from:"Gregor Maier"

Re: [expert] closing ports

2001-09-24 Thread Gregor Maier


This depends on your server. If the server tries to get the portnumber on which
to listen from the services file (get_servbyname) then this would work. But NOT
if the the server has a numeric port number in its config (like apache).

 
On 21-Sep-2001 James Sparenberg wrote:
 All,
Coming from the BSD world I can say that to close a port I would simply
 edit /etc/services and comment out (add a # sign) at the front of every line
 for a port and service I didn't need/want running.  Wouldn't this work the
 same in Linux?  If not, does anyone know why?
 
 James
 
 On Fri, 21 Sep 2001 17:49:38 -0400
 etharp [EMAIL PROTECTED] wrote:
 
 On Friday 21 September 2001 17:12, you wrote:
  I visited the self scan page and there are some ports open. how to close
  ports? I tried closing them using firewall, nothing happened.  I have
  used linuxconf to stop service using these ports, but they'r estill
  open.  mandrake 7.1 had an application to close ports, but it's not
  available in M 8.0, i want to close this ports, how to do it
 
 
 Content-Type: text/plain; charset=us-ascii; name=message.footer
 Content-Transfer-Encoding: 8bit
 Content-Description: 
 
 as root, in a rext console, type InteractiveBastille, without the quotes, 
 noteing the caps
 
 
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 24-Sep-2001
Time: 08:46:00
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] multiple mailservers on one machine

2001-09-20 Thread Gregor Maier


This should not be a problem.

You just have to configure the services to listen on the desired
interface / ip-address.

for services that are run from xinet.d you must use the 
bind or interface keyword in the config file.  man xinetd.conf will tell you
more.

For standalone servers you have to check their config files

Gregor

On 20-Sep-2001 Patrick Erler wrote:
 hello Mandrake-expert!
 
 i'm a bit stuck in thinking about this problem:
 
 is it possible to bind, for instance, sendmail to eth0 port 25
 and qmail to eth0:1 port 25?
 
 same applies for, let's say, zope on eth0 port 80 and apache on
 eth0:1 port 80...
 
 background: i'd like to run teamware
 (http://www.teamw.com/linux/) which brings it's own (mail-
 etc...) servers parallel to normal services on one mandrake
 machine.
 
 
 regards,
 
 PAT
 --
 
 
 vcard/LDAP/PGP: http://dresden-online.com/perler/identity.html
 PGP fingerprint: DAC6 2FDA 1ED7 AD55  BD1F 5142 3D5F 72BF
 
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 21-Sep-2001
Time: 07:44:20
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] software recommendations

2001-09-20 Thread Gregor Maier



On 20-Sep-2001 Richard Kuryk wrote:
 1. Jedit - A great java programmers editor
  
 2. ncftp - great command line ftp program
  
 I'm pulling together a list of gui apps for my own little mandrake based
 installation (P75, 64MB, 540MB HD). I'm looking for apps that do not use QT
 or GTK+ (I'm trying to keep things as simple as possible, and I probably
 wouldn't be installing the libraries anyways). I need:
 
 1. A decent text editor (Not XEmacs... I hate Emacs) 
then i should be vi / gvim ;-)
but i'm not sure if gvim requires gtk

 2. An FTP client 
ncftp is a really good tip

 3. CD player 

 4. MP3/Media Player 
mpg123.

 5. mpeg/avi player 

 I've been playing around with everything that's included with MDK 7.2, but
 most of the included apps use the aforementioned libraries. Any thoughts?
 

And have a look a freshmeat.net
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 21-Sep-2001
Time: 07:48:31
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Nimda

2001-09-19 Thread Gregor Maier



On 20-Sep-2001 Tom Badran wrote:
 On Thursday 20 September 2001 4:24 am, you wrote:
 Okay then ... big question.

 How do I ensure my shares are not publicly writable?
 
 If your not sure, then they probably are not - its harder to set them that 
 way. I have never been able to set up a writable share in samba (although i 
 havent tried very hard). Basically, you would already know.
 
 I think the options are:
 
 [public] = yes
 [writeable] = yes
And then the user must still autheticate himself. To make a share really
writeable to EVERYONE in your system is some more work...

So don't worry, if you haven't done it by yourself your samba share are NOT
world writeable.

Gregor
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 20-Sep-2001
Time: 07:58:57
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Replacement for lynx -dump?

2001-09-19 Thread Gregor Maier



On 20-Sep-2001 Bob Puff@NLE wrote:
 Hello,
 
 I need to fetch a specific URL in a cron job.. but I need it NOT to 
 report an error if it can't get to the URL.  I've been using lynx -dump, 
 but it sends root an email each and every time it fails.. I need 
 something that shuts up on errors! g  Any suggestions?
 
 Bob
 
You can use wget. 
Use it with the --quiet option.


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 20-Sep-2001
Time: 07:52:27
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Testing mouse wheel

2001-09-18 Thread Gregor Maier



On 18-Sep-2001 Laurent Duperval wrote:
 On 17 Sep, Moses Backman III wrote:
 i couldn't get it to work either with LM8.0 but BETA3 of 8.1 has it
 and it works 
 great
 
 Hmm. Ok, I'll have to wait until I upgrade, I guess.
 
My wheel mouse works with some browsers (opera, netscape) and  I can always use
it a third mouse button (VERY important under X).
I didn't do any special configuration for it it was recognized by the
Xconfigurator.



--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 18-Sep-2001
Time: 14:52:52
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Running telnet server

2001-09-14 Thread Gregor Maier



On 14-Sep-2001 J.P.Pasnak wrote:
 On September 13, 2001 20:10 pm, you wrote:
 Hello all,

 I realize telnet is inherently insecure, but I want to run the in.telnetd
 on a LM8.0 machine to test some things.  I'm not sure how to get it
 started.  There's a telnet file in /etc/xinetd.d, but no script in
 /etc/rc.d/init.d, and I'm not sure what it should look like.

 
 Telnet server uses xinet.d, so all you have to do is edit that script in 
 '/etc/xinetd.d' and change 'disable = yes' to 'disable = no' and then make 
 sure xinet.d is running - '/etc/rc.d/init.d/xinetd status'
 
After making the changes you must restart xinetd
with  /etc/rc.d/init.d/xinetd restart

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 14-Sep-2001
Time: 08:34:12
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Compile error: -lX11 not found

2001-09-14 Thread Gregor Maier



On 12-Sep-2001 Dave Sherman wrote:
 Hello everyone,
 
 I hope this isn't too far off-topic, since I am running a Mandrake
 system...
 
 I am trying to compile an application that has a GUI front-end. The
 compile dies with an error, -lX11 not found.
 
 This appears to be looking for a library, or a directory containing
 libraries, related to X11. Is it looking for X headers?
 
 I'm not sure where to go from here, so any advice would be very helpful.
 
 Dave

It is looking for the X11 library.
Try to find where this lib is (file something like libX11.so, )
I should be in /usr/lib or /usr/lib/X11

Do you have the -dev package for X11 installed?

Also make sure that the compiler can find it. Try setting the LDFLAGS before
compilation and look at /etc/ld.so.conf. The path to the lib must be in there
when you try to run your program. After changing ld.so.conf you must run
ldconfig!

export LDFLAGS=-L /PATH/TO/X-LIBS

If the compiler complains about missing .h files also set:
export CFLAGS=-I /PATH/TO/X-HEADER
export CXXFLAGS=-I /PATH/TO/X-HEADER
export CPP FLAGS=-I /PATH/TO/X-HEADER

Gregor
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 14-Sep-2001
Time: 08:35:35
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Hard Drive Performance SUCKS under LM8

2001-09-13 Thread Gregor Maier


Have a look in /etc/sysconfig. I'm not sure about LM but in redhat there's a
config file that set hdparm with certain at boot time. 
If you can't find anything there have a look at /etc/rc.d/rc.local. If there's
no call to hdparm add one at the bottom with your desired options.

Also be careful with those data transfer values. What program did you use the
measure it?? Did you use bonnie or something similiar. 
Also be aware that 33MB/sec is the maxmimum transfer rate of the IDE interface.
If there a two devices on the same IDE-Channel then they have to share that
rate.

Maybe your CPU is the problem. I don't know why but for me reiserfs is pushing
a hard job to my CPU. On an AlphaStation 200 with 233MHz the performance of my
harddrive dropped from about 18-20MB/sec (ext2) to about 7 or 8 MB/sec
(reiserfs) - measured with bonnie++. The reason for that drop was that the CPU
couldn't handle it faster (i.e. 98% cpu time, whereas ext2 almost nothing).
And no, I don't have the extra checking option for reiser set.

Since people say that reiser has the best performance I'm really wondering what
would happen if I use another journaling FS.

Gregor



On 14-Sep-2001 Theo Brinkman wrote:
 OK, found hdparm (would have sworn I'd already tried /sbin, but I guess not.
 
 Seems my drives are running in 16-bit mode.  When I switch them to 
 32-bit mode, drive performance nearly doubles (from 2.6-3.7 up to 
 6.3-6.7 MB/sec).  How do I convince it I want it to run in 32-bit mode 
 all the time.
 
 I seem to remember reading somewhere that numbers less than 14 MB/sec 
 indicate that the drive is not properly configured (as 33 MB/sec is what 
 you could maximally get out of pre UDMA drives).  Someone please correct 
 me if I'm wrong.
 
 My other (older) laptop also seems to default to 16-bit mode, but it's 
 numbers are [16-bit] 7.59 MB/sec  [32-bit] 7.62 MB/sec.  I'd expect my 
 new laptop with a 20GB drive (same height and spindle speed) to be 
 faster than the old 4GB drive.  Am I off base here, or not?
 
