = smartuser transport = fury_smtp domains = fury.obix.com no_more aeryn: driver = smartuser transport = aeryn_smtp domains = aeryn.obix.com no_more > I've been going through the Exim documentation, but it sorely lacks for > some SFE (Simple F**king Examples) for those of us with simple needs. Tell me about it... It took me a week or two to figure out how to do just this much :) > Any pointers in the right direction would be much appreciated, as would > anyone who can straighten out any misunderstanding(s) I have that are > obvious from reading this post . Thanks. What I typed out above should be incredibly helpful :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6FCtV/ZTSZFDeHPwRAoEWAJwOnY4OHiCGqv2Fb4ATJLTQqPjyLgCg1n+l h8LRjprS0ZjfI1vbBf1Cf54= =EdrT -END PGP SIGNATURE-
Re: Need hardware recommendations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > (1) Motherboard > > I intend to get a P-III CPU (probably 800EB). One store from where I got > a quote recommended the ASUS CUSL2 i815e mobo. My current system has a > BX-based ABIT BH6 which has served me well. Anyone care to comment on > ASUS boards (I have almost always heard good things about them) ? > Recommendations/opinions/experiences for other boards (Tyan, Soyo) > including current ABIT offerings ? I would avoid Soyo like the plague. I can't think about their Socket 7 boards without running in horror... I've had good experiences with Abit, Asus, and Tyan. I would also consider getting an Athlon Thunderbird - they're cheaper than a PII with a higher clock speed, and are faster as well. > BTW, I don't plan to overclock this system. Smart boy :) > (2) SCSI > > I intend to have a SCSI hard drive for this system, and maybe later a > SCSI CD-Burner (see below). In a recent thread on this list, I heard > someone mention the Adaptec Ultra160-based 29160N card. > > Which is newer: an UltraWide2-based card, or an Ultra160-based card ? The Ultra160 is newer and quite a bit faster. Fortunately highly backwards-compatible :) Ultra160 == Ultra3 Wide SCSI. > I am not sure about which HD to consider. I need a SCSI HD >= 10 Gb. Seagate drives are good. > I haven't ever had a system with SCSI components, so is there anything > else I should know ? I'd prefer to stick with the latest SCSI > technology. The termination on Ultra-, Ultra2-, and Ultra160- Wide devices can get tricky. > (3) Printer > > I am considering the HP 1100 laser printer. But have heard good things > about Lexmark printers (Optra 310/E310/E312). I am looking for a laser > printer that is capable of 600dpi (at least), and is easy to setup under > Linux (of course!). It would be nice to get a printer that is supported > under both Linux and FreeBSD, as I do intend to run FreeBSD on this > machine from time to time. > > One odd thing I noticed about the HP 1100's specs on HP's site is that > Windows 2000 is not listed under the supported OSes. Is this true ? I > need a printer that works under Windows 2000 in addition to Linux. Just cause it doesn't say it's supported under Win2k doesn't mean it won't work :) IIRC the HP 1100 is the replacement for the 6L; both work fine with the generic lj4l driver in ghostscript. I've used the LaserJet 5L PCL driver with a 1100 with good results under NT4. > (4) Network Card > > I need a good 10/100 PCI card. How well are DLINK cards (e.g. DLINK > 10/100 RTL) supported under Linux ? I was considering the 3Com > 905/vortex PCI card[*], as I have had a linux system with it and it > worked flawlessly. The D-Link 530+ (I think that's right) uses the rtl8139 driver; some people have had trouble with those cards, however. The Linksys 10/100 card is an excellent unit as well, and doesn't cost much more than the D-Link card. > (5) CD-Burner > > I was told that SCSI CD-Burners tend to perform the best under Linux and > cause the least problems, which is why I decided to go SCSI in this new > system. Plextor has been recommended. Are there any other SCSI CD > burners that work well under Linux ? Can't help there. > (6) Removable storage > > How well are Iomega zip and Jaz drives supported ? I haven't ever worked > with removable storage media, so I'd appreciate any info about which > ones to consider. Zip drives work fine (IDE and SCSI). I've never used a Jaz. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6D5PD/ZTSZFDeHPwRAlDQAJ9+Js91jr2w+lulOuLVqGfac5QraQCfRZGm j28XC2tTK0993tRC1te2RHY= =DEyY -END PGP SIGNATURE-
Re: Tulip networks cards
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I have been trying to find the module for a tulip network card in the > insallation disks, but have not succeeded. What specific make and model of tulip is it? Some of them aren't supported by the shipped drivers. > Are tulip cards supported and do i intialize the module, > it is usuallay options=0 with a module called tulip. The tulip module works fine - try specifying *no* options when you load the driver. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Dgnw/ZTSZFDeHPwRAo5mAKCMnGOrldCgSnJ53b2Prh2340JaVgCfQsz4 WgUU98gsOjBXty0t+EOGyjQ= =8UE9 -END PGP SIGNATURE-
Re: Soundblaster PCI 128
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > The last days I've read some messages that I should use the es1370 or es1371 > driver for that card. lsmod identified my card as es1371 so I've loaded this > driver as module. But although my card seems to be found by the kernel, > there is nothing in /dev/sndstat. > Did i forget something to do? No - /dev/sndstat doesn't seem to work with the es1371 driver > I also have no idea, which drivers are needed too, to get my soundcard > working (sound, soundcore, soundlow, ...) They are automatically loaded with the es1371 driver [snip] > It would be great if someone can help me. Everything seems to be in order - is sound still not working? - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6CZxr/ZTSZFDeHPwRAqBxAKDOOFv2amSQ0yNgA9cNkErp1OhplACgpJAG rGeOfHnb7WBybAEZ2xx/J0k= =Jem9 -END PGP SIGNATURE-
Re: i am hacked atm.. what's better thing to do?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > A lot depends on whether you want to watch/trace/prosecute/learn > from/annoy him, or if you just want him off your system. > > What I would do (since I like to do learn from the intrusions), is to > follow him around for a while. At minimum, find out what IP address he > is coming from and how he got into your machine. The source IP number isn't necessarily helpful - he could be coming from one of those places offering free shell access. And definitely follow the guy (if the attacker is a guy :) around - it won't help you to re-install and not know how they got in the first time around. > A simple packet sniffer for Debian can be obtained through `apt-get > install sniffit`, and then run `sniffit -I`. This will at least tell > you the open connections to your machine and the IP addresses. If you > want to see what he's doing, run a packet sniffer (tcpdump, though > sniffit can probably do it as well) to sniff packets to/from his IP. Hint: tcpdump -w -i eth0 host is really usefull. Especially if the attacker is stupid enough to do their work through telnet. > The syslog is probably the best place to find how he got into your > system. But it might have been tampered with. If you think it's a > fairly recent attack, look around your directories a bit with an `ls > -lart` to show all recently-changed entries. Script kiddie tools are > easily found this way, though better hackers can hide their tracks. Especially since they can just do a "rm -rf /var/log" - yes I've seen that happen. > Finally, don't trust the output of ps (it may be one that hides their > tracks), login could have been replaced to have a backdoor and log your > passwords, etc. Definitely. Note that an "unusual" ps output can tip you off to their presence. Witness this output from a compromised RH6.2 system I claned up: USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND nobody 515 0.0 0.2 1888 140 ? S Oct 11 0:00 proftpd (accepting co nobody3621 0.0 3.4 6720 2204 ? S Oct 15 0:00 httpd nobody3622 0.0 3.3 6708 2116 ? S Oct 15 0:00 httpd nobody3623 0.0 3.3 6708 2112 ? S Oct 15 0:00 httpd nobody3624 0.0 3.5 6720 2240 ? S Oct 15 0:00 httpd nobody3625 0.0 3.4 6720 2200 ? S Oct 15 0:00 httpd nobody3626 0.0 3.3 6708 2132 ? S Oct 15 0:00 httpd nobody3627 0.0 2.4 6708 1528 ? S Oct 15 0:00 httpd nobody3628 0.0 2.6 6720 1688 ? S Oct 15 0:00 httpd root 1 0.0 0.1 1120 124 ? S Oct 11 0:07 init root 3 0.0 0.0 0 0 ? SW Oct 11 0:01 (kupdate) root 4 0.0 0.0 0 0 ? SW Oct 11 0:00 (kpiod) root 6 0.0 0.0 0 0 ? SW You might run nmap against your own machine to check if any additional > ports were enabled. Additional ports aren't always opened. Although if you catch them at the right time you might find their remote root shell before they cose it... > Once figure out how your machine was compromised (watching other > machines get attacked from your own may give a clue here) then check the > IP he's coming from and see if it was compromised in the same way. If > so, notify the owner. If not, then this is the hacker's home box and > you should contact his ISP (or the authorities). That's not always a possibility. I've seen stolen PPP accounts used; I've also seen attackers come from a site offering free shell access, without enough information on how to track down their user ID. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6B3RD/ZTSZFDeHPwRAl1YAKCbUkilEAorHGxfG2eVip4Pr/uq2gCdFdlu z3zWabX121Ib1OZN4DQV4qI= =n2NE -END PGP SIGNATURE-
