Re: ISP bloqueia portas
Fazer SSH em porta não padrão é até recomendável porque fica mais seguro, e evita o monte de logs de falha de autenticação dos bots tentando invadir o sistema. Procure usar da porta 49152 para cima. Redirecionamento de URL de grátis: www.afraid.org 2008/4/26 Bruno Guimarães Sousa [EMAIL PROTECTED]: Valeu por responder Se tiver algo gratuito melhor ainda né? :) Como eu faria este proxy? Qual seria a opção mais leve? Poderia ser instalado no mesmo servidor? Abraços -- Márcio H. Parreiras @ Pedro Leopoldo - MG - Brazil Por favor evite enviar-me anexos Excel (.xls), PowerPoint (.ppt) ou Word (.doc); Veja http://www.gnu.org/philosophy/no-word-attachments.pt-br.html Please avoid sending me Excel (.xls), PowerPoint (.ppt) or Word (.doc) attachments; See http://www.gnu.org/philosophy/no-word-attachments.html Navegue com segurança: http://br.mozdev.org Surf safely: http://www.mozilla.com/en-US Experimente http://www.broffice.org Try http://www.openoffice.org A caixa dizia: Requer MS Windows ou superior, então eu instalei Debian/GNU Linux! http://www.debian.org/index.pt.html The box said: Requires MS Windows or better, then I installed Debian/GNU Linux! http://www.debian.org/index.en.html http://pt.wikipedia.org/wiki/Linux http://en.wikipedia.org/wiki/Linux Codificação de caracteres / Character encoding: Unicode (UTF-8) .
Re: ISP bloqueia portas
Valeu por responder Se tiver algo gratuito melhor ainda né? :) Como eu faria este proxy? Qual seria a opção mais leve? Poderia ser instalado no mesmo servidor? Abraços 2008/4/25 Rafael Gomes Dantas [EMAIL PROTECTED]: Sites como no-ip.org tem serviços para redirecionar uma chamada de um endereço+porta para o seu ip atual + porta correta. Pena que é pago... Talvez vc possa fazer um proxy usando um PHP em um servidor, por exemplo, para redirecionar as chamadas ao endereço tal para o seu IP+Porta... 2008/4/25 Bruno Guimarães Sousa [EMAIL PROTECTED]: Oi todo mundo, Montei um servidor em casa recentemente com Debian etch. Minha conexão com a net é feita através do velox residencial. O problema é que o velox bloqueia várias portas: TCP = 21, 22, 23, 25, 53, 80, 110, 111, 135, 137, 139, 143, 161, 443, 445, 513, 515, 1080, 1433, 3128, 3129, , 4480, 6588 UDP = 53, 69, 111, 135, 137, 138, 139, 445 Por enquanto estou deixando funcionar só Apache e servidor SSH. O apache deixei funcionando na porta 8080 aí dá para acessar a máquina por redirecionamento da porta 80 do no-ip (endereco.no-ip.org -- meu_ip_verdadeiro:8080). O servidor SSH não tem jeito pela porta 22. Eu queria deixar estes serviços funcionando em suas portas normais (servidor web: 80 e servidor ssh: 22). Teria como fazer isso? Ouvi dizer a respeito de HTTP tunneling, seria isto? Abraços, -- Bruno Guimarães Sousa COINF-CEFET-BA Ciência da Computação UFBA Registered Linux user #465914 -- Bruno Guimarães Sousa COINF-CEFET-BA Ciência da Computação UFBA Registered Linux user #465914
Re: [Solved] Re: ISP has screwed up smtp for me...
On Wed, Sep 27, 2006 at 09:00:46PM -0700, Kenward Vaughan wrote: ... 'Twas the latter, as it turned out. Simple misconfiguration having a different server (smtp.earthlink.net) than the one which worked with swaks. Thanks for the suggestion, Kevin, as it allowed me to play with settings against their two possible servers. And thanks to Mike for his settings, which pointed out the fact that I had missed the glaring domain inclusion in the login name on the Earthlink site. I apologize for leaving Kent out--while I didn't try telnetting into the server, his track was similar to what swaks did for me. (I also admit to not knowing what I would have done if I had connected.) But his thoughts were appreciated. Kenward -- In a completely rational society, the best of us would aspire to be _teachers_ and the rest of us would have to settle for something less, because passing civilization along from one generation to the next ought to be the highest honor and the highest responsibility anyone could have. - Lee Iacocca -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Solved] Re: ISP has screwed up smtp for me...
On Wed, Sep 27, 2006 at 09:00:46PM -0700, Kenward Vaughan wrote: On Tue, Sep 26, 2006 at 11:07:47PM -0700, Kenward Vaughan wrote: On 09/26/2006 11:59:03 AM, Kenward Vaughan wrote: Hi Kevin, I'll try this once I have a chance when I get home. ... -Original Message- From: Kevin Mark [mailto:[EMAIL PROTECTED] ... On Mon, Sep 25, 2006 at 07:03:21PM -0700, Kenward Vaughan wrote: Hi folks, I hate writing this from my school's web access page, but I suddenly lost the ability to send emails from home. Receiving is fine. Nothing had changed at my end from the night before, when I had no problems. My ISP is Earthlink. ... Hi Kenward, apt-get install swaks and show what settings made if work. cheers, Kev ... === daddy:~# swaks -t [EMAIL PROTECTED] -f [EMAIL PROTECTED] -s smtpauth.earthlink.net -tlso -a -au [EMAIL PROTECTED] -ap abcdefghijklmnop === Trying smtpauth.earthlink.net:25... === Connected to smtpauth.earthlink.net. ... ~ This is a test mailing^M ~ ~ . ~ 250 OK id=1GSS6j-00066m-FB ~ QUIT ~ 221 elasmtp-junco.atl.sa.earthlink.net closing connection === Connection closed with remote host. ... My question changes to the obvious. Now that it worked so easily with that small change in Balsa/Kmail, what is wrong with my Exim setup? Is it some rewriting rule or choice I made in running its configuration which screwed things up? The /etc/exim4/passwd.client file: ... smtpauth.earthlink.net:[EMAIL PROTECTED]:abcdefghijklmnop 'Twas the latter, as it turned out. Simple misconfiguration having a different server (smtp.earthlink.net) than the one which worked with swaks. Thanks for the suggestion, Kevin, as it allowed me to play with settings against their two possible servers. And thanks to Mike for his settings, which pointed out the fact that I had missed the glaring domain inclusion in the login name on the Earthlink site. And MANY THANKS to Earthlink for proving once again that the Linux/Debian community is far superior to such companies in their responsiveness to requests for help. At least the tech side has the intelligence to use Exim on their servers... Cheers, Hi Kenward, some DD pointed me to swak which also helped up! I wrote up something at http://wiki.debian.org/YahooAndExim4 see if it matches what you did. And maybe add a page for EarthlinkAndExim4? cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | signature.asc Description: Digital signature
Re: ISP has screwed up smtp for me... what to try? New ISP?
On 09/26/2006 11:59:03 AM, Kenward Vaughan wrote: Hi Kevin, I'll try this once I have a chance when I get home. ... -Original Message- From: Kevin Mark [mailto:[EMAIL PROTECTED] ... On Mon, Sep 25, 2006 at 07:03:21PM -0700, Kenward Vaughan wrote: Hi folks, I hate writing this from my school's web access page, but I suddenly lost the ability to send emails from home. Receiving is fine. Nothing had changed at my end from the night before, when I had no problems. My ISP is Earthlink. ... Hi Kenward, apt-get install swaks and show what settings made if work. cheers, Kev I changed Balsa's settings as well (adding the domain to my login name) with success. With a bit of reading, the following worked with swaks: === daddy:~# swaks -t [EMAIL PROTECTED] -f [EMAIL PROTECTED] -s smtpauth.earthlink.net -tlso -a -au [EMAIL PROTECTED] -ap abcdefghijklmnop === Trying smtpauth.earthlink.net:25... === Connected to smtpauth.earthlink.net. - 220-elasmtp-junco.atl.sa.earthlink.net ESMTP Exim 4.34 #1 Wed, 27 Sep 2006 01:37:20 -0400 - 220-NO UCE. EarthLink does not authorize the use of its computers or network - 220 equipment to accept, transmit, or distribute unsolicited e- mail. - EHLO hpotter.vaughan.home - 250-elasmtp-junco.atl.sa.earthlink.net Hello hpotter.vaughan.home [70.92.98.186] - 250-SIZE 14680064 - 250-PIPELINING - 250-AUTH PLAIN LOGIN CRAM-MD5 - 250-STARTTLS - 250 HELP - STARTTLS - 220 TLS go ahead === TLS started w/ cipher BDT854-SHA ~ EHLO hpotter.vaughan.home ~ 250-elasmtp-junco.atl.sa.earthlink.net Hello hpotter.vaughan.home [70.92.98.186] ~ 250-SIZE 14680064 ~ 250-PIPELINING ~ 250-AUTH PLAIN LOGIN CRAM-MD5 ~ 250 HELP ~ AUTH CRAM-MD5 ~ 334 PDIzNDg0LjExNTkzMzUjUbbFZWxhc210cC1qdW5jby5hdGwuc2EuZWFydGhsaW5rLm5ldD4= ~ a2F5X2pheUBlYXJ0aGxpbmsubmV0IGViNzY3MzVhNWIwZWYyMGRkMjQzNzE2Y2U4OTRmYTc3 ~ 235 Authentication succeeded ~ MAIL FROM:[EMAIL PROTECTED] ~ 250 OK ~ RCPT TO:[EMAIL PROTECTED] ~ 250 Accepted ~ DATA ~ 354 Enter message, ending with . on a line by itself ~ Date: Tue, 26 Sep 2006 22:37:20 -0700^M ~ To: [EMAIL PROTECTED] ~ From: [EMAIL PROTECTED] ~ Subject: test Tue, 26 Sep 2006 22:37:20 -0700^M ~ X-Mailer: swaks v20060621.0 jetmore.org/john/code/#swaks^M ~ ~ This is a test mailing^M ~ ~ . ~ 250 OK id=1GSS6j-00066m-FB ~ QUIT ~ 221 elasmtp-junco.atl.sa.earthlink.net closing connection === Connection closed with remote host. 10:37:21^M daddy:~# exit Script done on Tue 26 Sep 2006 10:37:24 PM PDT === My question changes to the obvious. Now that it worked so easily with that small change in Balsa/Kmail, what is wrong with my Exim setup? Is it some rewriting rule or choice I made in running its configuration which screwed things up? The /etc/exim4/passwd.client file: # password file used when the local exim is authenticating to a remote # host as a client. # # see passwd_client(5) for more documentation # # Example: ### target.mail.server.example:login:password #207.69.189.201:kay_jay:abcdefghijklmnop #207.69.189.202:kay_jay:abcdefghijklmnop #207.69.189.203:kay_jay:abcdefghijklmnop #207.69.189.204:kay_jay:abcdefghijklmnop #207.69.189.205:kay_jay:abcdefghijklmnop #207.69.189.206:kay_jay:abcdefghijklmnop #207.69.189.207:kay_jay:abcdefghijklmnop #207.69.189.208:[EMAIL PROTECTED]:abcdefghijklmnop #206.89.93.20*:kay_jay:abcdefghijklmnop #209.86.93.210:kay_jay:abcdefghijklmnop #209.86.93.211:kay_jay:abcdefghijklmnop #*:[EMAIL PROTECTED]:abcdefghijklmnop smtpauth.earthlink.net:[EMAIL PROTECTED]:abcdefghijklmnop Many thanks for the information so far! Kenward
[Solved] Re: ISP has screwed up smtp for me...
On Tue, Sep 26, 2006 at 11:07:47PM -0700, Kenward Vaughan wrote: On 09/26/2006 11:59:03 AM, Kenward Vaughan wrote: Hi Kevin, I'll try this once I have a chance when I get home. ... -Original Message- From: Kevin Mark [mailto:[EMAIL PROTECTED] ... On Mon, Sep 25, 2006 at 07:03:21PM -0700, Kenward Vaughan wrote: Hi folks, I hate writing this from my school's web access page, but I suddenly lost the ability to send emails from home. Receiving is fine. Nothing had changed at my end from the night before, when I had no problems. My ISP is Earthlink. ... Hi Kenward, apt-get install swaks and show what settings made if work. cheers, Kev ... === daddy:~# swaks -t [EMAIL PROTECTED] -f [EMAIL PROTECTED] -s smtpauth.earthlink.net -tlso -a -au [EMAIL PROTECTED] -ap abcdefghijklmnop === Trying smtpauth.earthlink.net:25... === Connected to smtpauth.earthlink.net. ... ~ This is a test mailing^M ~ ~ . ~ 250 OK id=1GSS6j-00066m-FB ~ QUIT ~ 221 elasmtp-junco.atl.sa.earthlink.net closing connection === Connection closed with remote host. ... My question changes to the obvious. Now that it worked so easily with that small change in Balsa/Kmail, what is wrong with my Exim setup? Is it some rewriting rule or choice I made in running its configuration which screwed things up? The /etc/exim4/passwd.client file: ... smtpauth.earthlink.net:[EMAIL PROTECTED]:abcdefghijklmnop 'Twas the latter, as it turned out. Simple misconfiguration having a different server (smtp.earthlink.net) than the one which worked with swaks. Thanks for the suggestion, Kevin, as it allowed me to play with settings against their two possible servers. And thanks to Mike for his settings, which pointed out the fact that I had missed the glaring domain inclusion in the login name on the Earthlink site. And MANY THANKS to Earthlink for proving once again that the Linux/Debian community is far superior to such companies in their responsiveness to requests for help. At least the tech side has the intelligence to use Exim on their servers... Cheers, Kenward -- In a completely rational society, the best of us would aspire to be _teachers_ and the rest of us would have to settle for something less, because passing civilization along from one generation to the next ought to be the highest honor and the highest responsibility anyone could have. - Lee Iacocca -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP has screwed up smtp for me... what to try? New ISP?
Kenward Vaughan wrote: Hi folks, I hate writing this from my school's web access page, but I suddenly lost the ability to send emails from home. Receiving is fine. Nothing had changed at my end from the night before, when I had no problems. My ISP is Earthlink. I couldn't figure out originally what the issue was, until I tried using both Balsa and Kmail instead of mutt/exim. The error messages returned indicated that they needed to be configured for authentication. Fine. Set that up, seemingly no-brainer choices in the menus, including a test to see what the server supported. Nothing works. Tried all combinations the apps gave me. Tried to configure exim4 to do the same, putting the full addresses that host gave me for smtp.earthlink.net and smtpauth.earthlink.net along with a user ID/password for each. Even added the option about using clear text over unencrypted lines. All no go. I've got a bunch of frozen messages, with no place to go. I chatted with Earthlink, which was futile. We do not support alternate OS's. I told them both in the chat and questionaire at the end that such an attitude really stank, that they would lose me if I don't find an answer from somewhere, and that this was no good for their good will in the community. I looked through their docs on reconfiguring various email apps and plugged in those values into Kmail/Balsa with no luck (includin a port of 587 for the smtpauth addresses). Doesn't someone out there have an earthlink account, and how do you set things up? Is something sitting there staring me in the face that will work? I believe I'd try telnetting to their smtp server, something like: telnet smtp.earthlink.com 587 and see if you can log in with your username/password. If not, you've got a username/password/account problem. But I've never done this, so don't know the exact steps. I'd suspect Google to be your friend. -- Kent West Westing Peacefully http://kentwest.blogspot.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP has screwed up smtp for me... what to try? New ISP?
On Mon, Sep 25, 2006 at 07:03:21PM -0700, Kenward Vaughan wrote: Hi folks, I hate writing this from my school's web access page, but I suddenly lost the ability to send emails from home. Receiving is fine. Nothing had changed at my end from the night before, when I had no problems. My ISP is Earthlink. I couldn't figure out originally what the issue was, until I tried using both Balsa and Kmail instead of mutt/exim. The error messages returned indicated that they needed to be configured for authentication. Fine. Set that up, seemingly no-brainer choices in the menus, including a test to see what the server supported. Nothing works. Tried all combinations the apps gave me. Tried to configure exim4 to do the same, putting the full addresses that host gave me for smtp.earthlink.net and smtpauth.earthlink.net along with a user ID/password for each. Even added the option about using clear text over unencrypted lines. All no go. I've got a bunch of frozen messages, with no place to go. I chatted with Earthlink, which was futile. We do not support alternate OS's. I told them both in the chat and questionaire at the end that such an attitude really stank, that they would lose me if I don't find an answer from somewhere, and that this was no good for their good will in the community. I looked through their docs on reconfiguring various email apps and plugged in those values into Kmail/Balsa with no luck (includin a port of 587 for the smtpauth addresses). Doesn't someone out there have an earthlink account, and how do you set things up? Is something sitting there staring me in the face that will work? TIA, Hi Kenward, apt-get install swaks and show what settings made if work. cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | signature.asc Description: Digital signature
RE: ISP has screwed up smtp for me... what to try? New ISP?