 - Theo
 
 Theo Brinkman wrote:
 
 I am running Mandrake 8.0 on my Toshiba Satellite 2805-S402 (one of 
 the nice shiny ones with the GeForce2Go).  The performance is great 
 except for one aspect.  The hard drive performance under Linux seems 
 to be much worse than under Win2K.  I ran hdparm -t shortly before I 
 did a reinstall hoping I might spot an elusive option that might 
 help.  In the process of the reinstall, I seem to have missed the 
 package with hdparm in it, so I can't be sure, but I'm not seeing any 
 performance (it takes less time for my old PII 233 Satellite 4000 to 
 load up Mozilla).  Once things are loaded into memory, performance is 
 great, but it takes almost 10 seconds for a terminal window to pop up 
 the first time, but only about 1 second for a second one.

 What can I do to boost hard disk performance.  I've got /, /usr/local, 
 and /home set up as ReiserFS partitions, and /boot as ext2 (that 
 little trick let me upgrade my kernel in 7.1 without the ReiserFS 
 filesystem work-around, so I kept with it).

 I can't verify it until I find the rpm which contains hdparm, but I 
 think I remember the result of hdparm -t was 2.6 or 6.2 Mb/sec. 
 Obviously, either of those is FAR slower than it should be.

- Theo





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

 message.footer

 Content-Type:

 text/plain
 Content-Encoding:

 8bit


 
 
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 14-Sep-2001
Time: 07:34:28
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Cannot telnet or FTP in as root

2001-09-12 Thread Gregor Maier


That's for security. The root user should NEVER be allowed to login directly
over the network (the only acceptable is when using ssh).
I'm not familiar with the ftp config files but I'm not sure if it is possible
to configure the ftp server in a way to allow root logins.

Also note that telnet and ftp transmit the password unecrypted. Everyone who is
listening on your network connection can get you root password.

If you just connect from your local private network where ALL users are trusted
then you could use telnet (for normal users). In all other cases you should use
ssh.

If you want to be able to root over a telnet session then use su -. I.e. telnet
as normal user and then issue a 
su -


Gregor

On 12-Sep-2001 George Petri wrote:
 Hello!  Here's yet another problem that has completely stumped me:
 
 1. If I try to telnet into my own machine with the root password:
 
 [root@cups166 /root]# telnet cups166
 Trying 192.168.1.2...
 Connected to cups166.reisersun.
 Escape character is '^]'.
 Welcome to cups166.reisersun
 Linux Mandrake release 8.0 (Traktopel) for i586
 Kernel 2.4.3-20mdk on an i586
 login: root
 Password:
 Login incorrect
 
 2. If I try to ftp into my own machine with the root password:
 
 [root@cups166 /root]# ftp cups166
 Connected to cups166.reisersun.
 220 ProFTPD 1.2.2rc1 Server (ProFTPD Default Installation)
 [cups166.reisersun]
 Name (cups166:root):
 331 Password required for root.
 Password:
 530 Login incorrect.
 Login failed.
 ftp
 
 I deleted the line root from /etc/ftpusers and restarted xinetd but it
 still won't allow root to login.  WuFTPd in Mandrake 7.2 allowed root to
 login after that line was deleted.
 
 So how do I login using these services as root?  I can login as any user 
 *other* than root, which is somewhat unusual :).  I am using the Medium
 security level.  I know that I should use scp and ssh instead (which I do)  
 but I am just curious as to why ftp and telnet don't work in LM8 (telnet
 doesn't either in LM7.2, but ftp does).
 
 Thanks again,
 George
 
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 12-Sep-2001
Time: 14:16:42
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Connection Sharing with IPtables

2001-09-11 Thread Gregor Maier



On 10-Sep-2001 Tom Badran wrote:
 I asked about connection sharing a short while ago, and got plenty of 
 respones about doing it with ipchains. Todady i decided to make it work with 
 ip tables, and found a very simple script for doing it that i thought others 
 may be interested in. Is in the ip-masquerade-simple howto at linuxdoc.org.
 
 Just thought this might be helpful to a few people.
 
 -- 
 Tom Tomahawk Badran
 Department of Computing, Imperial College

AFAIK there's none there. But just have a look a netfilter.filewatcher.org.
Browse to the HOWTO section and get the Packet-Filtering and the NAT HOWTO (in
the NAT HOWTO is the place to look for masquerading)

Gregor 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 11-Sep-2001
Time: 08:49:22
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Which Packages?

2001-09-10 Thread Gregor Maier


Just a short question about this.
If I use original (kernel.org) kernel sources and then build a new kernel
should / must I copy the header files from KERNEL-TREE/include/linux to the
appropriate location (/usr/include/linux)

Gregor

On 09-Sep-2001 civileme wrote:
 On Sunday 09 September 2001 08:02, Dennis Myhand wrote:
 A brief question to the list.  I just downloaded the 2.4.8 kernel,
 source, header, and documentation packages from rpmfind.net, after
 seeing that the 2.4.7 update was listed in my security update list.  I
 have been reading the notes about NOT using Mandrake update and to do it
 manually.  My question is, which packages and in what order do I install
 them?  Thanks, Dennis in Victoria
 
 
 If you have a plain vanilla desktop system without multiple CPUs and are not 
 using a server, then the kernel-headers and
 
 kerbel-2.4.7-12.3mdk.i586.rpm
 
 Should be sufficient., though it is good policy to download and install 
 kernel-source..
   
 
 If your system is a bit more complicated, you will need a different set.  So 
 if it is complicated, please  tell the list what it is and someone will make 
 a recommendation.
 
 Civileme
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 10-Sep-2001
Time: 09:20:21
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Kernel 2.4.7

2001-09-07 Thread Gregor Maier


The main reason for initrd's is not filesystems. There aren't that much
important filesystems the kernel must know before loading modules  and they can
easily be build into the kernel itself.
The reason are more the SCSI-Controllers, Network card (for network boot).
Since the kernel must have these drivers to be able to boot the system.



On 07-Sep-2001 lhon wrote:
 Hi Scott,
 
 Many distribution are very confuse (foolish), most distribution need this
 kind
 of
 file to load something in RAM first to function , e.g. some type of  file
 systems, but the kernel
 of  2.4.7 seems not need to load some modules first and already bundled in,
 e.g.
 reiserfs file system, you should check.
 
 I tried many (over 10) famous distributions of Linux, nearly no one help to
 create
 this file, a command mk_initrd or mkinitrd should do so, but need manualy to
 do.
 Wonder, these distribution are all contain document in their web site teach
 people
 about early modules loading process and to use these 2 commands.
 Except specially build the post-install steps, rpm natively not create this
 file, it is
 realy surprise me before.
 
 Don't think you can create back initrd.img file after reboot if not previous
 create.
 
 Nowaday, harddisk is much cheaper , just install new kernel and update
 lilo/grub and
 make initrd.img,  don't upgrade/replace the working kernel.
 
 Even just update/upgrade some simple packages will cause the system problems.
 
 Regards,
 Leo Hon
 
 Scott Thurmond wrote:
 
 I used the software manager to upgrade my kernel from 2.4.3 to 2.4.7.

 I noticed the new files in my /boot directory, except the initrd-2.4.7*img
 file.

 Do I have to change the links to point to the new kernel or should the
 software installer have done that for me?

 -Scott

   
 Want to buy your Pack or Services from MandrakeSoft?
 Go to http://www.mandrakestore.com
 
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 07-Sep-2001
Time: 09:56:29
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] gets error: fsize is exceeded by using su

2001-09-07 Thread Gregor Maier


Looks like the disk quotas for that user is full. When a X-sesion starts it
writes something to harddisk (homedir, I think). On the console it doesn't.
Use quota to check if that's the problem. 

Another possibility would be that the disk is full. On each filesystem there is
some space reservered for root. So when some user fills up the disk root can
still work. Have a look at this too. 

IIRC there's a limit.conf file in /etc but I don't know what you can do with it
- but I think it's worth a try.

If all else failes, maybe some log file is too big (IIRC ext2 can't create
files larger than 2GB) - so maybe you have such a file (although that's really
unlikely).

Hope that helps.



On 06-Sep-2001 Juergen Hammelmann wrote:
 
 I get a strange error when I tra to log in as a user by su
 after setting the password su fails with the message that the maximal 
 file size is exceeded (Die maximale Dateigrv_e ist |berschritten)
 This error comes when working in XWindows not at the console.
 
 Whats the error?
 
 Ciao, J|rgen
 -- 
 email: [EMAIL PROTECTED]   address: J. Hammelmann, Br|hlstr. 6
 phone: +49-7034-61578, +49-179-2178869  D-71157 Hildrizhausen,
 Germany
 fax:   +49-7034-652189
 www:   http://www.mathematik.uni-stuttgart.de/~hammelje
 
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 07-Sep-2001
Time: 13:43:11
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Linux mandrake security firewall

2001-09-06 Thread Gregor Maier



On 06-Sep-2001 William R. Nash wrote:
 Hello i need some help with Linux mandrake security firewall.  I'm trying to
 set up this firewall at home.  I need to open ports tcp 1494 and udp 1604 so
 i can use citrix from home.  i added the ports and when i use nmap it states
 that the ports are closed.  i need to have this ports open so i can work. 
 thanks Bill Nash.
 
 P.S. all the other ports i have open states they are open.  Not sure why i
 can't get citrix to work with this firewall.
  the program work great before the firewall.

If you just open the ports in the firewall you won't see anything with nmap.
First you need a programm that listens on these ports. I.e. you must start the
server first, then you can use nmap to check if the ports are open. 

If you've already done this make sure which side tries to establish the
connection maybe you need to add another rule to the firewall. 