Re: sendmail on debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > We're now running a little pentium box in the office as a mailserver > running sendmail. > its running potato with the security.debian.org upgrades, all > packages installed via apt-get, its pretty much a base install with > sendmail, perl, dnsutils and sysutils added. > > a few questions: > > a) are there any further security precautions we should take? our IP > block from the telco is frequently scanned by unpleasant people. Without knowing more about your particular setup I can only give a generalization: protect any and all computers on your netblock with a packet filtering firewall of some sort. > b) the default mailq time on sendmail was 10 minutes, we've shortened > that to 2 minutes. Is the 10 minute default arbitrary or there for a > good reason? I dunno - other people should be able to answer. If you don't have load problems running the queue that often I say go for it. > c) for the record would anyone like to take this opportunity to tell > me why exim would be prefereable to sendmail? 1) exim is easier to configure 2) exim has more functionality in some areas (but less in others - I've heard rumors that one can get sendmail to play tic-tac-toe via email using only sendmail.cf), particularly regarding queue management (sendmail has none). - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6BlWo/ZTSZFDeHPwRApUFAJ9FwcZN9Bstgs7oTTy47XmYT3zbYgCgx++Z t0tn2t0khNCfP3gKZCC5cR8= =n4dF -END PGP SIGNATURE-
Re: WordPerfect 8 on Debian 2.2 with XFree86 3.3.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I installed WP8 (download version) and I get the following when I try to > run 'xwp' > > xwp: can't load library "libXt.so.6" > > From perusing the not-so-helpful Corel knowledgebase, this is the closest > relevant article I got: > > The information in this document applies to: > WORDPERFECT V8.0 LINUX > Problem > When attempting to install WordPerfect 8.0 on the download version of Corel > Linux 1.0, the following error message appears: > can't load libXt.so.6 > Answer: > This is due to the package xlib6_3.3.5-1.0.1_i386.deb not being installed > on the system. This is located under the following path on the Corel Linux > 1.0 CD-ROM: > corellinux-1.0/corel/binary-i386 > and can be installed as follows from a command window: > dpkg -i xlib6_3.3.5-1.0.1_i386.deb > or by using the Corel Update utility. > > Does this mean that I am SOL because I'm using Xfree86 3.3.6 and it only > works with 3.3.5? Or is there a way to get this to work in my environment > (see subject line)? No it just means you're using a newer version of XFree than the docs expect. You need the libc5 xlib6 package - the directions the docs give assume that you're using slink (aka Debian 2.1). The file name *should* be xlib6_3.3.6-10_i386.deb (I've not looked). 'apt-get install xlib6' as root should do what you need to get WP8 to work. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6BjPe/ZTSZFDeHPwRAqUoAJ9+DKccm7/c+2geU/eKkW/wrJnYcwCgx5n+ GC8T+JSCSRoAlPwOMRTzwcg= =uGWH -END PGP SIGNATURE-
Re: Samba uprade 2.0.5a -> 2.0.7 fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Because I wanted to hook up a Win2000 machine to my network, someone > suggested me to upgrade my Samba server to 2.0.7 That is a strongly recommended upgrade - MS gave Win2k interoperability problems with anything lower > Things used to be working, 2.0.7 is in stable, so I just did apt-get > install samba. No luck. Now my smb log shows ugly things like: > > > [2000/11/05 22:15:20, 1] smbd/server.c:main(641) > > smbd version 2.0.7 started. > > Copyright Andrew Tridgell 1992-1998 > > [2000/11/05 22:15:20, 1] smbd/files.c:file_init(216) > > file_init: Information only: requested 1 open files, 246 are > > available. > > [2000/11/05 22:15:42, 0] lib/util_sec.c:assert_gid(72) > > Failed to set gid privileges to (-1,1004) now set to (0,0) > > uid=(0,0) > > [2000/11/05 22:15:42, 0] lib/util.c:smb_panic(2381) > > PANIC: failed to set gid > > Does any one have a clue what is going on? Those error messages look familiar to me. What kernel revision are running (ie 2.0.x vs 2.2.x)? - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Bd67/ZTSZFDeHPwRAro6AJ9FnybYGvDGwTFOangA5f/jCzVxRwCg1jG7 3YzEr5sujUIELGnVBtJeDNc= =6tIa -END PGP SIGNATURE-
Re: GPL and software I have written
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Greetings! > I have a dilemma, and I expect this to end in a flame war, but here goes... > I am a computer science student, and I also work as a system administrator. Gee that sounds familiar :) > For one of my classes, I have written an e-commerce package. It is written > in C using GCC, it uses Mini-SQL, and runs on Apache as a CGI program. My > employer has expressed interest it this particular piece of software (my > e-commerce package). Ok > I have issues with my employer that cause me to not want to merely > hand over my work. Did you write any of it on company time? > I have never released/published any software that I have written, so I > am treading into new territory. Therefore, I have read through the > GPL, and I think I understand, but I would like confirmation. Since I > am not modifying any existing software, I am creating new software, I > can charge for the new software. This could be a license fee or > something. Perfectly within your rights > I, of course, cannot and would not charge them for GCC, Apache, or for > that matter Linux in general, except to the extent that I provide them > a distribution (I burn a CD for them and/or install it on a computer). And they could just as easily get someone else to provide it to them for free. > Mini-SQL has it's own license (NON GPL) that they would have to > purchase separately (I developed this as a student, so I am not > require to pay money for a license, but they would as a commercial > site/use). Perhaps you could find a way to make the eCommerce package to work with another SQL server, ie MySQL, PostgreSQL, MS SQL, Oracle, etc. It would certainly increase the likelyhood that your program would be useful to someone. > In essence, I am providing them C code, which they can compile and > execute. Am I in the ballpark or have I gone off the deep end? I think you're in the ballpark. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6AFK3/ZTSZFDeHPwRAvlFAJ0Q4ZOFh1g1fZpD4thL9EMvW62bTACdFoYh XtK/GYeZEic3Bi9OHzj7GTE= =7nYR -END PGP SIGNATURE-
Re: Security of sudo [was: Re: /usr/bin before /usr/local/bin?]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I'm of the same opinion with regard to sudo. Basically, if you're the > sort of person who never passes your password over the network in > plaintext (ie., ssh, apop, etc.), then it's unlikely someone will be > able to sniff your password. If an unpriveleged account is compromised, > chances are it will be without the password (ie., a buffer overrun in a > daemon running as something like nobody). Even if an attacker is able to > get a shell running as your user, they still don't have access to the > password file, and if they did, would have to decrypt your password. > > Without actually knowing your password, which sudo requires, having your > account *isn't* equivalent to having root. There's also the side benefit that you can give limited root access to people you only sorta trust with administrative duties, especially since you don't need to give out the root password anymore :) sudo rocks, btw. It should be standard equipment on any and all Linux/unix systems. But only on OpenBSD is that so :( > Of course, I might have missed something somewhere... Anyone? What about the people who do something like this with their sudo entry: username ALL = NOPASSWD: ALL Able to execute any command as root without giving any sort of authorization information... The power to do it is there. Someone's bound to do it. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5/6EM/ZTSZFDeHPwRAq/pAJ0YyaeC86V4z+aZHvxUz+wLmsJxqACeK988 rzh5rLsWaYVUrK3OahtDloM= =llc5 -END PGP SIGNATURE-
Re: ipchains and netfilter on 2.4.0-test9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > dear all, > > i'm compiling portsentry on my system which has a 2.4.0-test9 kernel. > > when i compiled the kernel, i didn't see an ipchains options; it seems to > have been replaced by something called netfilter. > > just to make sure -- did i simply not see ipchains or was it really replaced > by netfilter? It was replaced by netfilter. I would recommend that you learn how to use iptables (links below); otherwise you won't be able to use the advanced capabilities of netfilter. netfilter does, however, have an ipchains compatibility module. In menuconfig, go to "Networking options" -> "IP: Netfilter Configuration" - -> "ipchains (2.2-style) support". > i'd like to learn how to drop packets coming from a particular host -- is > there a netfilter howto yet? i didn't see anything on LDP. http://netfilter.samba.org That link has documentation and downloads. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5+w+G/ZTSZFDeHPwRAqzCAJ4hBsJDvlSJmq8oAbNL71K35MKlRgCdGVQ2 AxDYTZmSBx/0JcZVlDWDSew= =dkFq -END PGP SIGNATURE-