Hi Kevin, I'll try this once I have a chance when I get home. I don't have the other replies in front of me (since those are sucked home from the school's server during the night), but did find that using a login name which included the domain did the trick for Kmail. This I noted in one of those emails. I don't know about configuring exim for the client side stuff, though. Does it try variations until a fit is found, or what? Something's still amiss there, since changing the login name in the /etc/exim4/client.passwd file (I think that's the name of it) did not unfreeze the longish list waiting to be delivered (I restarted exim, of course). Kenward -- .'^~;,_ Dr. Kenward Vaughan `:,'~ Professor of Chemistry\;:/ Bakersfield College |,;| 1801 Panorama Drive / ', \ Bakersfield, CA 93305 / o O \ 661-395-4243 (oOoOOoOo) [EMAIL PROTECTED] ------ ???$$MM$$??? -Original Message- From: Kevin Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 26, 2006 9:52 AM To: debian-user@lists.debian.org Subject: Re: ISP has screwed up smtp for me... what to try? New ISP? On Mon, Sep 25, 2006 at 07:03:21PM -0700, Kenward Vaughan wrote: Hi folks, I hate writing this from my school's web access page, but I suddenly lost the ability to send emails from home. Receiving is fine. Nothing had changed at my end from the night before, when I had no problems. My ISP is Earthlink. I couldn't figure out originally what the issue was, until I tried using both Balsa and Kmail instead of mutt/exim. The error messages returned indicated that they needed to be configured for authentication. Fine. Set that up, seemingly no-brainer choices in the menus, including a test to see what the server supported. Nothing works. Tried all combinations the apps gave me. Tried to configure exim4 to do the same, putting the full addresses that host gave me for smtp.earthlink.net and smtpauth.earthlink.net along with a user ID/password for each. Even added the option about using clear text over unencrypted lines. All no go. I've got a bunch of frozen messages, with no place to go. I chatted with Earthlink, which was futile. We do not support alternate OS's. I told them both in the chat and questionaire at the end that such an attitude really stank, that they would lose me if I don't find an answer from somewhere, and that this was no good for their good will in the community. I looked through their docs on reconfiguring various email apps and plugged in those values into Kmail/Balsa with no luck (includin a port of 587 for the smtpauth addresses). Doesn't someone out there have an earthlink account, and how do you set things up? Is something sitting there staring me in the face that will work? TIA, Hi Kenward, apt-get install swaks and show what settings made if work. cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org |
Re: ISP has screwed up smtp for me... what to try? New ISP?
On Monday 25 September 2006 19:03, Kenward Vaughan wrote: Doesn't someone out there have an earthlink account, and how do you set things up? Is something sitting there staring me in the face that will work? A few weeks ago I used Earthlink SMTP from KMail with settings: General Host: smtpauth.earthlink.net Port: 25 Server requires authentication: check Login: [EMAIL PROTECTED] Password: Security Encryption: TLS Authentication: PLAIN IIRC, it took an nmap scan to figure out they were doing smtpauth on 25. --Mike Bird -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: isp service
On Wed, Jul 06, 2005 at 01:41:31AM +0200, roach wrote: On Monday 04 July 2005 10:17, Joseph Haig wrote: And that would be? ?;-) http://www.uklinux.net/ Also http://www.ukfsn.org/ is non-profit And http://www.bytemark.co.uk/connectivity/adsl.html profit-making (we assume) but linux-friendly. BTW, I never though that the OP was in England. If you've read my .sig you'd know I'm nowhere close to the UK. That comment was just my sad reflection on the state of support with ISPs. It's not sad but realistic. If you were a vendor expected to support the needs of less than 2% of your customers as well as the other 98% for the same money then you'd understand the position they are in too. No one is forced to use linux-ignorant ISPs (at least not in UK; we still have no idea where the OP is based). The market can decide. signature.asc Description: Digital signature
Re: isp service
On Monday 04 July 2005 10:17, Joseph Haig wrote: And that would be? ;-) http://www.uklinux.net/ BTW, I never though that the OP was in England. If you've read my .sig you'd know I'm nowhere close to the UK. That comment was just my sad reflection on the state of support with ISPs. -- Robert roach Spencer Pietermaritzburg South Africa
Re: isp service
--- roach [EMAIL PROTECTED] wrote: On Sunday 03 July 2005 16:04, TedNick wrote: How and where can I find a Linux friendly ISP. Best of luck. I've only heard of one linux friendly ISP in England. And that would be? ;-) The original poster didn't say where he is, but if he is in England you could try Mailbox (www.mailbox.co.uk), who describe themselves as the technically friendly ISP. You can call the help desk and talk Linux to them. They are also one of the few who still provide a static IP address. Of course, any ISP should work OK with Linux, although, as you found, you may be on your own with regards getting it set up. Bye, Joseph Haig I need the DNS or IP address number. Maybe, then again maybe not. All of the ISP's that I have contacted do not want to provide me with that number. If your a client, they should be able to give it. When I asked my ISP for these detail, I had to talk to a supervisor. They say sorry. You cannot use Linux. Bull Sh*t. You can use anything you want too, as long as they're (your ISP is) standard compliant. They probably don't support DOS, OS/2 or Mac either. I know mine doesn't. 1. Get as much details as you can. 2. Boot up with Knoppix. 3. Configure PPP and KPPP with what you have and go to: KPPP Configure Accounts Setup an account. And then under Edit DNS Set Configuration to Automatic. This should get you online with the same info they give to Windows users. If they have a setup CD that they normally tell people to use. I just tell them, My CD-ROM drive is bust and Can they talk me through it. Then just right everything down. Some of that info will be useful to you. Once your online, look in /etc/resolv.conf while online and you'll see that KPPP has written your ISP's DNS server IP addresses in there. Copy it if you want it. It's only there while your online. Also while connected. If you click on the Details on KPPP's active connect dialogue box. You'll see your temporary IP addresses as well as your ISP's permanent IP address. Best of luck. -- Robert roach Spencer Pietermaritzburg South Africa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: isp service
TedNick writes: How and where can I find a Linux friendly ISP. Almost any ISP will work with Linux. I need the DNS or IP address number. The software will take care of that automatically with almost all ISPs. Run pppconfig as root. Answer the questions and choose Dynamic in the Configure Nameservers screen. Choose PAP authentication as that is what almost all ISPs use. Use the command 'pon' to start the connection and 'poff' to stop it. If you must have a GUI install gpppon. All of the ISP's that I have contacted do not want to provide me with that number. The people you are talking to don't know what it is. All they know is how to recite recipes for configuring Microsoft Windows. They say sorry. You cannot use Linux They are wrong. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: isp service
On Sun, Jul 03, 2005 at 10:04:30AM -0400, TedNick wrote: How and where can I find a Linux friendly ISP. If you pick some major ISP like earthlink, it's a pretty fair bet that 5 minutes with Google will find you almost the exact commands to type/files to edit to get online. All of the ISP's that I have contacted do not want to provide me with that number. They say sorry. You cannot use Linux. UNIX had TCP/IP built into the kernel back when Windows had winsock hastily bolted onto the side. Linux will work with probably even the most degenerate configurations, if they follow some kind of standard. (Proprietary services such as compuserve and AOL have invented protocols and use complicated client software, and that won't work.) What they mean, in most cases, is that you will not get support if you use Linux. In my experience, if you're savvy enough to run Linux, you don't need their support anyway unless there's a problem on their end. The bigger the business, the more likely you're talking to a trained monkey, who will tell you with a straight face that Linux won't work without realizing some of the company's essential servers are *running* Linux. As an administrator at a very small ISP, I answered the Linux question with, it'll work, but we don't support it. -- Adam Fabian [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: isp service
On Sunday 03 July 2005 16:04, TedNick wrote: How and where can I find a Linux friendly ISP. Best of luck. I've only heard of one linux friendly ISP in England. I need the DNS or IP address number. Maybe, then again maybe not. All of the ISP's that I have contacted do not want to provide me with that number. If your a client, they should be able to give it. When I asked my ISP for these detail, I had to talk to a supervisor. They say sorry. You cannot use Linux. Bull Sh*t. You can use anything you want too, as long as they're (your ISP is) standard compliant. They probably don't support DOS, OS/2 or Mac either. I know mine doesn't. 1. Get as much details as you can. 2. Boot up with Knoppix. 3. Configure PPP and KPPP with what you have and go to: KPPP Configure Accounts Setup an account. And then under Edit DNS Set Configuration to Automatic. This should get you online with the same info they give to Windows users. If they have a setup CD that they normally tell people to use. I just tell them, My CD-ROM drive is bust and Can they talk me through it. Then just right everything down. Some of that info will be useful to you. Once your online, look in /etc/resolv.conf while online and you'll see that KPPP has written your ISP's DNS server IP addresses in there. Copy it if you want it. It's only there while your online. Also while connected. If you click on the Details on KPPP's active connect dialogue box. You'll see your temporary IP addresses as well as your ISP's permanent IP address. Best of luck. -- Robert roach Spencer Pietermaritzburg South Africa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: isp service
On Sun, Jul 03, 2005 at 10:04:30AM -0400, TedNick wrote: How and where can I find a Linux friendly ISP. In what country/locality? signature.asc Description: Digital signature
Re: isp service
According to TedNick, How and where can I find a Linux friendly ISP. I need the DNS or IP address number. All of the ISP's that I have contacted do not want to provide me with that number. They say sorry. You cannot use Linux. I find it easier to say I want a service that doesn't require me to install any of their software on my computer. Or to say I want a service that'll let my use my Linksys broadband router. That's a good way to put it since lots of people have them. It's not really helpful to tell them I'm running Linux. What you really want is a fairly standard configuration and not some weirdo crap like AOL or MSN or Prodigy, right? Here's a question: why do you need DNS and IP address? Isn't it easier to put eth0 inet dhcp in your /etc/network/interfaces? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: isp service
On Sun, Jul 03, 2005 at 03:57:12PM +, Andy Smith wrote: In what country/locality? If in parts of Canada, I've had success with dsl.ca. When I use technical language to them, they assume I am technically competent and don't talk down to me. Some of their tech support staff use Linux at home, and are *quite* knowledgable. And the other staff know enough to refer me to one that does know Linux. -- hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP DNS-Server an Clients weitergeben
Hi! On Wed, 13 Apr 2005 13:40:10 +0200, Peter wrote: Kann ich bastille beibringen, die vom ISP übermittelten DNS Server auch an die Clients weiterzugeben? Oder komme ich um einen Caching-Only DNS Server nicht drumherum? Müsste doch eigentlich auch ohne eigenen DNS Server funktionieren. Soweit, wie ich das überblicken kann, läuft bei meinem fli4l Disketten-Router auch kein bind Also ich weiss nicht, wie das ohne DNS-Server gehen soll. Ich kenne fli4l nicht wirklich, aber ein DNS-Server scheint da schon dabei zu sein: Router: [...] DNS-Server, damit nicht jede Anfrage von Windows-PCs in's WAN geht [1] So wirklich schwierig ist das auch nicht, einen einfachen DNS-Server einzurichten und hat nebenbei auch noch ein paar Vorteile. Simon [1] http://www.fli4l.de/german/extern/docu/stable/doc/deutsch/html/0_intro.html#Router -- pub 1024D/5781B453 2003-09-14 Simon Brandmair [EMAIL PROTECTED] Primary key fingerprint: 2A47 DD6D ABC5 414A FA87 ABF5 1E15 B86B 5781 B453 -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: ISP DNS-Server an Clients weitergeben
Hallo, vielleicht ist dnsmasq ja das richtige für dich: Description: A small caching DNS proxy Gruß, Florian pgp7UYYmyWeVN.pgp Description: PGP signature
Re: ISP-style Postfix y maildir
On Wed, 22 Sep 2004 10:01:47 -0300 Walter G Osoria [EMAIL PROTECTED] wrote: On Tue, Sep 21, 2004 at 11:25:38AM +0200, Manwe Sulimo wrote: Date: Tue, 21 Sep 2004 11:25:38 +0200 From: Manwe Sulimo [EMAIL PROTECTED] Subject: ISP-style Postfix y maildir To: debian-user-spanish@lists.debian.org X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-pc-linux-gnu) Saludos Tengo creado un sistema de correo con postfix, mysql y courier siguiendo el tutorial Tutorial: ISP-style Email Service with Debian-Sarge and Postfix (2.x) Dipl.-Inform. Christoph Haas Copyright © 2002,2003,2004 Christoph Haas Tengo un problema a la hora de usar el smtp. Hago un telnet localhost 25 para mandar un correo a un usuario nuevo para que se le cree el buzón, pero a la hora de leer el log, veo que se lo ha mandado a mailbox y no a maildir: ... te paso algunas cosas que pueden ser: en main.cf puede que falte home_mailbox = Maildir/ en master.cf descomentá la línea virtual - n n - - virtual en /etc/login.defs descomentá QMAIL_DIR/Maildir -- Ya lo he podido solucionar, gracias. tenía puesto un dominio virtual en mydestination.