Gregor 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 06-Sep-2001
Time: 16:38:35
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Re: [newbie] Ximian Gnome

2001-09-04 Thread Gregor Maier




I just wanted to say that I use quite old machines with gnome and its pretty
fast. I use gnome on a PII-350 with 128MB and on a P166, also with 128MB. And I
never had serious problems with speed. 
Maybe it would help to turn off some gimmicks (like animated menus, opaque
window moving. color depth, transparency effects)
Or shut down some programs you don't need all the time (like nautilus)

Gregor

On 04-Sep-2001 Mark Weaver wrote:
 Dave Sherman wrote:
 
 At 07:56 PM 09/03/2001 -0400, Mark Weaver wrote:
 
 In order to do that I would have to come up with a real good reason 
 why my machine needed more RAM so my supervisor would be willing to 
 spend the money.   !!!  Not to mention that fact that this machine 
 isn't a slouch my any stretch of the imagination. I figure if a 
 machine of this type has to labor that much to run a desktop then 
 there's something inherently wrong with the software that is being 
 run. Maybe the resource management of the desktop isn't what it 
 should be.

 It wasn't that it was hogging the CPU. what was making me crazy was 
 the fact that with 128MB of RAM there were so many processes running 
 taking care of Nautilus and all the others that it started hitting the 
 swap! and THAT was just for the desktop! thats just plain poor 
 software design if you ask me. It's got an absolutely beautiful GUI, 
 but WAY too expensive to run and expect to get any amount of work 
 done. I personally wouldn't mind seeing this addressed by the developers.

 Mark
 
 
 Jeez Mark, don't hide your feelings like that, or you might really lose 
 your temper later! ;-P
 
 If this is an office/work/production PC, then you probably shouldn't be 
 loading *beta* quality software on it anyway. For what it's worth, I 
 don't use the Nautilus file manager. I really just wanted to try 
 Evolution, and figured I might as well do the full Gnome update (sans 
 Nautilus) at the same time. Even with just Evolution running, there are 
 several processes running, taking up several MB of memory.
 
 Dave
 
 
 Sorry about that... sheepish grin didn't mean to rant. Its just that I 
 saw some really nice things in Gnome/sawfish, but got frustrated because 
 it bogged down the machine the way it did. It makes me wonder what in 
 the world they're programming for. This machine is only a few months 
 old, as is Mandrake 8... at this rate i'd need a 1.5Ghz machine just for 
   this desktop to be fluid.
 
 Actually, all in all it's funny what one finds to complain about when 
 you no longer have to reboot all the time and worry about system freezes.
 
 -- 
 daRcmaTTeR
 =/\=???
|%C++
 
 Beware of little sins. Mosquitoes drink more blood than lions.
  Author unknown
 
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 04-Sep-2001
Time: 09:23:06
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] Compile problems with kernel-2.4.8-11mdk

2001-09-03 Thread Gregor Maier


Hi all,

yesterday I tried to compile kernel-2.4.8-11mdk with
absolutely no success.

I also use a self compiled kernel. After downloading the
kernel-source-2.4.8-11mdk and kernel-headers I did a
make mrproper, then I copied my previous .config (from the stock 2.4.3 kernel,
that came with 8.0) added one option (network card rtl8139) and tryed to
compile the kernel.
I got an error message concerning the symSOMETHING scsi controller. 
I tried changing options, adding this, removing that, changed between compiling
several options as modules / into the kernel.
Then I tried to use kgcc instead of gcc in the Top Level Makefile.
But I always got error message (at different points) but I wasn't able to get
the kernel to compile.
I also tried a make oldconfig and change it and again no success in compiling.

After some hours of reconfiguring and trying to compile I got pissed off,
downloaded a pure 2.4.9 kernel from kernel.org copied my 2.4.3 .config file,
added the desired option (rtl8139) and it worked on the first compile run.

I had the same problems some time ago when I tried to compile the original
2.4.3 kernel from LM8.0 - but I somehow managed to compile it.

So my question is: what fancy patches are applied to Mandrake kernels?? Why all
these problems when compiling mdk kernels while pure kernels from kernel.org
work as expected. I know that the mdk kernel is patches in order to get some
additional features, but I think there's some lack of proper testing with
different configurations - especially with slimmed down kernels such as mine.

I like LM very much but I think they should do something against this problem.

I came to the conclusion, that I'm not going to use just pure kernels from
kernel.org and apply the patches myselft if I really need them. I regret not
being able to use the cooker kernels but until this problems are solved I'm not
wasting my time again trying to get the kernel compiled.

So what does the list think about this. Am I missing some important point??

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 03-Sep-2001
Time: 11:09:46
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] Compose key, sun like keys under X

2001-09-03 Thread Gregor Maier


Hi all,

i'm trying to use the win95 keys on my keyboard do to something useful.

I already manages to change the console kmap so that the Start / Menu key
(keycode 127) is used as compose key.

Unfortunaly I wasn't able to do so under X (XFree 4.something).
I tried playing with Xmodmap but couldn't figure out how to do it. I know that
it is also possible to do this in the XF86Config-4 file but that didn't work
either (and I prefer changing Xmodmap).

My questions:
- How can make the Win95 key (or any other key whose keycode is known) the
compose key under LM8.0 using Xmodmap (where's the global Xmodmap file anyway??)

- Is it possible to fake the keys on a left-hand-keys sun keyboard (like bring
the window under the cursoer to the front if FRONT key is pressed, PASTE key
(behaves like the middle mousebutton when pasting text), ...)
I would like to bind such a function to another win95 key. How can this be done
with xmodmap.

Thanks in advance

Gregor


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 03-Sep-2001
Time: 10:38:38
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Internet Connection Sharing w/ Linux Win2000

2001-08-30 Thread Gregor Maier



On 28-Aug-2001 Leif Madsen wrote:
 I'm hoping I can figure this out with software as I am a poor student going 
 to school and can't afford a PCMCIA network card :)
 
 There's got to be SOME way... I would think...?
 
 On Wednesday 29 August 2001 18:09, you wrote:
 I know on my windows 2000 machine, I hade two Ethernet cards, one for
 home, and one for the road, and when they were set-up, my network
 settings would automagically change depending on which card was
 inserted.  Probably won't work that easy if you have an internal
 card, for this I think you could use a single PCMCIA card and have
 two different hardware profiles to choose at boot time.
When want a pure software solution you can try to make your home network look
like your school net. 
First of all: is your school configuration with static ip-adresses or with dhcp
/ dynamic adresses and DNS entries.

if its completely dynamic (all settings are dynamic including dns): Set up a
dhcp server on your linux box and it should work.

If not this should work:
If your school uses private IP Adresses (192.168.*, 10.*, ...) use the same
one for your home network. Give the linux machine the address of the school's
dns server. 

Gregor
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 30-Aug-2001
Time: 08:54:40
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] ipchains problem on 2.4.9

2001-08-30 Thread Gregor Maier



On 30-Aug-2001 Dianne Marie Montesa wrote:
 thanks for the link and advice. 
 
 ill read the link and see how much time i would need
 to get it working on that machine. im quite pressed
 for time that is why im trying to find the fastest
 solution. 
 
 cheers!
The syntax is almost identical. But iptables can do a many more things.
I don't know the document in the link. I used the Packet-Filtering and NAT HOWTO
from netfilter.filewatcher.org

The are very good. And if you are familiar they have a little summary
concerining the changes between ipchains and iptables.

Gregor

 --- J.P.Pasnak [EMAIL PROTECTED] wrote:
 On August 30, 2001 10:23 am, you wrote:
ipchains: Incompatible with this kernel
  
   ipchains has been replaced by iptables
  
  

 http://www.linuxnewbie.org/nhf/intel/security/iptables_basics.html
 
  Yes, but ipchains compatablity is still a kernel
 option.
 
 Quite true, but I would suggest migrating now if
 possible, as everything I've 
 read says eventually ipchains compatibility will be
 dropped, and it is quite 
 simple to get working.
 
 -- 
 Live fast, die young,
 you're sucking up my bandwidth
 
 J.P. Pasnak, CD
 Warped Systems
 http://www.warpedsystems.sk.ca
 http://canopener.ca
 
  Want to buy your Pack or Services from
 MandrakeSoft?
 
 Go to http://www.mandrakestore.com
 
 
 
 __
 Do You Yahoo!?
 Get email alerts  NEW webcam video instant messaging with Yahoo! Messenger
 http://im.yahoo.com
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 31-Aug-2001
Time: 08:08:14
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Zombie in paradise...

2001-08-28 Thread Gregor Maier



On 28-Aug-2001 J. Craig Woods wrote:
 Sergio Korlowsky wrote:
 
 On Tuesday 28 August 2001 12:00 am, you wrote:
  Greetings,
 
  Has anyone taken the plunge into 2.4.8-12mdk? I have done so, and I am
  observing some strange things. For one, top shows one zombie running,
  and I can not figure out what it might be. No amount of ps commands
  with every possible arg has yet to reveal this zombie. On every other
  UNIX system that I have worked on, a zombie is NOT a wanted daemon. My
  gut, not my head, tells me it has something to do with keytable
  because, on several boots, it failed to start. I took a look at
  etc/sysconfig/keytable, and all entries look correct. Does anyone have
  a trick to identify a zombie on Linux? Is this a bug in 2.4.8-12mdk?
 
 I did... and I am back to 2.4.8-5mdk
 is not by any chance kpnpbios defunct Z  I had that before... h
 
 Sergio,
 
 You hit first time out, buddy! What the hell is it, some kind of process
 for running a kde version of plug  plug? It has no pid assigned to it,
 how do you kill it? And thanks...
 
Just guessing here but I suppose the k stands for kernel. Is that's true then
it's a kernel process/thread which cannot be killed from userspace. This also
means that it doesn't take any resources.
There's some similiar discussion on this list concerning some other kernel
process. IIRC Civileme said that newer version of ps/top will handle such
processes and not show them.