Re: SSH permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > I accidentally did a chmod -R on my home directory and messed up the > permissions in my home directory (/home/ssahmed). Now, I am unable to > SSH from work into my home system. > > Initially, I noticed in the following message in my log files: > > sshd[23261]: DSA authentication refused for ssahmed: bad ownership or > modes for '/home/ssahmed/.ssh/authorized_keys2'. > > Then I changed the permission of /home/ssahmed/.ssh/authorized_keys2 to: > > -rw---1 ssahmed ssahmed 938 Oct 26 18:18 .ssh/authorized_keys2 > > and now I get the following error message: > > sshd[23600]: DSA authentication refused for ssahmed: bad ownership or > modes for '/home/ssahmed/'. > > The permissions on my home directory are: > > drwxr-sr-x 20 ssahmed ssahmed 4096 Oct 26 18:02 /home/ssahmed/ > > and the permissions on my ~/.ssh directory are: > > drwx--2 ssahmed ssahmed 4096 Oct 26 18:19 .ssh/ > > > Can anyone tell me what the correct permissions should be to fix this > problem ? Well, I have: on /home/phil: drwxr-xr-x 112 phil users 35840 Oct 26 17:30 phil/ and on ~/.ssh: drwxr-xr-x2 phil users1024 Oct 2 00:46 .ssh on the files in ~/.ssh: - -rw-r--r--1 phil users2969 Jul 4 13:33 authorized_keys - -rw---1 phil users 524 Apr 5 2000 identity - -rw-r--r--1 phil users 328 Apr 5 2000 identity.pub - -rw---1 phil users 13090 Oct 19 22:23 known_hosts - -rw---1 phil users 512 Mar 26 2000 random_seed - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5+LEf/ZTSZFDeHPwRAvZmAJ9NCI6N6l6FV7eZxOp53UNq8IjdVACfV4Uc FfIyHP3oXjSWllhlC1HvFkY= =ksEw -END PGP SIGNATURE-
Re: Upgrade from potato-frozen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Brian Clark wrote: > > >Greetings, > > > >I just want someone to verify that I have this correct. > > > >I'm currently running potato-frozen from way-back-who-knows-when, and this > >thing needs a serious upgrade. > > > >To do that (which is much needed that this point) I just need to change > >every occurrence of the word frozen in /etc/apt/sources.list to potato, > >then do `apt-get update' then `apt-get dist-upgrade'. Right? Yes, that's correct. It's nice, ain't it :) > >I want to make sure this is correct because I sure don't have the time > >right now to do a complete install from scratch if this gets ^F up. > > > >By doing this, do you think I'm going to have any problems? > > I got no replies, I can't speak for anyone else, but your original post didn't catch my eye. > but if anyone is curious, I went ahead with it and everything > *appears* to have gone fine. As it should have. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5+K18/ZTSZFDeHPwRAuu6AKDYfKvVYkuAkRzp8SjQorcSW98JewCeLUfT ods6GEgQpM7Qu4/X2gW1TrQ= =IBmU -END PGP SIGNATURE-
Re: KDE 2.0 for potato: no Packages file, no libmng?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Howdy, > > First, many thanks to Ivan Moore for packaging the KDE stuff. > I administer about 150 Debian systems, and we use KDE extensively. > I really appreciate having it! > > I downloaded the new KDE 2.0 packages for potato last night from > the mirror at sourceforge.net There are no Packages > files there, but I managed to generate some using > dpkg-scanpackages(8). Yes, that sucks :( > Much to my chagrin, after getting that working, most of the new KDE > 2.0 packages for potato seem to depend on libmng, which isn't included > in the KDE stuff at sourceforge.net. There's a version for woody, but > it depends on a newer version of libc6. The woody package compiles fine on a potato system. I have .debs if you want them: ftp://tux.creighton.edu/pub/pbrutsch/kde2.0 > Any suggestions? Perhaps I just need to wait a bit for things to > settle down. It might be a good idea to. It usually is when a x.0 release first somes out :) > Or should I be looking somewhere else? Either way, I'm happy to help > somehow, or be patient if that's all I need to do. :) Thanks... The KDE repository at debian.tdyc.com is still there, and contains an apt-get-able archive. The binaries, however, have unresolved symbols at runtime :( I'm in the process of building KDE 2.0 for potato from scratch (using libmng and libqt2.2 from woody) - fortunately, the CVS checkout I have has the debian/ directory for building .debs :). I could probably make them available through apt-get when I get done in 5million (or so years)... - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE59fw3/ZTSZFDeHPwRAiDhAKDkZeROyfRoYWXSWAglQK9FT0UbMgCfbSJc 0zG2m/QdFQlMqYdioiu4VC8= =pwei -END PGP SIGNATURE-
Re: OT: Cross-platform document format?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Sorry for the off-topic post, but I figure you folks are some of the > best to ask this question of. > > Is there an open document format that is widely available on Windows, > Mac, and Linux, that can do all the stuff that the proprietary formats > (.DOC, .WPD, etc) can do (such as graphics, tables, columns, > font/attributes, indenting, justification, super/subscripts, > footnotes, endnotes, math formulas, etc)? > > My goal is to try and weed campus staff/faculty/students away from > proprietary formats (esp. .DOC) to open formats, for three reasons: > Â Â 1) prevent the spread of macro viruses ^^^ Concentrate on this one. For some odd reason, some people have trouble comprehending the other two. > Â Â 2) increase cross-platform/version compatibility >3) decrease the reliance on MS-Office so it'll be easier to convert > them eventually to a different OS (hint hint) .wpd (WordPerfect) seems to work pretty decent. I also like to use HTML, but that doesn't fit your needs. If you don't need the documents to change, I would recommend Adobe Acrobat .pdf files. If you *do* need to pass around documents for editing, then MS Word's .doc is your one and only choice. Just be anal about anti-virus software (like have it automatically try to update every Monday @ noon or something like that). - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE57jLM/ZTSZFDeHPwRAuk+AKC75I8meyd/xqTSrwNk7AMnIvP3wwCfQr3t x8SKsAlCBOXLx2zowwfleOg= =l/o4 -END PGP SIGNATURE-
Re: Compiling tulip.c kernel mod
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I'm running a brand new install of potato, and I have a Linksys > ethernet card that I'm trying to compile the driver for. The driver > recommended on the Linksys support page that I compile the driver > named tulip.c with the following command: [...] If you're still using the kernel distributed with Debian, you can try the files in the archive at http://tux.creighton.edu/~pbrutsch/driver.zip. It's a pkzip archive. Copy the files * pci-scan.o * tulip.o from the archive into /lib/modules/2.2.17/net/, run 'depmod -a', then 'modprobe tulip'. You should be good to go after that. In order to (IMO) comply with the GPL, I have the source at http://tux.creighton.edu/~pbrutsch/netdrivers.tgz. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE56dEe/ZTSZFDeHPwRAgGoAJ43qWk57A1ZxTECY8Y7Z6meYPUcRACgrdfE 4jcgc2Qv4ijCRWChOxRB7zg= =MaMx -END PGP SIGNATURE-
RE: Installing LinkSys LNE100TX on Compaq Prolinea 590
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... [...] > Start the installation procedure like normal. When it comes time to load > the device driver modules, switch to the command prompt. Then: > 1) put the floppy with the driver files in the disk drive > 2) do "mount -t vfat /dev/fd0 /mnt" > 3) do "cp /mnt/pci-scan.o /target/lib/modules/2.2.17/net/" > 4) do "cp /mnt/tulip.o /target/lib/modules/2.2.17/net/" > 5) do "umount /mnt" > 6) pop the floppy out of the drive > > Switch back to the installation menu. You should be able to load the > tulip driver without problems. I forgot a detail: you should do "insmod /target/lib/modules/2.2.17/net/pci-scan.o" at the command line before you try to load the tulip driver. The newer tulip driver won't load without it. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE55TIU/ZTSZFDeHPwRApemAKCiYEGj9xe7frrZ8FH015Q72uRs+ACgiy01 aFZf0JVU1I38f0DpGkJDlCQ= =ZC7j -END PGP SIGNATURE-
RE: Installing LinkSys LNE100TX on Compaq Prolinea 590
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > It is a v4. Here is the output of cat /proc/pci: > > PCI devices found: > Bus 0, device 0, function 0: > Non-VGA device: Compaq Unknown device (rev 1). > Vendor id=e11. Device id=1000. > Medium devsel. IRQ 32. Master Capable. Latency=32. Min Gnt=35. > Non-prefetchable 32 bit memory at 0x4198f0 [0x4198f0]. > Non-prefetchable 32 bit memory at 0x3127d0 [0x3127d0]. > Non-prefetchable 32 bit memory at 0x4198f0 [0x4198f0]. > Non-prefetchable 32 bit memory at 0x5ff4160 [0x5ff4160]. > I/O at 0x1e10 [0x1e11]. > I/O at 0xe3000144 [0xe3000147]. > Bus 0, device 10, function 0: > VGA compatible controller: Cirrus Logic GD 5434 (rev 142). > Fast devsel. IRQ 10. > Non-prefetchable 32 bit memory at 0x4000 [0x4000]. > Bus 0, device 14, function 0: > Ethernet controller: Unknown vendor Unknown device (rev 17). > Vendor id=1317. Device id=985. > Medium devsel. Fast back-to-back capable. IRQ 11. Master Capable. > Latency=66. Min Gnt=255.Max Lat=255. > I/O at 0x1000 [0x1001]. > Non-preNon-prefetchable 32 bit memory at 0x4100 [0x4100]. > Bus 0, device 15, function 0: > ISA bridge: Compaq Unknown device (rev 67). > Vendor id=e11. Device id=2. > Medium devsel. Master Capable. No bursts. > > How does this output look to you? I have no idea what that first 'unknown' > device is? No idea. That can be worried about later once Linux installed. > What are your thoughts? Two thoughts: My first thought is: you're stuck, I have to say. Your ethernet card is new enough to be unsupported by the Debian install procedure. For various reasons binary-only drivers don't necessarily work too well with Linux, which is why Linksys distributed them only in source form. That leads me to my second thought: someone can provide you with the drivers. I have them compiled for the kernel on the boot disks, and they work for me in my limited testing. I make no guarantees that they will work for anyone but me. Hell, I haven't even *tried* this procedure before - I made the drivers on a system that I already had Debian installed on, and I don't have any way of trying out this procedure at the moment. The drivers are at: http://tux.creighton.edu/~pbrutsch/drivers.zip. The The archive (in PKZip format) needs to be extracted to a MS-DOS formatted floppy. Start the installation procedure like normal. When it comes time to load the device driver modules, switch to the command prompt. Then: 1) put the floppy with the driver files in the disk drive 2) do "mount -t vfat /dev/fd0 /mnt" 3) do "cp /mnt/pci-scan.o /target/lib/modules/2.2.17/net/" 4) do "cp /mnt/tulip.o /target/lib/modules/2.2.17/net/" 5) do "umount /mnt" 6) pop the floppy out of the drive Switch back to the installation menu. You should be able to load the tulip driver without problems. PS: In case anyone is interested the source files themselves are at: http://tux.creighton.edu/~pbrutsch/netdrivers.tgz - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE55SlX/ZTSZFDeHPwRAiwSAJ0e0uhQDnO9YC7QZaD3eUw7i3DtxwCgjcSU 51Ev1BXIjz6NMmyobdEPq/s= =DliD -END PGP SIGNATURE-