Re: ISP-style Postfix y maildir
On Tue, Sep 21, 2004 at 11:25:38AM +0200, Manwe Sulimo wrote: Date: Tue, 21 Sep 2004 11:25:38 +0200 From: Manwe Sulimo [EMAIL PROTECTED] Subject: ISP-style Postfix y maildir To: debian-user-spanish@lists.debian.org X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-pc-linux-gnu) Saludos Tengo creado un sistema de correo con postfix, mysql y courier siguiendo el tutorial Tutorial: ISP-style Email Service with Debian-Sarge and Postfix (2.x) Dipl.-Inform. Christoph Haas Copyright © 2002,2003,2004 Christoph Haas Tengo un problema a la hora de usar el smtp. Hago un telnet localhost 25 para mandar un correo a un usuario nuevo para que se le cree el buzón, pero a la hora de leer el log, veo que se lo ha mandado a mailbox y no a maildir: ... te paso algunas cosas que pueden ser: en main.cf puede que falte home_mailbox = Maildir/ en master.cf descomentá la línea virtual - n n - - virtual en /etc/login.defs descomentá QMAIL_DIR/Maildir -- __ Walter Osoria - Debian GNU/Linux 3.0 [EMAIL PROTECTED] - LIcq 2277064 Linux registered user #124360 GnuPG Public Key: http://www.keyserver.net FingerPrint = 2D31 FE71 D7A7 20E7 D1EB 5593 CFE2 2D72 FFAC 33FA
Re: ISP Verbindung wird alle 8 Stunden gekappt = automatisches verbinden
Hi, Währe das so möglich? Wenn ja wie? Oder wäre es sinnvoller einen cronjob laufen zu lassen der meine ppp0 Verbindung testet und dann neu einwählt? Mit dem Cronjob wäre IMHO die bessere Lösung. Das funktioniert dann auch, wenn z.B. wegen eines ausserplanmässigen Problems die Verbindung getrennt wird, obwohl die acht Stunden noch nicht vorbei sind. Schau mal ins Archiv der Liste, das Problem mit der Wiedereinwal wurde hier schon öfter behandelt. -- Gruss Holger == Created with Sylpheed 0.9.6-claws under Debian GNU LINUX 3.0 Woody. Registered LinuxUser #311290 Spam filtering powered by Spamassassin.org ==
Re: ISP Verbindung wird alle 8 Stunden gekappt = automatisches verbinden
Am Samstag, 8. Mai 2004 15:37 schrieb Severin: Hallo Liste! Hab folgendes Problem: Ich hab eine ADSL-Internetverbindung mit dynamisch zugewiesener IP. Diese Verbindung wird allerdings, ob Traffic oder nicht, nach 8 Stunden gekappt - tolle Sache meines ISPs. Mein ISP (oder vielleicht auch der Anschlussbetreiber) kappt die Verbindung nach 24 Stunden. So eine Zwangstrennung hat man wahrscheinlich fast immer. Nun will ich die Zeit der Einwahl aufzeichnen - wieß nicht wie ich das anstellen soll - und dann 8 Stunden hinzuzahlen und dann mit at oder so neu einwahlen. Währe das so möglich? Wenn ja wie? Das ist nicht sehr geschickt, da dein Provider dir sicher nicht garantiert, dass es exakt 8 Stunden sind, nach denen er die Verbindung trennt. So kann es dir passieren, dass beim Versuch der Neueinwahl die alte Verbindung noch gar nicht beendet wurde oder dass die alte Verbindung schon einige Zeit vor der Wiedereinwahl getrennt wurde, sodass du eine gewisse verbindungslose Zeit hast. Oder wäre es sinnvoller einen cronjob laufen zu lassen der meine ppp0 Verbindung testet und dann neu einwählt? Ich habe zwar den Eindruck, dass man im Unix-Bereich i.A. sehr auf Cron-Jobs und Serverprozesse (sog. Daemons) abfährt, allerdings sind diese m.E. oftmals nicht das richtige Mittel. Der Cron-Job hat auch wieder das Problem, dass die Einwahl mit einer gewissen Verzögerung erfolgt, da nur in bestimmten Abständen getestet wird, ob die Verbindung noch existiert. Das Hauptproblem was ich habe - bin noch nicht sehr erfahren (newbie) - ist, dass ich nicht weiß wie ich aufzeichnen kann zu welcher Zeit genau ich mich zuletzt eingewählt habe. Was wäre dafür die beste Lösung? Ich denke ein Script welches pppd startet und gleichzeitig die Uhrzeit in ein File schreibt könnte die Lösung sein! Oder nicht? Danke für eure Hilfe! Die Lösung des Wiedereinwahl-Problems liegt darin, dass du pppd die Option persist mit auf den Weg gibst. Das weist pppd an, bei einer Trennung automatisch eine Wiedereinwahl durchzuführen, also genau das, was du willst. Da pppd höchstwahrscheinlich sofort mitkriegt, wenn eine Verbindung getrennt wird, solltest du da auch kein Verzögerungsproblem haben. Und wenn du mal beim Aufbau einer PPP-Verbindung eine Aktion ausführen möchtest (wie z.B. die Einwahlzeit aufzeichnen), dann schreibe kein Script, welches die Aktion durchführt und dann pppd aufruft, da dann deine Aktion z.B. nicht ausgeführt wird, wenn pppd automatisch beim Booten gestartet wird oder wenn ein bereits laufendes pppd eine Wiedereinwahl macht. Für solche Zwecke gibt's das Verzeichnis /etc/ppp/ip-up.d (bzw. /etc/ppp/ip-down.d für das Beenden einer Verbindung); dort kannst du ein Script oder sowas platzieren, welches deine Aktion ausführt. Cheers Severin Viele Grüße Wolfgang
Re: ISP Verbindung wird alle 8 Stunden gekappt = automatisches verbinden
Am Samstag, 8. Mai 2004 16:17 schrieb ich: [...] Die Lösung des Wiedereinwahl-Problems liegt darin, dass du pppd die Option persist mit auf den Weg gibst. Hallo nochmal, ich habe ganz vergessen, zu sagen, wie du das machst. Am besten ist, du fügst eine Zeile mit dem Inhalt persist in die entsprechende Datei in /etc/ppp/peers ein. Wenn du deine DSL-Verbindung mit pppoeconf konfigurierst (sehr zu empfehlen!), wird das automatisch erledigt. Die entsprechende Datei in /etc/ppp/peers heißt in dem Falle dsl-provider. [...] Viele Grüße Wolfgang
Re: ISP Verbindung wird alle 8 Stunden gekappt = automatisches verbinden
Hallo, On 2004.05.08 15:37, Severin wrote: Hallo Liste! Hab folgendes Problem: Ich hab eine ADSL-Internetverbindung mit dynamisch zugewiesener IP. Diese Verbindung wird allerdings, ob Traffic oder nicht, nach 8 Stunden gekappt - tolle Sache meines ISPs. Nun will ich die Zeit der Einwahl aufzeichnen - wieß nicht wie ich das anstellen soll - und dann 8 Stunden hinzuzahlen und dann mit at oder so neu einwahlen. Währe das so möglich? Wenn ja wie? Oder wäre es sinnvoller einen cronjob laufen zu lassen der meine ppp0 Verbindung testet und dann neu einwählt? Das ist eigentlich nicht noetig. Der pppd-Daemon ruft bei Verbindungsaufbau bzw. -abbruch Skripte auf, die in /etc/ppp/ip-up.d/ bzw. /etc/ppp/ip-down.d/ stehen (nur solche ohne . im Namen werden aufgerufen; Reihenfolge des Aufrufs ist nach alphanumerisch aufsteigenden Namen). Beim Verbindungsaufbau werden standardmaessig die folgenden Parameter an die Skripte uebergeben: # These variables are for the use of the scripts run by run-parts #PPP_IFACE=$1 #PPP_TTY=$2 #PPP_SPEED=$3 #PPP_LOCAL=$4 #PPP_REMOTE=$5 #PPP_IPPARAM=$6 pppd steht bei mir in /etc/inittab: pd:23:respawn: /usr/sbin/pppd call isdn/tiscali /var/log/pppd-msgs Im Runlevel 2 (Gnome) oder 3 (Konsole pur) baut so pppd automatisch die Verbindung auf und loggt dies in /var/log/pppd-msgs. Die Option respawn bewirkt, dass pppd sofort neu gestartet wird, wenn es einmal verrecken sollte (Verbindungstrennung). Das Hauptproblem was ich habe - bin noch nicht sehr erfahren (newbie) - ist, dass ich nicht weiß wie ich aufzeichnen kann zu welcher Zeit genau ich mich zuletzt eingewählt habe. Was wäre dafür die beste Lösung? Ich denke ein Script welches pppd startet und gleichzeitig die Uhrzeit in ein File schreibt könnte die Lösung sein! Oder nicht? Einige Sachen werden ja schon beim Aufruf von pppd in /var/log gespeichert. Zusaetzlich habe ich meine ip-(up|down).d-Skripte mit einem Praefix versehen, der den Ablauf jedes Skriptes dokumentiert und mir zusaetzlich ein Script gebastelt, dass die Verbindungsparameter in eine eigene Datei schreibt (siehe weiter unten). Ich hoffe, das hilft weiter. Schoenen Gruss, Andreas [EMAIL PROTECTED]:/home/andy# more /etc/ppp/ip-up.d/0store-params #!/bin/bash # # ip-up script for storing connection parameters # STORE=/etc/ppp/ip-up.d/connection.params ## Praefix fuer alle Scripte # some path names SCRIPT=$0 LOG=/etc/ppp/ip-up.d/ip-up.log echo -e \n\n\n PPPD HAS BEEN RESTARTED\n\n\n $LOG echo -e \n \n*** $LOG echo ** $LOG echo ** `date`: starting $SCRIPT $LOG echo ** $LOG echo *** $LOG # alle Parameter muessen Werte enthalten, weil Script fuer DNS-Update # im Bedarfsfall mit zusaetzlichem Parameter mit Verzoegerung mehrfach # aufgerufen wird if [[ $PPP_IPPARAM == ]]; then PPP_IPPARAM=0; fi echo -n `date`: $STORE for i in IFACE TTY SPEED LOCAL REMOTE IPPARAM; do eval var=$\{PPP_$i} echo PPP_$i: $var $LOG echo -n $var $STORE done echo$STORE exit 0 -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: ISP Verbindung wird alle 8 Stunden gekappt = automatisches verbinden
Severin wrote: Hallo Liste! Hab folgendes Problem: Ich hab eine ADSL-Internetverbindung mit dynamisch zugewiesener IP. Diese Verbindung wird allerdings, ob Traffic oder nicht, nach 8 Stunden gekappt - tolle Sache meines ISPs. so ein Schei... Ich dachte immer bei T-Online ist das am dussligsten, denn die kappen exakt alle 23 Stunden und 59 Minuten die Verbindung, damit Du keinen kommerziellen Dienst anbieten kannst. Da kann man sich das mit den Downloads aber exakt ausrechnen und abgebrochen wurde mir auch noch keiner. Also bleibe ich bei T-Online. Peter -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: ISP Verbindung wird alle 8 Stunden gekappt = automatisches verbinden
Die Lösung des Wiedereinwahl-Problems liegt darin, dass du pppd die Option persist mit auf den Weg gibst. Das weist pppd an, bei einer Trennung automatisch eine Wiedereinwahl durchzuführen, also genau das, was du willst. diese Einstellung war so ziemlich das erste was ich versucht habe, jedoch will das nicht so recht funktionieren. Die Verbindung bleibt trotz persist gekappt. Danke trotzdem! Meine optionen für pppd sind = siehe attachment danke für die übrigen tipps - hab ich schon irgendwie gelesen aber so richtig verstanden hab ichs erst jetzt nach einigen testereien. Gruß Severin __ Introducing the New Netscape Internet Service. Only $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp peer.conf Description: peer.conf
Re: ISP Verbindung wird alle 8 Stunden gekappt = automatisches verbinden
Moin, On 08.05.2004 18:41, Severin wrote: Die Lösung des Wiedereinwahl-Problems liegt darin, dass du pppd die Option persist mit auf den Weg gibst. Das weist pppd an, bei einer Trennung automatisch eine Wiedereinwahl durchzuführen, also genau das, was du willst. diese Einstellung war so ziemlich das erste was ich versucht habe, jedoch will das nicht so recht funktionieren. Die Verbindung bleibt trotz persist gekappt. Danke trotzdem! Meine optionen für pppd sind = siehe attachment kann es sein, dass dein pppd stirbt, wenn die Verbindung gekappt wird? Das ist wohl leider recht haeufig der Fall bei Zwangstrennungen. Dann kann natuerlich persist auch nicht greifen. Das zumindest ist bei mir der Fall, wenn die telekom nach 24h kappt. Wie Andreas schon geschrieben hat, wenn du den pppd in die /etc/inittab eintraegst: pppd:23:respawn:/usr/sbin/pppd nodetach call dsl-provider /var/log/dsl 21 wird pppd in Runlevel 2 und 3 immer neu gestartet, so dass auch nach einem gestorbenen pppd wegen Zwangstrennung wieder eingewaehlt wird. Das funzt bei mir so bestens ... HTH Christian -- To reply to this posting directly use the following address and remove the 'NO-SPAM' part: [EMAIL PROTECTED] -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: ISP and DNS port scanning!
On Tue, Nov 18, 2003 at 09:39:40PM -0600, Rthoreau wrote: On Tue, Nov 18, 2003 at 10:50:02PM +, Antony Gelberg wrote: Looks like a ping (ICMP type 8). Where do you get port scanning from? FWIW, I think that blocking pings via a firewall isn't recommended, but not sure why. Jon wrote: It does not provide any kind of security or protection what-so-ever, whilst removing the proper way of other people / you from elsewhere determining if your connection is working ok. -- Jon Dowland http://jon.dowland.name/ What you have all said still does not sync, when I look at the Notes provided in my log I can see what you mean it is a type 8 icmp code 0. Or whatever you say that means, but the destination is another DNS server. This is a line taken from my my log again. 11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK 14 Ok like I mentioned in my first post if I do a Arin Whois on address 66.61.104.72 it tells me it is a DNS block. When I do a Arin Whois on the destination 66.61.118.206 it is another DNS block, both happen to belong to my ISP but in different cities. My cable modem action light is almost always solid orange, which tells me I have a busy link even if I am not using the net. So why am I getting pinged by a DNS server? Why are all the destinations reported by my router log points to another DNS server? You're confused. All the whois tells you is that that the IP address belongs to an ISP. ISPs take large blocks of addresses to allocate to their clients. Nowhere does it say that the pinging host is a DNS server. A -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP and DNS port scanning!
On Tue, Nov 18, 2003 at 03:43:15PM -0600, Rthoreau wrote: Hello: fellow Debian users I was going over my router logs and noticed that I am getting port scanned from my ISP, this has been happening for a while but I haven't had the time to look into it untill now. I did a basic whois on the IP address and they show that it is my ISP, the destination is a DNS server that belongs to my ISP. Looks like a ping (ICMP type 8). Where do you get port scanning from? FWIW, I think that blocking pings via a firewall isn't recommended, but not sure why. A -- Now playing: Dream Theater - In The Name of God -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP and DNS port scanning!
On Tue, 18 Nov 2003 22:50:02 + Antony Gelberg [EMAIL PROTECTED] wrote: On Tue, Nov 18, 2003 at 03:43:15PM -0600, Rthoreau wrote: Hello: fellow Debian users I was going over my router logs and noticed that I am getting port scanned from my ISP, this has been happening for a while but I haven't had the time to look into it untill now. I did a basic whois on the IP address and they show that it is my ISP, the destination is a DNS server that belongs to my ISP. Looks like a ping (ICMP type 8). Where do you get port scanning from? FWIW, I think that blocking pings via a firewall isn't recommended, but not sure why. A You also get helpstaff at ISPs keeping you talking on line, while they play games because they've learnt a little bit, and are bored out of their skulls. This has happened to me. He let too much slip in the conversation while he was playing. Script kiddies. Regards, David. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP and DNS port scanning!
On Tue, Nov 18, 2003 at 10:50:02PM +, Antony Gelberg wrote: Looks like a ping (ICMP type 8). Where do you get port scanning from? FWIW, I think that blocking pings via a firewall isn't recommended, but not sure why. It does not provide any kind of security or protection what-so-ever, whilst removing the proper way of other people / you from elsewhere determining if your connection is working ok. -- Jon Dowland http://jon.dowland.name/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP and DNS port scanning!