Gregor


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 28-Aug-2001
Time: 09:01:04
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] printer woes

2001-08-27 Thread Gregor Maier



On 26-Aug-2001 Bruce E. Harris wrote:
 Gregor,
 
 Problems persist. I think I have the symbolic links right, but when I start 
 printtool it does not see my printer, when I try detect I get this error
 Could not find pconf_detect command-line utility
 required for auto-detection. Make sure
 that the gnulpr printfilters package is
 properly installed.
 
 Any suggestons? 
 
 TIA 


Right now I don't have any ;-)

I don't have access to my machine now but I'll have a look. Tomorrow I can tell
you what I excatly did...

But maybe this will help:
Is the gnulpr package installed correct?
What't the version of your printtool program?
Maybe you can configure your printer without auto detect..

BTW: Which printer do you have. I think I delete your original post...

Gregor


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 27-Aug-2001
Time: 09:04:19
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] mount other file system on mdk 8.0

2001-08-27 Thread Gregor Maier



On 27-Aug-2001 Oscar wrote:
 Sergio Korlowsky escribis:
 
 On Sunday 26 August 2001 10:25 am, you wrote:
  On Sunday 26 August 2001 05:11 pm, thus spake Oren Gozlan:
while installing mandrake and win 2000 on the same machine, the mdk
  
   detect the other file system and created an entery in the /etc/fstab to
   mount it to /mnt/windows...
  
   but, while trying to access to the mount, i gety masseges that file
   system is read only ...
   this is the line in the /etc/fstab
   /dev/hda5  /mnt/windows vfat
   user,exec,suid,dev,rw 0 0
  
   does anyone have an idea ?
 
  At this time, the NTFS filesystem is read-only. I have heard there is
  experimental write-support in the kernel source, so you can recompile
  your kernel to get it. But please note that it is not considered
  release-ready code, and should *not* be used on production systems.
 
  Dave
 
 Yes.. but if you check the line in fstab it reads vfat   not ntfs ;-)  and
 is
 'rw'  what I think its wrong, is... it is not mounted!
 
 mmm... but, is the filesystem ntfs or vfat? If fstab refers to vfat and
 the filesystem is ntfs, this is the reason because the filesystem is not
 mounted.
 As Dave says, ntfs filesystem is read-only because write-support is
 experimental. In order to read the filesystem you can change vfat to
 auto. If you need read-write access you must recompile your kernel,
 too.
 

Actually I don't think that the partition is NTFS at all. I've a vfat and a
ntfs partition on my harddisk, but the installation program of LM 8.0 just
recognized the vfat partition and added it as /mnt/windows.
That's why I think that we are facing a vfat partition and not a ntfs one.

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 27-Aug-2001
Time: 11:28:29
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] Emptying CUPS print queue

2001-08-23 Thread Gregor Maier



On 22-Aug-2001 J. C. Woods wrote:
 D. R. Evans wrote:
 
 On 22 Aug 01, at 22:04, DStevenson wrote:
 
  On the machine with the pinter attached:
 
   lpq -   to show what jobs are in the queue
   cancel [job id]   -   to kill the job
 
  Always works for me.
 
 
 Nope. cancel is the same as lprm, and that's the first thing I
 always try, in the forlorn hope that perhaps this time it will work.
 Yes, the queue status says that it's empty but the printer keeps
 spewing out the screwed-up binary.
 
 It works fine (here) for removing yet-to-be-printed jobs from the
 queue, but not for ones that have started printing.
 
   Doc Evans
 
 Have your tried lprm-cups? Do you even have such an executeable,
 /usr/bin/lprm-cups?
 

lprm is a link to lprm-cups or the lpd  lprm.

Maybe you can switch back to lpd printing if cups isn't working out for you.
I've also switched back to lpd because I couldn't set up the printer as I
wanted.

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 23-Aug-2001
Time: 08:58:13
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] printer woes

2001-08-23 Thread Gregor Maier



On 22-Aug-2001 Bruce E. Harris wrote:
 I have tried everything and can not get my printer to work with MK 8--it did 
 for a time under 7.2 until I upgraded cups. I never has this printer or my 
 pervious, Canon BJC 6000 work under MK 8.
 
 I have a Epson Stylus Photo 870 connected to my parallel port and tired USB. 
 It did work with USB, but painfully slow and very faint--totally unusable. I 
 tried the web interface with cups and I see the printer there but cant get it
 to print. I tried KCUPS and that is how I got the USB to work (sort of) but 
 it will not see my parallel port. Under Mandrake Control Center, Hardware, 
 Hardware, I see a printer icon, but nothing identified for it, as if it is 
 empty. Under Printer, I try to set it up but get an error saying lp not 
 ready. Then I delete the printer and reinstall and still wont print. It acts 
 as if my parallel port is not there. But this printer works great under Win95
 attached to the parallel port. But all the software I use is Linux, so that 
 point is really mute.
 
 What else can I try?
 
 This problem is getting critial since I need a working printer for my new
 job.
 
I got similiar problems with cups so I switched back to lpd.
I uninstalled the cups packages, installed the lpd packages then I downloaded
printtool from RedHat (either hasn't Mdk got printtool anymore it just work
with cups). Then I configured my printer with printtool just as I did in LM 7.1
and it worked fine.
You should check the lpr, lprm, lpq commands IIRC they are symbolic links that
need to be adjusted if you switch to lpd.

Gregor


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 23-Aug-2001
Time: 09:10:17
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] file block size

2001-08-23 Thread Gregor Maier



On 22-Aug-2001 Scott St. John wrote:
 Hi everyone-
 
 We are considering finally putting Mandrake in production to replace some 
 outdated
 FreeBSD servers.  We have 70gig raid controlled servers, but seem to have
 some
 trouble with changing the default file block size.  This box will serve as 
 a web server
 and we want to drop the file block size down to avoid using up the drives 
 on little
 html files.
 
 Any advice on where to start?
 
 Thanks for your help.
 
 -Scott
i don't know for reiserfs, but you can sure do it with the ext2 filesystem. 
The thing you need is 

mke2fs -i BYTES-PER-INODE ...
of mke2fs -N NUMBER-OF-INODES
have a look at the man page of the appropriate mkfs man page for more
information.
I suppose that there is a similiar thing with reieserfs.

This BYTES-PER-INODE is also the number of bytes a file will occupy on all
circumstances on your harddisk. But don't make this value too small because
then the number of inodes (the max. number of files) will become quite big and
you diskspace and performance.

AFAIK the default value for such fs-sizes is 8k per inode. Probably a value of
1 or 2k will fit your needs. 

Gregor


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 23-Aug-2001
Time: 09:18:40
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] KDE uses always at least half the power of the proc

2001-08-23 Thread Gregor Maier



On 22-Aug-2001 Olaf Marzocchi wrote:
 Yesterday I had to compress a big tar archive (350MB) with Bzip2.
 I launched it from a console inside KDE, then in a second console I 
 launched top, that told me KDE was using 46% (at least) of the 
 processor's power, and bzip2 45-50%.
 I thought it was strange, since KDE was doing NOTHING!! that console was 
 the only app running!
 
 Could you explain this? One (among many) reasons to switch to Linux is the 
 better use of the power, so what is this?
 
 Another (silly) question: I didn't remember how to compress the archive 
 with tar then bzip using a single command line, in order to have only the 
 final .tar.bz2 file in the HD without passing from the .tar file. Could you 
 write it?
 

for the compression use the -j option to tar
i.e tar cfvj xxx.tar.bz2 somefiles
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 23-Aug-2001
Time: 14:31:36
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] Problem with Traffic on my Interface

2001-08-22 Thread Gregor Maier



On 22-Aug-2001 Angus Beath wrote:
 Are you running any time of firewalling? That would just drop packets like
 this quite easily. I get port scanned all the time,
 but I've got iptables set up to DENY any packets going to the wrong ports. If
 you set it up with Bastille-firewall or the
 firewall configuration thing in DrakConf, you should be able to deal with
 this problem. It looks like you were just scanned
 anyway, not actually attacked. Have a nice day.
 
 Angus 
 
 
It looks to me that he is running a firewall because the log says it has
DENYied the package.

If you don't want these logs you'll have to reconfigure your firewall so that it
doesn't log this information.

Gregor
 
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 22-Aug-2001
Time: 08:42:55
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

[expert] Make the mouse faster

2001-08-22 Thread Gregor Maier


Hi all,

how can I make my mouse faster (i.e. the mouse pointer mouses further with the
same movement of the mouse itself).
I suppose this has to be done somewhere in the X configuration.

The mouse acceleration in KDE is not the thing I want.

Thanks,

Gregor



--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 22-Aug-2001
Time: 14:55:56
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] Make the mouse faster

2001-08-22 Thread Gregor Maier



On 22-Aug-2001 Thierry De Corte wrote:
 Use xset m 10...
 
Thanks, sometimes the solution is so easy that you don't see it.

I was looking in the XF86Config file.

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 22-Aug-2001
Time: 16:32:54
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] ManHat

2001-08-16 Thread Gregor Maier



On 14-Aug-2001 Mark Belanger wrote:
 I'd like to install Mdk8 or FreqN, remove all kernel packages
 and replace them with the stock Redhat 7.1 kernel(2.4.2-2).
 
 Should there be any problem doing this for an ext2-only system?
 
 I need to use Clearcase 4.2 which is very particular about the
 kernel  it really wants the stock RH kernel.
 