Re: going full duplex
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Hello, > > I'd really like to go full duplex but I don't know how to go about this > aside from: "reinstalling my nic's driver but set it for full duplex > this time". Most of the time the ethernet card can detect full duplex vs half duplex on the fly. You only need to fuss with the nic driver if the switch you're using can't autodetect properly (cisco switches, for example). > If anybody has a good way of going about this please let me know. I fear > that it is all very dependent on what type of nic I'm using; but if > anyone has a road map, it would be really helpful. It is dependant on the nic you're using - some can do full duplex, some can't. It also depends on the switch/hub that's on the other end of the ethernet cable :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE55QCm/ZTSZFDeHPwRAiL8AJ450RTrfan/Jd9+fMDzW7BQGO9SJQCgv3Iv cSTMBEvdDQwCr2t2YDR/0BM= =WB+U -END PGP SIGNATURE-
Re: Installing LinkSys LNE100TX on Compaq Prolinea 590
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Since I do not have a CDROM drive, my plan was to > configure my PCI Ethernet card, a Linksys 10/100 LAN > Card, Model LNE100TX - which uses the tulip driver, so > that I could access Debian's packages at > http://ftp.debian.org/debian/. Unfortunately, I am > unable to get my card to work. > > I orginally tried (during my initial install of LINUX) > to install the tulip driver that came with this Debian > release, but an error message resulted saying that the > resource was busy. Incidentally, I also tried to > install the lp driver for parallel printer support, > and I got the same error message. Anyway, I yanked > out the card and moved it to the other PCI slot. I > tried a full install of linux again, but was greeted > with the same error message while trying to install > tulip: resource busy...most commonly IO or IRQ > conflict...etc. It's probably a v4 LNE100TX, which is newer than the Debian install procedure :( What does 'cat /proc/pci' give you? When linksys ups the revision on their 100Mbit ethernet cards, that means they've changed the ethernet controller chip on the pci board. Unfortunately that also makes any currently available drivers useless :( There should be Linux drivers on the floppy that came with the card, but they're in source form and that doesn't help you installing the drivers :( - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE55Pb4/ZTSZFDeHPwRAis2AKDOWg0IOfhpjLG6feNP7+BtW25EJgCfZul6 xnOj3gy9ccSsBIDy+ehOIw4= =yQdu -END PGP SIGNATURE-
Re: 2.4.0-test kernels?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Can anyone provide some info on how to get working with a 2.4 kernel? > I need to switch so I can get my scsi card working with raid support. > Other than the kernel, I'd prefer to have everything as stable as > possible. > > So far I've learned that I need to get an updated modutils, but that > causes all sorts of grief since the one in Woody depends on libc6, > etc. And I've been unable (so far) to find any source .deb's. All you need to worry about is modutils, and maybe updating the NFS stuff if you're going to use the kernel NFS server. I didn't need to update. TMMW. Keep in mind that the 2.4.0-testx kernels have been crash-prone recently, although 2.4.0-test9 (what I'm using now) seems to be pretty solid and makes 2.2.x look slow as molasses going uphill (I'm exaggerating, but you get the idea). - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE52kmB/ZTSZFDeHPwRAjWpAJ0Z977yWsEBRviDz0FoHIWXGrQJ5gCgoat2 o8/XCf+3l7TF9133QOO6OVI= =7JG3 -END PGP SIGNATURE-
Re: Confused on iptables and ftp..yes still...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > My iptable rule: > > $IPT -A INPUT -p tcp ! --syn --source-port 20 --destination-port 1024:65535 > -j ACCEPT > > I read this as any packed that is not a --syn type from source 20 on the ftp > server i'm hooking up to, destined to my pc port 1024:65535 jumps to ACCEPT Try taking out the "! --syn" and see what you get. > here's a snip of my log files: > > Oct 3 14:32:44 stimpy kernel: Firewall:IN=eth0 OUT= > MAC=00:10:5a:15:35:f1:00:30 > :71:78:24:00:08:00 SRC=209.10.41.242 DST=24.216.244.106 LEN=60 TOS=0x00 > PREC=0x0 > 0 TTL=54 ID=29441 DF PROTO=TCP SPT=20 DPT=32778 WINDOW=32120 RES=0x00 SYN > URGP=0 > > And that's telling me that it's coming from port 20, it's tcp, and it's headed > to my port 32778, which should jump to ACCEPT! I simply cannot understand why > the firewall is dropping those packets. Allan was nice enough to point me to > a web site talking about firewalls and ftp and I 'thought' I had the right > stuff being let thru. > > Here's a twist...the exact same firewall rules were successfull when I was > runnin woody, but now that I'm on a standard potato with 'iptables' added > separately it's not working. Part of the problem is that you're treating iptables like ipchains as if they are the same; they are totally different packet filtering/mangling mechanisms. I see you're not using the super nifty connection tracking capabilities of iptables. Perhaps it'll help to see a working configuration: $IPT -t nat -A POSTROUTING -o $OUTSIDE_IFACE -j MASQUERADE $IPT -P FORWARD ACCEPT $IPT -A INPUT -s localnet/24 -j ACCEPT $IPT -A INPUT -s localhost -j ACCEPT $IPT -P INPUT DROP $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward This is all you effectively need for a firewall that does internet connection sharing. These lines will block all new and invalid incoming connections, but allow through services that need to connect to a port on your computer, like IRC, web and FTP. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE52j1T/ZTSZFDeHPwRAtdKAJ9mpHkGjxUBoUz27HQMZTbp9frD9QCeN+Kp 9oksHocHIWODtbbDey5ld6Q= =7UVf -END PGP SIGNATURE-
Re: Onboard NIC problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I have Debian Potato 2.2 with Gnome running on this PC > with an on board NIC. > The motherboard is a PR440BX with 2 Ppro CPU's w/256 MB RAM > and 2 scsi drive's I have win 2000 on /dev/sda and Debian on /dev/sdb > Debian found the onboard Scsi Controller but not the NIC or 2nd CPU > the 2nd CPU isn't important( Linux works great with one Ppro) You'll need to recompile the kernel to get the 2nd CPU working. > The Nic comes up in 2000 as intel 8255x-10/100 io=ff40-ff5f irg=24(huh) > but in modconf I can't find a driver for it or I'm missing something. The driver eepro100 might work. What's the output of '/sbin/lspci -v'? > > If someone could shed some light on this It would be greatly appreciated - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE52hPo/ZTSZFDeHPwRAsHfAKCtigvpeEtufaDNmSn76/7vBOEuRgCfYtvY LD5gJ7VObLPAQSTrv2alOyY= =AgLi -END PGP SIGNATURE-
Re: bind and address rewriting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > Hello, > > I have a linux box (Debian 2.2, kernel 2.2.17) running as an ISDN dial-on- > demand gateway to my ISP. The ISP is assigning dynamic IP adresses, and I > have address rewriting enabled (echo 2 > /proc/sys/net/ipv4/ip_dynaddr). > UDP packets from my internal network arriving for port 53 of the NS of my > ISP are masqueraded and routed through the ippp device. > > On my main linux box (also Debian 2.2), I have a local caching-only > nameserver installed (bind8) which forwards to the NS of my IP. > > Now, when bind tries to resolve a domain name and wants to connect to the > forwarding NS, the UDP packet is masqueraded correctly and triggers the > PPP dial-out to my ISP. But finally, the UDP packet gets dropped out there > because no address rewriting is done for UDP packets to match the newly > assigned IP address of the ippp interface. If no address rewriting is done you need to check your ipchains rules. Can you post them here? - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE52enS/ZTSZFDeHPwRAg3QAJ9OGG7fOtYxWXvdodVrtsaSOk6Q9gCgrWV9 Yz4CRSGWI67G3RZwcl7/mF0= =zXY5 -END PGP SIGNATURE-