On Tue, Nov 18, 2003 at 10:50:02PM +, Antony Gelberg wrote: Looks like a ping (ICMP type 8). Where do you get port scanning from? FWIW, I think that blocking pings via a firewall isn't recommended, but not sure why. Jon wrote: It does not provide any kind of security or protection what-so-ever, whilst removing the proper way of other people / you from elsewhere determining if your connection is working ok. -- Jon Dowland http://jon.dowland.name/ What you have all said still does not sync, when I look at the Notes provided in my log I can see what you mean it is a type 8 icmp code 0. Or whatever you say that means, but the destination is another DNS server. This is a line taken from my my log again. 11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK 14 Ok like I mentioned in my first post if I do a Arin Whois on address 66.61.104.72 it tells me it is a DNS block. When I do a Arin Whois on the destination 66.61.118.206 it is another DNS block, both happen to belong to my ISP but in different cities. My cable modem action light is almost always solid orange, which tells me I have a busy link even if I am not using the net. So why am I getting pinged by a DNS server? Why are all the destinations reported by my router log points to another DNS server? Even if I forwarded the ping to a DMZ or a safe machine, it would not find the machine, since I do not have any access to that network block. My Debian uses DHCP to log into my ISP through my router, my windows machine's use static IP's setup to log into my router. My router is a Zyxel ZyWall 2xw with 802.11b for wireless clients. I do not run any web, ftp, servers, and at the moment I do not have any ports forwarded to any machine. Its like a default setup with a hardware firewall and no ports open to the outside world. All passwords are changed, and wep is changed at a reasonable time frame. Everything works great, except I keep getting those recorded in my log. I could understand if the destination was my router, or a machine under the subnet but it is not. Also the source machines seem to change unlike the destination machine. That is the reason I wanted to ask all of you, I really do not know why this is happening. Rthoreau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP does not 'support' Linux
On Fri, Nov 29, 2002 at 10:35:01AM +, Chris Lale wrote: Here's an idea arising from the 'Non-Linux-aware ISP: please spoon feed' thread. How many ISP's helplines say 'we do not support Linux'? Most ISP's seem to have a webpage with connection instructions for Windows users. Why not instructions for Linux? Suppose everyone with a dialup account were to email their ISP(s) with a customised set of instructions suitable for them to put on their website? They might at least start to think about it. I have attached a possible template. Comments welcome! Although many ISPs do not support Linux officialy, they have a support page for Linux or Other OSs. At least ADSL service my dad gets in Japan does have information for Linux users and my ISP in US has instruction for Other OS which is usually very technical and useful :-) -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki [EMAIL PROTECTED] Cupertino CA USA, GPG-key: A8061F32 .''`. Debian Reference: post-installation user's guide for non-developers : :' : http://qref.sf.net and http://people.debian.org/~osamu `. `' Our Priorities are Our Users and Free Software --- Social Contract -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP does not 'support' Linux
I'll make some comments, in the hope that they'll help. On Fri, Nov 29, 2002 at 10:35:01AM +, Chris Lale wrote: Here's an idea arising from the 'Non-Linux-aware ISP: please spoon feed' thread. How many ISP's helplines say 'we do not support Linux'? Most ISP's seem to have a webpage with connection instructions for Windows users. Why not instructions for Linux? I remember they used to say (at least here in Brazil) that thre are too many different ways to connect using Linux, and too many different Linux distributions. That does make sense, unfortunately: the help desk people are usually not very technically-oriented; they are just people who can follow a script (it's cheaper). It'd be difficult to make them learn all different problems a non-knowlegeable Linux user may have when connecting. Of course, an experienced Debian admin would probably not call them except to get essential information (DNS servers, gateway, password, etc), but what about the guy who's beginning with Linux (or some similar situation)? What if the guy bought some book (like Linux Unleashed) that tells him do do things in a way that's different from what the ISP would recommend? It's not difficult for small ISPs to pay one decent admin to answer difficult questions (and indeed, my ISP is great -- the guy even helped me set up dialup PPP on a BSD box once). But the big ones just won't do that. I sincerely hope this will change. (Although I'm just fine with my small-but-excellent ISP ;-) Besides those reasons, I can think of two others, but I don't think they're serious: - Linux may not have a good reputation (it's the hacker's OS) - The ISP may want to use a proprietary dialer for some reason (Detailed accounting? Easier to setup? Some other reason?) Some thoughts: I know that the Gnome applet 'Modem Light' has a button that runs pon and poff. Is there an equivalent in KDE? I assume that other distros use ppp in the same way. Is that so? Telling them there's a stantard way to connect and solve problems with the connection would help a lot, I think. I made some comments to the proposed method, and I hope they are useful; those are the questions I'd ask if I was the manager in charge of your request. J. 1. You must have ppp installed on your computer. You must use the command line. How will the helpdesk guy know if pp is installed? How will he help the user install PPP (in all possible Linux distributions)? How will he know if the kernel supports PPP? 2. Make sure that you are logged in as root. (This is normally achieved by switching user with the su command at the command line.) Maybe there could be a problem here, but if the guy can't su-to-root, he's got bigger problems than setting up PPP... 3. Run pppconfig. Navigate the menus using the spacebar, arrow, tab, and enter keys. Will it always be available? Will it always work the same way? 13. Make sure that your modem is connected and switched on. The modem must be a serial modem and not a 'Winmodem'. How will the user know? How will the helpdesk guys know? On which serial port is it? Maybe trying to autodetect it (w/ wvdial) would help tell if it a serial modem? But -- is wvdial (or equivalent) always available? === I hope this helps somehow. I'd love to see ISPs being more Linux-friendly. J. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP does not 'support' Linux
On Fri, Nov 29, 2002 at 10:35:01AM +, Chris Lale wrote: Here's an idea arising from the 'Non-Linux-aware ISP: please spoon feed' thread. How many ISP's helplines say 'we do not support Linux'? Most ISP's seem to have a webpage with connection instructions for Windows users. Why not instructions for Linux? Suppose everyone with a dialup account were to email their ISP(s) with a customised set of instructions suitable for them to put on their website? They might at least start to think about it. I have attached a possible template. Comments welcome! [...] This still leaves the problem of how people connect initially - e.g. to create their free accounts in the first place. Putting the instructions on the web means that they have to have an ISP connection in the first place... Basically the instructions need to be made available *before* the initial connect. To solve that, those instructions (and/or packages) should really be on the CD's that the ISPs ship out [I'll avoid AOL in my thinking for now...]. -- Karl E. Jørgensen [EMAIL PROTECTED]http://karl.jorgensen.com Today's fortune: When you live in a sick society, just about everything you do is wrong. msg16037/pgp0.pgp Description: PGP signature
Re: ISP does not 'support' Linux
How will the user know? How will the helpdesk guys know? (If it's a winmodem or not) On which serial port is it? Maybe trying to autodetect it (w/ wvdial) would help tell if it a serial modem? I mean, to help tell if it's a winmodem Sorry! J. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP does not 'support' Linux
On Fri, 2002-11-29 at 23:35, Chris Lale wrote: Here's an idea arising from the 'Non-Linux-aware ISP: please spoon feed' thread. How many ISP's helplines say 'we do not support Linux'? Most ISP's seem to have a webpage with connection instructions for Windows users. Why not instructions for Linux? Suppose everyone with a dialup account were to email their ISP(s) with a customised set of instructions suitable for them to put on their website? They might at least start to think about it. I have attached a possible template. Comments welcome! I had some thoughts on this, but my plan was a rather larger project. Create an XML file format for all the details required: DNS servers Dialup number Authentication type etc Write a config utility (or modify pppconfig or whatever) to read it, and only ask the remaining questions such as username and password. There might need to be some way of specifying multiple entries with descriptions to be displayed by the config program - for example, names of cities displayed which can then be mapped to dialup numbers. Then the tricky bits - persuade other distros to use the same XML files (maybe even write a windows one to help it along), and persuade the ISPs to make it available on their CDs and websites - or even on websites of local LUGs if the ISPs won't do it. You could also supply a cgi or similar thingy to display the info nicely on the website for people using OSes that don't have compatible configurators. There's more work in this plan, of course ... Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP does not 'support' Linux
On Sat, Nov 30, 2002 at 12:39:25AM +1300, Richard Hector wrote: Create an XML file format for all the details required: ^^^ Yes! Buzzword! Good! :-) I don't like XML (cluttered, too verbose), but it widely accepted in the corporate world. DNS servers Dialup number Authentication type etc Write a config utility (or modify pppconfig or whatever) to read it, and only ask the remaining questions such as username and password. And being able to connect independently of which Linux distribution or which packages are installed is absolutely good. Also, if the ISP only needs to help those using this exact tool, things may become easier, but there may be other problems (see my other message). J. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP does not 'support' Linux
On Fri, 2002-11-29 at 05:35, Chris Lale wrote: Here's an idea arising from the 'Non-Linux-aware ISP: please spoon feed' thread. How many ISP's helplines say 'we do not support Linux'? Most ISP's seem to have a webpage with connection instructions for Windows users. Why not instructions for Linux? My ISP runs Linux and BSD for their servers, and most of the staff admit to running Linux or at least Darwin/MacOSX at home, and while they don't support Linux for clients as a business decision, if you are dealing with any staff (outside billing) in person, they are actually quite happy to troubleshoot, because they can find out what is going on far more easily than with Windows, and their Linux customers are rarely clueless. Suppose everyone with a dialup account were to email their ISP(s) with a customised set of instructions suitable for them to put on their website? They might at least start to think about it. I have attached a possible template. Comments welcome! How it might work: 1. Use a text editor with DOS/Windows end-of-lines (eg vim, kwrite, others?). 2. Edit the items in square brackets [] to include ISP-specific information. Choose the appropriate version of section 6 (static or dynamic DNS). Fill in the revision info at the head of the document. 3. Email customer services and the webmaster with the modified attachment. Some thoughts: I know that the Gnome applet 'Modem Light' has a button that runs pon and poff. Is there an equivalent in KDE? I assume that other distros use ppp in the same way. Is that so? Cheers, Chris. -- : ___ Chris Lale [EMAIL PROTECTED] : : / \ : : | _/ My PC runs Debian GNU/Linux 3.0. : : \ Robust, secure and free operating system + applications. : : \ Available at http://www.debian.org : !-- linux-isp.txt Copyright (c) 2002 Chris Lale [EMAIL PROTECTED] Permission is granted to copy, distribute and/or modify this document with no Invariant Sections, with no Front-Cover texts and with no Back-Cover Texts under the terms of the GNU Free Documentation License, version 1.1 or any later version, published by the Free Software Foundation. A copy of the license can be found at http://www.fsf.org/copyleft/fdl.html. -- !-- Revision history Revision 1.0, 29th November 2002, Chris Lale, Initial release Revision 1.1, [date], [name], Modified for use with [ISP's name] -- How to connect to [ISP name] These are brief instructions. You can find more detailed, general help at http://newbiedoc.sourceforge.net. 1. You must have ppp installed on your computer. You must use the command line. (If you are using an X-window system console, open a terminal window.) 2. Make sure that you are logged in as root. (This is normally achieved by switching user with the su command at the command line.) 3. Run pppconfig. Navigate the menus using the spacebar, arrow, tab, and enter keys. 4. Create a connection. 5. Leave the 'Provider Name' as 'provider' (the default). 6. Configure nameservers (DNS). a. Use static DNS b. Enter [nnn.nnn.nnn.nnn] for the primary nameserver. c. Enter [nnn.nnn.nnn.nnn] for the secondary nameserver. !-- EITHER use the following section to replace 6. above OR delete it: 6. Configure nameservers (DNS) by choosing 'Use dynamic DNS'. -- 7. Select [PAP] as the authentication method. 8. Enter your username at [ISP]. 9. Enter your password at [ISP]. 10. Leave the modem 'Speed' as '115200' (the default). 11. Choose pulse or tone dialing. (Most people have tone dialing - the telephone emits a note for each digit dialled.) 12. Enter this telephone number : []. 13. Make sure that your modem is connected and switched on. The modem must be a serial modem and not a 'Winmodem'. 14. Choose modem configuration method. Answer 'yes' for automatic detection. After a short time you will see a list of ports with your modem port pre-selected. Accept the selection. 15. Choose 'Advanced Options' from the properties summary screen. 16. Choose 'Add-user' to add a ppp user. Enter the name of a user on your computer. This enables the user to dial up. Repeat for other users of your computer if needed. 17. Choose 'Previous' to return to the previous menu. 18. Choose 'Finished' to write files and return to the main menu. 19. After the message confirming taht your configuration thatbeen saved, choose 'Quit' to exit pppconfig. How to use ppp to dial up. -- From a terminal (or a terminal window in X) enter 'pon' to start a connection and 'poff' to end a connection. From the Gnome desktop use the 'Modem Lights' applet (Applets Network Modem Lights).
Re: ISP does not 'support' Linux
On Fri, Nov 29, 2002 at 09:36:30AM -0200, Jeronimo Pellegrini wrote: I mean, to help tell if it's a winmodem Easiest way is to follow this flow... Is it internal? --- Yes --- Pester your manufacturer, though it's | probably not worth the bother.[1] No | Is it USB? --- Yes --- Probably a winmodem, double check the |literature that came with the modem. No | Congratulations, you don't have a Winmodem. [1] http://www.linuxmafia.com/~rick/faq/#internalmodem I've never got one of these damn things to work, winmodem or not, on my own system, and my buddy's old 14.4 Hayes internal was a piece of crap, so I'm of the opinion that *all* internal modems are worthless crap, except Winmodems, which are shitty sound cards with the wrong outputs slapped on. -- .''`. Baloo [EMAIL PROTECTED] : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than to fix a system msg16047/pgp0.pgp Description: PGP signature
Re: ISP does not 'support' Linux
Chris Lale wrote: 3. Run pppconfig. Navigate the menus using the spacebar, arrow, tab, and enter keys. Jeronimo Pellegrini writes: Will it always be available? The ISP could supply it on their CD. It's in Perl and will run on any distribution. -- John Hasler [EMAIL PROTECTED] Dancing Horse Hill Elmwood, Wisconsin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP does not 'support' Linux
Richard Hector writes: Create an XML file format for all the details required: DNS servers Dialup number Authentication type etc Write a config utility (or modify pppconfig or whatever) to read it, and only ask the remaining questions such as username and password. Make those text files and pppconfig can read them as is. Package it and the files on the CD. In fact, if you include the username, password, and phone number in the files the user need not run pppconfig at all. Just install the files and pon, gpppon, and any other program that uses the standard /etc/ppp/peers method will just work. There might need to be some way of specifying multiple entries with descriptions to be displayed by the config program - for example, names of cities displayed which can then be mapped to dialup numbers. It would be trivial to add the ability to accept a ciy name and look up a phone number. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP does not 'support' Linux
On Fri, Nov 29, 2002 at 10:35:01AM +, Chris Lale wrote: | Here's an idea arising from the 'Non-Linux-aware ISP: please spoon feed' | thread. How many ISP's helplines say 'we do not support Linux'? Most | ISP's seem to have a webpage with connection instructions for Windows | users. Why not instructions for Linux? Most ISP's officially don't support linux. The reason is solely based on money -- there is a cost involved with supporting a given system and configuration. Most consumers have Windows or, to a lesser degree, MacOS. Thus the cost vs. benefit ratio for supporting Windows (and Mac) is favorable to the business. Frontier said that I must have Windows or MacOS or they wouldn't provide service. They wouldn't allow me the self-install on the DSL line until I ran their Windows-based line testing program and they certainly wouldn't have a tech do the install for me on an untested platform he isn't trained for. They also don't support more than one PC at a time connected to the service. They just don't know that I have debian and a whole private LAN over here. The bottom line is that I met their conditions -- I used my dad's win98 box to test the line quality) -- and haven't created any support cost on their end. It just so happens that their service consists of standard ethernet (into the Cisco DSL bridge), DHCP, and TCP/IP. The implementation of their service isn't restricted to Windows, they just don't support anything else. | Suppose everyone with a dialup account were to email their ISP(s) | with a customised set of instructions suitable for them to put on | their website? They might at least start to think about it. I have | attached a possible template. Comments welcome! RoadRunner is the local cable ISP. Their old site had a FAQ, one of the questions is very relevant to this discussion. Fortunately google kept a copy for us :-). http://216.239.33.100/search?q=cache:r4zgO0ravEYC:www.rochester.rr.com/faq/differentos.cfm+linux+site:www.rochester.rr.comhl=enie=UTF-8 As RR demonstrates, it is possible to accept user contributions and pass it on as unofficial and unsupported support. RR didn't incur any cost to themselves by doing this (linux is still unsupported by them), yet they are open enough to provide the details one needs to determine that the service implementation isn't windows-specific. Go ahead and talk to your ISP about posting information like that, or just post it on your own web site. Obviously, though, the ISP's site is a better distribution channel than yours. -D -- Open Source Software - Sometimes you get more than you paid for... http://dman.ddts.net/~dman/ msg16154/pgp0.pgp Description: PGP signature
Re: ISP
On Thu, 3 Oct 2002 16:25:54 -0300 gorgias [EMAIL PROTECTED] wrote: Pessoal alguem poderia me dizer o que é necessario para se fazer um provedor de acessoa a internet, com o woody como software, hardware etc Varia muito do porte do ISP e dos servicos que vai oferecer. Mas basicamente vai precisar em termos de hardware: roteador, ras e servidores para rodar os servicos. Se bem que o papel do roteado e do ras podem ser desempenhadas por pcs com placas proprias para isso. Em termos de software, entre paretenses eh a minha indicacao: servidor radius (freeradius), servidor de email (postfix + courier), servidor web (apache). Se bem que isso eh o basico do basico, opcionalmente pode ter um banco de dados (mysql), ftp (wu-ftpd), webmail e outras coisas. Em termos de acesso alem do discado voce pode oferecer outras solucoes como radio (Wi-Fi), link direto via LP da operadora local entre uma serie de coisas. Tudo vai depender do porte da estrutura pretendida, da localidade a ser atendida e de quanto se pretende investir. Qualquer coisa estamos aih. -- +-[Fábio Brito d'Araújo e Oliveira]-+ | Coordenador de Tecnologia | | A Tarde On Line | |www.atarde.com.br ICQ UIN:13597090| +--[Registered Linux User #101978]--+
Re: ISP user and password
On Wed, 2002-04-10 at 16:12, Rodney Agha wrote: Hi, Does anyone know where the user name and password would be for your isp ??? I thought it was the ppp file, ? Does anyone know ? Usually /etc/ppp/pap-secrets or /etc/ppp/chap-secrets depending on how you connect. You should use pppconfig to change them anyway. Kind Regards Crispin Wellington -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP user and password
on Wed, Apr 10, 2002, Rodney Agha ([EMAIL PROTECTED]) wrote: Hi, Does anyone know where the user name and password would be for your isp ??? I thought it was the ppp file, ? Does anyone know ? Be more specific. For what protocols and/or actions. For ppp dialup, modify these using 'pppconfig'. You'll probably find what you're looking for under /etc/ppp/pap-secrets. You can find all instances with: $ find /etc -type f -print0 | xargs -0 grep -l password ...you'll probably also find instances for your .fetchmail configuration and possibly a newsserver configuration. Peace. -- Karsten M. Self kmself@ix.netcom.com http://kmself.home.netcom.com/ What Part of Gestalt don't you understand? GNU/Linux web browsing mini review: Galeon. Kicks ass. http://galeon.sourceforge.org/ pgpMB5QcYl3Ey.pgp Description: PGP signature
Re: ISP user and password
I believe that by default for a dial in account that would be in /etc/chatscripts/provider, together with the other chat tokens (phone number, modem initialization string and some more). ---BeginMessage--- Hi, Does anyone know where the user name and password would be for your isp ??? I thought it was the ppp file, ? Does anyone know ? ---End Message--- Shaul Karl email: shaulka(replace with the at - @ - character)bezeqint.net
Re: ISP user and password
Karsten M. Self writes: ...you'll probably also find instances for your .fetchmail configuration and possibly a newsserver configuration. I suggest using a different password for newsserver authentication if possible. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ISP user and password
on Wed, Apr 10, 2002, John Hasler ([EMAIL PROTECTED]) wrote: Karsten M. Self writes: ...you'll probably also find instances for your .fetchmail configuration and possibly a newsserver configuration. I suggest using a different password for newsserver authentication if possible. Some ISPs don't support this. -- Karsten M. Self kmself@ix.netcom.com http://kmself.home.netcom.com/ What Part of Gestalt don't you understand? Iomega: click of death, Jaz Junk, and now, NAS? Not! http://www.google.com/search?q=iomega+jaz+drive+failure pgpWf683uNXJg.pgp Description: PGP signature
Re: ISP Proxy ber ipchains?