 -Mark
 
This shouldn't be a problem. Another possibility would be to check out the
patches RH applies to the pure kernel, get them and apply them to a kernel
from kernel.org


Gregor 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 16-Aug-2001
Time: 09:21:08
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

Re: [expert] Netscape wish using up memory

2001-08-16 Thread Gregor Maier



On 15-Aug-2001 Jaime Herazo B . wrote:
 * Naka Gadjov ([EMAIL PROTECTED]) wrote:
 Netscape is using much memory everywhere. In Windows, and strange NS suffers
 by same problems in Linux too. I am waiting for a 5 years for a new version
 that do not have memory leakage, but at the moment there is not. Strange
 Mozilla have the same problem.
 
 I prefer Opera, but usually i stick with lynx :)
 
 You could check out konqueror too

I also prefer Opera. It's amazingly fast it's much more stable then netscape.


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 16-Aug-2001
Time: 09:23:36
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] Non-destructive Linux Partition re-size

2001-08-13 Thread Gregor Maier



On 13-Aug-2001 Lonnie Cumberland wrote:
 Hello All,
 
 does anyone know if there is something like FIPS for Linux?
 
 I need to re-size an ext2 partition so that I can make another one without
 loosing my existing data?
 
 Thanks,
 Lonnie

Note: If you resize your /boot partition (where the kernel is) then you'll have
to rerun lilo. Lilo writes the address of the kernel and the
bootloader to the bootsector when you run it. The resising may or
maynot change the location of the bootloader and the kernel on the disk but you
should run lilo just to make shure.

Gregor


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 13-Aug-2001
Time: 17:05:30
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] Domain Name

2001-08-13 Thread Gregor Maier



On 13-Aug-2001 George Petri wrote:
 Hello again!
 
 Suppose I were to buy my own domain name and run the apache webserver
 off my computer (mandrake 7.2)...
 
 What is the difference between http://domainname.com and
 http://www.domainname.com.  Are they both the same?
 
 Because, some websites can only be accessed via http://domainname.com
 (e.g. http://x42.com), while most only work with www.
 
 Thanks,
 George

This depends on how you set up your DNS server.

If you want to setup your domain you'll need two permanent nameservers.
(Normally one will be at your provider).
If you just want your apache webserver with a domain name you can look at
dyndns.org for example.  It's free and probably enough. If you donate to them
you can have more complex configurations too.

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 13-Aug-2001
Time: 16:08:50
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] * does not select all files

2001-08-13 Thread Gregor Maier



On 13-Aug-2001 George Petri wrote:
 Hi!
 
 Does anyone know why * misses hidden files such as .kderc?
 What is the reasoning for that?
 
 I mean to select ALL files, now I have to specify (in bash, of course):
 
 * *.[a-zA-Z]
 
 to my programs e.g. cp * *.[a-zA-Z] /somefolder.
 
 It is also a pain to type!  Is there a better way to select ALL files?
 

cp .* * /somefolder should work


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 13-Aug-2001
Time: 16:07:04
--



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://.mandrakestore.com

RE: [expert] User migration between two linux.

2001-08-09 Thread Gregor Maier



On 09-Aug-2001 Simon Li wrote:
 Dear all,
 
 Hi all, I guess i can ask this question here mandrake is similar to RH ?...
 
 I have two Rh6.2 system Kernel 2.2.14, (and I guess the
 installatoin disc are the same one too).
 
 I want to move:
 1) User accounts (around 1200), and
 2) Their files (webpage, email inbox)
 to the another RH system, where it has little users and files, and plenty
 free HHD space.
 
 Since the desination server has little users, i guess it is okay coz the
 userid
 would not overlay too much. (Userid below 500 are system account, and
 they have similar setting on the two system)
 
 My solution was:
 To append /etc/passwd, /etc/shadow and /etc/group to the desntination
 system. (with some manual editing)
 
 Outcome:
 It is fine  for passwd and group file. But the /etc/shasow file is locked.
 I sued as root and checked lsattr, they went fine. I guess the kernel (or
 something is lock it up?). I tried fuser /etc/shadow and it gave no clue.
 
 Since i am not able to shutdown these two server for long time or dis-
 assemble them, what should i do if I want to do things this way?
 
I don't know what causes the problem with the /etc/shadow file? Can you edit it
by hand with an editor. Are you sure you were root when you tried to read /
write the shadow file. /etc/shadow can only be read as root.

You could use NIS to export your users to the other machine. But that may be a
security risk since the encrypted passwords can be read by everyone.

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 09-Aug-2001
Time: 09:03:30
--

RE: [expert] Why I can't see all packets on my network segment?

2001-08-09 Thread Gregor Maier



On 08-Aug-2001 Zilvinas Atkociunas wrote:
 Hello mdk fans,
 
 I hope someone could explain me why I can't see my segment packets on my
 promisc workstation (mdk7.2, 2.2.17 kernel, running tcpdump turns PROMISC
 flag to state on). I can watch only packets coming to and from my
 workstation.
 
 Thanks in advance,
 
 zilvis
 
 BTW: The label on the box where my ws is plugged into plainly says Dual
 speed 16-port Ethernet/Fast Ethernet Hub  so this is not switch. ;-)
 
IMHO some switch / hub manucfactures (especially low cost) don't care very much
about the difference between hubs and switches. There are names like 10/100
Dual Hub, Switching Hub, ...

So I think what you got is a switch. Or it is something between a hub and a
switch.


Gregor
 
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 09-Aug-2001
Time: 09:17:15
--

RE: [expert] GCC 3.0 install failure

2001-08-07 Thread Gregor Maier



On 06-Aug-2001 Jesse Hepburn wrote:
 I'm trying to upgrade to GCC 3.0 (because 2.96 is buggy).  Whenever I
 try to make it (using make --bootstrap) I get preprocessor errors and
 the make fails.  Is this a known problem, or is it just me?  Any help
 would be appreciated.
  
 Cheers,
 Jesse

I suppose you got a problem with libstdc++ with a file called gthr.h.
This is problem with sed and locale. (I can't remeber what it was excatly but
the solution is to set LC_ALL=C and LC_COLLATE=C
export LC_ALL=C
export LC_COlLATE=C

now you can do your make bootstrap.

AFAIK gcc-3.0.1 should already have a fix for this

Gregor

PS: Please add information to you next post (describe the problem more closely).
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 07-Aug-2001
Time: 09:12:39
--

RE: [expert] Can't Access My linux box! R there any experts out

2001-08-02 Thread Gregor Maier


 Hi:
 
 I have a linux(mandrake) server and its hosts.deny file deny All except
 localhost and another ip 
 The problem is that I am not able to access this server remotely through
 telnet from any machine not
 even from the machine having same ip as mentioned in the host.deny file.
 Only once I could access it
 remotely through telnet from machine with ip.
 
 Error msg that I get is Remote system refused the connection ..
 
 And also I am not able to login through server terminal because the keyboard
 is not getting connected. 
 when I connect the keyboard, initially three lights of the keyboard(caps, num
 and scroll  lock) blinks 
 for a second and then goes off.
 
 I am using this server as gateway, its runing fine other than the fact I am
 not able get hold of it :)
 
 Can anyone help me out ? Have my server been hacked ?
 

Have a look at the xinetd config files (/etc/xinetd.d/*
/etc/xinetd.conf).
There's a only_from options maybe this is set to.

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 02-Aug-2001
Time: 09:02:14
--

RE: [expert] Logging uptime

2001-08-01 Thread Gregor Maier



On 31-Jul-2001 Mads Rasmussen wrote:
 
 
 I would like to log the uptime of our systems, just I cannot see into the 
 future to expect when a system crashes so an aproach that logs, like 1 time 
 per hour should do it.
 
 I guess you could run a crontab script that just cat's the uptime output into
 /var/log/uptime
 
 This however will be overwritten when the system comes back up, so I thought 
 it would be better to log in two files a live one and a backup one.
 
 Like 
 
 uptime  uptime.running
 uptime  uptime
 
just use uptime  uptime.log
the double  will append the the output to the uptime.log instead of
overwriting the file.

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 01-Aug-2001
Time: 09:12:27
--

Re: [expert] ip_masq in 8.0 ?

2001-07-30 Thread Gregor Maier



On 30-Jul-2001 [EMAIL PROTECTED] wrote:
 On Mon 30 Jul at 01:47:30 -0400 [EMAIL PROTECTED] done said:
 
 IPtables, as I mentioned in the other group...
 
 That reminds me, I've been meaning to mention how big of a pain in the
 ass it is (well, not really, but I just think it could have been done
 better) that iptables is built in to the RPM-ised kernel by default which
 eliminates having ipchains built as a loadable kernel module.  IMHO,
 it'd be much more simple to build them both in as modules and just have
 the user do an insmod on whichever they plan on using if and when they need
 them.  Just my $0.02...

AFAIK The iptables is ALWAYS used in 2.4.x kernels (either as modules or
compiles into the kernel). The ipchains module is (as is the ipfwadm module)
is just for compatibility it translates calls to ipchains to the matching
iptables rules. This means you will always need iptables (even if you use
ipchains). And ipchains is just needed if you want to use the old ipchains
command.

Gregor 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 30-Jul-2001
Time: 10:43:50
--

RE: [expert] CD Writing

2001-07-30 Thread Gregor Maier



On 30-Jul-2001 Felix Miata wrote:
 
 My immediate goal is to get a bootable Mandrake 8 CD and install it in
 place of 7.1 on #3. 
 
 The only CD writing I've done so far is with the windoze software that
 came with the Yamaha (Adaptec whatever), installed on the SCSI HD in the
 external SCSI HD, using machine #2  windoze. I've not yet burned from
 an ISO. I'd *like* to do all current and future writing using Mandrake
 Linux if possible, but not if it means an elaborate setting up in 7.1
 that will be summarily scrapped in order to replace the 7.1 installation
 with 8.0. The reality is if the windoze Adaptec software can easily
 create the Mandrake 8 CD from an ISO, but this is something I don't know
 either. That software, like most free and cheap software, came with no
 printed docs to check.
 