Re: offtopic : disecting an iptables log message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Here's an example: > > Oct 1 18:30:09 stimpy kernel: Firewall:IN=eth0 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:80:5a:e6:33:00:08:00 SRC=24.216.244.211 > DST=24.216.244.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=17211 > PROTO=UDP SPT=137 DPT=137 LEN=58 > > I'm reading that as: > > -coming IN to my eth0 > -going OUT my MAC address because it doesn't belong to my ip The OUT= field is blank - from the networking POV the packet isn't being pushed back out. The MAC= field is read as dst-mac:src-mac:08:00. I don't know that the last 2 bytes mean. > -SRC is the source ip > -DST is the destination ip, but the last .255 makes me wonder if this isn't > being broadcast to everyone on the network It's being broadcast to everyone on your IP subnet. Incidentally it's a Windows networking broadcast (probably name announcement) > -LEN is the lenght? but of what? Length of the entire packet probably > -TOS ?? Type of service - specifies whether the packet should have minimum latency or maximum throughput and stuff like that. > -PREC ?? No idea > -TTL ?? Time To Live - how many maximum router hops the packet is specified to go through > -ID ?? If you look each ID number is different. I recently had some funny stuff going on against my firewalling code (lots of connection attempts, from the same UDP port to the same UDP port from the same computer) and the number incremented each time. I'm guessing it's part of the connection tracking capabilities of iptables. > -PROTO is using the UDP protocol > -SPT i assume is source port 137 from 'their' machine > -DPT i assume is the destination port on DST (which isn't me) > -LEN 2nd lenght?? Length of the UDP part of the packet. > Is there a faq somewhere that can help me break this stuff down so I > can pour over the logs and understand what I'm looking at. I'm not aware of any such faq but you do learn some of this stuff pretty fast when dealing with Ciscos :) Try one of their entry-level certification books. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE519Ir/ZTSZFDeHPwRAsb0AJwLxRY38i+BdxWtwFdpXgTMODc/NACgitQr 3W51K0NHK51Pc34YOddujBA= =23DC -END PGP SIGNATURE-
Re: flamewar ;-? (Re: firewall (fwd))
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > On Mon, 02 Oct 2000 00:17:08 +0200 > Robert Waldner <[EMAIL PROTECTED]> wrote: > > > Actually, I don´t think Alan[0] is braindead. He does a quite good job, > > he just hasn´t his scripts under control[1], sometimes... > > Always remember, you don´t _have_ to use ORBS, although it´s cutting > > spam about 60 % at my private server. > > I liked it until it started cutting out legitimate mail, then I > stopped using it. And I switched to the MAPS anti-spam lists after I found out that they were blocking entire networks who were blocking the very aggressive ORBS relay tester ie above.net, who hosts a very important mailing list called BugTraq, and a company called RoadRunner, who is becoming of one of the largest cable ISPs in the US of A. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517ws/ZTSZFDeHPwRAp6fAKCqDstLD8bGvHucDg+9kMu+plWK4wCeLg5X Cd6OQksHL6QumHYNVgQAfuY= =yJfv -END PGP SIGNATURE-
Re: firewall (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > > > - only two reasons ??? > > a. they want to add that open relay box for more advertising to be > > sent thru it... > > b. they want to tell the customer to close the open relay ?? > > One more ... > > > c. intimidated by the brain-dead idiots at ORBS > No need to here - there are probably several people who are sympathetic to your dislike of ORBS (me!) :) - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517s//ZTSZFDeHPwRAuA7AJ9FOiyXRhExul3MnKfoJusW/tDzAwCeLcBv DVYPeCrx7Ulj9PJ1ijNf81Q= =skrq -END PGP SIGNATURE-
Re: firewall (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > hi ya pollywog > > if the ISP did accidentally scan your box with their new linux box... > which linux distro is installed that way where it comes up in a mode > that scans everything around it ??? ( a startrek borg-based linux ?? ) > wonder which distro they used... Caldera has been known to do that as part of it's network automatic configuration process. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517qm/ZTSZFDeHPwRAoHnAKCAoEcyYWA62sAmAjMGsIvYfyiDVQCfYRrV VgtADsqgiaHDtj7W+umNHmE= =b0OT -END PGP SIGNATURE-
Re: firewall (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > whats the point for mediaone to scan for open relays ?? > > - only two reasons ??? > a. they want to add that open relay box for more advertising to be > sent thru it... > b. they want to tell the customer to close the open relay ?? They get fewer complaints about a mis-configured mail system. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517pe/ZTSZFDeHPwRAnf3AKCoXMm7j2b5g1aDg4bWLLSzczJpGwCgmffa aoKU22NYUz+Q8WDFXB8YZFc= =MIRv -END PGP SIGNATURE-
Re: IPsec and IPMasq/Proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP > > protocols other than TCP and UDP. > > Almost true. Using the iproute2 tools, you can do a static NAT of an > inside box to outside. You can then use standard packet filter firewall > rules to block various ports you don't want access to from outside. It is > the Linux masquerading code that has the problem, regular NAT works just > fine. The "ip neigh {add|del|change|replace} ..." sequence? > Problem is that it burns another external IP address. Um... not good. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5149C/ZTSZFDeHPwRAp8QAKDGcGvOFTEyuRorf10sFplLyQK1vwCeKSVL XQNRB4nEBvbfWemVJtfKeb4= =CiCq -END PGP SIGNATURE-
Re: IPsec and IPMasq/Proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I ran into some trouble using a Debian box as an IP Masq gateway (also > running Squid) to a network which uses a VPN box employing IPsec. The > ISP's tech support said that GNU/Linux was incapable of doing NAT properly > with IPsec and that I'd have to kill the NAT and proxy to make things > work. They're almost right - Kernel 2.2 doesn't like to do NAT on IP protocols other than TCP and UDP. I think that may change for 2.4, but don't quote me on that. However, it can be done, with special tools and relatively minor and well-tested kernel modifications. ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html has all the information you need. You do need to realise, however, that there can be one and only one IPsec device behind the NAT firewall. Ditto with MS' PPTP VPN stuff. Another solution would be to put IPsec on Linux: http://www.freeswan.org. I've heard good reports on this implementation, but I've not yet used it. > I have no experience with IPsec, but this sounded strange. Can anyone > confirm or deny this? I can't understand why a Windows machine can plug > into the net but that GNU/Linux doing Masquerading or using Squid can't do > the same. Could someone whack me with a clue bat? TIA. The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP protocols other than TCP and UDP. When the kernel does NAT, it translates the source address of the connection to be that of the interface, and does the reverse when packets come back through. However, to be able to do that, the NAT subsystem needs to be able to track the connection. IP protocols 47 (GRE, used by PPTP), 50 (IPsec ESP), and 51 (IPsec AH) do not carry this connection tracking information, therefore these connections can not be forwarded automatically, like a POP3 connection can. You must basically do "port forwarding" on these alternate IP protocols to get the packets to the correct host. As to why Windows "just works" but Linux doesn't... Windows is build to work only on way, so it's easy to get working "just right". Linux has more flexibility, therfore requires more work to get the details right. HTH. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE514Mm/ZTSZFDeHPwRAlYAAKC70vws3LkWP3dfhHjoYAYZdY7qBQCgkhzd O697zWZ+lJBSh09LIXULUOg= =Nw9h -END PGP SIGNATURE-
Re: Installing driver for Linksys Ether16
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > modconf does not recognize my Linksys Ether16 as a NE2000 clone, so I need > a manual way to install the module. I am sure the Ether16 is working, > because I have been using it for the past three years already under Red Hat > and SuSE. > > I am trying to complete my first Debian install. It sounds like Debian isn't auto-detecting the ethernet card. At the moment, that only works reliably for PCI cards - I'm guessing yours is ISA PnP. Do you know what IRQ and IO port the card is using? Another solution would be to wait until after you have Debian installed to configure the ethernet card. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5107M/ZTSZFDeHPwRApe2AJ90J4PBjeAjCPguMXZSsC4fDXs4pQCgxf83 YHgNSNVPFAdFvuHjOxBUj/A= =hC1N -END PGP SIGNATURE-