Soweit ich das beurteilen kann ist die regel sinnfrei, Du definierst eine Regel für Packete die als Quelle das interne Netz (gehe ich mal von aus) haben und als Ziel proxy.irgendwas.net, was die 3128 soll kann ich mir denken, ipchains sicher nicht. Du sagst ipchains nicht was mit dem Packet passieren soll. Ich denke ipchains wirft auch eine Fehlermeldung wenn Du es so aufrufst. ipchains -A forward -p TCP -s 192.168.0.0/24 www -d proxy.irgendwas.net 3128 Das www entspricht port 80 und 3128 ist der port vom proxy. Desswegen auch meine Hoffnung das es funktioniert weil ich ja interne sachen von port 80 auf den proxy leite mit der Regel. Fehlermeldung bekomme ich übrigens keine... Warum Installierst Du auf deinem gateway (falls er reichlich RAM hat) nicht Squid und benutzt den als Proxy? Wenn das dann funktioniert kannst Du ja das ipchains-howto nochmal lesen und überlegen wie Du aus dem Proxy einen transparenten Proxy machst. Auserdem könntest Du die Squid Doku durchforsten und schauen ob Du den Proxy des Providers als 'parent proxy' angeben kannst (Ob das einen Geschwindigkeitsvorteil bringt weiß ich nicht, man bedenke die zusätzlichen Hops). Pentium 1 60MHz mit 32MB RAM. wird wohl eher nicht funktionieren, oder? -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: ISP Proxy ber ipchains?
Moin. Am Samstag, 23. Februar 2002 15:05 schrieb Philipp Adaktylos,,,: Soweit ich das beurteilen kann ist die regel sinnfrei, Du definierst eine Regel für Packete die als Quelle das interne Netz (gehe ich mal von aus) haben und als Ziel proxy.irgendwas.net, was die 3128 soll kann ich mir denken, ipchains sicher nicht. Du sagst ipchains nicht was mit dem Packet passieren soll. Ich denke ipchains wirft auch eine Fehlermeldung wenn Du es so aufrufst. ipchains -A forward -p TCP -s 192.168.0.0/24 www -d proxy.irgendwas.net 3128 Das www entspricht port 80 und 3128 ist der port vom proxy. Desswegen auch meine Hoffnung das es funktioniert weil ich ja interne sachen von port 80 auf den proxy leite mit der Regel. Fehlermeldung bekomme ich übrigens keine... Ich hatte die syntax von iptables im Kopf, da definiert man den Port anders. Du definierst doch gar nicht was mit dem Packet passieren soll. Das Target fehlt. Auserdem matcht obige Regel auch nicht die von dir gewünschten Pakete, der Webserver läuft auf port 80, nicht der Brauser, sonnst könnte ja nur jmd. mit root-rechten surfen. So weit ich weiß kann man mit ipchains auch nur Pakete redirekten die entweder für den FW-Host bestimmt sind, oder das Ziel der Redirection der FW-Host ist. D.h. es währe nicht möglich traffic der aus irgendeinen Port 80 im I-Net geht auf Port 3128 vom rechner proxy.irgendwas.net umzuleiten. Aber da kann sicher ein ipchains-profi mehr zu sagen. Warum Installierst Du auf deinem gateway (falls er reichlich RAM hat) nicht Squid und benutzt den als Proxy? Wenn das dann funktioniert kannst Du ja das ipchains-howto nochmal lesen und überlegen wie Du aus dem Proxy einen transparenten Proxy machst. Auserdem könntest Du die Squid Doku durchforsten und schauen ob Du den Proxy des Providers als 'parent proxy' angeben kannst (Ob das einen Geschwindigkeitsvorteil bringt weiß ich nicht, man bedenke die zusätzlichen Hops). Pentium 1 60MHz mit 32MB RAM. wird wohl eher nicht funktionieren, oder? Funktionieren tut das schon, ob es was bringt ist die Frage. Für wieviele Clienten soll der Proxy denn sein? Auserdem ist die Frage was der Proxy soll, falls Du z.b. nur verhindern möchtest das ein Debian-packetdas auf zwei Rechnern installiert wird auch zweimal heruntergeladen wird kannst Du Squid so konfigurieren das er nur Objekte 500k und 10MB zwischenspeichert und deine HW würde IMHO ausreichen. Ich würde Dir raten Dir noch irgendwo 32-64MB Speicher für deinen Pentium aufzutreiben und einen eigenen Squid aufzusetzen, mit geeigneten logfile-analysern kannst Du dann schauen wieviele Cache Hits/misses Du hast und an der Config von Squid drehen. (Der Prozessor sollte nicht das Problem sein, vorrausgesetzt es geht um weniger als 3 Clients) Gruß, -- Stefan rm -rf : remote mail, real fast. -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: ISP Proxy ber ipchains?
N'Abend. Am Freitag, 22. Februar 2002 01:14 schrieb Philipp Adaktylos,,,: Hi Leute, hab da folgendes problem: ich wuerde gerne den Web Proxy verwenden den der ISP fuer mich vorgesehen hat, will aber nicht auf allen möglichen rechnern in den diversen browsern den proxy angeben. hab also auf dem server (Kernel 2.2.16) der primär masquerading funktion übernimmt, folgende regel in die FORWARD liste eingefuegt: ipchains -A forward -p TCP -s 192.168.0.0/24 www -d proxy.irgendwas.net 3128 Surfen kann ich aber ich hab ja keine ahnung ob ich jetzt den proxy verwende oder nicht? (ethereal bringt ja nichts und tracert auch nicht...) kann ich das irgendwie nachprüfen? ist die regel überhaupt richtig? bin dankbar für jeden hint! Soweit ich das beurteilen kann ist die regel sinnfrei, Du definierst eine Regel für Packete die als Quelle das interne Netz (gehe ich mal von aus) haben und als Ziel proxy.irgendwas.net, was die 3128 soll kann ich mir denken, ipchains sicher nicht. Du sagst ipchains nicht was mit dem Packet passieren soll. Ich denke ipchains wirft auch eine Fehlermeldung wenn Du es so aufrufst. Warum Installierst Du auf deinem gateway (falls er reichlich RAM hat) nicht Squid und benutzt den als Proxy? Wenn das dann funktioniert kannst Du ja das ipchains-howto nochmal lesen und überlegen wie Du aus dem Proxy einen transparenten Proxy machst. Auserdem könntest Du die Squid Doku durchforsten und schauen ob Du den Proxy des Providers als 'parent proxy' angeben kannst (Ob das einen Geschwindigkeitsvorteil bringt weiß ich nicht, man bedenke die zusätzlichen Hops). Gruß, -- Stefan rm -rf : remote mail, real fast. -- Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Re: ISP asking about switching to Debian from OpenBSD
On Wed, Nov 21, 2001 at 09:08:25AM +1000, john wrote: Fred Bloom wrote: Cobalt is a linux ISP out of the box. J.H.M. Dassen (Ray) wrote: Many people regard Cobalt as a piece of junk aimed at wannabe ISPs. My impression is that the original poster is working for an already established ISP. They are not secure out of the box, and can be a pain to modify to suit a serious environment. They also tend to crash a lot unless you put a lot of time into them, based on my experience. My 2cents, which is of course really 1 cents at current exchange rates. I work for an ISP and I hate the damn things. They are really badly conceived things - no firewall tools enabled in the kernel at all, really bad implementation of certain cervices, and generally underpowered machines. If I was mad enough to actually own one of those things then I'd strip out cobalt's version of linux and hack debian until it worked. I would very seriously not recommend you touch these things for ISPs - they look easy, but so does MS Windows, and most of us know how difficult it is to fix that when something screws up... The fact that they come with no firewall tools and have telnetd enabled by default should be enough to scare off anyone with any sense! ;-) -- Matthew Sackman Nottingham England BOFH Excuse Board: Your/our computer(s) had suffered a memory leak, and we are waiting for them to be topped up.
Re: Misc topics (was Re: ISP asking about switching to Debian from OpenBSD)
Karsten M. Self wrote: on Fri, Nov 23, 2001 at 04:59:12PM -0800, Petro ([EMAIL PROTECTED]) wrote: On Thu, Nov 22, 2001 at 09:40:37PM -0800, Karsten M. Self wrote: on Thu, Nov 22, 2001 at 02:12:17AM -0800, Petro ([EMAIL PROTECTED]) wrote: Bruce Schneier identifies four periods of concern for security issues: 1. Introduction of vulnerability. It exists, but is unknown. 2. Awareness. It is known, but not necessarially patched. 3. Introduction of fix. A software patch is available. 4. Application of fix. Software patch is widely applied. Number 4 is wishful thinking. It's a numbers game. Debian makes accomplishing # 4 far easier than any other system I'm familiar with. The problem is the space between 3 and 4. Mr. Schneier left out a step: 3.5 Broadcasting of fix availablility. Which again Debian speaks to with the apt process. *If* you're updating your systems regularly, you're being informed of the updates (or your system is), and they're being updated. And if not, you *do* subscribe to the security-announce list, don't you? Actually, I don't know how the Debian project could be faulted for 3.5 or 4. How well they do 3, well, how can you really verify that? I guess you'd have to follow the upstream projects and see if patches made it down into the packages.
Re: Misc topics (was Re: ISP asking about switching to Debian from Op enBSD)
On Fri, Nov 23, 2001 at 06:51:16PM -0800, Karsten M. Self wrote: on Fri, Nov 23, 2001 at 04:59:12PM -0800, Petro ([EMAIL PROTECTED]) wrote: On Thu, Nov 22, 2001 at 09:40:37PM -0800, Karsten M. Self wrote: on Thu, Nov 22, 2001 at 02:12:17AM -0800, Petro ([EMAIL PROTECTED]) wrote: On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: ... Oh, and walking through that flicker? That was your power supply, Actually, I checked -- it's a power strip, not a surge protector. I think it's the heavy electrons, they take longer to slow down ;-) No, not the strip, THE SUPPLY, you know that little tin box in the back of your machine that the long black cable sticks into? The one that leads from the powerstrip to the the machine? Most modern powersupplies can handle flickers fairly well. (and yes, that was a little more smartass than needed. I know from another list that Karsten isn't an idiot). Heh. I'm a smartass though, when I can get away with it. I'd meant to clarify that the box wasn't on a surge protector. And I'm a bit surprised at the ability to handle current flux. Well, go live in a 50 year old apartment building in Chicago. You'll be truely amazed. Modern power supplies are pretty good. 4. Application of fix. Software patch is widely applied. Number 4 is wishful thinking. It's a numbers game. Debian makes accomplishing # 4 far easier than any other system I'm familiar with. The problem is the space between 3 and 4. Mr. Schneier left out a step: 3.5 Broadcasting of fix availablility. Which again Debian speaks to with the apt process. *If* you're updating your systems regularly, you're being informed of the updates (or your system is), and they're being updated. This works really well when you have a small number of systems, or a large number of systems with a dedicated/semi-dedicated security guy. When you've got half a buttload of production servers and too few admins to do a decent job, it's tough, and it's not something I'd want to script out of my life either. I hope I wasn't taken to be attacking either Debian/Linux or oBSD. Both are good systems and both have their place. Agreed, and no, it's not taken as an attack. I use oBSD. I somewhat like it. I'm not besotted by it. Well, as I mentioned, I replaced one of my oBSD boxes with a webramp 700s. (rebadged SonicWall. Good enough for home). OpenMail's one of HP's worse failings. The company really ought to pick up the product and run with it, free software if at all possible, and put the squeeze on MSFT. The current best bet is the OpenOffice team. They seem to be working with the PHPGroupware guys, which is a decent enough project that just isn't good enough yet, and with the 90/10 rule, I don't know if it will be. I've sort of tracked this stuff, but not closely. Evolution's doing some interesting things, and I'd prefer a modularized, single-app approach to the monolithic design of OpenOffice. There's also a largely The Calendaring/Mail/Groupware stuff is completely seperate from the rest of OO. OO/SO 6 isn't that bad. A little on the slow side starting up, and some annoying little bugs, but far better than anything else out there at the price. moribund OpenFlock project which is aimed at implementing the IETF calendaring standards. There's just not many interesting problems in the calendaring arena, it's almost all UI and druge work. -- Share and Enjoy.
Re: ISP asking about switching to Debian from OpenBSD
On Thu, Nov 22, 2001 at 09:40:37PM -0800, Karsten M. Self wrote: on Thu, Nov 22, 2001 at 02:12:17AM -0800, Petro ([EMAIL PROTECTED]) wrote: On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: on Tue, Nov 20, 2001 at 01:38:11PM -0800, Mark Ferlatte ([EMAIL PROTECTED]) wrote: My own experience running GNU/Linux and OpenBSD (2.7) side-by-side is that I get the odd freeze and restart on oBSD, but not GNU/Linux (unless it's something I've done myself, usually involving crashing X). Typical uptimes on both systems run months. UPS on the GNU/Linux box, I've watched the oBSD walk straight through power flux that flickers the lights, with nothing more than a surge protector. Not to slam oBSD, as it's really good at what it aims to be, but it's a niche product aimed at a specific target, and it's really good at that. Heavy Lifting isn't that target. Depends on the heavy lifting involved. For a wide range of public-facing network services, it's perfectly acceptable. Heavy lifting is of course a relative thing, but the site I help run pushes an average of 40Mbits a second. Of course, this is an average over the whole site, but we've only got about 25-40 machines facing the public. That's what I think of when I think of heavy lifting. Oh, and walking through that flicker? That was your power supply, Actually, I checked -- it's a power strip, not a surge protector. I think it's the heavy electrons, they take longer to slow down ;-) No, not the strip, THE SUPPLY, you know that little tin box in the back of your machine that the long black cable sticks into? The one that leads from the powerstrip to the the machine? Most modern powersupplies can handle flickers fairly well. (and yes, that was a little more smartass than needed. I know from another list that Karsten isn't an idiot). Red Hat's gee, we could use another three levels of indirection, let's put them in crap, and makes starting, stopping, and restarting services completely straightforward. Uh, not to be an argumentative drunk, but what about /etc/alternatives? I don't think that's terribly complex. It's not much more than is already done in /lib and /usr/lib to point to the proper libraries. Symlinks. No, but it's a little hard to follow the first time. Were you refering to Redhat's habit of writing init-scripts that are somewhat arcane and source other scripts for functions? My contact with RH boxen is pretty limited these days, but I know there's a bunch of cruft under /etc/sysconfig for networking that's sourced in multiple places. I've had headaches trying to work out what goes where with RH's MySQL startup scripts. I find that the /etc/init.d (or /etc/rc.d/init.d) script frequently invokes at least one level, and sometimes two or more, of other scripts. Tracing execution through this path is tortured. Debian does far better at localizing everything to the /etc/init.d script itself, or, where it doesn't, to localizing the additional cruft to a minimal number of locations (/etc/network/interfaces). Ah. yes, you are refering to that. In some places that's refered to as code reuse and greatly recommended. And yeah, it's driven me bugfuck more than once. oBSD is pretty clear that it's a full *system*, not merely an assembly of packages as is the case for many GNU/Linux distros (Debian included). However, the collection of packages approach means that Debian can offer many things to many people. oBSD is pretty much secure Unix clone, primary network services orientation. Not a bad thing. But limited choice. Every network, every sub-net, every cluster has different requirements. Debian/Linux offers a much wider variety than BSD. Not that this is always a good thing, but it allows you to customize for your own needs. Agreed. Bruce Schneier identifies four periods of concern for security issues: 1. Introduction of vulnerability. It exists, but is unknown. 2. Awareness. It is known, but not necessarially patched. 3. Introduction of fix. A software patch is available. 4. Application of fix. Software patch is widely applied. Number 4 is wishful thinking. It's a numbers game. Debian makes accomplishing # 4 far easier than any other system I'm familiar with. The problem is the space between 3 and 4. Mr. Schneier left out a step: 3.5 Broadcasting of fix availablility. What oBSD does is try to minimize factor 1. What Debian does is address 3 4. They're somewhat orthogonal approaches (Debian also addresses 1 a bit), but both have significant impacts on the security of *your* system. I find the Debian approach to be more compelling.
Misc topics (was Re: ISP asking about switching to Debian from OpenBSD)
on Fri, Nov 23, 2001 at 04:59:12PM -0800, Petro ([EMAIL PROTECTED]) wrote: On Thu, Nov 22, 2001 at 09:40:37PM -0800, Karsten M. Self wrote: on Thu, Nov 22, 2001 at 02:12:17AM -0800, Petro ([EMAIL PROTECTED]) wrote: On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: ... Oh, and walking through that flicker? That was your power supply, Actually, I checked -- it's a power strip, not a surge protector. I think it's the heavy electrons, they take longer to slow down ;-) No, not the strip, THE SUPPLY, you know that little tin box in the back of your machine that the long black cable sticks into? The one that leads from the powerstrip to the the machine? Most modern powersupplies can handle flickers fairly well. (and yes, that was a little more smartass than needed. I know from another list that Karsten isn't an idiot). Heh. I'm a smartass though, when I can get away with it. I'd meant to clarify that the box wasn't on a surge protector. And I'm a bit surprised at the ability to handle current flux. ... Bruce Schneier identifies four periods of concern for security issues: 1. Introduction of vulnerability. It exists, but is unknown. 2. Awareness. It is known, but not necessarially patched. 3. Introduction of fix. A software patch is available. 4. Application of fix. Software patch is widely applied. Number 4 is wishful thinking. It's a numbers game. Debian makes accomplishing # 4 far easier than any other system I'm familiar with. The problem is the space between 3 and 4. Mr. Schneier left out a step: 3.5 Broadcasting of fix availablility. Which again Debian speaks to with the apt process. *If* you're updating your systems regularly, you're being informed of the updates (or your system is), and they're being updated. ... OpenBSD's audit focusses very heavily on eliminating buffer overflows and looking at use of UID 0. Between the two of these, you're attacking the foundations of a large number of possible exploits. The other attack angle is sane configuration defaults. Since the majority of users never touch the defaults, and a large number of exploits are based on buffer attacks, this actually cuts the vulnerability profile significantly. Debian could learn from this, and is, with the various hardened packages / tasks which can be applied. I hope I wasn't taken to be attacking either Debian/Linux or oBSD. Both are good systems and both have their place. Agreed, and no, it's not taken as an attack. I use oBSD. I somewhat like it. I'm not besotted by it. ... The web-based scheduling/calendaring pretty much sucks unless you're willing to spend money on it. But this is going to be true for any platform. Yeah, I guess the word with calendaring that it all sucks, and mostly doesn't exist. ... OpenMail's one of HP's worse failings. The company really ought to pick up the product and run with it, free software if at all possible, and put the squeeze on MSFT. The current best bet is the OpenOffice team. They seem to be working with the PHPGroupware guys, which is a decent enough project that just isn't good enough yet, and with the 90/10 rule, I don't know if it will be. I've sort of tracked this stuff, but not closely. Evolution's doing some interesting things, and I'd prefer a modularized, single-app approach to the monolithic design of OpenOffice. There's also a largely moribund OpenFlock project which is aimed at implementing the IETF calendaring standards. Peace. -- Karsten M. Self kmself@ix.netcom.com http://kmself.home.netcom.com/ What part of Gestalt don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html pgpI6GneMMpC8.pgp Description: PGP signature
Re: Misc topics (was Re: ISP asking about switching to Debian from OpenBSD)
On Fri, Nov 23, 2001 at 06:51:16PM -0800, Karsten M. Self wrote: ... I'd prefer a modularized, single-app approach to the monolithic design of OpenOffice. Actually I understand OpenOffice is decomposing the monolithic StarOffice 5x model into single apps. -- Carl Fink [EMAIL PROTECTED]
Re: ISP asking about switching to Debian from OpenBSD
on Tue, Nov 20, 2001 at 01:38:11PM -0800, Mark Ferlatte ([EMAIL PROTECTED]) wrote: On Tue, Nov 20, 2001 at 01:28:36PM -0600, David Batey wrote: STABILITY: is Debian a good choice for heavy lifting? There are some legit concerns regarding the Linux kernel as opposed to the *BSD kernels as far as heavy lifting goes, but if you're considering Debian, then you probably feel that those concerns are addressed to your satisfaction. As far as distributions go, Debian's packaging quality is very high, and if you go with stable that's exactly what you get: serious stability. Most of these boil down to the TCP/IP stack. The *BSD stack is damned good, and the rest of the world drools after it. Linus himself admits that Linux kernel networking code is a mess, and that he's not personally a network hacker. That said, GNU/Linux works pretty well, most of the time. My own experience running GNU/Linux and OpenBSD (2.7) side-by-side is that I get the odd freeze and restart on oBSD, but not GNU/Linux (unless it's something I've done myself, usually involving crashing X). Typical uptimes on both systems run months. UPS on the GNU/Linux box, I've watched the oBSD walk straight through power flux that flickers the lights, with nothing more than a surge protector. I know about apt-get for easy installation of bug/security patches; does the ease-of-install ever compromise security or functionality? Not in my experience. I'll hit this point more specifically. I'm going to swap out my OpenBSD system for a very light stable Debian install. OpenBSD offers a very tight, very secure, by default, system. What you lose in the process are: - Flexibility of configuration and modification. I like SysV init. Theo rants how it sucks and is more complex. The Debian implementation is damned good for GNU/Linux, is worlds better than Red Hat's gee, we could use another three levels of indirection, let's put them in crap, and makes starting, stopping, and restarting services completely straightforward. - Choice. You can choose the software you want to install. Much of it is packaged for Debian. That which isn't you can install from RPM (via alien) or compile from sources (use equivs to satisfy deps). You can run the oBSD mods if they'll build, though there may be compiler tweaks they've effected, I haven't dug into the system that deeply. The *BSDs offer ports (and from what I've heard, they're cool), but this puts you outside the envelope of security audits provided by the oBSD core. apt-get source puts you near the equivalent functionality of ports. oBSD is pretty clear that it's a full *system*, not merely an assembly of packages as is the case for many GNU/Linux distros (Debian included). However, the collection of packages approach means that Debian can offer many things to many people. oBSD is pretty much secure Unix clone, primary network services orientation. Not a bad thing. But limited choice. - Updates. oBSD's been making strides, but the reason I'm still running 2.7 (3.0 is now out) is that updates are nontrivial. The box I'm writing this on was live-updated from Slink through to Sid (actually, it was live-updated from RH 6.2, but that's another story). While oBSD offers you secure by default, Debian offers reasonably sane defaults, and a very rapid update cycle. If there are security updates, they're trivial to apply: $ apt-get update # update package lists $ apt-get dist-upgrade -d# download packages $ apt-get dist-upgrade # install updates ...the first two commands can be cronned to run overnight (as I do, for three systems, over a 56k dialup). Bruce Schneier identifies four periods of concern for security issues: 1. Introduction of vulnerability. It exists, but is unknown. 2. Awareness. It is known, but not necessarially patched. 3. Introduction of fix. A software patch is available. 4. Application of fix. Software patch is widely applied. What oBSD does is try to minimize factor 1. What Debian does is address 3 4. They're somewhat orthogonal approaches (Debian also addresses 1 a bit), but both have significant impacts on the security of *your* system. I find the Debian approach to be more compelling. OpenBSD is pretty secure; how does Debian compare? Is Woody ready for prime-time yet? (If not, would an upgrade from potato to woody likely cause hiccups?) Woody's pretty adequate for a desktop. I'd stick with Potato for production, 'Net-facing, servers. FUNCTIONALITY: We need DNS server packages, ssh (with ssh tunneling available for other services), smtp/pop, web-based scheduling/claendaring/email facilities, HTTP (apache/mod_perl) servers, and so on... Deb's down wi'dat. Cold. Peace. -- Karsten M. Self
Re: ISP asking about switching to Debian from OpenBSD
On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: on Tue, Nov 20, 2001 at 01:38:11PM -0800, Mark Ferlatte ([EMAIL PROTECTED]) wrote: On Tue, Nov 20, 2001 at 01:28:36PM -0600, David Batey wrote: STABILITY: is Debian a good choice for heavy lifting? There are some legit concerns regarding the Linux kernel as opposed to the *BSD kernels as far as heavy lifting goes, but if you're considering Debian, then you probably feel that those concerns are addressed to your satisfaction. As far as distributions go, Debian's packaging quality is very high, and if you go with stable that's exactly what you get: serious stability. My own experience running GNU/Linux and OpenBSD (2.7) side-by-side is that I get the odd freeze and restart on oBSD, but not GNU/Linux (unless it's something I've done myself, usually involving crashing X). Typical uptimes on both systems run months. UPS on the GNU/Linux box, I've watched the oBSD walk straight through power flux that flickers the lights, with nothing more than a surge protector. Not to slam oBSD, as it's really good at what it aims to be, but it's a niche product aimed at a specific target, and it's really good at that. Heavy Lifting isn't that target. Oh, and walking through that flicker? That was your power supply, not the OS. If the CPU doesn't get enough juice, it doesn't get enough juice and all the clever, proper code in the world won't help. I know about apt-get for easy installation of bug/security patches; does the ease-of-install ever compromise security or functionality? Not in my experience. I'll hit this point more specifically. I'm going to swap out my OpenBSD system for a very light stable Debian install. I replaced mine with a webramp 700. Mostly to get rid of the noise (fans and disk drives). But all it was doing was firewalling and DNS. The DNS got moved to a MacOS X box (no, I'm not an open source zealot) and my wife sleeps better. OpenBSD offers a very tight, very secure, by default, system. What you lose in the process are: - Flexibility of configuration and modification. I like SysV init. Theo rants how it sucks and is more complex. The Debian implementation is damned good for GNU/Linux, is worlds better than Red Hat's gee, we could use another three levels of indirection, let's put them in crap, and makes starting, stopping, and restarting services completely straightforward. Uh, not to be an argumentative drunk, but what about /etc/alternatives? While I have *lots* of problems with RedHat, their init stuff isn't all that bad. - Choice. You can choose the software you want to install. Much of it is packaged for Debian. That which isn't you can install from RPM (via alien) or compile from sources (use equivs to satisfy deps). You can run the oBSD mods if they'll build, though there may be compiler tweaks they've effected, I haven't dug into the system that deeply. The *BSDs offer ports (and from what I've heard, they're cool), but this puts you outside the envelope of security audits provided by the oBSD core. apt-get source puts you near the equivalent functionality of ports. Having used the ports system, and the .deb package system, I like the .deb system much better for large installations. I no longer put a compiler on each machine, I have an internal debian mirror with a tracking section (tracking unstable and such) a snap-shotted section (basically a snapshot of unstable at a certain point in time) and a misc-packages section. When I want a new package (for instance the upgraded lvm stuff) I moved it from the tracking directory to the misc-packages directory, and the next time I run dselect on a machine, it gets installed--if I want. Any custom software gets .debianized and shoved in there. It's nifty, and works much better than having to make; make install on 100 machines. oBSD is pretty clear that it's a full *system*, not merely an assembly of packages as is the case for many GNU/Linux distros (Debian included). However, the collection of packages approach means that Debian can offer many things to many people. oBSD is pretty much secure Unix clone, primary network services orientation. Not a bad thing. But limited choice. Every network, every sub-net, every cluster has different requirements. Debian/Linux offers a much wider variety than BSD. Not that this is always a good thing, but it allows you to customize for your own needs. Bruce Schneier identifies four periods of concern for security issues: 1. Introduction of vulnerability. It exists, but is unknown. 2. Awareness. It is known, but not necessarially patched. 3. Introduction of fix. A software
Re: ISP asking about switching to Debian from OpenBSD
In article [EMAIL PROTECTED], Karsten M. Self kmself@ix.netcom.com wrote: Most of these boil down to the TCP/IP stack. The *BSD stack is damned good, and the rest of the world drools after it. Linus himself admits that Linux kernel networking code is a mess, and that he's not personally a network hacker. Do you have a pointer to that? If he said that it must have been several years ago. Mike. -- Only two things are infinite, the universe and human stupidity, and I'm not sure about the former -- Albert Einstein.
Re: ISP asking about switching to Debian from OpenBSD
on Thu, Nov 22, 2001 at 10:45:48AM +, Miquel van Smoorenburg ([EMAIL PROTECTED]) wrote: In article [EMAIL PROTECTED], Karsten M. Self kmself@ix.netcom.com wrote: Most of these boil down to the TCP/IP stack. The *BSD stack is damned good, and the rest of the world drools after it. Linus himself admits that Linux kernel networking code is a mess, and that he's not personally a network hacker. Do you have a pointer to that? If he said that it must have been several years ago. Most recently at a Silicon Valley Computer History Museum presentation, part of the QA, October of this year. Peace. -- Karsten M. Self kmself@ix.netcom.com http://kmself.home.netcom.com/ What part of Gestalt don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html pgpRSQIkXxLdv.pgp Description: PGP signature
Re: ISP asking about switching to Debian from OpenBSD
on Thu, Nov 22, 2001 at 02:12:17AM -0800, Petro ([EMAIL PROTECTED]) wrote: On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: on Tue, Nov 20, 2001 at 01:38:11PM -0800, Mark Ferlatte ([EMAIL PROTECTED]) wrote: My own experience running GNU/Linux and OpenBSD (2.7) side-by-side is that I get the odd freeze and restart on oBSD, but not GNU/Linux (unless it's something I've done myself, usually involving crashing X). Typical uptimes on both systems run months. UPS on the GNU/Linux box, I've watched the oBSD walk straight through power flux that flickers the lights, with nothing more than a surge protector. Not to slam oBSD, as it's really good at what it aims to be, but it's a niche product aimed at a specific target, and it's really good at that. Heavy Lifting isn't that target. Depends on the heavy lifting involved. For a wide range of public-facing network services, it's perfectly acceptable. Oh, and walking through that flicker? That was your power supply, Actually, I checked -- it's a power strip, not a surge protector. I think it's the heavy electrons, they take longer to slow down ;-) OpenBSD offers a very tight, very secure, by default, system. What you lose in the process are: - Flexibility of configuration and modification. I like SysV init. Theo rants how it sucks and is more complex. The Debian implementation is damned good for GNU/Linux, is worlds better than Red Hat's gee, we could use another three levels of indirection, let's put them in crap, and makes starting, stopping, and restarting services completely straightforward. Uh, not to be an argumentative drunk, but what about /etc/alternatives? I don't think that's terribly complex. It's not much more than is already done in /lib and /usr/lib to point to the proper libraries. Symlinks. My contact with RH boxen is pretty limited these days, but I know there's a bunch of cruft under /etc/sysconfig for networking that's sourced in multiple places. I've had headaches trying to work out what goes where with RH's MySQL startup scripts. I find that the /etc/init.d (or /etc/rc.d/init.d) script frequently invokes at least one level, and sometimes two or more, of other scripts. Tracing execution through this path is tortured. Debian does far better at localizing everything to the /etc/init.d script itself, or, where it doesn't, to localizing the additional cruft to a minimal number of locations (/etc/network/interfaces). oBSD is pretty clear that it's a full *system*, not merely an assembly of packages as is the case for many GNU/Linux distros (Debian included). However, the collection of packages approach means that Debian can offer many things to many people. oBSD is pretty much secure Unix clone, primary network services orientation. Not a bad thing. But limited choice. Every network, every sub-net, every cluster has different requirements. Debian/Linux offers a much wider variety than BSD. Not that this is always a good thing, but it allows you to customize for your own needs. Agreed. Bruce Schneier identifies four periods of concern for security issues: 1. Introduction of vulnerability. It exists, but is unknown. 2. Awareness. It is known, but not necessarially patched. 3. Introduction of fix. A software patch is available. 4. Application of fix. Software patch is widely applied. Number 4 is wishful thinking. It's a numbers game. Debian makes accomplishing # 4 far easier than any other system I'm familiar with. What oBSD does is try to minimize factor 1. What Debian does is address 3 4. They're somewhat orthogonal approaches (Debian also addresses 1 a bit), but both have significant impacts on the security of *your* system. I find the Debian approach to be more compelling. Quite frankly, proper design and coding is the only way to prevent most vulnerabilities. Everything else is locking the barn door when you're not sure the horse is still inside or not. Yes, you still have to lock the door, but it's occasionally too late. Making sure the barn door's made of wood (or steel) rather than paper helps. OpenBSD's audit focusses very heavily on eliminating buffer overflows and looking at use of UID 0. Between the two of these, you're attacking the foundations of a large number of possible exploits. The other attack angle is sane configuration defaults. Since the majority of users never touch the defaults, and a large number of exploits are based on buffer attacks, this actually cuts the vulnerability profile significantly. Debian could learn from this, and is, with the various hardened packages / tasks which can be applied. The web-based scheduling/calendaring pretty much sucks unless you're willing to spend money on
Re: ISP asking about switching to Debian from OpenBSD
On Tue, Nov 20, 2001 at 03:49:28PM -0800, nate wrote: i can think of one(IMO) glaring security problem in debian, that is the (now almost a year old) DOS attack against the openbsd ftpd port in debian potato. ive reported it to multiple places(including the security list) but never got a reply. I've prodded [EMAIL PROTECTED] again to remind the relevant people that something needs to be done. biggest con to debian is the near immediate abandonment of stable releases once a new stable release comes out. e.g. security/other fixes are not backported to the previous stable release. other vendors like redhat, suse, sun, etc(not sure about the bsds) typically backport their security fixes(at least) to the previous 2-3 stable releases.i wish debian would maintain that, at least backporting security fixes(nevemind the rest) 1 stable release. This is basically just a question of lack of volunteer time and interest, coupled with the long release cycle that means a lot of developers shudder at the thought of trying to keep the ancient monstrosity that was the last-but-one release up to date. -- Colin Watson [EMAIL PROTECTED]
Re: ISP asking about switching to Debian from OpenBSD
Colin Watson said: I've prodded [EMAIL PROTECTED] again to remind the relevant people that something needs to be done. cool! thanks. at least i think there should be a warning somewhere that tells of the problem if there isn't going to be a fix anytime soon. This is basically just a question of lack of volunteer time and interest, coupled with the long release cycle that means a lot of developers shudder at the thought of trying to keep the ancient monstrosity that was the last-but-one release up to date. yeah i understand accept that. a somewhat small price to pay to have an otherwise near perfect distribution :) nate
Re: ISP asking about switching to Debian from OpenBSD
dear DD, before you go and delve into the world of new distros, you need only break down your whole questionaire into one simple complete thought... my man, debian is fine for all of your tasks...the real question is, are you ready for debian? DNS, webserver, email, and all the other fun stuff will only work as good as the admin who puts it to use. to answer your obvious question, of course debian is a fine distro for all your networking needs. it uses the linux kernel...and, if you're keeping up to date with that, then all you really need is to keep asking specific 'debianized' questions on the list and read/learn more about the kernel. any distro is only as good as you make it bubba...there is no other way. p.s. i use mandrake, debian, and freebsd...not in a 'production' or ISP environment...i am however willing to bet money that any of them would do the trick simply because i'm more than willing to invest some serious brainpower into them. good luck and good fortune with your company... -jeff -- Q: What is purple and commutes? A: A boolean grape.
Re: ISP asking about switching to Debian from OpenBSD
On Tue, Nov 20, 2001 at 03:05:42PM -0500, jeff wrote: dear DD, before you go and delve into the world of new distros, you need only break down your whole questionaire into one simple complete thought... my man, debian is fine for all of your tasks...the real question is, are you ready for debian? DNS, webserver, email, and all the other fun stuff will only work as good as the admin who puts it to use. to answer your obvious question, of course debian is a fine distro for all your networking needs. it uses the linux kernel...and, if you're keeping up to date with that, then all you really need is to keep asking specific 'debianized' questions on the list and read/learn more about the kernel. any distro is only as good as you make it bubba...there is no other way. p.s. i use mandrake, debian, and freebsd...not in a 'production' or ISP environment...i am however willing to bet money that any of them would do the trick simply because i'm more than willing to invest some serious brainpower into them. There is also debian-isp list , which seems more appropriate. good luck and good fortune with your company... -jeff -- Q:What is purple and commutes? A:A boolean grape. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- GPG key-id: 1024D/DF04A255 Dmitriy AA16 8FAB 74E1 3511 83D0 9F4B F087 CEC9 DF04 A255 * encrypted personal mail is very much preferred * Free Dmitry Sklyarov! http://www.freesklyarov.org pgpea4U4lQyHj.pgp Description: PGP signature
Re: ISP asking about switching to Debian from OpenBSD
[Please do not waste bandwidth with HTML mail] On Tue, Nov 20, 2001 at 13:28:36 -0600, David Batey wrote: I'm with an ISP having about 300 customers who use our servers for DNS, HTTP, POP, SMTP, and on one server we have FrontPage extensions running. We're wondering about Debian's scalability, stability and functionality -- for example... My previous employer was an ISP serving several thousands of customers using servers running Debian exclusively (DNS, web, FTP, mail, shell etc.). For case histories, you may want to ask on the debian-isp list. STABILITY: is Debian a good choice for heavy lifting? Yes. I've seen a single Debian box that provided webmail services to several tens of thousands of users with an uptime of several hundreds of days; machines that you regarded obsolete for desktop use three years ago are powerful enough to host say a hundred websites using virtual hosting. I know about apt-get for easy installation of bug/security patches; does the ease-of-install ever compromise security or functionality? If you're paranoid, you can always build from source. OpenBSD is pretty secure; how does Debian compare? Debian is perhaps slightly less paranoid, but a well-maintained Debian box is likely to be quite secure. As always, the system administrator's skills are a key factor. Is Woody ready for prime-time yet? I would still recommend potato for a production environment as it is indeed stable as a rock. Woody can be used in production environments if you have a good administrator, but be aware that it is still fluid. (If not, would an upgrade from potato to woody likely cause hiccups?) Definitely not once woody is released (as the release process involves testing upgrades between releases specifically); at the moment, I'm not aware of problems upgrading a potato system to woody. FUNCTIONALITY: We need DNS server packages, ssh (with ssh tunneling available for other services), smtp/pop, web-based scheduling/claendaring/email facilities, HTTP (apache/mod_perl) servers, and so on... All of which are available, AFAIK. HTH, Ray -- Give a man a fire, he's warm for a day. Set a man on fire, he's warm for the rest of his life.
Re: ISP asking about switching to Debian from OpenBSD
On Tue, Nov 20, 2001 at 01:28:36PM -0600, David Batey wrote: STABILITY: is Debian a good choice for heavy lifting? There are some legit concerns regarding the Linux kernel as opposed to the *BSD kernels as far as heavy lifting goes, but if you're considering Debian, then you probably feel that those concerns are addressed to your satisfaction. As far as distributions go, Debian's packaging quality is very high, and if you go with stable that's exactly what you get: serious stability. I know about apt-get for easy installation of bug/security patches; does the ease-of-install ever compromise security or functionality? Not in my experience. If you setup apt to use the Debian security source in addition to the main apt sources, you get painless and (potentially) automatic security updates. For example, I have a cron that automatically checks for security updates and downloads them nightly, and mails the result. Usually I find out about security uploads before debian-security does. OpenBSD is pretty secure; how does Debian compare? Is Woody ready for prime-time yet? (If not, would an upgrade from potato to woody likely cause hiccups?) If you setup Debian in a secure fashion (ie, install what you need, run what you need), then you'll be about as secure as OpenBSD. Many of the bugs that OpenBSD finds in their excellent code auditing get propagated elsewhere. Personally, I wouldn't run woody on a server, however I willingly make the tradeoff between newer versions of packages and stability. I have been running woody on my desktop and laptop for a couple of months, and have had very little trouble. An upgrade from potato to woody should be fairly painless (although, you probably wouldn't want to do it while your server was going at full throttle). FUNCTIONALITY: We need DNS server packages, ssh (with ssh tunneling available for other services), smtp/pop, web-based scheduling/claendaring/email facilities, HTTP (apache/mod_perl) servers, and so on... Debian ships with OpenSSH by default, although the commercial version is available. You have your choice of pre-packaged MTAs: sendmail, exim, postfix (my current favorite), and POP servers (uw, cyrus, courier). I tend to not use the pre-packaged apache in production situations, but that's because I tend to have special needs, and it's easier to just build my own. The Debian pre-packaged one is great for prototyping stuff, though, 'cause it's built in a very generic fashion, with lots of modules ready to go. Any input is welcome -- both pro and con, of course. Debian has required the least amount of admin effort of any Unix I've adminned (Redhat, FreeBSD, Solaris). And please CC: me directly, as I'm not on the list (yet -- but you might help change that :). If you do decide to go with Debian, the lists are a good place to get help or advice. There are more specialized lists than debian-user, however, that might be able to provide more assitance (like debian-firewall, or debian-isp). See lists.debian.org for details. M
Re: ISP asking about switching to Debian from OpenBSD
Cobalt is a linux ISP out of the box. J.H.M. Dassen (Ray) wrote: [Please do not waste bandwidth with HTML mail] On Tue, Nov 20, 2001 at 13:28:36 -0600, David Batey wrote: I'm with an ISP having about 300 customers who use our servers for DNS, HTTP, POP, SMTP, and on one server we have FrontPage extensions running. We're wondering about Debian's scalability, stability and functionality -- for example... My previous employer was an ISP serving several thousands of customers using servers running Debian exclusively (DNS, web, FTP, mail, shell etc.). For case histories, you may want to ask on the debian-isp list. STABILITY: is Debian a good choice for heavy lifting? Yes. I've seen a single Debian box that provided webmail services to several tens of thousands of users with an uptime of several hundreds of days; machines that you regarded obsolete for desktop use three years ago are powerful enough to host say a hundred websites using virtual hosting. I know about apt-get for easy installation of bug/security patches; does the ease-of-install ever compromise security or functionality? If you're paranoid, you can always build from source. OpenBSD is pretty secure; how does Debian compare? Debian is perhaps slightly less paranoid, but a well-maintained Debian box is likely to be quite secure. As always, the system administrator's skills are a key factor. Is Woody ready for prime-time yet? I would still recommend potato for a production environment as it is indeed stable as a rock. Woody can be used in production environments if you have a good administrator, but be aware that it is still fluid. (If not, would an upgrade from potato to woody likely cause hiccups?) Definitely not once woody is released (as the release process involves testing upgrades between releases specifically); at the moment, I'm not aware of problems upgrading a potato system to woody. FUNCTIONALITY: We need DNS server packages, ssh (with ssh tunneling available for other services), smtp/pop, web-based scheduling/claendaring/email facilities, HTTP (apache/mod_perl) servers, and so on... All of which are available, AFAIK. HTH, Ray
Re: ISP asking about switching to Debian from OpenBSD
Fred Bloom wrote: Cobalt is a linux ISP out of the box. J.H.M. Dassen (Ray) wrote: Many people regard Cobalt as a piece of junk aimed at wannabe ISPs. My impression is that the original poster is working for an already established ISP. They are not secure out of the box, and can be a pain to modify to suit a serious environment. They also tend to crash a lot unless you put a lot of time into them, based on my experience. My 2cents, which is of course really 1 cents at current exchange rates. John P Foster
Re: ISP asking about switching to Debian from OpenBSD
David Batey said: I work at a midwest ISP, and we've got an opportunity to switch from an older openBSD to something more recent -- and apparently upgrading to the current openBSD might be as much of a chore as switching to something entirely different, such as Debian. i switched a few systems from openbsd to debian last year .. i doubt ill try openbsd again anytime soon. although i am working on deploying freebsd systems... STABILITY: is Debian a good choice for heavy lifting? I know about apt-get for easy installation of bug/security patches; does the ease-of-install ever compromise security or functionality? OpenBSD is pretty secure; how does Debian compare? Is Woody ready for prime-time yet? (If not, would an upgrade from potato to woody likely cause hiccups?) in most cases the ease-of-install does not compromise security. i can think of one(IMO) glaring security problem in debian, that is the (now almost a year old) DOS attack against the openbsd ftpd port in debian potato. ive reported it to multiple places(including the security list) but never got a reply. woody is ok for prime-time PROVIDED you don't upgrade it often. i have 1 woody server in production(compared to about 38-39 potato servers). and i very rarely upgrade it. it serves a very specific purpose, to run web apps that would not run under potato even after weeks of trying (ezpub - developer.ez.no, and also webrt www.fsck.com tho i didn't try rt under potato i just deployed it straight to woody because of the bleeding edge perl requirements) for any other server i would(and do) use potato. i don't like upgrading often. FUNCTIONALITY: We need DNS server packages, ssh (with ssh tunneling available for other services), smtp/pop, web-based scheduling/claendaring/email facilities, HTTP (apache/mod_perl) servers, and so on... all is available. i heavily modify the BIND setup that debian has to run in chroot() and as non root uid/gid. openbsd is much easier to do this with(just flip a switch in one of the conf files). some don't like the SSH1 protocol which potato ships with, i personally think it is ok. especially combined with forced RSA authentication(e.g. do not allow password logins). security is really most important with untrusted users. i don't run any systems with untrusted users, and haven't for quite a while. back when i ran an isp i had my servers page me anytime a user logged in with username/IP/date/time of login. with a lot of shell logins this probably wouldnt be very fun to deal with tho. one of the biggest cons to openbsd i found was upgrading. i wanted to upgrade my nameserver which ran openbsd. from the docs i found the only way to do it was from cvs. and doing it from cvs, everything i read said i'd be reinstalling EVERYTHING. its not really an upgrade, but a reinstall/overwrite. i tried several times to upgrade but the compile kept puking(memory error). i got pissed because it was compiling stuff i did not have installed and did not WANT installed like kerberos. from the folks i talked to they said this is expected behavoior. that shocked me..i expect an upgrade to upgrade what you have, nothing more. the only binary upgrade i could find for openbsd was boot from the cd and do it, and that doesn't work if the server is 1100 miles away from me. so i had a guy that was local to the colocation replace the server with a debian one. least i can upgrade from potato-woody without even a reboot when the time comes (ive already done it twice ..) biggest con to debian is the near immediate abandonment of stable releases once a new stable release comes out. e.g. security/other fixes are not backported to the previous stable release. other vendors like redhat, suse, sun, etc(not sure about the bsds) typically backport their security fixes(at least) to the previous 2-3 stable releases.i wish debian would maintain that, at least backporting security fixes(nevemind the rest) 1 stable release. in this case, if a problem was found in potato, backport it to slink(if slink was vulnerable). i was worried when potato came out i had a slink system that was pretty heavily modified, and at a remote location, did not want to risk trying a dist-upgrade from remote, luckily the server was decommishioned a few months later and i didn't have to worry about it anymore. hope this helps. nate
Re: ISP accounting software
On Sun, Nov 19, 2000 at 06:12:23PM +1000, markc wrote: Did you manage to find any ISP accounting software to suit you ? Not quite. Did an apt-get for ipac. The set-up is a bit complicated and the documentation rather short and terse. Trying some experimentation presently .. Not much success so far. I have evolved my own over the years and intend to package it one day. Would love to give it a try. --markc Thanks USM Bish
Re: ISP accounting software
In a galaxy not too far away, USM Bish spoke on Mon, Nov 13, 2000 at 11:14:31PM +0518: I am on the lookout for a light weight ISP accounting software, preferentially a command line version which can be fired from ppp scripts. Should have features of configuration for rates, volume of transaction etc Should output to a log file. Yes, kppp suits the bill fine but kde is too resource hungry on my anaemic system. USM Bish have you tried ipac('apt-get install ipac')? that's what i am using for IP accounting. /stefan -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: ISP Configuration help, please.
John Hasler wrote: soluzar75 writes: My ISP is LineONE http://www.lineone.net, and I have a generic CompUSA-type external modem. I just need to know how to write proper connection scripts (I think...). Run pppconfig as root and fill in the blanks. Start your connection with pon, monitor it with plog, and stop it with poff. No need to write any scripts. Upgrade ppp and pppconfig to potato first, though. Another option is wvdial, which (in Woody at least), has enough intelligence to search for your modem and make intelligent guesses as to configuration parameters. It'll also redail automatically if the connection gets dropped, which is handy in my case since I have an ISP with a three-hour limit. Kent (hoping this first email out from a fresh install of Woody Mozilla doesn't send in HTML)
Re: ISP Configuration help, please.
Kent West writes: Another option is wvdial, which (in Woody at least), has enough intelligence to search for your modem... Pppconfig can do this. It'll also redail automatically if the connection gets dropped,... And this. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
Re: ISP Configuration help, please.
soluzar75 writes: My ISP is LineONE http://www.lineone.net, and I have a generic CompUSA-type external modem. I just need to know how to write proper connection scripts (I think...). Run pppconfig as root and fill in the blanks. Start your connection with pon, monitor it with plog, and stop it with poff. No need to write any scripts. Upgrade ppp and pppconfig to potato first, though. -- John Hasler [EMAIL PROTECTED] Dancing Horse Hill Elmwood, Wisconsin
Re: ISP mode connection (Sorry - Unidentified subject!)
On Thu, 5 Oct 2000 [EMAIL PROTECTED] wrote: I'm reposting my problem, since I couldn't solve it. So, I'm not receiving (CONNECT) from my modem. When am I supposed to get it? Just after my ISP gives me a response? Or just after it accepts my login? The CONNECT message comes from your modem when it determines that it is able to talk to the other modem. Another thing that is happening: When I send the AT commands to my modem, it doesn't give me the answer immediately. It waits a few seconds (about 30!), to send me back OK. So, when I type pon, it delays about 90 seconds to dial. This does not happen under windows. The dial-up is made immediately. Could this be a serial port uart issue? You now, I already tried setserial (...) uart 16450. Hmmm, could be an IRQ problem. I had a modem on IRQ7 for about 6 months, then out of the blue (afaict) IRQ7 stopped working and I had symptoms very similar to what you are reporting. The fix was to use a different IRQ. later, Bruce
RE: ISP nameserver error?
On 05-Oct-2000 Gary Hennigan wrote: I'm in the process of refining my small home LAN setup, which is connected to the outside world via a firewall connected to the internet via ADSL. I'm using 192.168.1.x for my box addresses and was in the process of setting up a DNS server when I noticed something odd... % nslookup sdcrtr.nm.org Name:sdcrtr.nm.org Address: 192.168.1.1 I understand that some ISP's assign customers non-routable IP addresses behind a firewall. Could that be what your ISP is doing? -- Andrew
Re: ISP modem connection
[...] These are the last lines of my /var/log/syslog: Oct 3 04:12:35 colorado pppd[664]: pppd 2.3.11 started by root, uid 0 Oct 3 04:12:36 colorado chat[665]: abort on (BUSY) Oct 3 04:12:36 colorado chat[665]: abort on (NO CARRIER) Oct 3 04:12:36 colorado chat[665]: abort on (VOICE) Oct 3 04:12:36 colorado chat[665]: abort on (NO DIALTONE) Oct 3 04:12:36 colorado chat[665]: abort on (NO DIAL TONE) Oct 3 04:12:36 colorado chat[665]: abort on (NO ANSWER) Oct 3 04:12:36 colorado chat[665]: send (AT F0 E0 C1 D2 V1 S0=0\V1W0^M) Oct 3 04:12:37 colorado chat[665]: expect (OK) Oct 3 04:13:05 colorado chat[665]: ^M Oct 3 04:13:05 colorado chat[665]: OK Oct 3 04:13:05 colorado chat[665]: -- got it Oct 3 04:13:05 colorado chat[665]: send (ATDT6129220^M) Oct 3 04:13:05 colorado chat[665]: expect (CONNECT) Oct 3 04:13:05 colorado chat[665]: ^M Oct 3 04:13:50 colorado pppd[664]: Connect script failed Oct 3 04:13:50 colorado chat[665]: alarm Oct 3 04:13:50 colorado chat[665]: Failed Oct 3 04:13:51 colorado pppd[664]: Exit. Well, not a solution, but try to add kdebug 1 to your ppp options file. I'm experiencing a similar situation, but had no time to continue work on it. In my case, it seems that my configuration is rejecting pap authentication, but I couldn't see why. Maybe such a log might help somebody else on this list to find the solution. Christoph Simon [EMAIL PROTECTED] -- ^X^C q quit :q ^C end x exit ZZ ^D ? help shit .
Re: ISP modem connection
On Tue, 3 Oct 2000 [EMAIL PROTECTED] wrote: commands. This is my modem log under windows: ... 09-11-2000 02:52:45.70 - Initializing modem. 09-11-2000 02:52:45.70 - Send: ATcr 09-11-2000 02:52:45.72 - Recv: ATcr 09-11-2000 02:52:45.72 - Recv: crlfOKcrlf 09-11-2000 02:52:45.72 - Interpreted response: Ok 09-11-2000 02:52:45.72 - Send: AT F E0 C1 D2 V1 S0=0\V1w0cr 09-11-2000 02:52:45.75 - Recv: AT F E0 C1 D2 V1 S0=0\V1w0cr 09-11-2000 02:52:45.75 - Recv: crlfOKcrlf 09-11-2000 02:52:45.75 - Interpreted response: Ok 09-11-2000 02:52:45.75 - Send: ATS7=60S30=0L0M1\N3%C1K3B0B15N1X4cr 09-11-2000 02:52:45.76 - Recv: crlfOKcrlf 09-11-2000 02:52:45.76 - Interpreted response: Ok 09-11-2000 02:52:45.76 - Send: Ats109=2cr 09-11-2000 02:52:45.76 - Recv: crlfOKcrlf 09-11-2000 02:52:45.76 - Interpreted response: Ok 09-11-2000 02:52:45.76 - Dialing. 09-11-2000 02:52:45.76 - Send: ATDT;cr 09-11-2000 02:52:49.30 - Recv: crlfOKcrlf 09-11-2000 02:52:49.30 - Interpreted response: Ok 09-11-2000 02:52:49.32 - Dialing. 09-11-2000 02:52:49.32 - Send: ATDT###cr 09-11-2000 02:53:21.68 - Recv: crlfCONNECT 115200 V42biscrlf 09-11-2000 02:53:21.68 - Interpreted response: Connect 09-11-2000 02:53:21.68 - Connection established at 115200bps. 09-11-2000 02:53:21.68 - Error-control on. 09-11-2000 02:53:21.68 - Data compression on. These are the last lines of my /var/log/syslog: Oct 3 04:12:35 colorado pppd[664]: pppd 2.3.11 started by root, uid 0 ... Oct 3 04:12:36 colorado chat[665]: send (AT F0 E0 C1 D2 V1 S0=0\V1W0^M) Oct 3 04:12:37 colorado chat[665]: expect (OK) Oct 3 04:13:05 colorado chat[665]: ^M Oct 3 04:13:05 colorado chat[665]: OK Oct 3 04:13:05 colorado chat[665]: -- got it Oct 3 04:13:05 colorado chat[665]: send (ATDT6129220^M) Oct 3 04:13:05 colorado chat[665]: expect (CONNECT) Oct 3 04:13:05 colorado chat[665]: ^M Oct 3 04:13:50 colorado pppd[664]: Connect script failed It looks like either your modem is not sending a connect message (just a CR), or the chat script is timing out before it is sent. Maybe fiddle with the expect after dialing (or change the timeout, assuming that can be done). The only information I have, now, is an alarm. You may ask of the sequence ATS7=60S30=0L0M1\N3%C1K3B0B15N1X4. I tried it to, but nothing works. What does Ats109=2cr do (aside from setting register s109 to 2 :)? Have you tried sending ATZ first, then all three of the AT command sequences the win prog sends before dialing? later, Bruce
Re: ISP server assigned nameserver addressing - how?
in 99.9% of cases you do not have to use your ISP's DNS. you can use any DNS(use mine if you want 209.102.24.193 194) to find an ISP's numeric DNS i would suggest using WHOIS, or dig. dig domainname.com whois domainname.com both will give u numeric DNS settings for the domain. nate Phillip Deackes wrote: I have always added my ISP's nameservers address to /etc/resolv.conf and have found that most ISPs tend to specify that you should set up Windows DUN for server assigned DNS addresses. On occasions I have found it very difficult to get hold of actual numeric addresses. Can nameserver addresses be otained dynamically with Linux? All the documentation I have read points to physically adding the address to /etc/resolv.conf I use ISDN and have upgraded to Woody. -- Phillip Deackes Using Storm Linux -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- ::: ICQ: 75132336 http://www.aphroland.org/ http://www.linuxpowered.net/ [EMAIL PROTECTED]
Re: ISP server assigned nameserver addressing - how?
On Tue, 22 Aug 2000 22:23:02 PDT, Nate Amsden writes: in 99.9% of cases you do not have to use your ISP's DNS. you can use any DNS(use mine if you want 209.102.24.193 194) to find an ISP's numeric DNS i would suggest using WHOIS, or dig. But using further away DNS´s _will_ affect your browsing speed, eg if netscape wants to connect to a page with lots o banners or otherwise linked other sites there´s easily 20-30 dns-lookups per page, and netscape does them one after one, so there are seconds lost sometimes before netscape even gets the the whole page html-wise... rw -- / Robert Waldner [EMAIL PROTECTED] | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
RE: ISP server assigned nameserver addressing - how?
To know YOUR DNS's when you use Windows, go to www.anonymizer.com (in Windows) and click This is what we know about you or something like that. In most cases somewhere near the end of the page it will tell your DNS addresses. Worked for me!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2000 6:14 AM To: debian-user@lists.debian.org Subject: Re: ISP server assigned nameserver addressing - how? On Tue, 22 Aug 2000 22:23:02 PDT, Nate Amsden writes: in 99.9% of cases you do not have to use your ISP's DNS. you can use any DNS(use mine if you want 209.102.24.193 194) to find an ISP's numeric DNS i would suggest using WHOIS, or dig. But using further away DNS´s _will_ affect your browsing speed, eg if netscape wants to connect to a page with lots o banners or otherwise linked other sites there´s easily 20-30 dns-lookups per page, and netscape does them one after one, so there are seconds lost sometimes before netscape even gets the the whole page html-wise... rw -- / Robert Waldner [EMAIL PROTECTED] | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien / -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: ISP server assigned nameserver addressing - how?
To know YOUR DNS's when you use Windows, go to www.anonymizer.com (in Windows) and click This is what we know about you or something like that. In most cases somewhere near the end of the page it will tell your DNS addresses. Worked for me!! To get DNS servers out of windows.. Go to start menu, select run, type in WINIPCFG, click OK. Select the network adapter in question (LAN card or dialup adapter etc... If you're using Win98SE ICS, the ICS adapter) .. it will show you the DNS it's using.. You may need to click the More info button if you don't see the DNS box. Anthony
Re: ISP server assigned nameserver addressing - how?
Phillip Deackes writes: Can nameserver addresses be otained dynamically with Linux? Yes. Run pppconfig, go to 'Advanced', go to 'Nameservers', and select 'Dynamic'. I use ISDN and have upgraded to Woody. I don't know much about ISDN. -- John Hasler [EMAIL PROTECTED] Dancing Horse Hill Elmwood, Wisconsin
Re: ISP server assigned nameserver addressing - how?
On Tue, 22 Aug 2000 13:40:11 BST, Phillip Deackes writes: I have always added my ISP's nameservers address to /etc/resolv.conf and have found that most ISPs tend to specify that you should set up Windows DUN for server assigned DNS addresses. On occasions I have found it very difficult to get hold of actual numeric addresses. To be sure, add the nameservers to /etc/resolv.conf manually. I also suggest doing so in Windos, server-assigning nameservers tends to be somewhat unstable, so every _good_ ISP will hand you the addresses numerically, at least per request. Can nameserver addresses be otained dynamically with Linux? All the documentation I have read points to physically adding the address to /etc/resolv.conf It´s a feature of PPP, if you do it the debian-way, just run pppconfig and set the nameservers to dynamic. If you fire PPP manually, man pppd. I suggest turning on debugging in pppd, the assigned nameservers should be logged and you can then add them manually to resolv.conf. hth, rw -- / Robert Waldner [EMAIL PROTECTED] | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: ISP says bad passwd
Maybe your ISP requires PAP or CHAP? You may have it configured for something it doesn't support. I've never used/heard of wvdialconf so im not sure how it is (i use pppconfig) what does /var/log/messages tell you when its connecting? pppd should be printing out messages there. nate On Wed, 8 Dec 1999, Rick Dunnivan wrote: rdunni I just bought a Jaton 56K internal modem. wvdialconf rdunni set everything up for me. When I use wvdial to rdunni attempt a connection, It says looks like a login rdunni prompt... sending login... looks like a password rdunni prompt... sending PASSWORD rdunni rdunni **BAD PASSWD** rdunni rdunni several times then gives up. I have ensured the rdunni passwd listed in /etc/wvdial.conf is the correct one. rdunni Any help? rdunni rdunni rdunni = rdunni rick rdunni __ rdunni Do You Yahoo!? rdunni Thousands of Stores. Millions of Products. All in one place. rdunni Yahoo! Shopping: http://shopping.yahoo.com rdunni rdunni rdunni -- rdunni Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null rdunni [mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336http://www.linuxpowered.net/ Powered By:http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/ -[mailto:[EMAIL PROTECTED] ]-- 7:15am up 110 days, 18:59, 2 users, load average: 1.58, 1.54, 1.65
Re: ISP says bad passwd
aphro writes: what does /var/log/messages tell you when its connecting? pppd should be printing out messages there. Look in /var/log/ppp.log for ppp messages. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
Re: isp login promblem.
In that case, just set the prompt to :, that should do it! :) On Mon, May 10, 1999 at 09:57:30PM -0400, Monte Copeland wrote: When I execute pon to connect to my isp, most of the time I connect with no problems. But about 10 to 20 percent of the time I get a different login prompt. In my pppconfig setup I specified that my login prompt was sername:, and when I watch the text scroll through the Xconsole, I do get the username: prompt from my isp. But occasionally I get a login: prompt and my dial up freezes. My question : Is there a way to specify more than one type of login prompt. Or am I doomed to type poff then pon until I get the correct prompt to show. Thank you, Monte -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Shao Zhang - Running Debian 2.1 ___ _ _ Department of Communications/ __| |_ __ _ ___ |_ / |_ __ _ _ _ __ _ University of New South Wales \__ \ ' \/ _` / _ \ / /| ' \/ _` | ' \/ _` | Sydney, Australia |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, | Email: [EMAIL PROTECTED] |___/ _
Re: ISP Connection
On Wed, 31 Mar 1999, Peter Ludwig wrote: Hello peoples, I've just transfered over to a new ISP, and I'm having some problems with my connection to the ISP. [ cut some text away for sake of clarity ] I would suggest the following: Have a look at your /etc/ppp/options file, uncomment the #debug line, bring up your ppp connection and have a look in /var/log/messages to see if you can find any funny things. Also, did you configure your serial port correctly? Did you supply the speed for the serial line in your provider script? Give us some more info, how does your chatscript look like, what options do you use for ppp? -- Joop Stakenborg PA4TU [EMAIL PROTECTED]
Re: ISP Connection
Joop Stakenborg writes: Have a look at your /etc/ppp/options file, uncomment the #debug line ... He needn't do this. pppconfig has already put 'debug' in /etc/ppp/peers/provider. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
Re: ISP Connection
Peter Ludwig writes: ...not everything is connecting correctly, ftp has to be in PASSIVE mode, That implies that your ISP may be running proxies. ...modified the PAP secrets file... What did you have to do to it? pppconfig should have set it up for you assuming that you chose PAP. Post your /etc/chatscripts/providers, /etc/ppp/peers/providers, /etc/ppp/pap-secrets, and the relevant parts of /var/log/ppp.log. -- John HaslerThis posting is in the public domain. [EMAIL PROTECTED] Do with it what you will. Dancing Horse Hill Make money from it if you can; I don't mind. Elmwood, Wisconsin Do not send email advertisements to this address.
Re: ISP connect
From: eferen1 [EMAIL PROTECTED] To: Bill Bell [EMAIL PROTECTED] Subject: Re: ISP connect Date: Tue, 16 Feb 1999 16:50:25 - Yes it did help! Thank you. I can now connect, but have to find the address for www.Netscape.com. Thanks for your help. :-) -Original Message- From: Bill Bell [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Cc: debian-user@lists.debian.org debian-user@lists.debian.org Date: Tuesday, February 16, 1999 15:35 Subject: RE: ISP connect I have USED MSN untill recently. I found that I needed to give my user name in the following format: MSN/user_name (including the quotes for chatscript) This may help. Bill Bell I use the KDE window to configure dial-up settings. I have reconfigured the connect script to this: noauth. Should be fine That is the only line in the script. I connect through MSN which requires a PAP login. I did not put a DNS number in hoping maybe it would configure this dynamically. The IP is set to dynamic negotiation. No, you need to enter the DNS, unless they use dhcp to give out DNS. When it does connect initially, I get a terminal window asking for a login. I send my login name and then it asks for a password. I send that and it comes back with bad password. Does anyone else connect their machine through MSN? If so, how'd you do it? Cant help much beyond that. __ Get Your Private, Free Email at http://www.hotmail.com __ Get Your Private, Free Email at http://www.hotmail.com
RE: ISP connect
I have USED MSN untill recently. I found that I needed to give my user name in the following format: MSN/user_name (including the quotes for chatscript) This may help. Bill Bell I use the KDE window to configure dial-up settings. I have reconfigured the connect script to this: noauth. Should be fine That is the only line in the script. I connect through MSN which requires a PAP login. I did not put a DNS number in hoping maybe it would configure this dynamically. The IP is set to dynamic negotiation. No, you need to enter the DNS, unless they use dhcp to give out DNS. When it does connect initially, I get a terminal window asking for a login. I send my login name and then it asks for a password. I send that and it comes back with bad password. Does anyone else connect their machine through MSN? If so, how'd you do it? Cant help much beyond that. __ Get Your Private, Free Email at http://www.hotmail.com
RE: ISP connect
On 15-Feb-99 eferen1 wrote: I use the KDE window to configure dial-up settings. I have reconfigured the connect script to this: noauth. Should be fine That is the only line in the script. I connect through MSN which requires a PAP login. I did not put a DNS number in hoping maybe it would configure this dynamically. The IP is set to dynamic negotiation. No, you need to enter the DNS, unless they use dhcp to give out DNS. When it does connect initially, I get a terminal window asking for a login. I send my login name and then it asks for a password. I send that and it comes back with bad password. Does anyone else connect their machine through MSN? If so, how'd you do it? Cant help much beyond that.
RE: ISP username for diald
On Sat, 5 Dec 1998, Chris Stalker-Herron wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, December 05, 1998 4:56 PM To: Chris Stalker-Herron Cc: Debian User List Subject: Re: ISP username for diald Chris Stalker-Herron writes: When trying to connect through diald, I am seeing PAP authentication failed in my ppp.log. I think it's because diald does not know what user to pass to pppd. No. It is because pppd is not being called with the 'noauth' option, and so is demanding that the ISP authenticate to it. Add this to /etc/diald/diald.options: pppd-options noauth Actually, I already have that line. Here is the ppp.log showing it being used. Dec 5 13:19:37 piglet diald[295]: Running pppd: /usr/sbin/pppd -detach modem crtscts mtu 1500 mru 1500 netmask 255.255.255.0 noauth Don't I have to somehow pass a username and password to the ISP? I doubt they would let me connect without one. Maybe this will help - from the ppd man page. set it in /etc/ppp/peers/file user name Sets the name used for authenticating the local system to the peer to name. Cheers. -- Colin Telmer, Ottawa, Ontario, Canada mailto:[EMAIL PROTECTED] http://www.telmer.com