 I've browsed Linux/HOWTO/CD-Writing-HOWTO and its FTP link to various
 cdrecord versions. My initial impression is this is a bear to get set up
 - unless, my easy (default) installation of Mandrake 7.1 has already
 done what I need.
 
 Questions:
 
 1-Can it be said unequivocally that my Mandrake 7.1 is already set up 
 ready to burn?
Probably yes. You have to install the cdrecord rpm if this isn't already done.
If it is installed do a cdrecord -scanbus. This will scan your scsi bus for
your cd recorder. Remember the three numbers you get in the line of your
recorder. Then you just have to do a 
cdrecord -v -eject speed=xx dev=a,b,c filename.iso
where xx is the speed of your cdrecorder. a,b,c are the values you got from
cdrecord -scanbus (a is the number of the scsi bus, b is the scsi id, and is
the lun.) 


 
 2-If 1 is false, is there an easier way than digesting the whole of the
 (not too good IMO) HOWTO to figure out what is and is not already
 prepared?
You want to try xcdroast (doesn't come with LM AFAIK). It's a
quite good graphical frontend for cd-burning. You must have mkisofs and cdrecord
installed in.
 
 3-Is there someplace better than the HOWTO to explain CD writing under
 Linux?
The actual CD-Burning is easy. I think the HOWTO is quite good altough it
doesn't disdinguish between basic and advanced issues.

If I want to burn a data cd on my system is just do a 
mkisofs -v -R -J -T -l -o filname.iso directory-with-data 
cdrecord -v -eject speed=xx dev=a,b,c filename.iso
That's it...

Or I use xcdroast.

Note on burning under windoze:
I think you got adaptec easy cd cdreator, which supports burning iso files. But
have another name for it (i think something like CD-Image or RAW,...)

Hope this helps
Gregor


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 30-Jul-2001
Time: 17:14:36
--

RE: [expert] how to convert from ext2fs to reiserfs ?

2001-07-27 Thread Gregor Maier



On 27-Jul-2001 Daniel Woods wrote:
 I want to upgrade a current LM7.1 server with 8.0-Freq version.
 I will do a fresh install but not re-formatting /home, /usr/local,
 /var to keep the data as is. The other partitions can be formatted.
 They are currently ext2fs and I wanted to know if the install
 would convert them to reiserfs if I ask it to, or do I simply install
 as ext2fs and then convert all partitions later ?  How do I convert
 the partitions (what commands, docs) ?
 
 Thanks... Dan.
 
I think it's not possible to convert directly from ext2 to reiserfs. I also
want to switch from ext2 to reiserfs.
I would suggest that you backup your ext2 partions and  make the
old partitions reiserfs (mkreiserfs), which will destroy all data on the
partition. Then you can restore your file from the backup to the new reiserfs
partiotions.

If you want buy / have a new harddisk you could just create the reiserfs
partitions there and then copy the files from the old partition (using cp -a).
 
But either way you will need enough harddisk / backup space.

Gregor
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 27-Jul-2001
Time: 09:02:01
--

RE: Re[2]: [expert] Problem with FTP server

2001-07-27 Thread Gregor Maier



On 26-Jul-2001 Rusty Carruth wrote:
 Glen Sagers [EMAIL PROTECTED] wrote:
 No, I don't think so.  All the machines are technically workstations, a
 desktop, a
 laptop, and a win machine.  Mandrake ICS is setup, but I haven't manually
 configured much of anything on them, yet.  I'd just like to be able to
 easily
 transfer files from the laptop to the desktop, as well as the browsing
 capability
 that ICS provides (working fine).
 
 Do I need to manually setup DHCP or DNS?
 Glen
 
 Well, sort of.
 
 In /etc/hosts on all machines, add the ip addresses and names
 of all the machines.
 
 Sorta like this:
 127.0.0.1   localhost   localhost.localdomain
 10.40.1.1   amachine
 10.40.1.2   anothermach
 10.40.1.3  yetanother
 
 and so on.
 
 Then it should be much faster...
 
 rc
If who have Windows machine as you said above you may also want to enter this
information in the WINDOWS-DIR\hosts file.

If you're network gets bigger you may want to setup a small dns server for your
network. The method with /etc/hosts works fine. But you'll have to keep all
hosts files on all machine up to date or you'll fancy results.
If you have more than 5 I would really suggest to setup dns. Have a look at the
DNS-Howto. It's quite good and you get a working dns server in (almost) no time

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 27-Jul-2001
Time: 09:15:40
--

RE: [expert] xcdroast woes

2001-07-25 Thread Gregor Maier



On 25-Jul-2001 [EMAIL PROTECTED] wrote:
 I recently installed a 3ware controller in my system.  Seeing that in
 order to create a RAID 5 array with this controller you had to wipe out
 all drives that are being put into the array and seeing that I have gone
 through a number of mdk upgrades without doing a fresh install, I
 decided to do a fresh install of mdk 8.0.  The configuration of the
 array and the install of mdk 8.0 went without a hitch once I allowed
 myself to sleep enough to read CD labels properly.
 
 Before I did a wipe and re-install I was running mdk 8.0 and I had
 installed the updates necessary to get xcdroast to work properly.  Now I
 can't seem to make it work after doing the updates for this new
 install.  Here is what I get when I run xcdroast:
 
 [root@tick root]# xcdroast
 
 ** ERROR **: cdrecord -scanbus output syntax error
 
 aborting...
 Aborted (core dumped)
 
cdrecord -scanbus scans the scsi bus on your machine and gives you list. If
IDE-SCSI emulation is enabled the emulated devices are also shown. I suppose
that your 3ware controller does some fancy things on the scsi bus.

This is a hardware / driver problem.

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 25-Jul-2001
Time: 10:03:25
--

RE: [expert] DNS Caching

2001-07-24 Thread Gregor Maier



On 23-Jul-2001 Brett wrote:
 I've setup a nameserver running bind 9 and also the nameserver caching
 module/rpm.
 
 With the nameserver caching, what I would like like to know is -
 
 a) where it caches to ? (ie-which file and at what path)?
 
 b) where is the main config file that says which ip's may use the host as a
 name server?
 
 


the config-file is /etc/named.conf. In order to set which ip addressed the dns
should use you must use ACL (acces control lists). example below.
Have a look at the DNS Howto. It's gives a good overview over a basic DNS setup
(from caching only to a small domain). It covers bind8 which has a sligthly
other zone-file format. I suggest you use the files that come with bind9 as
base and edit/copy them to your needs. Then it will work fine.


/etc/named.conf example
This will make bind listen on the 192.168.0.* network and on the loopback
interface 

acl internal { 192.168.0.0/24; 127.0.0.1; };

options {
directory /var/named/;

# Just listen on the local interface
# bind will listen on any if that has an address in 192.168.0.0 network
listen-on { 192.168.0.0/24; 127.0.0.1; };
listen-on-v6 { none; }; # no IPv6 addresses

# Allow queries and recursion only from our local network
allow-query { internal; };
allow-recursion { internal; };

# Since we have no slave - Do not allow any zone transfers
allow-transfer { none; };

forward first;
forwarders {
NAMESERVER1.YOUR-ISP.COM;
};
};

# Your zones 
#END OF EXAMPLE FILE



--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 24-Jul-2001
Time: 08:56:25
--

[expert] Promise Ultra100Tx2 problem with Kernel 2.4.7

2001-07-24 Thread Gregor Maier


Hi there,

i tried to use a Promise Ultra100 Tx2 IDE Controller with Kernel 2.4.7 but I
didn't work. I compiled the kernel myself and added support for the Promise
Chips (PD...) I also enabled the general IDE settings like UDMA support.


When scanning the pci bus the card is as a part of the bus but the
IDE-Controller isn't initialized. Since my primary HD is a SCSI Disk the boot /
init process goes on until the initscript tries to mount my IDE Disk with a
error message that the device is not there. 

Are there any options in the kernel config that are required to make the
Controller work (others as I mentioned support for Promise Chips is already
enabled). Or maybe I have to pass some kernel options??

Thanks

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 24-Jul-2001
Time: 16:31:29
--

RE: [expert] simple vu-meter for linux

2001-07-20 Thread Gregor Maier


You could try xmms with a plugin. But I'm not sure if recording / getting
signals from Line In is supported but it's worth a try.
www.xmms.org

Gregor


On 19-Jul-2001 joy winter wrote:
 hi all,
 
 im searching for a simple vu-meter for the line-input of my soundcard. does
 anyone heard about a small tool for this, or a project going on to develop
 something like this??
 
 any hint apriciated
 
 g.
 
 z.
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 20-Jul-2001
Time: 09:37:54
--

[expert] glibc-2.2.2 with gcc-3.0

2001-07-19 Thread Gregor Maier


I compiled and installed the gcc-3.0 src rpm from the cooker (this took some
time due to the LOCALE problem).
I installed all generated gcc-3.0 rpms 


Then I tried to recompile the glibc-2.2.2 src.rpm (the one from the LM 8.0
release). It worked fine. When I tried to update (--upgrade) it I got a lot of
dependency problems (file xxx is owned by glibc-2.2.2). I installed this with
--force and nodeps. Everything did fine. No problems.
But when I tried to reboot init was not able to execute any script due to
problems with some libs. I wasn't even able to boot to single user mode...

I had to install LM on seperate partition so that I could reinstall the
glibc-rpms from the LM-8.0 CDs. (I use raid for my /usr partition so the
rescue system from the CD was pretty much useless).

Does anyone know what's the problem. I suppose it has something doto with
gcc-3.0 (because i used the glibc source from the official mdk release).

I've done this two weeks ago and I didn't try again because it was a real pain
and to get my system back.

Gregor

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 19-Jul-2001
Time: 11:05:15
--

RE: [expert] Routing Firewalls With Mandrake

2001-07-18 Thread Gregor Maier


The new program to do firewalling, masquerade, portforwarding etc is iptables
(kernel 2.4).
ipchains was used in kernel 2.2.

I don't use any frontend to do my firewall settings I use the iptables command
in a shell script. 

There are good howtos (netfilter-howto, nat-howto) on how to set up a packet
filtering firewall and NAT (masquerading, port-forwarding, etc. at) on
netfilter.filewatcher.org
They are written by the guy who does the kernel programming of this stuff so
they are accurate...

Another node if you want to use ip_forwarding (routing, masquerading) on a
redhat like system (this includes LM) you must set net.ipv4.ip_forward=yes in
your /etc/sysctl.conf file...  This took me quite a lot of time to figure out
on my RH7.1 router. 

On 17-Jul-2001 Dalton Calford wrote:
 I am looking for the best firewall configuration software for Mandrake 
 version 8.
 The firewall that comes in the control panel is next to useless and the tech 
 support centre for mandrake told me that they do not support Bastille. 
 
 What I am trying to do is this.
 
 I have two locations, Office1 and Office2
 both locations have a router that connects them to the internet and each has 
 32 ip addresses.
 The router at each location connects directly to a system we call a SAN 
 (system access node) so we have SAN1 at Office1 and SAN2 at Office2
 Each SAN has three network cards (eth0, eth1, eth2), one for each ethernet 
 segment in the office.
 eth0 connects to the router for the office and nothing else.
 eth1 connects to the rest of the routable ip addresses and is a DMZ.
 eth2 connects to the rest of the office workstations and uses a non-routable 
 ip block.
 All traffic has to travel through the SAN in order to get to any other 
 ethernet segment.
 The SAN acts as a NAT server for the non-routable ip addresses, and acts as a
 intelligent firewall vs a simple filter for the DMZ machines.
 The two SAN's need to set up a secure VPN between them extending the 
 non-routable block accross the two offices.
 
 The setup is a little more complex than that, but, if I can set that up, I 
 can extrapolate the rest.
 
 My problem is, I know that the firewalling and masqaurading rules have 
 changed between the 2.2 and 2.4 kernels.  I am getting conflicting 
 instructions from the different books and how-to's depending on what is 
 newer.  I have also found that mandrake makes some assumptions towards 
 security and configuration that conflict with some of the How-to's.
 
 I need to know, where can I find the how-to's that support Mandrake 8.0 and 
 address my design needs?
 Is there a configuration tool that supports the design I require?
 Has anyone else had any experience in this?
 
 Mandrake Tech support was useless, even with sitting on hold for 15 minutes 
 while the guy goes to ask someone else what NAT is.
 
 Although I have always supported Mandrake and bought the Prosuite Edition, I 
 am now regreting having spent the money for support that the company does not
 really provide.
 
 best regards
 
 Dalton
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 18-Jul-2001
Time: 13:12:36
--

Re: [expert] Multiple network cards in a Mandrake firewall/switc

2001-07-12 Thread Gregor Maier



On 12-Jul-2001 Darcy Brodie wrote:
 I have added the additional nic into the firewall / masqurading machine, and
 configured  it to 192.168.1.128/255.255.255.128
 I can ping the address from the 100mhz network(both from the server, and from
 remote workstations).  However, I connected a  workstation to the new nic
 card (eth2) through a 10mhz hub, and I can not ping either the eth2 card from
 the remote 10mhz workstation, or the remote workstation  from the server.  I
 have verified that the hub and the cables are working. I have even used a
 cross over cable from the workstation to the server, but I still can not ping
 the eth2 card
 
 Darcy
The Address 192.168.1.128 is the adress of your SUBNET. It't the same as if you
would use the 192.168.1.0 address with the 255.255.255.0 network which also
doesn't work. Use 192.168.1.129 up to .254 instead. On the other subnet you can
use 192.168.1.1 to .126
Reason.
On seach subnetwork you have two addresses which CANNOT be used for Interfaces
(nodes) these are the network adrress (like 192.168.1.0 in Class C) and the
broadcast adrress (192.168.1.255 for Class C). The network adress specifies the
network (necesarry for routing issues) and if you send something to the
broadcast address all hosts in this subnet will be addressed.

This address are calculated from the subnetmask:
192.168.1.xxx  255.255.255.0 will give you 192.168.1.0 (this is the network
adress).

192.168.1.0 to .127  255.255.255.128 will give you 192.168.1.0
(your network address). With .127 as the last address in this net as broadcast

192.168.1.128 to .255   255.255.255.128 will give you 192.168.1.128 (again
your network address) with 255 as your broadcast.


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 12-Jul-2001
Time: 09:09:58
--

Re: [expert] Listing files in uninstalled rpm package.

2001-07-12 Thread Gregor Maier



On 12-Jul-2001 Nathan Callahan wrote:
 I haven't recieved the original message of this one yet, so this may be 
 completely wrong.
 
 To list the files in an uninstalled package, you can use...
 
 rpm -qpl package-file
 
 The p stands for package and is made for doing all sorts of queries on 
 uninstalled packages.

look the query section of the rpm man page. there are a lot of things you can
do with it (not just listing the files)...

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 12-Jul-2001
Time: 09:23:10
--

RE: [expert] Iptables

2001-07-12 Thread Gregor Maier



On 11-Jul-2001 Orlando Reis wrote:
 Hi was wondering if someone can give me some help
 with a problem i'm having with iptables. I wan't to allow
 people to connect to an internal ftp server.
 But some how it doesn't work.
 These are rules I' using for doing the job:
 
 $IPTABLES -A tcp_allowed -p TCP -i $EXTERNAL_ETH0 --dport 21 -j ACCEPT
 $IPTABLES -A tcp_allowed -p TCP -i $EXTERNAL_ETH0 --dport 20 -j ACCEPT
 
 $IPTABLES -t nat -A PREROUTING -p tcp -d $EXTERNAL_IP --dport 21 -j DNAT
 --to $INTERNAL_FTP:21
 $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_ETH0 -s $INTERNAL_FTP -j SNAT
 --to $EXTERNAL_IP

You must also allow packages with sourceport 20, 21 (ftp-data and ftp). Since
the every packages the server sends has the source port ftp. Same for ftp-data
(but this time it's the clients side).
In your configuration the client can send packages to the server but the
firewall blocks all responses from that server.


$IPTABLES -A tcp_allowed_in -p TCP -i $EXTERNAL_ETH0 --dport 21 -j ACCEPT
$IPTABLES -A tcp_allowed_in -p TCP -i $EXTERNAL_ETH0 --sport 20 -j ACCEPT

$IPTABLES -A tcp_allowed_out -p TCP -o $EXTERNAL_ETH0 --sport 21 -j ACCEPT
$IPTABLES -A tcp_allowed_out -p TCP -o $EXTERNAL_ETH0 --dport 20 -j ACCEPT

allpy tcp_allowd_in to INPUT chain and tcp_allowed_out to OUTPUT chain

 The clients can't even connect.
 
 I do an ftp from an external machine with no nat(i.e.), a public ip.
 and nothing happends.
 
 Orlando
 ---
 
 

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 12-Jul-2001
Time: 09:30:49
--

RE: [expert] XDMCP, and glx extension?

2001-07-12 Thread Gregor Maier



On 12-Jul-2001 Ferris, Cathal wrote:
 Here's an interesting one...
 Running mandrake 8.0 on a celery333, ati rage lt pro onboard
 Have xdmcp working fine, graphical login across the network (xwin-32), and
 almost everything is going fine.
 On localhost, stuff that uses GL (eg Xscreensaver-gl) appears correctly on
 screen.
 On my windows box, when running GL stuff, this appears:
 
 Xlib:  extension GLX missing on display windows-ip:0.0.
 where windows-ip is the ip of the machine running the X display remotely
 (actually a win2k box, with tnt2 card)
 Is this an X problem or a local configuration of Xwin32? I have a feeling
 that it is somewhere in my X configuration, but I am not for sure where to
 look.. Any ideas?
 
Looks like the X-Server running on your Win32 machine is not capable of doing GL
stuff...
Don't know if there are X-Servers for win which can do this.

--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 12-Jul-2001
Time: 10:26:57
--

RE: [expert] Disable ext2 fsfilesystem check on startup

2001-07-11 Thread Gregor Maier


On 10-Jul-2001 Jose M. Sanchez wrote:
 As everyone will tell you not a good idea...
 
 BUT why not set up your partitions as Reiser?
 
 You'll only need a small /boot partition to be ext2 for startup.
 
 Reiser doesn't get fsck'd AFAIK (or doesn't need it if your system is
 stable...)
 
Reiser is Journaling file system. This means is logs everything it does
(removing files, creating,...) If the system crashed Reiser looks at this logs
and then it knows what was not finished (what it is inconsistent on this fs)
and it can fix it. So it has no need to check the filesystem because it already
knows what's wrong
ext2 doesn't have these logs so it needs to check the whole filesystem to check
if it is inconsistent...
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 11-Jul-2001
Time: 09:29:47
--

Re: [expert] Hoto close some ports...

2001-07-10 Thread Gregor Maier



On 10-Jul-2001 civileme wrote:
 On Tuesday 10 July 2001 09:25, Arman Khalatyan wrote:
 Hallo!
 Hoto close some ports...
 I have Mandrake  7.2 with 2.4.1 kernel.
 #
 [arm2arm@icas arm2arm]$ nmap localhost
 Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
 Interesting ports on localhost.localdomain (127.0.0.1):
 (The 1514 ports scanned but not shown below are in state: closed)
 Port   State   Service
 21/tcp openftp
 23/tcp opentelnet
 25/tcp opensmtp
 110/tcpopenpop-3
 113/tcpopenauth  -- I wont to close this one
 443/tcpopenhttps
 513/tcpopenlogin
 1024/tcp   openkdm  -- I wont to close this one
 6000/tcp   openX11-- I wont to close this one
 ##
 Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

 Bests ArMan.
 