Re: Problem with Lucent winmodem on debian 2.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Hi, > > I am trying to configure Lucent Winmodem on my HP Pavillion (6735) box > with Debian 2.2. I have followed the instructions from > www.linmodems.org for installing the binary only driver provided by > Lucent, but still have problems in loading the driver. > > The following bits should tell the story.. Can someone help me out? The > modem is working fine with Windows ME. > > I am not able to understand what exactly the problem is. > 1. Why kernel module is not getting loaded. (Lucent's driver is > supposed to support shared IRQ - Shouldn't it probe for the IRQ? > Windows ME uses IRQ 3) Detecting the IRQ isn't the problem. The driver is built for RedHat 6.1 (who has a long history of heavily patching their kernels), and what you're using is a *hell* a lot more recent. I was going to suggest "insmod -f", but I see you alreay tried that :) Since that didn't work, I have to say that you're really out of luck. I hope you didn't pay much for the modem... As to why it doesn't work: A good analogy is you're trying to load a driver for Win95 into WinME - the kernels are wy to different for the driver to load. In Linux, the driver is very sensitive to the kernel it's being loaded in to. If someone uses a different compiler from you, or, more importantly, has a different set of patches from you when they built the driver, there's a very good chance that the driver won't load. > 2. Why setserial complains about "No such device" The driver wasn't loaded. > >From insmod -f ltmodem > -- > Using /lib/modules/2.2.17/misc/ltmodem.o > Warning: kernel-module version mismatch > /lib/modules/2.2.17/misc/ltmodem.o was compiled for kernel version > 2.2.12-20 > while this kernel is version 2.2.17 > > /lib/modules/2.2.17/misc/ltmodem.o: init_module: Device or resource busy > Hint: this error can be caused by incorrect module parameters, including > invalid IO or IRQ parameters [...] - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE51jYI/ZTSZFDeHPwRApQ7AKDUe++f4tXNJ2I8H9UYvjWZUbmtigCdHg2A ey7Rw3+6z22vkTf63QuflxY= =wrZJ -END PGP SIGNATURE-
Re: I'm afraid I've been cracked.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > On Wed, 27 Sep 2000, Alvin Oga wrote: > > > check the binaries tooo... > > top, ps, ls, last, w, who, netstat, passwd, login, etc... > > > > Please remember that you're speaking to a recent convert from Mandrake. > There, all I would have to do would be 'rpm -V `which top`' and rpm would > tell me if the md5sum had been changed from the original package. Does dpkg > have a similar funcitonality? I couldn't find mention of it in the man page. Of sorts, although you'd have to trust that the rpm binary *and* the rpm database weren't screwed with. > Right now I'm fiddling with md5sum, but if I understand correctly, that only > tells me the md5sum of the current file, it can't verify that the md5 sum is > "correct" (goes back to the "it's smart, not magic" argument). - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE50syX/ZTSZFDeHPwRAp4IAKCTTn7RlvBwXsQoUvT+r+VzeytuYwCfW3fP XHG/BmccE5RlZR5cXD+0Ols= =DHir -END PGP SIGNATURE-
Re: I'm afraid I've been cracked.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Use "lsof -i | grep " to find out exactly what binary is running > on that port. Then you can find out where it's at. Are there any > other hidden utils, etc? I'd also do a "netstat -an" and see what is > connected to your mystery port. Find out where your attacker is coming > from. That, of course, assumes the 'netstat' and 'lsof' binaries haven't been trojaned to hide the tools used by the attacker. > Thus spake Steve Juranich ([EMAIL PROTECTED]): > > > Well, I wasn't paying a whole lot of attention and I had every unnecessary > > port closed... or so I thought. I was still running the portmapper. So > > when I ssh'd home today and nmapped myself, a couple of mysterious processes > > popped up. > > > > To begin with: I nmapped my box and saw, much to my dismay: > > > > PortState Protocol Service > > 22 opentcpssh > > 111 opentcpsunrpc > > 515 opentcpprinter > > 1527opentcptlisrv > > 6000opentcpX11 According to nmap tcp port 1527 is used by Oracle so unless you're running an SQL server I would say that's a back door they're getting in with. > > As soon as I killed the portmapper, port 111 (the portmapper) and port 1527 > > (the mystery process) both died. Then later today, I ssh'd home again and > > saw: > > > > PortState Protocol Service > > 22 opentcpssh > > 515 opentcpprinter > > 2027opentcpshadowserver > > 6000opentcpX11 > > > > Then, by looking through /var/log/auth.log, I see that every morning at > > around 7:35, three sessions are being opened. Two for user 'news' by > > (uid=0) and one for user 'nobody' also by (uid=0). The user 'nobody' should not be loggin in. I think it would be good to see a snippet of the /var/log/auth.log, particularly the ones where their entry get's logged. > > I plan on removing nntp from my box immediately, since I don't use my box as > > a server in any way. Can anybody please explain to me what's going on? > > Has my box been compromised? What do I do? > > > > Copious thanks in advance for any help. There are several things I would do: * It looks like the computer's at a university - it *might* be prudent to tell IT staff in charge of computers at the university know that your computer was broken into. Just in case someone (ie FBI) comes knocking to their door/your door wondering why your computer is attacking someone else's... * Try to find a way to track who is connecting to your computer at 7:35 in the morning with a packet sniffer - either with another computer on the same hub or on your computer with a tcpdump binary you prepared yourself. * If you think someone is doing bad stuff with your computer law enforcement should know. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE50oVm/ZTSZFDeHPwRAigNAJ98PzBClGynDqLyyPVU2Uk6pt7WEwCeJnI2 a+G5EsyV3xvNTWupJwFh1q8= =/ebh -END PGP SIGNATURE-
Re: How easy is it to set up squid for a school?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I am ICT Coordinator in a Leicestershire High School (UK). Our network > comprises an NT 4 server and about 40 workstations running Windows 95. I > want to add a machine to act as a proxy web cache to speed up Internet > access through our meagre 128K ISDN dial-up link. I intend using Linux > and squid. Squid will make that ISDN line go from unusable to pretty decent. > SuSE are very active in the educational arena in the UK and they > maintain an excellent schools mailing list. It appears that most of my > colleagues are using SuSE to implement their proxy web cache. As a > Debian user (well Storm now) i would prefer to use Debian or Storm > Linux. > > Everyone says how easy it is to set up squid using YAST in SuSE Linux. > Does anyone have any experience of setting up squid in Debian? Is it > harder? I've never used YAST, but configuring squid on Debian isn't any harder than on any other distribution (ie RedHat) All you really need to do is: * Configure the ACL list to allow your IP number range to access the web cache - squid defaults to "deny everyone but localhost by default" * Propery configure the httpd_accel_* options in squid.conf. What you need to do is listed here: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html > I have no experience of Linux and networking, apart from connecting my > workstation to the Internet so it has to be relatively easy!! Ignore what the link I gave you says about "transparent proxying" - all that information might confuse you. The part about configuring squid is what you need to look at. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5z5Hd/ZTSZFDeHPwRAv70AKDMLGOuSVi1srP4aZLIK4OuG9mnWACdE8Pl iD8LuFWzzO2MTundo1n9WGo= =/9NA -END PGP SIGNATURE-
Re: Firewall, IPMASQ, Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > Is there a place on the internet i can get some documentation for setting up > a firewall under Debian. I've looked in the HOWTO of linux.org, but its > based on Red Hat. So is there a HOWTO based on Debian for a setting up > a firewall ? It should be distribution-independant. What part are you having trouble wiht, speficically? - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5zpt1/ZTSZFDeHPwRAnJhAJ9AKyRTM4wGPoCdO1c/qq0aG1XxzACeMcF8 S94n1roUoJucnTvBWnblB3o= =7m7j -END PGP SIGNATURE-
Re: SAMBA SERVER + WINDOWS 200
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I have configured my Samba Server and all PCs in diferent NT domains are > able to access my Samba Server. > The only computers that cannot access the Samba Server are those with > Windows 2000 installed. > Does anyone know anything about it? Do you have Samba 2.0.7 installed? That release has compatibility fixes for Win2K. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5zjNV/ZTSZFDeHPwRAqDXAKDj2T4Xkwe5+szKeZJdFvkMOIrYKgCbByGp tbTwzW0DRHP+t4IWPHn4QVw= =+dga -END PGP SIGNATURE-
Re: DHCP client discovering too many interfaces