 Would you settle for filtered?
 
 Closing the ports means the server is not running.  Stop kdm and you won't be
 logging in to graphics window managers; stop X and you won't have any 
 graphics system, and stop auth and you won't be able to login.
 
 
 iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 6000 DROP
 iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 113 DROP
 iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 1024 DROP
that should be -j DROP and not just DROP (prehaps it will still work but the
correct syntax is -j)
there's a nice howto on iptables and packet filtering at
netfilter.filewatcher.org or look at the ipchains howto at linuxdocs.org (which
can give you additional hints on packet filtering)

 Those are faily strict rules--ssh logins will not be possible externally, nor
 will exports through xhost (where your screen appears on some other
 computer).

 Now you have a problem.  72 does not have iptables, but that is what kernel 
 2.4 uses.  I am unsure how to activate ipchains for kernel 2.4, and I think 
 you would be well-advised to seek out and compile the tarballs or source rpms
 for iptables since the 8.0 mandrake cannot supply the binaries.

there's a module ipchains in kernel 2.4 which will enable use of the ipchains
command (you could still use ipfwadm with the ipfwadm  module...)
 
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 10-Jul-2001
Time: 11:57:06
--

Re: [expert] Show status of adsl connect

2001-07-10 Thread Gregor Maier


On 10-Jul-2001 Darcy Brodie wrote:
 Gregor Maier wrote:
 

 
 in addition to this job you could also run this script as cronjob which will
 check if the connection (ppp0 interface) is still up. if not it will
 reconnect
 and it will also write to a logfile that the connection was down
 I've written this script for a SuSE installation, so maybe you have to
 change
 some directories...

 #!/bin/bash
 #
 # This script checks if the specified (network-) interface is up by
 # examining ifconfigs output. If the connection is down a new
 # connection will be established
 #

 # check this interface
 IFACE=ppp0
 # the pid-file of the iface
 PIDFILE=/var/run/$IFACE.pid
 LOGFILE=/var/log/adsl-status.log

 # We must be in RL 3 or 5, otherwise the script does nothing
 if [  $(runlevel | awk '{ print $2 }') -gt 2 ]
 then
 if ! /sbin/ifconfig | /usr/bin/grep --silent $IFACE
 then
 datestr=$(date +%Y-%m-%d %H:%M:%S)
 echo $datestr Interface $IFACE is not up. Reconnecting.  $LOGFILE
 /sbin/init.d/adsl stop  $LOGFILE
 while [ -e $PIDFILE ]
 do
 sleep 1
 done
 sleep 2
 /sbin/init.d/adsl start  $LOGFILE
 echo ---  $LOGFILE
 fi
 fi
 # END OF FILE

 /sbin/init.d/adsl is the script that does the work for
 connecting/unconnecting.
 On a normal linux installation (everything but SuSE) the directory is
 /etc/init.d

 since my ISP uses PPTP and not PPoE for the adsl connection I got some
 problems
 when the connection died. (pppd stays alife,). Therefor I shut down the
 connection with adsl stop (which will kill the pppd), wait until pppd has
 terminated and then i reconnect.

 Probalby you can just bring up your connection without the need to stop and
 then start the connection.
 So that you can do this:

 ...
  if ! /sbin/ifconfig | /usr/bin/grep --silent $IFACE
 then
 datestr=$(date +%Y-%m-%d %H:%M:%S)
 echo $datestr Interface $IFACE is not up. Reconnecting.  $LOGFILE
 COMMAND TO BRING CONNECTION UP
 echo ---  $LOGFILE
 fi

 
 Would I be correct in thinking that this script could be modified to also be
 able
 to monitor, and renew connection via a cable connection, by changing the
 IFACE to
 eth0, adn the commands to stop the connection, adn restart to ifdown eth0 and
 ifup
 eth0 ?  I have had trouble lately with my isp dropping my connection at work,
 and
 nobody can get any of their mail until I get in.
 
 Darcy
 
This would only work when your eth0 interface is down after you were
disconnected by your ISP and I don't think so. Run ifconfig after your
connection died and see if you still got the eth0 interface then. If so the
script won't work.
Or maybe you can still use the script with ppp0 device. My adsl connection is
like this. eth0 is connected to my adsl modem and when i bring up the
connection a ppp-tunnel will be created. This means the ppp0 interface is
brought but (again look at ifconfig this time when the connection is up). This
ppp0 interface is my link to the isp. All communication is encapsulated througt
the eth0 interface. Maybe your cable modem works like this.

If not you could use ping to verify your connection the problem is that if you
send 10 packages with ping and just one is lost ping will return a no zero exit
value. So maybe you're reconnection more often than necesarry but i should work
if test your connection like this

Ping must fail 2 times before we believe the connection is down. The reason
is, that when you send 5 ping packages and one gets lost, than there will be a
non zero exit value and the script would reconnect. If we do the ping twice it'
a little better.
 
if ! (ping -c 5 nameserver.yourproiver.com ||
  ping -c 5 nameserver.yourproiver.com )
then
   # connection is - bring it up again
   # do some logging
fi
  

gregor 
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 10-Jul-2001
Time: 09:03:11
--

RE: [expert] Hoto close some ports...

2001-07-10 Thread Gregor Maier


On 10-Jul-2001 Arman Khalatyan wrote:
 Hallo!
 Hoto close some ports...
 I have Mandrake  7.2 with 2.4.1 kernel.
#
 [arm2arm@icas arm2arm]$ nmap localhost
 Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
 Interesting ports on localhost.localdomain (127.0.0.1):
 (The 1514 ports scanned but not shown below are in state: closed)
 Port   State   Service
 21/tcp openftp 
 23/tcp opentelnet  
 25/tcp opensmtp
 110/tcpopenpop-3   
 113/tcpopenauth  -- I wont to close this one   
 443/tcpopenhttps   
 513/tcpopenlogin   
 1024/tcp   openkdm  -- I wont to close this one   
 6000/tcp   openX11-- I wont to close this one  
##
 Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
 
port 6000 is needed if you want to use X-Window probably the same with kdm but
i don't know. If you do block them from machines other than yours you'll have
to set up some basic firewall rules.

What to do:
run a netstat -ap | grep LISTEN. This will show all ports which are open
(where the kernel listens for connections) and it will also show you which
process is listenning there. 
If the process is xinetd this port is serveb by the super server. Go to the
/etc/xinetd.d directory and edit the matching file (should be could auth or
something alike) Add a line disable=yes to it and reload  the xinetd  server's
config files (/etc/init.d/xinetd reload)
If the owner is a different process use linuxconf do disable this process
(system services part if linuxconf).

As i mentioned above another possibility would be a firewall using iptables
(for 2.4 kernels) - have a look at netfilter.filewatcher.org for a HOWTO on
iptables and packet-filtering
 
--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 10-Jul-2001
Time: 10:28:34
--

RE: [expert] Show status of adsl connect

2001-07-09 Thread Gregor Maier



 Got adsl yesterday and managed the setup. though not using draknet. I
 tried draknet first but it did not work. Then I ran adsl-setup and added
 a defaultroute in adsl-start. Now it works like a charm.
 Problem is, 11 (my provider) cuts the link after 15 minutes
 of inactivity and after 14 hours of continous running.
 
 1. I put up a cronjob which sends 1 ping tom my own domain every 14
 minutes.
 
in addition to this job you could also run this script as cronjob which will
check if the connection (ppp0 interface) is still up. if not it will reconnect
and it will also write to a logfile that the connection was down
I've written this script for a SuSE installation, so maybe you have to change
some directories...

#!/bin/bash
#
# This script checks if the specified (network-) interface is up by
# examining ifconfigs output. If the connection is down a new
# connection will be established
#

# check this interface
IFACE=ppp0
# the pid-file of the iface
PIDFILE=/var/run/$IFACE.pid
LOGFILE=/var/log/adsl-status.log

# We must be in RL 3 or 5, otherwise the script does nothing
if [  $(runlevel | awk '{ print $2 }') -gt 2 ]
then
if ! /sbin/ifconfig | /usr/bin/grep --silent $IFACE
then
datestr=$(date +%Y-%m-%d %H:%M:%S)
echo $datestr Interface $IFACE is not up. Reconnecting.  $LOGFILE
/sbin/init.d/adsl stop  $LOGFILE
while [ -e $PIDFILE ]
do
sleep 1
done
sleep 2
/sbin/init.d/adsl start  $LOGFILE
echo ---  $LOGFILE
fi
fi
# END OF FILE

/sbin/init.d/adsl is the script that does the work for connecting/unconnecting.
On a normal linux installation (everything but SuSE) the directory is
/etc/init.d

since my ISP uses PPTP and not PPoE for the adsl connection I got some problems
when the connection died. (pppd stays alife,). Therefor I shut down the
connection with adsl stop (which will kill the pppd), wait until pppd has
terminated and then i reconnect. 

Probalby you can just bring up your connection without the need to stop and
then start the connection.
So that you can do this:

... 
 if ! /sbin/ifconfig | /usr/bin/grep --silent $IFACE
then
datestr=$(date +%Y-%m-%d %H:%M:%S)
echo $datestr Interface $IFACE is not up. Reconnecting.  $LOGFILE
COMMAND TO BRING CONNECTION UP
echo ---  $LOGFILE
fi


--
E-Mail: Gregor Maier [EMAIL PROTECTED]
Date: 09-Jul-2001
Time: 13:00:48
--

59 matches

Mail list logo