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I just noticed something weird on my firewall Linux box (Debian > GNU/Linux 2.2 standard, plus security.debian.org fixes). > > This box has 3 interfaces: lo of course, plus eth0 which is hooked to my > cablemodem (an external interface) and eth1 which is hooked to my > internal LAN. Obviously eth1 has a static IP address; my cable company > wants me to use DHCP to discover the IP address for eth0, although I've > had the same one since installation on June 1. The IP number one gets on their cable modem very rarely changes, but it can happen. Don't count on it being the same 24/7, even though it is. > Up until Sep. 9, it all worked fine and I'd see DHCPREQUEST notices in > my daemon.log every 30 minutes or whatever the default was, and no other > DHCP activity to speak of. > > On Sep 9 I apparently installed a new security fix for dhcp-client, and > it restarted. Ever since that moment, I've had DHCPDISCOVER requests > for both my lo and eth1 interfaces logged to daemon.log every few > seconds, per interface! [...] > I see (in the man page for dhcp-client) where I specify what interfaces > dhcp-client should attempt to manage on the command line, but that would > involve changing the /etc/init.d script, which I'm loathe to do since it > would mean maintaining that through package updates, etc. No need to change /etc/init.d/dhcp-client. See below. > Isn't there some kind of configuration option I can specify in > dhclient.conf to tell dhcp-client to manage eth0 only, and ignore all > other interfaces? I tried the dhclient.conf man page but couldn't > really come up with the proper syntax. There doesn't seem to be > anything relevant in the DHCP mini-HOWTO, there're no docs to speak of > in the ISC page, and I can't get to www.debian.org to check the mailing > list archives :-/. This is what I usually do: 1) take away the symlink /etc/rcS.d/S20dhcp-client (or something like that) 2) use /etc/network/interfaces to configure all interfaces. > Also, does anyone have any idea why this suddenly started happening when > I updated DHCP? I've since rebooted and still see this. Or, was it > always doing this but not logging it before? When the package dhcp-client gets installed it (and upgraded) it starts dhclient (which promptly tries to get IP numbers for all interfaces) and creates a symlink under /etc/rcS.d, causing dhclient to get IP numbers for all interfaces at boot time. Very annoying behavior. IIRC there's an effort going on to fix this in a generic way for woody. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5zY+h/ZTSZFDeHPwRAsihAJ9NWHbIpx3VDFIV0h5iMlV9Fx8dcgCgoK5d 65ycmDREOOWlwRcIgfmmDr4= =HgjE -END PGP SIGNATURE-
Re: [ot] dns questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > You guys seem to know everything... so I thought I'd ask my stupid question > here even though it's not actually a debian question. I hope you don't mind. As someone once said, "There are no stupid questions". > I want to buy a domain name, You can't buy it; you "rent" it but NSI owns it and can do what they want with it :( > and use one of my debian boxen as the primary DNS server for it. I'm > already running a caching-only DNS server, and I've read about how to > add a domain to bind. However, it seems like there's a catch-22 > involved in the registration process. NSI wants me to already have a > name server set up for the domain before I buy it. However, I thought > I would have to own a domain before I added it to my name server. So > how does one do this? Add the domain to bind like you normally would. It doesn't matter which order you do it in (register with NSI vs setup DNS); just as long as your primary DNS server is correctly configured and the root servers have been set to send requests for your domain to your name server (NSI does that part when you register with them) everything will work out fine. It's also generally considered to be a good idea to add a secondary name server (with a slave zone, to use bind 8.x terminology) for backup purposes. > Also, I'm within a university network. Do you think the university net > admins would have to do anything for me to get this set up? I guess I don't > fully understand the system. *sigh* It depends on their network infrastructure, particularly firewalls/proxy servers. As long as any host in the world can connect to port 53 (tcp and udp) on your primary DNS server, they shouldn't need to do a thing. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5zYAD/ZTSZFDeHPwRAtIJAJ4ta23MqFm+Z4hvKE2nFtgL3TfzkwCghzQH lPOKwYCAli7rMaOgA0cyaII= =8Mlu -END PGP SIGNATURE-
Re: Exim configuration on cable modem gateway
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I think the same effect could be achieved simply by changing > 'qualify_domain' in exim.conf to 'creighton.edu', in this case. If I'm > understanding the problem correctly. Not quite - the message appeard to come from "[EMAIL PROTECTED]" rather than "[EMAIL PROTECTED]". Note the difference in the user name... That caused other problems, as well: messages for user "root" (ie mail generated from errors in cron) went to "[EMAIL PROTECTED]", which is definitely not me. Telling exim that "creighton.edu" is not local to the workstation and using the rewriting rules that I described made all my problems go away. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5y3Kn/ZTSZFDeHPwRAoMqAKCeoTORt9qFSbQ0wH1Qn5TVFLH4HACfeUzO zKZyZW/aCnu8NIXMAT+ifcI= =+jyw -END PGP SIGNATURE-
Re: Exim configuration on cable modem gateway
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I'd really like to get the system log summaries outside of a bounce > message. Ideally, I'd like the mail to get sent using the machine's > external host name as the address in the outgoing SMTP envelope. (And > I'd prefer not to set this explicitly, since I do get an IP address > and a host name via DHCP.) Failing this, I'd like to send mail out > through my provider's mail server, and use some address as the SMTP > sender. Can Exim deal with this setup, and if so, how? Would some > other SMTP daemon be a better choice here? I've had the same problem, and solved it with sender rewriting in exim. This is what I have at the end of /etc/exim.conf: # This rewriting rule is particularly useful for dialup users who # don't have their own domain, but could be useful for anyone. # It looks up the real address of all local users in a file [EMAIL PROTECTED]${lookup{$1}lsearch{/etc/email-addresses}\ {$value}fail} bcfrF # End of Exim configuration file The contents of /etc/email-addresses: # This file contains email addresses to use for outgoing mail. Any local # part not in here will be qualified by the system domain as normal. # # It should contain lines of the form: # #user: [EMAIL PROTECTED] #otheruser: [EMAIL PROTECTED] phil: [EMAIL PROTECTED] Here, "phil" is my username on the workstation "fury.brutsche.com" (notice it's not resolvable). The rewrite rule will replace "[EMAIL PROTECTED]" (which shows up in messages sent via pine) with "[EMAIL PROTECTED]". I've had no problems since making this change. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5yrPn/ZTSZFDeHPwRArfGAJ4t+bYYqGSZFvgUSRYFJMlQTabXlQCgnR86 JIJb/ljoZYHGdavszdzQ+vE= =RNkG -END PGP SIGNATURE-
Re: rsa and ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > Hi all, > I tried as man ssh saied to login with ssh without password as: > ssh-genkey as remote host > scp [EMAIL PROTECTED]:$HOME/.ssh/identity.pub $HOME/.ssh/authorized_keys > and tried ssh remote and was prompted with a password > What is wrong? Yout got it backwards. That should have been scp ~/.ssh/identity.pub [EMAIL PROTECTED]:~/.ssh/keyfile ssh remote cd .ssh cat keyfile >> authorized_keys Note that you need to log in to the remote server and manually add the public key to authorized_keys, otherwise you'll be replacing any authorized keys you might have set up. - -- - ------ Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5yQEl/ZTSZFDeHPwRAr3fAJ9bnHtVhhPET3vSqBbLOHPIsFeVTgCdF+PB ObFg3pPJEkZgm5/1o8v4En0= =OANy -END PGP SIGNATURE-
Re: Ethernet trouble
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > Seeking help using a network card in a PC. The card is a Linksys Etherfast > 10/100 LAN card. Do you know what revision (ie v1 vs v2 vs v3 vs v4) of card this is? [...] > Here is result of "modprobe tulip": > /lib/modules/2.2.17/net/tulip.o: init_module: Device or resource busy > Hint: this error can be caused by incorrect module parameters, including > invalid IO or IRQ parameters > /lib/modules/2.2.17/net/tulip.o: insmod /lib/modules/2.2.17/net/tulip.o failed > /lib/modules/2.2.17/net/tulip.o: insmod tulip failed > > Here is result of "lspci": > 00:00.0 Host bridge: VIA Technologies, Inc. VT82C691 [Apollo PRO] (rev c4) > 00:01.0 PCI bridge: VIA Technologies, Inc. VT82C598 [Apollo MVP3 AGP] > 00:04.0 ISA bridge: VIA Technologies, Inc. VT82C596 ISA [Apollo PRO] (rev 23) > 00:04.1 IDE interface: VIA Technologies, Inc. VT82C586 IDE [Apollo] (rev 10) > 00:04.2 USB Controller: VIA Technologies, Inc. VT82C586B USB (rev 11) > 00:04.3 Host bridge: VIA Technologies, Inc.: Unknown device 3050 (rev 30) > 00:0b.0 Ethernet controller: Bridgecom, Inc: Unknown device 0985 (rev 11) > 01:00.0 VGA compatible controller: ATI Technologies Inc 3D Rage Pro AGP 1X/2X > (rev 5c) [...] > Bus 0, device 11, function 0: > Ethernet controller: Unknown vendor Unknown device (rev 17). > Vendor id=1317. Device id=985. ^^^ > Medium devsel. Fast back-to-back capable. IRQ 10. Master Capable. > Latency=32. Min Gnt=255.Max Lat=255. > I/O at 0xb000 [0xb001]. > Non-prefetchable 32 bit memory at 0xe100 [0xe100]. The entire problem is that the card is not supported by the tulip driver 2.2.x kernel series :( It is, however, directly supported by the 2.4.0-testx/2.4.x series of kernels. It's a long story as to why the driver is so far out of date. You can get an updated driver from http://www.scyld.com/network/tulip.html. I've never been able to get these drivers (off the scyld web pages) to work for me, but it's been a while since I've tried. - -- - -- Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Made with pgp4pine iD8DBQE5u61q/ZTSZFDeHPwRAi3mAJ425GDBOVhsXw25U7OtiCiH75hqIwCgkfvj qlI87NmZ/SKQOkWjS8o2SYY= =cFOr -END PGP SIGNATURE-
Re: Problem with Linksys LNE100TX NIC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > I bought the Linksys LNE100TX NIC because it claims to be compatible > with Linux (and I believe them). I haven't been too lucky, though. > > I downloaded and compiled the latest Tulip driver without errors... > successful first step. > I compiled the driver as a module (I got errors when compiling it as > part of the kernel), so following the instructions, I type: > > "insmod pci-scan" followed by "insmod tulip" > > Everything seems fine up until now, no errors. In "kern.log" I even > see the following: > > Sep 8 20:10:00 navi kernel: tulip.c:v0.92i 7/31/2000 Written by Donald > Becker <[EMAIL PROTECTED]> > Sep 8 20:10:00 navi kernel: http://www.scyld.com/network/tulip.html > Sep 8 20:10:00 navi kernel: eth0: ADMtek Comet rev 17 at 0xc3023800, > 00:20:78:1F:1D:1A, IRQ 9. > Sep 8 20:10:00 navi kernel: eth0: MII transceiver #1 config 3000 > status 7849 advertising 01e1. > > But this is as far as I get... > > When I type "ifup eth0" I get back a "Ignoring unkown interface eth0". > Also, when I do a "ifconfig", I only see information about the > loopback? device. I know that there have been many posts about this > card, but the problems they've experienced are farther down the > line... I can't even get past this stage. Any help is appreciated !! What's happening is you haven't defined and entry for eth0 in /etc/network/interfaces, assigning the correct IP number, netmask, gateway, etc for ifup to be able to work. This is an example from one of my computers: iface eth0 inet static address 192.168.0.2 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.3 You didn't see eth0 in the output of "ifconfig" because you were seeing the information on the active interfaces, and eth0 wasn't an active interface. "ifconfig -a" will show all interfaces. - -- - -- Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Made with pgp4pine iD8DBQE5uvZl/ZTSZFDeHPwRAh8fAKCofkyXqfXe+yqKnIHhgvL9vl6RVQCePRmC gd4wdxkauNpwC69QL+8xIFQ= =TUrV -END PGP SIGNATURE-
Re: DHCP client setup for @Home
A long time ago, in a galaxy far, far way, someone said... > So, does this mean that if I try and install potato on my home system > using the boot floppies (to avoid having to burn 1 or more CDs) and I > select the DHCP net configuration option for doing a network/internet > install that the installation will fail ? In my experience it does: pump fails to correctly configure /etc/resolv.conf which kinda makes installing off a network kinda hard. > Is this a bug in pump ? If it fails to work (for an @Home setup like > mine) then why is pump allowed into potato or debian at all ? Bug in pump: unknown to me. the code is in the executable, but it doesn't seem to work. My experience: I've tried a couple times to install pump on a SPARC classic, and used DHCP to configure the interface. When it came time to install the base system (there's no CD and it's a blank HD) I had to use the NFS server's IP number rather than the hostname: DNS lookups were failing. After the system was installed and running, trying to fix /etc/resolv.conf showed me the file didn't exist. pump in potato: I dunno. Lack of disk space? > I plan to reinstall potato on my home system using the boot floppies > over the weekend and will see how well the DHCP configuration works > then. Let me know, you might have better luck on a PC. -- ------ Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien
Re: DHCP client setup for @Home
A long time ago, in a galaxy far, far way, someone said... > I was able to figure out the problem myself. For some reason, I was > unable to get Pump to work with the [EMAIL PROTECTED] DHCP servers. I then > remembered that there was another DHCP client, dhcp-client, which I have > used earlier on one of our office machines. dhclient (that's the name of the executable in the dhcp-client package) is the best (imo) dhcp client for unix-type systems. That would explain why NetBSD, OpenBSD, and FreeBSD use dhclient in their bootup sequence when you select "automatic interface configuration" (or something like that). IMO the only reason pump is being used is lack of space on the root floppy. > I installed dhcp-client and added a couple of lines to > /etc/dhclient.conf and voila! I have a fast cable-modem connection. > > Not sure what I was doing wrong with Pump. You weren't doing anything wrong. pump simply doesn't work very well. -- ------ Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien
Re: nfs and firewall
A long time ago, in a galaxy far, far way, someone said... > Hai, > > I'm trying to secure my system, I ran pmfirewall and some tests. > It seems that rpc.mountd still listens on port 1024 even on the > outgoing ethernet. > > I am trying hard to read up to this subject, but in the time being > I would feel much better if I were able to shut off *all* services > from this machine to the hostile internet. So if some kind soul > could shed some light onto this, I would be much obliged:) I would remove the nfs-server (or nfs-kernel-server, whichever you have installed) package. You don't need that package to connect to an NFS server; only if you're going to *be* the NFS server do you need it. That will also happen so solve the problem of trying to firewall off the NFS port: there won't be anything to firewall off. > My setup is a firewall and several local machines on a local net, > the firewall doing masquerading and firewalling. For ease of upgrading > I want the firewall to be able to mount a debian mirror on another > local machine. In the end I also think of letting the firewall machine > act as a local mail and news server (is that deemed secure?). It can be a bad thing: I call having "too many" services on one system "too many eggs in one basket". I've seen situations in the past where an exploit in one piece of software will expose the entire system to the attacker, and let him/her gain access to all that computer offers. Whether or not it's secure depends on who the firewall rules allows to access the service. -- -- Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien
Re: ssh from nt?
A long time ago, in a galaxy far, far way, someone said... > Greetings, > > At work we run NT but I like to access my home pc. We use a package > called KEA as our main telnet/term package. Does anyone have any > experience getting KEA to use any sort of ssh? Alternatively, does > anyone know of a windows terminal package that is completely freeware > that can use ssh? I would really like to shut down my open telnet > port and use ssh if I can. There are three that I know of: * TeraTerm * PuTTY * SecureCRT Others have mentioned the first two. I like PuTTY: it's small and 100% self-contained. I've never used TeraTerm. SecureCRT blows their doors off in terms of functionality, but it isn't free :( Note, however, that TeraTerm and PuTTY will only work with SSH v1; if you need SSH v2 your only choice (that I know of) is SecureCRT. -- -- Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien
Re: RealTek NIC card problem
A long time ago, in a galaxy far, far way, someone said... > Hello everybody, > > I have a machine running 2.0.36 kernel and a RealTek 8139B card installed. > When I sit at the consol, everything is fine, however, if I connect to the > machine via, say ssh, and run netscape, the network card stops responding > and on the consol I see the message: > > eth0: Transmit timeout, status 0d 2000 > > # ifconfig eth0 down > and then > # /etc/init.d/network > fixes the problem. This situation is repeatable. So, could someone tell me > what is happening and if there is a way to fix it? The revision of the rtl8139 driver you're using sucks You need to upgrade your kernel, specifcially to the latest 2.2 (2.2.17pre20 has been said to be the most solid 2.2 kernel to date) and parts of your distribution (it looks like you're running slink, you really should be running potato or expect things to not work once you go with 2.2). -- ------ Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien
Re: Is the 3COM 3C509B PCI (PCI PCI PCI __not__ ISA) supported?
A long time ago, in a galaxy far, far way, someone said... > Thanks for the response. > Confused though, my card says 3c509b on it, not 3c590. Wassup? You certainly are confused :) The 3c509 series of cards (aka EtherLink III) are, and always have been, ISA units. Look at the contents of /proc/pci again; you'll see that you have a 3c905b ethernet card. It's a 10/100 Mbit PCI card, and a very nice one that that, if expensive. You need the 3c59x driver for this card to work. I don't know why it says 3c509b, however. -- ------ Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien
Re: kernel 2.2.2 newbie question
A long time ago, in a galaxy far, far way, someone said... > I'm going to compile 2.2.2 kernel as an upgrade from 2.2.16. Since > this is evenly numbered does that mean it's a stable kernel? Are there > any significant improvements over 2.2.16? As many others have indicated, you're thinking of the wrong even number. Kernel versions are indicated by a value: x.y.z. For each value: * x: the major revision number. Only when there is a _huge_ architectural change in the kernel * y: minor revision number. Odd indicates a development series. Even indicates a stable series that you should run if you care anything about stability. * z: patch level. Bug fixes, stability improvements, new drivers, added drivers, etc. That given, 2.2.16 is quite a bit newer (and a hell of a lot more stable) than 2.2.2. Typically, anything < x..6 is considered to be late beta and shouldn't be used in a production environment. -- ------ Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien
Re: Matrox G400
A long time ago, in a galaxy far, far way, someone said... > I'm replacing my RedHat system with Potato and want to know what is > the best XServer to run with my Matrox G400. XF86_SVGA is the best for any Matrox video card -- -- Phil Brutsche [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstien