Re: [expert] ip addressing on lan
I also thought the same thing but I assumed he may have tried a reboot. Give her the ol 3 finger salute and see if that helps. Gee im sounding like a windows tech :) On Star Date Monday 20 October 2003 07:03 pm, Pierre Fortin sent this sub-space message. > On Tue, 21 Oct 2003 07:50:43 +1000 "Brett W Tippet" > > <[EMAIL PROTECTED]> wrote: > > I stopped iptables and also ip6tables .. restarted the network .. same > > thing going on .. > > > > Another thing to note ... a ping from the machine that's failing with > > result in a reply from it's own NIC IP of destination unreachable .. any > > help? .. > > Have you tried rebooting? I haven't nailed it down yet; but I'm seeing a > similar problem when I return from a trip (using modem with rcfirewall) > and switch back to LAN use... clearing the iptables does _not_ allow > traffic as it should... I have to reboot... In certain situations where > iptables has been used, there appears to be a case where -F will not clear > everything even though iptables -L -V -n claims nothing is there... In > fact, I must make sure iptables has no rules installed at all from my > rcfirewall, or I have to reboot again... just clearing the rules is > insufficient. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
On Tue, 21 Oct 2003 07:50:43 +1000 "Brett W Tippet" <[EMAIL PROTECTED]> wrote: > I stopped iptables and also ip6tables .. restarted the network .. same > thing going on .. > > Another thing to note ... a ping from the machine that's failing with > result in a reply from it's own NIC IP of destination unreachable .. any > help? .. Have you tried rebooting? I haven't nailed it down yet; but I'm seeing a similar problem when I return from a trip (using modem with rcfirewall) and switch back to LAN use... clearing the iptables does _not_ allow traffic as it should... I have to reboot... In certain situations where iptables has been used, there appears to be a case where -F will not clear everything even though iptables -L -V -n claims nothing is there... In fact, I must make sure iptables has no rules installed at all from my rcfirewall, or I have to reboot again... just clearing the rules is insufficient. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
Dont know why its doing this. Maybe someone with more knowledge than I can finger it out. On Star Date Monday 20 October 2003 02:50 pm, Brett W Tippet sent this sub-space message. > Hi bill .. > > I got this .. > > [EMAIL PROTECTED] brett]# chkconfig --list > alsa 0:off 1:off 2:on 3:on 4:on 5:on 6:off > dm 0:off 1:off 2:off 3:off 4:off 5:on 6:off > kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off > keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off > netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off > network 0:off 1:off 2:on 3:on 4:on 5:on 6:off > partmon 0:off 1:off 2:off 3:on 4:on 5:on 6:off > random 0:off 1:off 2:on 3:on 4:on 5:on 6:off > rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off > sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off > saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off > crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off > portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off > xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off > xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off > switchprofile 0:off 1:off 2:off 3:on 4:on 5:on 6:off > httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off > postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off > named 0:off 1:off 2:off 3:on 4:on 5:on 6:off > linuxconf 0:off 1:off 2:on 3:on 4:on 5:on 6:off > harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off > nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off > apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off > devfsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > yppasswdd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > lisa 0:off 1:off 2:off 3:on 4:on 5:on 6:off > numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off > nfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off > sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off > ypserv 0:off 1:off 2:on 3:on 4:on 5:on 6:off > ypxfrd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > smb 0:off 1:off 2:off 3:on 4:off 5:on 6:off > proftpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off > webmin 0:off 1:off 2:on 3:on 4:on 5:on 6:off > internet 0:off 1:off 2:off 3:on 4:off 5:on 6:off > iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off > ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off > xinetd based services: > chargen-udp: off > chargen: off > daytime-udp: off > daytime: off > echo-udp: off > echo: off > services: off > servers: off > time-udp: off > time: off > linuxconf-web: off > xadmin: off > fam: on > sshd-xinetd: off > rsync: off > proftpd-xinetd: off > > I stopped iptables and also ip6tables .. restarted the network .. same > thing going on .. > > Another thing to note ... a ping from the machine that's failing with > result in a reply from it's own NIC IP of destination unreachable .. any > help? .. > > Thanks, > Brett. > > > - Original Message - > From: "Bill" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, October 20, 2003 5:30 PM > Subject: Re: [expert] ip addressing on lan > > > Man that sure sounds like a firewall issue. Something is teling the card > > to > > > drop all output packets. > > > > You can look and see if you have iptables or shorewall running by logging > > in > > > as root thrrough a terminal and then do a chkcoonfig --list it will show > > you > > > what is running. Look for iptables or shorewall and then use the > > chkconfig command to change that run level to off for that daemon. then > > shutdown > > that > > > daemon by issueing the /etc/rc.d/init.d/(whateverdaemonis running)stop > > > > You may end up doing a /etc/rc.d/init.d/network restart > > > > If you want you can paste the output from chkconfig --list for us to see > > what > > > is running. > > > > There is the internet connections command try as root > > /etc/rc.d/init.d/internet start > > > > > > > > On Star Date Sunday 19 October 2003 10:56 pm, Brett W Tippet sent this > > sub-space message. > > > > > Cool .. > > > > > > I just did that > > > > > > The RX and TX didn't increase ... but the "dropped" went up to 300. > > > > > > Still got me confused, because I've tried 3 cards that r doing the same > > > thing. > > > > > > Brett. > > > > > > > > > - Original Message - > > > From: "Bill" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Monday, October 20, 2003 3:49 PM > > > Subject: Re: [expert] ip addressing on lan > > > > > > > Notice the T
Re: [expert] ip addressing on lan
Hi bill .. I got this .. [EMAIL PROTECTED] brett]# chkconfig --list alsa 0:off 1:off 2:on 3:on 4:on 5:on 6:off dm 0:off 1:off 2:off 3:off 4:off 5:on 6:off kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off partmon 0:off 1:off 2:off 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off switchprofile 0:off 1:off 2:off 3:on 4:on 5:on 6:off httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off named 0:off 1:off 2:off 3:on 4:on 5:on 6:off linuxconf 0:off 1:off 2:on 3:on 4:on 5:on 6:off harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off devfsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off yppasswdd 0:off 1:off 2:on 3:on 4:on 5:on 6:off lisa 0:off 1:off 2:off 3:on 4:on 5:on 6:off numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off ypserv 0:off 1:off 2:on 3:on 4:on 5:on 6:off ypxfrd 0:off 1:off 2:on 3:on 4:on 5:on 6:off smb 0:off 1:off 2:off 3:on 4:off 5:on 6:off proftpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off webmin 0:off 1:off 2:on 3:on 4:on 5:on 6:off internet 0:off 1:off 2:off 3:on 4:off 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd based services: chargen-udp: off chargen: off daytime-udp: off daytime: off echo-udp: off echo: off services: off servers: off time-udp: off time: off linuxconf-web: off xadmin: off fam: on sshd-xinetd: off rsync: off proftpd-xinetd: off I stopped iptables and also ip6tables .. restarted the network .. same thing going on .. Another thing to note ... a ping from the machine that's failing with result in a reply from it's own NIC IP of destination unreachable .. any help? .. Thanks, Brett. - Original Message - From: "Bill" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 20, 2003 5:30 PM Subject: Re: [expert] ip addressing on lan > Man that sure sounds like a firewall issue. Something is teling the card to > drop all output packets. > > You can look and see if you have iptables or shorewall running by logging in > as root thrrough a terminal and then do a chkcoonfig --list it will show you > what is running. Look for iptables or shorewall and then use the chkconfig > command to change that run level to off for that daemon. then shutdown that > daemon by issueing the /etc/rc.d/init.d/(whateverdaemonis running)stop > > You may end up doing a /etc/rc.d/init.d/network restart > > If you want you can paste the output from chkconfig --list for us to see what > is running. > > There is the internet connections command try as root > /etc/rc.d/init.d/internet start > > > > On Star Date Sunday 19 October 2003 10:56 pm, Brett W Tippet sent this > sub-space message. > > > Cool .. > > > > I just did that > > > > The RX and TX didn't increase ... but the "dropped" went up to 300. > > > > Still got me confused, because I've tried 3 cards that r doing the same > > thing. > > > > Brett. > > > > > > - Original Message - > > From: "Bill" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, October 20, 2003 3:49 PM > > Subject: Re: [expert] ip addressing on lan > > > > > Notice the TX and RX packets for eth0 in the output from the ifconfig > > > command. They show 0. Try pinging 192.168.0.200 and see if they increase > > > > or > > > > > not. There may be an issue with the card. Check that the link lite is on, > > > > on > > > > > that card by looking at the rear of your pc. > > > > > > On Star Date Sunday 19 October 2003 09:29 pm, Brett W Tippet sent this > > > sub-space message. > > > > > > > Thanks to all who have replied to this issue so far .. > > > > > > > > Unfortunatelly, I'm still up the putt. > > > > > > > > Here's the output of my configs below. > > > > > > > > Someone suggested I may have a config issue with shorewall .. but I >
Re: [expert] ip addressing on lan
Man that sure sounds like a firewall issue. Something is teling the card to drop all output packets. You can look and see if you have iptables or shorewall running by logging in as root thrrough a terminal and then do a chkcoonfig --list it will show you what is running. Look for iptables or shorewall and then use the chkconfig command to change that run level to off for that daemon. then shutdown that daemon by issueing the /etc/rc.d/init.d/(whateverdaemonis running)stop You may end up doing a /etc/rc.d/init.d/network restart If you want you can paste the output from chkconfig --list for us to see what is running. There is the internet connections command try as root /etc/rc.d/init.d/internet start On Star Date Sunday 19 October 2003 10:56 pm, Brett W Tippet sent this sub-space message. > Cool .. > > I just did that > > The RX and TX didn't increase ... but the "dropped" went up to 300. > > Still got me confused, because I've tried 3 cards that r doing the same > thing. > > Brett. > > > - Original Message - > From: "Bill" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, October 20, 2003 3:49 PM > Subject: Re: [expert] ip addressing on lan > > > Notice the TX and RX packets for eth0 in the output from the ifconfig > > command. They show 0. Try pinging 192.168.0.200 and see if they increase > > or > > > not. There may be an issue with the card. Check that the link lite is on, > > on > > > that card by looking at the rear of your pc. > > > > On Star Date Sunday 19 October 2003 09:29 pm, Brett W Tippet sent this > > sub-space message. > > > > > Thanks to all who have replied to this issue so far .. > > > > > > Unfortunatelly, I'm still up the putt. > > > > > > Here's the output of my configs below. > > > > > > Someone suggested I may have a config issue with shorewall .. but I > > don't > > > > have an /etc/shorewall .. so I assume this isn't going to be a cause. > > > > > > This all looks fine to me? ... > > > > > > To ensure it's not a cable issue, I have ran x-over cable direct to the > > box > > > > and the NIC lights up and does all that stuff .. but I can't ping or > > telnet > > > > to either machine .. help please! > > > > > > Brett. > > > > > > [EMAIL PROTECTED] brett]# route -n > > > Kernel IP routing table > > > Destination Gateway Genmask Flags Metric Ref Use Iface > > > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > > > 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 > > > [EMAIL PROTECTED] brett]# ifconfig > > > eth0 Link encap:Ethernet HWaddr 00:40:95:30:3B:9E > > > inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0 > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > > collisions:0 txqueuelen:100 > > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > > Interrupt:18 Base address:0x1000 > > > lo Link encap:Local Loopback > > > inet addr:127.0.0.1 Mask:255.0.0.0 > > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > > RX packets:321 errors:0 dropped:0 overruns:0 frame:0 > > > TX packets:321 errors:0 dropped:0 overruns:0 carrier:0 > > > collisions:0 txqueuelen:0 > > > RX bytes:28032 (27.3 Kb) TX bytes:28032 (27.3 Kb) > > > [EMAIL PROTECTED] brett]# > > > > > > > > > > > > - Original Message - > > > From: "KevinO" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Friday, October 17, 2003 9:09 PM > > > Subject: Re: [expert] ip addressing on lan > > > > > > > -BEGIN PGP SIGNED MESSAGE- > > > > Hash: SHA1 > > > > > > > > Bill wrote: > > > > > You may also have a net mask wrong on one of the units. > > > > > > > > > > A little more info would be helpful. From a term screen type the > > > > > command ifconfig and paste the info you get as well as the results > > from > > > > > > the > > > > > > route -n > > > > > > > > command to the email. > > > > > > > > It would be good to also see the contents of the following files: > > > > > > > > /etc/sysconfig/network > > &
Re: [expert] ip addressing on lan
On Mon, 2003-10-20 at 16:56, Brett W Tippet wrote: > Cheers Gary .. > > Tried this ... unfortunatelly ... doesn't seem to alter the issues .. > > Thanks for the idea anyway. > > Brett. > > Have you tried linuxconf, I have used it in the past to setup 9.0 with 3 network cards and it worked fine. Gary. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
Cheers Gary .. Tried this ... unfortunatelly ... doesn't seem to alter the issues .. Thanks for the idea anyway. Brett. - Original Message - From: "Gary Hodder" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 20, 2003 5:03 PM Subject: Re: [expert] ip addressing on lan > On Mon, 2003-10-20 at 14:29, Brett W Tippet wrote: > > Thanks to all who have replied to this issue so far .. > > > > Unfortunatelly, I'm still up the putt. > > > > Here's the output of my configs below. > > > > Someone suggested I may have a config issue with shorewall .. but I don't > > have an /etc/shorewall .. so I assume this isn't going to be a cause. > > > > This all looks fine to me? ... > > > > To ensure it's not a cable issue, I have ran x-over cable direct to the box > > and the NIC lights up and does all that stuff .. but I can't ping or telnet > > to either machine .. help please! > > > > Brett. > > > > Have you checked iptables hasn't been set to a default policy of drop. > > To flush the rules > iptables -F > > to set all policies to accept > iptables -P INPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -P OUTPUT ACCEPT > > This will leave the box wide open but should be ok for a quick test. > > Gary. > > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
On Mon, 2003-10-20 at 14:29, Brett W Tippet wrote: > Thanks to all who have replied to this issue so far .. > > Unfortunatelly, I'm still up the putt. > > Here's the output of my configs below. > > Someone suggested I may have a config issue with shorewall .. but I don't > have an /etc/shorewall .. so I assume this isn't going to be a cause. > > This all looks fine to me? ... > > To ensure it's not a cable issue, I have ran x-over cable direct to the box > and the NIC lights up and does all that stuff .. but I can't ping or telnet > to either machine .. help please! > > Brett. > Have you checked iptables hasn't been set to a default policy of drop. To flush the rules iptables -F to set all policies to accept iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT This will leave the box wide open but should be ok for a quick test. Gary. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
Cool .. I just did that The RX and TX didn't increase ... but the "dropped" went up to 300. Still got me confused, because I've tried 3 cards that r doing the same thing. Brett. - Original Message - From: "Bill" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 20, 2003 3:49 PM Subject: Re: [expert] ip addressing on lan > Notice the TX and RX packets for eth0 in the output from the ifconfig > command. They show 0. Try pinging 192.168.0.200 and see if they increase or > not. There may be an issue with the card. Check that the link lite is on, on > that card by looking at the rear of your pc. > > On Star Date Sunday 19 October 2003 09:29 pm, Brett W Tippet sent this > sub-space message. > > > Thanks to all who have replied to this issue so far .. > > > > Unfortunatelly, I'm still up the putt. > > > > Here's the output of my configs below. > > > > Someone suggested I may have a config issue with shorewall .. but I don't > > have an /etc/shorewall .. so I assume this isn't going to be a cause. > > > > This all looks fine to me? ... > > > > To ensure it's not a cable issue, I have ran x-over cable direct to the box > > and the NIC lights up and does all that stuff .. but I can't ping or telnet > > to either machine .. help please! > > > > Brett. > > > > [EMAIL PROTECTED] brett]# route -n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > > 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 > > [EMAIL PROTECTED] brett]# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:40:95:30:3B:9E > > inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:100 > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > Interrupt:18 Base address:0x1000 > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:321 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:321 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:28032 (27.3 Kb) TX bytes:28032 (27.3 Kb) > > [EMAIL PROTECTED] brett]# > > > > > > > > - Original Message - > > From: "KevinO" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, October 17, 2003 9:09 PM > > Subject: Re: [expert] ip addressing on lan > > > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > Bill wrote: > > > > You may also have a net mask wrong on one of the units. > > > > > > > > A little more info would be helpful. From a term screen type the > > > > command ifconfig and paste the info you get as well as the results from > > > > the > > > > route -n > > > > > > command to the email. > > > > > > It would be good to also see the contents of the following files: > > > > > > /etc/sysconfig/network > > > /etc/sysconfig/network-scripts/ifcfg-eth0 > > > > > > This is where the network settings are stored. The GATEWAY setting is in > > > > the > > > > > first file, the IP address, netmask, broadcast etc. are in ifcfg-eth0. It > > > > is > > > > > often easier and more reliable to just edit these files manually instead > > > > of > > > > > using a wizard. > > > > > > Doing a: > > > > > > # service network restart > > > > > > should make your changes take effect. > > > > > > Use ifconfig to make sure the NIC is up and has the right IP, etc.. > > > > > > - -- > > > KevinO > > > > > > If Microsoft built cars, If you were involved in a crash, you would have > > > no idea what happened. > > > -BEGIN PGP SIGNATURE- > > > Version: GnuPG v1.0.7 (GNU/Linux) > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > > > iD8DBQE/j83QWOfRC7Rnmv8RAvANAJ0SJV7zmdbpM4xldLNJCOzpvpD1EgCfXKAX > > > I0HJ3TIVyor091idCfuxZ+4= > > > =BeR0 > > > -END PGP SIGNATURE- > > > > > > > > > > > > > > > > > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > > Go to http://www.mandrakestore.com > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
Notice the TX and RX packets for eth0 in the output from the ifconfig command. They show 0. Try pinging 192.168.0.200 and see if they increase or not. There may be an issue with the card. Check that the link lite is on, on that card by looking at the rear of your pc. On Star Date Sunday 19 October 2003 09:29 pm, Brett W Tippet sent this sub-space message. > Thanks to all who have replied to this issue so far .. > > Unfortunatelly, I'm still up the putt. > > Here's the output of my configs below. > > Someone suggested I may have a config issue with shorewall .. but I don't > have an /etc/shorewall .. so I assume this isn't going to be a cause. > > This all looks fine to me? ... > > To ensure it's not a cable issue, I have ran x-over cable direct to the box > and the NIC lights up and does all that stuff .. but I can't ping or telnet > to either machine .. help please! > > Brett. > > [EMAIL PROTECTED] brett]# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 > [EMAIL PROTECTED] brett]# ifconfig > eth0 Link encap:Ethernet HWaddr 00:40:95:30:3B:9E > inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Interrupt:18 Base address:0x1000 > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:321 errors:0 dropped:0 overruns:0 frame:0 > TX packets:321 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:28032 (27.3 Kb) TX bytes:28032 (27.3 Kb) > [EMAIL PROTECTED] brett]# > > > > - Original Message - > From: "KevinO" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, October 17, 2003 9:09 PM > Subject: Re: [expert] ip addressing on lan > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Bill wrote: > > > You may also have a net mask wrong on one of the units. > > > > > > A little more info would be helpful. From a term screen type the > > > command ifconfig and paste the info you get as well as the results from > > > the > > route -n > > > > command to the email. > > > > It would be good to also see the contents of the following files: > > > > /etc/sysconfig/network > > /etc/sysconfig/network-scripts/ifcfg-eth0 > > > > This is where the network settings are stored. The GATEWAY setting is in > > the > > > first file, the IP address, netmask, broadcast etc. are in ifcfg-eth0. It > > is > > > often easier and more reliable to just edit these files manually instead > > of > > > using a wizard. > > > > Doing a: > > > > # service network restart > > > > should make your changes take effect. > > > > Use ifconfig to make sure the NIC is up and has the right IP, etc.. > > > > - -- > > KevinO > > > > If Microsoft built cars, If you were involved in a crash, you would have > > no idea what happened. > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.0.7 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iD8DBQE/j83QWOfRC7Rnmv8RAvANAJ0SJV7zmdbpM4xldLNJCOzpvpD1EgCfXKAX > > I0HJ3TIVyor091idCfuxZ+4= > > =BeR0 > > -END PGP SIGNATURE- > > > > > > > > > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
Thanks to all who have replied to this issue so far .. Unfortunatelly, I'm still up the putt. Here's the output of my configs below. Someone suggested I may have a config issue with shorewall .. but I don't have an /etc/shorewall .. so I assume this isn't going to be a cause. This all looks fine to me? ... To ensure it's not a cable issue, I have ran x-over cable direct to the box and the NIC lights up and does all that stuff .. but I can't ping or telnet to either machine .. help please! Brett. [EMAIL PROTECTED] brett]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 [EMAIL PROTECTED] brett]# ifconfig eth0 Link encap:Ethernet HWaddr 00:40:95:30:3B:9E inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:18 Base address:0x1000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:321 errors:0 dropped:0 overruns:0 frame:0 TX packets:321 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:28032 (27.3 Kb) TX bytes:28032 (27.3 Kb) [EMAIL PROTECTED] brett]# - Original Message - From: "KevinO" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 17, 2003 9:09 PM Subject: Re: [expert] ip addressing on lan > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Bill wrote: > > You may also have a net mask wrong on one of the units. > > > > A little more info would be helpful. From a term screen type the command > > ifconfig and paste the info you get as well as the results from the route -n > > command to the email. > > > > It would be good to also see the contents of the following files: > > /etc/sysconfig/network > /etc/sysconfig/network-scripts/ifcfg-eth0 > > This is where the network settings are stored. The GATEWAY setting is in the > first file, the IP address, netmask, broadcast etc. are in ifcfg-eth0. It is > often easier and more reliable to just edit these files manually instead of > using a wizard. > > Doing a: > > # service network restart > > should make your changes take effect. > > Use ifconfig to make sure the NIC is up and has the right IP, etc.. > > - -- > KevinO > > If Microsoft built cars, If you were involved in a crash, you would have > no idea what happened. > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/j83QWOfRC7Rnmv8RAvANAJ0SJV7zmdbpM4xldLNJCOzpvpD1EgCfXKAX > I0HJ3TIVyor091idCfuxZ+4= > =BeR0 > -END PGP SIGNATURE- > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
On Thu, 2003-10-16 at 18:54, Brett W Tippet wrote: > Thanks for the reply. > > Yeh ... done that ... > > It's going into a cisco catalyst 2900XL and I've tried a few patch cables > which work straight away when plugged into another PC .. the machine that > isn't working is lighting up on the switch. > > I have 3 LAN cards with the same chipset ... all do the same thing ... it's > like some odd routing restriction is in place? .. no firewall is enabled or > anything. > > Brett. > > > - Original Message - > From: "Kwan Lowe" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, October 17, 2003 11:06 AM > Subject: Re: [expert] ip addressing on lan > > > > > > > When I apply this IP using the wizard on install it all takes and seems > to > > > be there .. If I try and ping anything on the LAN I get destination > > > unreachable, and if I ping the unit from another machine on the LAN it > > > times out. But from the 9.1 machine, I can ping 192.168.0.200 (it's NIC > > > ip) .. the routing table sees the ip, but wont look at the gateway or > LAN. > > > . > > > > Sounds suspiciously like a bad cable/connection. Can you try switching the > > cable to a known-good and plugging into a know-good port on the hub or > > switch? RedHat does this to me a lot. Seems that a copy of the the ifcfg-eth0 file gets copied over into /etc/sysconfig/networking/profiles or devices. Then the box gets confused trying to read both of them and the route never gets read right. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
On Friday 17 Oct 2003 1:06 am, Kwan Lowe wrote: > > When I apply this IP using the wizard on install it all takes and seems > > to be there .. If I try and ping anything on the LAN I get destination > > unreachable, and if I ping the unit from another machine on the LAN it > > times out. But from the 9.1 machine, I can ping 192.168.0.200 (it's NIC > > ip) .. the routing table sees the ip, but wont look at the gateway or > > LAN. . > > Sounds suspiciously like a bad cable/connection. Can you try switching the > cable to a known-good and plugging into a know-good port on the hub or > switch? TCPDump is useful for debugging this sort of thing, -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill wrote: > You may also have a net mask wrong on one of the units. > > A little more info would be helpful. From a term screen type the command > ifconfig and paste the info you get as well as the results from the route -n > command to the email. > It would be good to also see the contents of the following files: /etc/sysconfig/network /etc/sysconfig/network-scripts/ifcfg-eth0 This is where the network settings are stored. The GATEWAY setting is in the first file, the IP address, netmask, broadcast etc. are in ifcfg-eth0. It is often easier and more reliable to just edit these files manually instead of using a wizard. Doing a: # service network restart should make your changes take effect. Use ifconfig to make sure the NIC is up and has the right IP, etc.. - -- KevinO If Microsoft built cars, If you were involved in a crash, you would have no idea what happened. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/j83QWOfRC7Rnmv8RAvANAJ0SJV7zmdbpM4xldLNJCOzpvpD1EgCfXKAX I0HJ3TIVyor091idCfuxZ+4= =BeR0 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
On October 16, 2003 04:46 pm, Brett W Tippet wrote: > Hey guys .. got a slightly weird one. > > I've been running Mandrake 9.0 for ages .. I've just put another pc on my > network and have install 9.1 ... the install has seemed to install all the > required packages and has found the correct hardware (including the NIC) .. > > I have the pc on a 192.168.0.0 network .. I've given it 192.168.0.200 and > the gateway is 192.168.0.1 > > When I apply this IP using the wizard on install it all takes and seems to > be there .. If I try and ping anything on the LAN I get destination > unreachable, and if I ping the unit from another machine on the LAN it > times out. But from the 9.1 machine, I can ping 192.168.0.200 (it's NIC ip) > .. the routing table sees the ip, but wont look at the gateway or LAN. . > > ANY help would be much appreciated. > > Thanks guys. > > Brett If you can set up internet sharing your outgoing nic, which should be DHCP, and surf from the host then you're fine. As for the internal network if you used the wizard after you assigned the fixed IP to the network you're going to run into a problem. For some reason the wizard wants to use 192.168.1.xxx. Check your scripts :) Also, you will either need to manually assign IP's to every other NIC on the network or use DHCP server and assign them that way. I'd recommend DHCP. Have fun! ttfn John Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
Hi the wizard does not always get it right. Check ifconfig and make sure the interface is up, you can also see what packets its received and sent. Also check your routing "route -en" Did you start shorewall ?(the firewall,I think 9.0 used Bastille) I'm not sure of the default MDK rules, but worth checking if you did start it if icmp type 8 is allowed. see /etc/shorewall/rules. Also worth checking in resolv.conf that there is a valid DNS server, the default from the wizard is localhost. Apart from that as Kwan said your down to the physical connection to the LAN HTH Richard On Fri, 2003-10-17 at 00:46, Brett W Tippet wrote: > Hey guys .. got a slightly weird one. > > I've been running Mandrake 9.0 for ages .. I've just put another pc on > my network and have install 9.1 ... the install has seemed to install > all the required packages and has found the correct hardware > (including the NIC) .. > > I have the pc on a 192.168.0.0 network .. I've given it 192.168.0.200 > and the gateway is 192.168.0.1 > > When I apply this IP using the wizard on install it all takes and > seems to be there .. If I try and ping anything on the LAN I get > destination unreachable, and if I ping the unit from another machine > on the LAN it times out. But from the 9.1 machine, I can ping > 192.168.0.200 (it's NIC ip) .. the routing table sees the ip, but wont > look at the gateway or LAN. . > > ANY help would be much appreciated. > > Thanks guys. > > Brett -- Richard Bown <[EMAIL PROTECTED]> Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
You may also have a net mask wrong on one of the units. A little more info would be helpful. From a term screen type the command ifconfig and paste the info you get as well as thje results from the route -n command to the email. Make sure your link lights are on for both the gateway, pc, and switch/hub. Like Kwan says you may have a bad or incorrect cable. On Star Date Thursday 16 October 2003 06:06 pm, Kwan Lowe sent this sub-space message. > > When I apply this IP using the wizard on install it all takes and seems > > to be there .. If I try and ping anything on the LAN I get destination > > unreachable, and if I ping the unit from another machine on the LAN it > > times out. But from the 9.1 machine, I can ping 192.168.0.200 (it's NIC > > ip) .. the routing table sees the ip, but wont look at the gateway or > > LAN. . > > Sounds suspiciously like a bad cable/connection. Can you try switching the > cable to a known-good and plugging into a know-good port on the hub or > switch? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
Thanks for the reply. Yeh ... done that ... It's going into a cisco catalyst 2900XL and I've tried a few patch cables which work straight away when plugged into another PC .. the machine that isn't working is lighting up on the switch. I have 3 LAN cards with the same chipset ... all do the same thing ... it's like some odd routing restriction is in place? .. no firewall is enabled or anything. Brett. - Original Message - From: "Kwan Lowe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 17, 2003 11:06 AM Subject: Re: [expert] ip addressing on lan > > > When I apply this IP using the wizard on install it all takes and seems to > > be there .. If I try and ping anything on the LAN I get destination > > unreachable, and if I ping the unit from another machine on the LAN it > > times out. But from the 9.1 machine, I can ping 192.168.0.200 (it's NIC > > ip) .. the routing table sees the ip, but wont look at the gateway or LAN. > > . > > Sounds suspiciously like a bad cable/connection. Can you try switching the > cable to a known-good and plugging into a know-good port on the hub or > switch? > > -- > The Digital Hermit Unix and Linux Solutions > http://www.digitalhermit.com > [EMAIL PROTECTED] > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip addressing on lan
> When I apply this IP using the wizard on install it all takes and seems to > be there .. If I try and ping anything on the LAN I get destination > unreachable, and if I ping the unit from another machine on the LAN it > times out. But from the 9.1 machine, I can ping 192.168.0.200 (it's NIC > ip) .. the routing table sees the ip, but wont look at the gateway or LAN. > . Sounds suspiciously like a bad cable/connection. Can you try switching the cable to a known-good and plugging into a know-good port on the hub or switch? -- The Digital Hermit Unix and Linux Solutions http://www.digitalhermit.com [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] ip addressing on lan
Hey guys .. got a slightly weird one. I've been running Mandrake 9.0 for ages .. I've just put another pc on my network and have install 9.1 ... the install has seemed to install all the required packages and has found the correct hardware (including the NIC) .. I have the pc on a 192.168.0.0 network .. I've given it 192.168.0.200 and the gateway is 192.168.0.1 When I apply this IP using the wizard on install it all takes and seems to be there .. If I try and ping anything on the LAN I get destination unreachable, and if I ping the unit from another machine on the LAN it times out. But from the 9.1 machine, I can ping 192.168.0.200 (it's NIC ip) .. the routing table sees the ip, but wont look at the gateway or LAN. . ANY help would be much appreciated. Thanks guys. Brett
RE: [expert] ip rules help
>> what the heck it is? I've never heard of it, but i only get three lines >> returned when I issue the command. man ip Basically it is the commands to utilize the IP Route utility built into the kernel or applied to... Rob Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip rules help
On Thu, 30 Jan 2003, drake wrote: > [root]# ip rule list > RTNETLINK answers: Invalid argument > Dump terminated > [root]# ip rule ls > RTNETLINK answers: Invalid argument > Dump terminated > > Now what do I do? Drake, what the heck it is? I've never heard of it, but i only get three lines returned when I issue the command. -- Mark "If necessity is the mother of invention, then who's the father?" --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 & 9.0 ICQ# 27816299 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] ip rules help
[root]# ip rule list RTNETLINK answers: Invalid argument Dump terminated [root]# ip rule ls RTNETLINK answers: Invalid argument Dump terminated Now what do I do? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] IP masquerade
I want to make my local host can access to internet using IP masquerade, my local network is 10.0.0.0 networking with 255.0.0.0 netmask. when I used command: # /sbin/ipchains -P forward DENY ipchains: Protocol not available then, I tried: iptables -t nat -A POSTROUTING -s 10.0.0.0/255.0.0.0 -j MASQUERADE modprobe: Can't locate module ip_tables iptables v1.2.6a: can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. I've upgraded the kernel but It doesn't work. I don't know how to upgrade iptables. Please tell me how to upgrade iptables or is there someway that I could do to use IP masquerade. thank for advance Ivo. _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP
On Tue, 17 Dec 2002 00:14:33 -0500 Brian York <[EMAIL PROTECTED]> wrote: > How can i find out the ip address of a machine that has been assigned an ip > by DHCP. > > Thanks > Brian > > something like this: IPCONF=($(/sbin/ifconfig ppp0)); echo ${IPCONF[5]#*:} or maybe: IPCONF=($(/sbin/ifconfig eth0)); echo ${IPCONF[6]#*:} bye jipe Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP
On Tue, Dec 17, 2002 at 12:14:33AM -0500, Brian York wrote: > How can i find out the ip address of a machine that has been assigned an ip > by DHCP. Here's a hack I use: #!/usr/bin/perl # Script to print IP address of ethernet connection on the local machine. open(FILE, "/sbin/ifconfig eth0|") || die "Unable to run ifconfig\n"; while () { chomp; if (/inet addr:(\S+)/) { print "$1\n"; last; } } close (FILE); Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP
On Mon, 2002-12-16 at 23:14, Brian York wrote: > How can i find out the ip address of a machine that has been assigned an ip > by DHCP. > > Thanks > Brian /sbin/ifconfig -- Dave Sherman MCSE, MCSA, CCNA "If we wanted you to understand it, we wouldn't call it code." signature.asc Description: This is a digitally signed message part
Re: [expert] IP
On Mon, 2002-12-16 at 21:14, Brian York wrote: > How can i find out the ip address of a machine that has been assigned an ip > by DHCP. > > Thanks > Brian /sbin/ip addr on the machine in question, or tail /var/lib/dhcpd/dhcpd.leases on the server. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] IP
How can i find out the ip address of a machine that has been assigned an ip by DHCP. Thanks Brian Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP look for
Check out dydns.org ( i think its a search for dynamic dns on google). You can register your own dynamic dns name, and have a client running on your box to update the DNS record on their server, that way you dont need your box's ip address. HA!, actually just thought of another project for my home computer. Have a FreeSWAN box up establishing a VPN gateway on boot, why not? On Thursday 12 December 2002 08:36 am, Gonzalo Avaria wrote: > Hi experts. > I need to know if there is a way of knowing the IP address of my home > computer across the net. What i mean is that if i'm in the work and call > to my home so they turn on the box, how can i do it to know from my work > the IP address. I know the first 2 IP numbers(XXX.XXX.NNN.NNN, the X are > the known numbers) so is there a way of scaning the remaining address so i > can look for the one that accepts ssh connections??? > if there is a way IS IT LEGAL??? > The thing is that i cannot ask for someone in my home to look for the IP > because: > 1st I don't want to give access to them > 2nd The person that's on my home all the time dosn't know how to work with > a computer. > That should be all, > SALUDOS Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP look for
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gonzalo Avaria wrote on Thu, Dec 12, 2002 at 12:36:51PM -0300 : > I need to know if there is a way of knowing the IP address of my home > computer across the net. What i mean is that if i'm in the work and call to > my home so they turn on the box, how can i do it to know from my work the IP > address. I know the first 2 IP numbers(XXX.XXX.NNN.NNN, the X are the known Add to your startup scripts something like this: /sbin/ifconfig | mail [EMAIL PROTECTED] -s "Home IP Address" Blue skies... Todd - -- MandrakeSoft USA http://www.mandrakesoft.com Easy things should be easy, and hard things should be possible. --Larry Wall Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9+L1Tlp7v05cW2woRAocOAJ4jRCL3VjcxqhZohlnBZftf5+ToZACeNMNa 2AjDG/fNJX5w1M2Iz1zpjlc= =bVDR -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] IP look for
Hi experts. I need to know if there is a way of knowing the IP address of my home computer across the net. What i mean is that if i'm in the work and call to my home so they turn on the box, how can i do it to know from my work the IP address. I know the first 2 IP numbers(XXX.XXX.NNN.NNN, the X are the known numbers) so is there a way of scaning the remaining address so i can look for the one that accepts ssh connections??? if there is a way IS IT LEGAL??? The thing is that i cannot ask for someone in my home to look for the IP because: 1st I don't want to give access to them 2nd The person that's on my home all the time dosn't know how to work with a computer. That should be all, SALUDOS -- Gonzalo Avaria Linux User #297343 (http://counter.li.org) [EMAIL PROTECTED] Alumno de Licenciatura en Ciencias Fisicas Facultad de Ciencias Fisicas y Matematicas Universidad de Concepcion "No existe mejor educacion que el ejemplo. Aunque sea el ejemplo de un monstruo" Albert Einstein Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP alias. How?
On Mon, 2002-12-02 at 00:38, Alexander Volovics wrote: > On Mon, Dec 02, 2002 at 02:50:55AM +0800, Franki wrote: > > > I prefer to just add them to /etc/sysconf/network-scripts like you said. works >great. > > Thanks for the reply. Got it working now. That's what I did. > > > you can set it up permanently using linuxconf (install linuxconf then run > "netconf" in a terminal.) > > I never use linuxconf anymore. Bad experiences in the past and it's too > obtrusive. I either don't even install it or when installed immediately > remove it. > > Alexander > > -- > *The United States must fully disclose and destroy > it's Weapons of Mass Destruction* If the above is true . Here's the list. Congress Microsoft USPTO Christian Right DMCA UCITA TV Computers that ALMOST do what you need. Blue screen of death. *grin* > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP alias. How?
On Mon, Dec 02, 2002 at 02:50:55AM +0800, Franki wrote: > I prefer to just add them to /etc/sysconf/network-scripts like you said. works great. Thanks for the reply. Got it working now. That's what I did. > you can set it up permanently using linuxconf (install linuxconf then run "netconf" in a terminal.) I never use linuxconf anymore. Bad experiences in the past and it's too obtrusive. I either don't even install it or when installed immediately remove it. Alexander -- *The United States must fully disclose and destroy it's Weapons of Mass Destruction* Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] IP alias. How?
you can set it up permanently using linuxconf (install linuxconf then run "netconf" in a terminal.) It can be used to setup static routes as well... one tip though, when you finish, its gonna want to change stuff (permissions and stuff) over to what it thinks they should be. tell it to "do nothing" you will not lose your changes. I prefer to just add them to /etc/sysconf/network-scripts like you said. works great. rgds Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alexander Volovics Sent: Sunday, 1 December 2002 11:59 PM To: [EMAIL PROTECTED] Subject: [expert] IP alias. How? Hello, I am trying to attach a second IP adress to my pcmcia network card in mandrake-9.0 which uses dhcp to connect to a router. It seems to be impossible to do this via the graphical interfaces: Mandrake Control Center -> Network & internet -> Connection (-> Expert Mode). If I use 'ifconfig' and 'route add' I have a temporary solution lasting till I logout. Where can I configure it to make it permanent. (I am still getting accustomed to the entries under /etc, slightly different than I am used to). Can I add a 'ifcfg-eth0:1' in /etc/sysconfig/network-scripts/ ? I have not been able to find any reference to 'IP aliasing' in the Mandrake documentation. Strange! Alexander -- *The United States must fully disclose and destroy it's Weapons of Mass Destruction* Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] IP alias. How?
Hello, I am trying to attach a second IP adress to my pcmcia network card in mandrake-9.0 which uses dhcp to connect to a router. It seems to be impossible to do this via the graphical interfaces: Mandrake Control Center -> Network & internet -> Connection (-> Expert Mode). If I use 'ifconfig' and 'route add' I have a temporary solution lasting till I logout. Where can I configure it to make it permanent. (I am still getting accustomed to the entries under /etc, slightly different than I am used to). Can I add a 'ifcfg-eth0:1' in /etc/sysconfig/network-scripts/ ? I have not been able to find any reference to 'IP aliasing' in the Mandrake documentation. Strange! Alexander -- *The United States must fully disclose and destroy it's Weapons of Mass Destruction* Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip-masquering rpms
Thanks a lot Mikko; I will try to make the changes this afternoon Francisco Alcaraz El Lun 04 Nov 2002 13:41, Mikko Lipasti escribió: > Hello Francisco, > > First off: Before editing anything, copy the files you are going to edit > to a safe place (or write them down). If there's something I didn't > catch off the top of my head, you can always restore your network > configs to the state you are in right now. > > IP Masquerading is a feature of the Linux kernel, it doesn't come in a > rpm. > > Check the settings in /etc/sysconfig/network-scripts/ifcfg-eth0 and make > sure they are OK. If you use DHCP it should only have this in it: > > DEVICE=eth0 > BOOTPROTO=dhcp > ONBOOT=yes > > Edit file /etc/sysconfig/network and set the attribute FORWARD_IPV4 to > false. Also check that GATEWAY attribute is set correctly. If you use > DHCP, this doesn't matter as it will be overridden. > > When done, reload your network configs with 'service network restart' > and you should be set. > > All of the above needs to be done as root. > > On Mon, 2002-11-04 at 11:39, [EMAIL PROTECTED] wrote: > > Dear friends, > > > > We have installed IP masquering due to an error in a computer having > > just a ethernet card directly connected to internet. > > > > Now everytime we start linux the default ip, dns, gatewall... is that of > > the sharing connection (192.168.1.1..); we need to start Mcc and > > unactivate ip-masquering everytime to have internet avalaible. > > > > We need to know the names of the rpm files that mandrake uses to > > activate ip-masquering and unistall all!! could anyone tell us what are > > those files? -- Francisco Alcaraz Ariza Departamento de Biología Vegetal Universidad de Murcia E-30100 Murcia España (Spain) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip-masquering rpms
Hello Francisco, First off: Before editing anything, copy the files you are going to edit to a safe place (or write them down). If there's something I didn't catch off the top of my head, you can always restore your network configs to the state you are in right now. IP Masquerading is a feature of the Linux kernel, it doesn't come in a rpm. Check the settings in /etc/sysconfig/network-scripts/ifcfg-eth0 and make sure they are OK. If you use DHCP it should only have this in it: DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes Edit file /etc/sysconfig/network and set the attribute FORWARD_IPV4 to false. Also check that GATEWAY attribute is set correctly. If you use DHCP, this doesn't matter as it will be overridden. When done, reload your network configs with 'service network restart' and you should be set. All of the above needs to be done as root. On Mon, 2002-11-04 at 11:39, [EMAIL PROTECTED] wrote: > Dear friends, > > We have installed IP masquering due to an error in a computer having > just a ethernet card directly connected to internet. > > Now everytime we start linux the default ip, dns, gatewall... is that of > the sharing connection (192.168.1.1..); we need to start Mcc and > unactivate ip-masquering everytime to have internet avalaible. > > We need to know the names of the rpm files that mandrake uses to > activate ip-masquering and unistall all!! could anyone tell us what are > those files? -- Mikko Lipasti Polarcom Consulting Oy :: [EMAIL PROTECTED] :: +358 (0)40 5590 988 signature.asc Description: This is a digitally signed message part
[expert] ip-masquering rpms
Dear friends, We have installed IP masquering due to an error in a computer having just a ethernet card directly connected to internet. Now everytime we start linux the default ip, dns, gatewall... is that of the sharing connection (192.168.1.1..); we need to start Mcc and unactivate ip-masquering everytime to have internet avalaible. We need to know the names of the rpm files that mandrake uses to activate ip-masquering and unistall all!! could anyone tell us what are those files? Thanks so much in advance; yours sincerely Francisco Alcaraz Murcia (Spain) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP Tables Startup failure
I am using the stock LM 8.1 Kernel. I have just updated to the updated, distribution kernel. Is this something that cannot be accomplishsed with the 'Stock' Kernel? If so, then I'll build one. On Thu, 21 Feb 2002, Lyvim Xaphir wrote: > On Thursday 21 February 2002 13:34, you wrote: > > I am attempting to implement a seemingly simple NAT translation on the > > LM 8.1 Commercial distribution (Yes, I support Mandrake, and have for > > several years). HOWEVER, when I attempt the rc.firewall script as > > described in the Linux IP Masquerade Resource > > http://www.e-infomax.com/ipmasq/ I get the following errors: > > > > Loading simple rc.firewall version 0.63.. > > > >External Interface: eth0 > >Internal Interface: eth1 > >loading modules: - > > Verifying that all kernel modules are ok > > ip_tables, Using > > /lib/modules/2.4.8-26mdk/kernel/net/ipv4/netfilter/ip_tables.o > > Hint: insmod errors can be caused by incorrect module parameters, > > including invalid IO or IRQ parameters > > ip_conntrack, Using > > /lib/modules/2.4.8-26mdk/kernel/net/ipv4/netfilter/ip_conntrack.o > > Hint: insmod errors can be caused by incorrect module parameters, > > including invalid IO or IRQ parameters > > > > > > > > Any Ideas? Suggestions? Solutions?? > > Has your kernel been recompiled? I.E.are you running something other > than the "factory" version? > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IP Tables Startup failure
On Thursday 21 February 2002 13:34, you wrote: > I am attempting to implement a seemingly simple NAT translation on the > LM 8.1 Commercial distribution (Yes, I support Mandrake, and have for > several years). HOWEVER, when I attempt the rc.firewall script as > described in the Linux IP Masquerade Resource > http://www.e-infomax.com/ipmasq/ I get the following errors: > > Loading simple rc.firewall version 0.63.. > >External Interface: eth0 >Internal Interface: eth1 >loading modules: - > Verifying that all kernel modules are ok > ip_tables, Using > /lib/modules/2.4.8-26mdk/kernel/net/ipv4/netfilter/ip_tables.o > Hint: insmod errors can be caused by incorrect module parameters, > including invalid IO or IRQ parameters > ip_conntrack, Using > /lib/modules/2.4.8-26mdk/kernel/net/ipv4/netfilter/ip_conntrack.o > Hint: insmod errors can be caused by incorrect module parameters, > including invalid IO or IRQ parameters > > > > Any Ideas? Suggestions? Solutions?? Has your kernel been recompiled? I.E.are you running something other than the "factory" version? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] IP Tables Startup failure
I am attempting to implement a seemingly simple NAT translation on the LM 8.1 Commercial distribution (Yes, I support Mandrake, and have for several years). HOWEVER, when I attempt the rc.firewall script as described in the Linux IP Masquerade Resource http://www.e-infomax.com/ipmasq/ I get the following errors: Loading simple rc.firewall version 0.63.. External Interface: eth0 Internal Interface: eth1 loading modules: - Verifying that all kernel modules are ok ip_tables, Using /lib/modules/2.4.8-26mdk/kernel/net/ipv4/netfilter/ip_tables.o Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters ip_conntrack, Using /lib/modules/2.4.8-26mdk/kernel/net/ipv4/netfilter/ip_conntrack.o Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters Any Ideas? Suggestions? Solutions?? -- Albert E. Whale - CISSP http://www.abs-comptech.com -- ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists Sr. Security, Network, and Systems Consultant Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ip fowarding
Pierre Fortin wrote: > > Larry Sword wrote: > > > > Jørgen Traun wrote: > > > > > > Hi > > > > > > I have forgotten how to turn on the IP Forwarding funktion on a Mandrake 7.1. >Does > > > anyone know? > > > > > > Thanks > > > Joergen > > /etc/sysconfig/network > > As root edit this file and change, "FORWARD_IP$=true" > ^ > s/\$/V4/ > FORWARD_IPV4=true > P. Wow! How did I ever type thst so wrong. Great Save. Tks. Larry > > > Restart you network. > > > > -- > > Sword'sEdge > > VoiceMail/Fax: (858) 860-6406 x1587
Re: [expert] ip fowarding
Why don't U use iptables, it's more powerfull. Here's an example: http://www.flux.org/pipermail/linux/2001-May/003528.html - Original Message - From: "Larry Sword" <[EMAIL PROTECTED]> To: "Jørgen Traun" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, June 22, 2001 7:46 PM Subject: Re: [expert] ip fowarding > Jørgen Traun wrote: > > > > Hi > > > > I have forgotten how to turn on the IP Forwarding funktion on a Mandrake 7.1. Does > > anyone know? > > > > Thanks > > Joergen > /etc/sysconfig/network > As root edit this file and change, "FORWARD_IP$=true" > Restart you network. > > -- > Sword'sEdge > VoiceMail/Fax: (858) 860-6406 x1587 >
Re: [expert] ip fowarding
Larry Sword wrote: > > Jørgen Traun wrote: > > > > Hi > > > > I have forgotten how to turn on the IP Forwarding funktion on a Mandrake 7.1. Does > > anyone know? > > > > Thanks > > Joergen > /etc/sysconfig/network > As root edit this file and change, "FORWARD_IP$=true" ^ s/\$/V4/ FORWARD_IPV4=true P. > Restart you network. > > -- > Sword'sEdge > VoiceMail/Fax: (858) 860-6406 x1587
Re: [expert] ip fowarding
Jørgen Traun wrote: > > Hi > > I have forgotten how to turn on the IP Forwarding funktion on a Mandrake 7.1. Does > anyone know? > > Thanks > Joergen /etc/sysconfig/network As root edit this file and change, "FORWARD_IP$=true" Restart you network. -- Sword'sEdge VoiceMail/Fax: (858) 860-6406 x1587
Re: [expert] ip fowarding
Jørgen Traun <[EMAIL PROTECTED]> wrote: > > I have forgotten how to turn on the IP Forwarding funktion on a > Mandrake 7.1. Does anyone know? Joergen, Install the ipchains rpm package and then read the documentation for it. There's also an ipchains HOWTO. It doesn't seem to be too obvious to some how to configure ipchains to start up correctly at boot time, so here are some pointers. I'm running Mandrake 7.1 and I've got ipchains-1.3.9-6mdk installed. The init script (/etc/rc.d/init.d/ipchains) included in that package expects you to store your ipchains configuration in /etc/sysconfig/ipchains. To do this, use /sbin/ipchains to build a rule list and then use: # ipchains-save > /etc/sysconfig/ipchains to write it out to a file. Make sure that you've configured ipchains to start up for the right run levels (same as "network") using chkconfig. The init script provided is already configured to start ipchains at the proper time, which is *before* enabling your network interfaces. HTH, {Bryan} -- Bryan D Howard <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
[expert] ip fowarding
Hi I have forgotten how to turn on the IP Forwarding funktion on a Mandrake 7.1. Does anyone know? Thanks Joergen
(forw) [expert] ip fowarding
I think I got this by accident. Julia - Forwarded message from Jørgen Traun <[EMAIL PROTECTED]> - Date: Fri, 22 Jun 2001 23:48:30 +0200 From: Jørgen Traun <[EMAIL PROTECTED]> X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3-20mdk i686) To: "Julia A. Case" <[EMAIL PROTECTED]> Subject: [expert] ip fowarding Hi I have forgotten how to turn on the IP Forwarding funktion on a Mandrake 7.1. Does anyone know? Thanks Joergen - End forwarded message - -- [ Julia Anne Case ] [Ships are safe inside the harbor, ] [Programmer at large] [ but is that what ships are really for.] [ Admining Linux ] [ To thine own self be true. ] [ Windows/WindowsNT ] [ Fair is where you take your cows to be judged. ]
[expert]IP Address and Apache
Hi all, I just installed LM 8 and basically it's great. But there are some problems I could not solve yet even searching in all possible archives and support sites. My environment: ADSL Router (Zyxel) which connects to the wan and, as dhcp server, leases ip addresses to our little lan consisting of two macs and my linux-box. the lan is connected by an ethernet hub. problem: When booting the linux box, it says no ip-address found, starting httpd fails (beginning with mod_perl, then all other apache-thinghs, and the ftp-deamon as well). Trying to start the apache manually after booting fails. facts: the two macs have no problems to get their ip-addresses from the dhcp-server/ router. silly: i can access websites with the browser with no problem, which means that my machine knows the ip's of the name servers of my isp, and this information comes from the router/dhcp-server as well. anyone a good idea? cheers peter
Re: [expert] IP Alias - What File Stores The Settings?
Thanks!!! >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 6/11/01, 2:11:31 PM, Scott Taylor <[EMAIL PROTECTED]> wrote regarding Re: [expert] IP Alias - What File Stores The Settings?: > At 01:56 PM 06/11/01, Sevatio wrote: > >What file is used to store the settings for multiple IP addresses to one > >eth card? > Hi, > You should be able to find the scripts, ifup and ifdown here: > /etc/sysconfig/network-scripts/ > and the config file for each card, i.e.: > ifcfg-eth0 > ifcfg-eth0:0 > example eth0:0 (alias 0 of eth0) file: > BROADCAST=192.168.99.255 > DEVICE=eth0:0 > NETMASK=255.255.255.0 > IPADDR=192.168.99.211 > NETWORK=192.168.99.0 > ONBOOT=yes > BOOTPROTO=none > HTH
Re: [expert] IP Alias - What File Stores The Settings?
At 01:56 PM 06/11/01, Sevatio wrote: >What file is used to store the settings for multiple IP addresses to one >eth card? Hi, You should be able to find the scripts, ifup and ifdown here: /etc/sysconfig/network-scripts/ and the config file for each card, i.e.: ifcfg-eth0 ifcfg-eth0:0 example eth0:0 (alias 0 of eth0) file: BROADCAST=192.168.99.255 DEVICE=eth0:0 NETMASK=255.255.255.0 IPADDR=192.168.99.211 NETWORK=192.168.99.0 ONBOOT=yes BOOTPROTO=none HTH
[expert] IP Alias - What File Stores The Settings?
What file is used to store the settings for multiple IP addresses to one eth card? Seve
[expert] IP Tables working in LM8?
I'm wondering about the functioning of IPTables on my LM8 install. I have two ethernet cards: eth0 is external and eth1 is internal. Using nmap, I get: [root@mozart root]# nmap -sT : 6000/tcp open X11 among other entries. When I do: iptables -A INPUT -p tcp --destination-port 6000 -i eth0 -j DROP the command is accepted, but nmap still shows port 6000 as being open. Any idea what's going on?
Re: [expert] IP Masquerading Problems
You might want to try: echo 1 > /proc/sys/net/ipv4/ip_forward Also I noticed that the routing for eth0 is in the routing table twice, this seems a bit weird. If the above command doesn't fix it, try taking down the card (ifdown eth0) and bring it back up (ifup eth0) to see if this clears up those routes. Or you could use the "route" command, but I know that I try to avoid it :-) Nathan Callahan On Friday, June 1, 2001, at 01:47 PM, Abiel Reinhart wrote: > After reformatting my system and upgrading to Linux Mandrake 8.0 from > 7.2, I am unable to get IP masquerading to function. I was able to get > it working with 7.2 and with Redhat 7.0 and earlier, with the same > hardware configuration and client configuration I am using now. I am > using kernel 2.2.19 (my modem driver does not function with the 2.4.x > series), with all masquerading related options enabled. > > I am using a ppp modem connection, with a dynamically assigned IP. > > Linux router: 192.168.0.1 > Windows 2000 client: 192.168.0.2 (worked with Mandrake 7.2, so already > configured.) > > netstat -rn: > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt > Iface > 12.7.120.2510.0.0.0 255.255.255.255 UH0 0 0 > ppp0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 > lo > 0.0.0.0 12.7.120.2510.0.0.0 UG0 0 0 > ppp0 > > ipchains -nL: > Chain input (policy ACCEPT): > Chain forward (policy DENY): > target prot opt sourcedestination > ports > MASQ all -- 192.168.0.0/24 0.0.0.0/0 n/a > Chain output (policy ACCEPT): > > ifconfig: > eth0 Link encap:Ethernet HWaddr 00:20:78:10:1D:D6 > inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:9 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:1010 (1010.0 b) TX bytes:264 (264.0 b) > Interrupt:5 Base address:0xe000 > > loLink encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:44 errors:0 dropped:0 overruns:0 frame:0 > TX packets:44 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:3248 (3.1 Kb) TX bytes:3248 (3.1 Kb) > > ppp0 Link encap:Point-to-Point Protocol > inet addr:12.7.121.89 P-t-P:12.7.120.251 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1518 Metric:1 > RX packets:213 errors:0 dropped:0 overruns:0 frame:0 > TX packets:214 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:10 > RX bytes:115513 (112.8 Kb) TX bytes:24652 (24.0 Kb) > > Local network connectivity is operating correctly (I can ping both > ways). Tcpdump on the router shows incoming activity on eth0 when I try > to access the Internet from 192.168.0.2, but no outgoing packets on > device ppp0. I am unable to ping my ppp gateway (12.7.120.251). > > Any help is greatly appreciated. Thank you. > > Abiel Reinhart > [EMAIL PROTECTED] >
[expert] IP Masquerading Problems
After reformatting my system and upgrading to Linux Mandrake 8.0 from 7.2, I am unable to get IP masquerading to function. I was able to get it working with 7.2 and with Redhat 7.0 and earlier, with the same hardware configuration and client configuration I am using now. I am using kernel 2.2.19 (my modem driver does not function with the 2.4.x series), with all masquerading related options enabled. I am using a ppp modem connection, with a dynamically assigned IP. Linux router: 192.168.0.1 Windows 2000 client: 192.168.0.2 (worked with Mandrake 7.2, so already configured.) netstat -rn: Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 12.7.120.2510.0.0.0 255.255.255.255 UH0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 12.7.120.2510.0.0.0 UG0 0 0 ppp0 ipchains -nL: Chain input (policy ACCEPT): Chain forward (policy DENY): target prot opt sourcedestination ports MASQ all -- 192.168.0.0/24 0.0.0.0/0 n/a Chain output (policy ACCEPT): ifconfig: eth0 Link encap:Ethernet HWaddr 00:20:78:10:1D:D6 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1010 (1010.0 b) TX bytes:264 (264.0 b) Interrupt:5 Base address:0xe000 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:44 errors:0 dropped:0 overruns:0 frame:0 TX packets:44 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3248 (3.1 Kb) TX bytes:3248 (3.1 Kb) ppp0 Link encap:Point-to-Point Protocol inet addr:12.7.121.89 P-t-P:12.7.120.251 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1518 Metric:1 RX packets:213 errors:0 dropped:0 overruns:0 frame:0 TX packets:214 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:115513 (112.8 Kb) TX bytes:24652 (24.0 Kb) Local network connectivity is operating correctly (I can ping both ways). Tcpdump on the router shows incoming activity on eth0 when I try to access the Internet from 192.168.0.2, but no outgoing packets on device ppp0. I am unable to ping my ppp gateway (12.7.120.251). Any help is greatly appreciated. Thank you. Abiel Reinhart [EMAIL PROTECTED]
[expert] IP Accounting Help
I would like to post a question about how other people do the IP accounting on the servers that have multiple IP Addresses on the same network card and what they uses on it. I am currently using the Linux Mandrake 7.2 on it and I have 30 IP addresses on them. Sowhat do you use to get the IP accounting of the bandwidth usage for each IP address on the same network card and show accordly? Thanks for any help and suggestions for this. -- Linux Administrator & Consultant Russell "Elik" Rademacher
RE: [expert] IP alias trouble <--- CROSSPOST
Have you tried using either Webmin or Linuxconf? They will create another file for the definition of the alias which gets read at boot time. On Thu, 15 Feb 2001, Steve.Wambolt wrote: > Have you figured out this problem; > > I was using ifconfig alias on a UNIXWARE machine it it works well, the end > result is the server can be connect to via either IP address. I am trying to > do the same thing with LINUX - but I dont see "alias" as an option within > the man page on ifconfig. > > > Steve > > > -Original Message- > > From: gcobb [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, November 15, 2000 5:02 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [expert] IP alias trouble <--- CROSSPOST > > > > > > Please do not crosspost into newbie and into here. We have enough to read > > without having to read the message in two places. Thanks! > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of jean-philippe > > > Sent: Wednesday, November 15, 2000 8:18 AM > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > > Subject: [expert] IP alias trouble > > > > > > > > > Hi! > > > > > > I have a range of IP adresses on the internet going from a.b.c.64 to > > > a.b.c.95. > > > I have two machines in my DMZ (a.b.c.66 and 68). > > > All this works without a problem. > > > > > > The trouble comes when I try to add an IP alias : > > > Here is the command I use to create it : > > > /sbin/ifconfig eth0:1 a.b.c.90 netmask 255.255.255.224 broadcast > > > a.b.c.95 > > > > > > If I add it to a.b.c.66, everything works fine. I can access my new > > > address (a.b.c.90) from anywhere. > > > But if I take out the alias from this card and make the same alias on > > > the other machine, then I can only access it from the local network (eg > > > from the DMZ)!! If I try to connect (www, ftp, pop3, ping, anything!) to > > > a.b.c.90 from anywhere on the internet, it doesn't work! (The server > > > does not respond). > > > > > > I checked that it was not a firewalling problem, but all the rules are > > > set to "ACCEPT". I alsop though that it could be a routing problem (but > > > then I don't understand why it would have worked when the alias was on > > > the other machine), or maybe a "promiscuous mode" trouble or something, > > > but I wasn't able to solve anything. > > > > > > Can somebody help me? > > > > > > Thanx. > > > Flupke > > > -- > > > << There's no place like ~! >> > > > > > > > > > >
Re: [expert] IP alias trouble <--- CROSSPOST
On Thursday 15 February 2001 02:56 pm, you wrote: > Have you figured out this problem; > > I was using ifconfig alias on a UNIXWARE machine it it works well, the > end result is the server can be connect to via either IP address. I am > trying to do the same thing with LINUX - but I dont see "alias" as an > option within the man page on ifconfig. It's not an option per se. Ifconfig addresses the aliases directly, so to set aliases for eth0 you would use ifconfig eth0:0, eth0:1, eth0:2, etc. where :N is the alias number. Does that help? -- Matthew Micene A host is a host from coast to coast, Systems Development Managerand no one will talk to a host too close Express Search Inc.Unless the host that isn't close www.ExpressSearch.com is busy, hung or dead
RE: [expert] IP alias trouble <--- CROSSPOST
Have you figured out this problem; I was using ifconfig alias on a UNIXWARE machine it it works well, the end result is the server can be connect to via either IP address. I am trying to do the same thing with LINUX - but I dont see "alias" as an option within the man page on ifconfig. Steve > -Original Message- > From: gcobb [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 15, 2000 5:02 PM > To: [EMAIL PROTECTED] > Subject: RE: [expert] IP alias trouble <--- CROSSPOST > > > Please do not crosspost into newbie and into here. We have enough to read > without having to read the message in two places. Thanks! > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of jean-philippe > > Sent: Wednesday, November 15, 2000 8:18 AM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: [expert] IP alias trouble > > > > > > Hi! > > > > I have a range of IP adresses on the internet going from a.b.c.64 to > > a.b.c.95. > > I have two machines in my DMZ (a.b.c.66 and 68). > > All this works without a problem. > > > > The trouble comes when I try to add an IP alias : > > Here is the command I use to create it : > > /sbin/ifconfig eth0:1 a.b.c.90 netmask 255.255.255.224 broadcast > > a.b.c.95 > > > > If I add it to a.b.c.66, everything works fine. I can access my new > > address (a.b.c.90) from anywhere. > > But if I take out the alias from this card and make the same alias on > > the other machine, then I can only access it from the local network (eg > > from the DMZ)!! If I try to connect (www, ftp, pop3, ping, anything!) to > > a.b.c.90 from anywhere on the internet, it doesn't work! (The server > > does not respond). > > > > I checked that it was not a firewalling problem, but all the rules are > > set to "ACCEPT". I alsop though that it could be a routing problem (but > > then I don't understand why it would have worked when the alias was on > > the other machine), or maybe a "promiscuous mode" trouble or something, > > but I wasn't able to solve anything. > > > > Can somebody help me? > > > > Thanx. > > Flupke > > -- > > << There's no place like ~! >> > > > > >
Re: [expert] IP forwarding, not masquerading
On Wednesday 31 January 2001 06:31, you wrote: > Consider this scenerio: > > I'm sorta running , or getting running at the mo half of this type of system. The private net declare as FRIENDNET and set the BITMASK. As for the NIC's I found the one using dynamic addressing must be bought first. I compiled the driver in the kernel for eth0 and the other card as a module...I still dont have my system fully running again yet, as I have some permanant links, which are doing very strange things-- like the primary link fails, but the secondary works..even though I known the primary to be active ! I've moved my system from Suse 7.0, which was working, over to Mandrake as I'd really got fed up with the tutonic attitude of suseconfig and yast ! I also use Ip-ip tunneling beweent private net and remote private nets. have fun Richard > - > > | BOX 1 | | BOX 2| > | eth1+> Private net #1 | eth1+> > | Private net #3 > > Internet >--+eth0 | 192.168.1.x/---+eth0 | > 192.168.2.x 1.2.3.x | eth2+--->-->--->-/| > eth2+> 1.2.3.2 IP (not masq!) > > | | Private net #2 | | > > 10.0.0.x - > > Two linux boxes, both running IP Masquerading. > Incoming internet connection has a mess of IPs: 1.2.3.x in this example. > > Private net #1 goes through box 1, then out, no problem. > Private net #3 goes through box 2, then box 1, then out, no problem. > > However, a user on box 2 wants one outside IP address, without any firewall > or masquerading. All ports, both directions. > > Eth0 on box 1 is set to respond to any IP address in its block. > What I want to do is set this up such that if eth0 on box 1 receives a > packet for address 1.2.3.2, it forwards it to eth2, say to address > 10.0.0.2. Then Box 2's eth0, (who's address is set to 10.0.0.1, but should > also respond to multiple IPs), when it sees a packet for IP address > 10.0.0.2, it forwards it to eth2, address 1.2.3.2 (the original). All > types of packets, all ports, the works... just like the user was connected > directly to the internet. > > How do I do this??! > > Bob
[expert] IP forwarding, not masquerading
Consider this scenerio: - | BOX 1 | | BOX 2| | eth1+> Private net #1 | eth1+> Private net #3 Internet >--+eth0 | 192.168.1.x/---+eth0 | 192.168.2.x 1.2.3.x | eth2+--->-->--->-/| eth2+> 1.2.3.2 IP (not masq!) | | Private net #2 | | 10.0.0.x - Two linux boxes, both running IP Masquerading. Incoming internet connection has a mess of IPs: 1.2.3.x in this example. Private net #1 goes through box 1, then out, no problem. Private net #3 goes through box 2, then box 1, then out, no problem. However, a user on box 2 wants one outside IP address, without any firewall or masquerading. All ports, both directions. Eth0 on box 1 is set to respond to any IP address in its block. What I want to do is set this up such that if eth0 on box 1 receives a packet for address 1.2.3.2, it forwards it to eth2, say to address 10.0.0.2. Then Box 2's eth0, (who's address is set to 10.0.0.1, but should also respond to multiple IPs), when it sees a packet for IP address 10.0.0.2, it forwards it to eth2, address 1.2.3.2 (the original). All types of packets, all ports, the works... just like the user was connected directly to the internet. How do I do this??! Bob
[expert] IP MASQ - Time out
Hello I have just installed strong rules for ipchains on my linux box (7.2). The internal network (NT) seems to be working fine but for some external address I've got an error message: request time out. I have also noticed that pinging the linux server from the linux seever itself returns: No buffer space available. How can I figure out how it is going on? Many thanks Eduardo Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
RE: [expert] IP alias trouble <--- CROSSPOST
Please do not crosspost into newbie and into here. We have enough to read without having to read the message in two places. Thanks! > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of jean-philippe > Sent: Wednesday, November 15, 2000 8:18 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: [expert] IP alias trouble > > > Hi! > > I have a range of IP adresses on the internet going from a.b.c.64 to > a.b.c.95. > I have two machines in my DMZ (a.b.c.66 and 68). > All this works without a problem. > > The trouble comes when I try to add an IP alias : > Here is the command I use to create it : > /sbin/ifconfig eth0:1 a.b.c.90 netmask 255.255.255.224 broadcast > a.b.c.95 > > If I add it to a.b.c.66, everything works fine. I can access my new > address (a.b.c.90) from anywhere. > But if I take out the alias from this card and make the same alias on > the other machine, then I can only access it from the local network (eg > from the DMZ)!! If I try to connect (www, ftp, pop3, ping, anything!) to > a.b.c.90 from anywhere on the internet, it doesn't work! (The server > does not respond). > > I checked that it was not a firewalling problem, but all the rules are > set to "ACCEPT". I alsop though that it could be a routing problem (but > then I don't understand why it would have worked when the alias was on > the other machine), or maybe a "promiscuous mode" trouble or something, > but I wasn't able to solve anything. > > Can somebody help me? > > Thanx. > Flupke > -- > << There's no place like ~! >> > > Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
[expert] IP alias trouble
Hi! I have a range of IP adresses on the internet going from a.b.c.64 to a.b.c.95. I have two machines in my DMZ (a.b.c.66 and 68). All this works without a problem. The trouble comes when I try to add an IP alias : Here is the command I use to create it : /sbin/ifconfig eth0:1 a.b.c.90 netmask 255.255.255.224 broadcast a.b.c.95 If I add it to a.b.c.66, everything works fine. I can access my new address (a.b.c.90) from anywhere. But if I take out the alias from this card and make the same alias on the other machine, then I can only access it from the local network (eg from the DMZ)!! If I try to connect (www, ftp, pop3, ping, anything!) to a.b.c.90 from anywhere on the internet, it doesn't work! (The server does not respond). I checked that it was not a firewalling problem, but all the rules are set to "ACCEPT". I alsop though that it could be a routing problem (but then I don't understand why it would have worked when the alias was on the other machine), or maybe a "promiscuous mode" trouble or something, but I wasn't able to solve anything. Can somebody help me? Thanx. Flupke -- << There's no place like ~! >> Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
RE: [expert] IP Masquerading
Trusted Networks # $IPCHAINS -A input -s 209.113.135.0/24 -d $IP_ADDRESS_0 -j ACCEPT $IPCHAINS -A input -s frith.ne.mediaone.net -d $IP_ADDRESS_0 -j ACCEPT $IPCHAINS -A input -s danclark.ne.mediaone.net -d $IP_ADDRESS_0 -j ACCEPT $IPCHAINS -A input -s dunamis.ne.mediaone.net -d $IP_ADDRESS_0 -j ACCEPT # # Set telnet, www and FTP for minimum delay - This section manipulates the # # Type Of Service (TOS) bits of the packet. For this to work, you must have # # CONFIG_IP_ROUTE_TOS enabled in your kernel. # # $IPCHAINS -A output -p tcp -d $ANYWHERE www -t 0x01 0x10 $IPCHAINS -A output -p tcp -d $ANYWHERE telnet -t 0x01 0x10 $IPCHAINS -A output -p tcp -d $ANYWHERE ftp -t 0x01 0x10 # # Set FTP data for maximum throughput - This section manipulates the Type # # Of Service (TOS) bits of the packet. For this to work, you must have # # CONFIG_IP_ROUTE_TOS enabled in your kernel. # # $IPCHAINS -A output -p tcp -d $ANYWHERE ftp-data -t 0x01 0x08 # # Deny everything else hitting the input chain. # # $IPCHAINS -A input -p tcp -i $EXTERNAL_INTERFACE -d $IP_ADDRESS_0 -j DENY $IPCHAINS -A input -p udp -i $EXTERNAL_INTERFACE \ -d $IP_ADDRESS_0 $UNPRIVILEGED_PORTS -j DENY $IPCHAINS -A output -p icmp -i $EXTERNAL_INTERFACE -s $IP_ADDRESS_0 5 -j DENY #$IPCHAINS -A input -p icmp -i $EXTERNAL_INTERFACE \ # -s $ANYWHERE 5 13 14 15 16 17 18 -d $IP_ADDRESS_0 -j DENY ## # Allow everything else on the output chain. # ## $IPCHAINS -A output -i $EXTERNAL_INTERFACE -s $IP_ADDRESS_0 -j ACCEPT # # Masquerade the internal network so we have access to the Internet through # # our connection on the $EXTERNAL_INTERFACE.# # $IPCHAINS -A forward -i $EXTERNAL_INTERFACE -s $INTERNAL_NETWORK -j MASQ <<< end mail main at : [EMAIL PROTECTED] web f51.w3.to linux project LinuxMelayu.w3.to web mail f51.i-p.com icq #781787 -Original Message- From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> on behalf of"Sheridan Hawken" <[EMAIL PROTECTED]> Sent: Friday, November 03, 2000 6:08 AM To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Subject:Re: [expert] IP Masquerading Hi Jon, I would use port forwarding. The rule in ipchains looks like this: /usr/sbin/ipmasqadm portfw -a -p tcp -L InternetIP Port -R InternalIP Port /usr/sbin/ipmasqadm portfw -a -p tcp -L xxx.xxx.xxx.xxx 80 -R xxx.xxx.xxx.xxx 80 ( this allows http through to an internal machine ) There are some good how to docs on Ipchains at www.linuxdoc.org that can tell you more about it. Sheridan Jon Greisz wrote: > I'm a linux newbie. I've set up a machine with Mandrake 7.1 that I'm about to >convert to 7.2. I want to use it as a firewall between my internal network and my >outside T1. I've got a firewall script set up using IPChains that seems to work >pretty well. I created and used internal network IP addresses. > > I've got several machines where I would like certain ports to get through the >firewall. I have assigned internet IP addresses for these machines that I would like >to translate to my internal IP's, and reverse it going out. But only on certain >ports. > > What is the best approach for this? > > Thanks, > > Jon Greisz > > *** REPLY SEPARATOR *** > > On 11/2/00 at 8:45 AM Mark Johnson wrote: > > >Yes, this looks like another eruption of off-topic posts... IMHO, VB should > >be ported because that is the only way to achieve portability for MS Office > >documents. StarOffice is really cool but ultimately not feasible if you are > >exchanging documents with a group of MS Office folks. Unfortunately, VB > >would bring office products closer to managing that feasiblity. > >Unfortunately, VB is not an elegant language but it suits it's purpose. Too > >bad tcl, perl, python, java, or javascript wasn't used for building these > >dynamic docs. But those languages present quite a learning curve, this was > >VB strength. Also, it enabled MS to lock in a lot of folks to it's > >proprietary ways of doing things. > > > Keep in touch with http://mandrakeforum.com: > Subscribe the "[EMAIL PROTECTED]" mailing list. Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
Re: [expert] IP Masquerading
Sheridan, Thanks, I'll look at linuxdoc.org. I've downloaded Seattle Firewall as well and am looking at that. Thanks again, Jon *** REPLY SEPARATOR *** On 11/2/00 at 3:08 PM Sheridan Hawken wrote: >Hi Jon, > >I would use port forwarding. The rule in ipchains looks like this: > >/usr/sbin/ipmasqadm portfw -a -p tcp -L InternetIP Port -R InternalIP Port > >/usr/sbin/ipmasqadm portfw -a -p tcp -L xxx.xxx.xxx.xxx 80 -R xxx.xxx.xxx.xxx 80 ( >this allows http through to an internal machine ) > >There are some good how to docs on Ipchains at www.linuxdoc.org that can tell you >more about it. > >Sheridan > > >Jon Greisz wrote: > >> I'm a linux newbie. I've set up a machine with Mandrake 7.1 that I'm about to >convert to 7.2. I want to use it as a firewall between my internal network and my >outside T1. I've got a firewall script set up using IPChains that seems to work >pretty well. I created and used internal network IP addresses. >> >> I've got several machines where I would like certain ports to get through the >firewall. I have assigned internet IP addresses for these machines that I would like >to translate to my internal IP's, and reverse it going out. But only on certain >ports. >> >> What is the best approach for this? >> >> Thanks, >> >> Jon Greisz >> >> *** REPLY SEPARATOR *** >> >> On 11/2/00 at 8:45 AM Mark Johnson wrote: >> >> >Yes, this looks like another eruption of off-topic posts... IMHO, VB should >> >be ported because that is the only way to achieve portability for MS Office >> >documents. StarOffice is really cool but ultimately not feasible if you are >> >exchanging documents with a group of MS Office folks. Unfortunately, VB >> >would bring office products closer to managing that feasiblity. >> >Unfortunately, VB is not an elegant language but it suits it's purpose. Too >> >bad tcl, perl, python, java, or javascript wasn't used for building these >> >dynamic docs. But those languages present quite a learning curve, this was >> >VB strength. Also, it enabled MS to lock in a lot of folks to it's >> >proprietary ways of doing things. >> >> >> Keep in touch with http://mandrakeforum.com: >> Subscribe the "[EMAIL PROTECTED]" mailing list. Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
Re: [expert] IP Masquerading
Hi Jon, I would use port forwarding. The rule in ipchains looks like this: /usr/sbin/ipmasqadm portfw -a -p tcp -L InternetIP Port -R InternalIP Port /usr/sbin/ipmasqadm portfw -a -p tcp -L xxx.xxx.xxx.xxx 80 -R xxx.xxx.xxx.xxx 80 ( this allows http through to an internal machine ) There are some good how to docs on Ipchains at www.linuxdoc.org that can tell you more about it. Sheridan Jon Greisz wrote: > I'm a linux newbie. I've set up a machine with Mandrake 7.1 that I'm about to >convert to 7.2. I want to use it as a firewall between my internal network and my >outside T1. I've got a firewall script set up using IPChains that seems to work >pretty well. I created and used internal network IP addresses. > > I've got several machines where I would like certain ports to get through the >firewall. I have assigned internet IP addresses for these machines that I would like >to translate to my internal IP's, and reverse it going out. But only on certain >ports. > > What is the best approach for this? > > Thanks, > > Jon Greisz > > *** REPLY SEPARATOR *** > > On 11/2/00 at 8:45 AM Mark Johnson wrote: > > >Yes, this looks like another eruption of off-topic posts... IMHO, VB should > >be ported because that is the only way to achieve portability for MS Office > >documents. StarOffice is really cool but ultimately not feasible if you are > >exchanging documents with a group of MS Office folks. Unfortunately, VB > >would bring office products closer to managing that feasiblity. > >Unfortunately, VB is not an elegant language but it suits it's purpose. Too > >bad tcl, perl, python, java, or javascript wasn't used for building these > >dynamic docs. But those languages present quite a learning curve, this was > >VB strength. Also, it enabled MS to lock in a lot of folks to it's > >proprietary ways of doing things. > > > Keep in touch with http://mandrakeforum.com: > Subscribe the "[EMAIL PROTECTED]" mailing list. begin:vcard n:Hawken;Sheridan tel;fax:+1.403.253.5580 tel;work:+1.403.253.5531 x-mozilla-html:FALSE url:www.alterna.com org:Alterna Technologies Group Inc.;Shared Service Centre adr:;;Suite 200, 5970 Centre Street SE ;Calgary;Alberta;T2H 0C1;Canada version:2.1 email;internet:[EMAIL PROTECTED] title:Technology Analyst x-mozilla-cpt:;-29760 fn:Sheridan Hawken end:vcard Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
[expert] IP Masquerading
I'm a linux newbie. I've set up a machine with Mandrake 7.1 that I'm about to convert to 7.2. I want to use it as a firewall between my internal network and my outside T1. I've got a firewall script set up using IPChains that seems to work pretty well. I created and used internal network IP addresses. I've got several machines where I would like certain ports to get through the firewall. I have assigned internet IP addresses for these machines that I would like to translate to my internal IP's, and reverse it going out. But only on certain ports. What is the best approach for this? Thanks, Jon Greisz *** REPLY SEPARATOR *** On 11/2/00 at 8:45 AM Mark Johnson wrote: >Yes, this looks like another eruption of off-topic posts... IMHO, VB should >be ported because that is the only way to achieve portability for MS Office >documents. StarOffice is really cool but ultimately not feasible if you are >exchanging documents with a group of MS Office folks. Unfortunately, VB >would bring office products closer to managing that feasiblity. >Unfortunately, VB is not an elegant language but it suits it's purpose. Too >bad tcl, perl, python, java, or javascript wasn't used for building these >dynamic docs. But those languages present quite a learning curve, this was >VB strength. Also, it enabled MS to lock in a lot of folks to it's >proprietary ways of doing things. Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
[expert] IP Port to serial port?
All linux Experts! I am looking for some simple code that will allow me to telnet into my machine at a pre-defined port number, and connect directly to one of the machine's serial ports, so that data I send goes out the serial port, and vice versa. Flow control not necessary. This seems like a very simple thing - how do I do it? Bob Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
Re: [expert] IP Chains Problem
> /sbin/ipchains -A input -i eth0 -p tcp -d $extip 3306 > -l -j REJECT > /sbin/ipchains -A input -i eth0 -p udp -d $extip 3306 > -l -j REJECT > > $extip is my external IP.. Try something like... /sbin/ipchains -A input -p TCP -s ! 192.168.1.0/24 -d 0/0 3306 -j DENY -l /sbin/ipchains -A input -p UDP -s ! 192.168.1.0/24 -d 0/0 3306 -j DENY -l where 192.168.1.0/24 is your LAN subnet. Thanks... Dan. Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
[expert] IP Chains Problem
I'm having some trouble getting a set of IP Chains rulesets to work. Either I've got them setup wrong or something... I'm trying to block off the open port mysqld and lpd are lustening on on my external IP. I only need both of them to listen on the internal IP Address, cause most data flow to those programs occurs internally. Hence I'm trying to use IP Chains to block off their ports. A telnet to my IP Address on port 3306 fails, but you get a human readable error form MySQL saying your not allowed to connect. So I'm trying the following two IP Chains rules to block it. I think they are right and should do so: /sbin/ipchains -A input -i eth0 -p tcp -d $extip 3306 -l -j REJECT /sbin/ipchains -A input -i eth0 -p udp -d $extip 3306 -l -j REJECT $extip is my external IP.. However, after re-running the IP Chains script I have, a telnet to the external IP on 3306 still causes that error, and a netstat -r still shows a connection was made briefly. If there is anything messed up in my ruleset, let me know.. I took the portscan thingy at www.hackerwhacker.com and they said closing these two ports should be a priority. --Kumba __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
RE: [expert] ip networking
Hi the net woring information is stored under /etc/sysconfig/ there is a file called network in there you need to at least configure your gateway NETWORKING=yes HOSTNAME=" NAME HERE" GATEWAY="131.xxx.xxx.xxx" GATEWAYDEV="eth0 or whatever " cd into networks-scripts in there create a file called ifcfg-eth0 add the lines... DEVICE="eth0" IPADDR="xxx.xxx.xxx.xxx" NETMASK="255.255.255.0" ONBOOT="yes" now cd into /etc/rc.d/init.d and look for a file called network then run it ./network stop ./network start you just need to expreriment with the two files until it looks like what you want. good luck ! Peter Church -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Juster Sent: Thursday, September 07, 2000 12:34 PM To: [EMAIL PROTECTED] Subject: [expert] ip networking Dear all, I have installed and setup madrake 7.1 fine, my first question is this I have setup ip networkin using the three commands if config eth0 131.xxx.x.x netmask 255.255.0.0 up route add -net 133.xxx.x.x netmask 255.255.0.0 route add default gw 131.xxx.x.xx eth0 and I can ping all my servers and clients no problem. This info is lost upon reboot, how do I store this so I do not have to keep entering it. Also why does the linuxconf not seem to enter this info as I tried using this before typing in the commands and it did not work. Thanks for any help Paul _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
[expert] ip networking
Dear all, I have installed and setup madrake 7.1 fine, my first question is this I have setup ip networkin using the three commands if config eth0 131.xxx.x.x netmask 255.255.0.0 up route add -net 133.xxx.x.x netmask 255.255.0.0 route add default gw 131.xxx.x.xx eth0 and I can ping all my servers and clients no problem. This info is lost upon reboot, how do I store this so I do not have to keep entering it. Also why does the linuxconf not seem to enter this info as I tried using this before typing in the commands and it did not work. Thanks for any help Paul _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Re: [expert] IP masq and dialpad.com / Mirc DCC Sends
Andy, To use Dialpad u have to use port forwarding. Following the links to the Port Forwarding section. http://members.home.net/ipmasq/ I am currently using Dialpad with no probs. Cheers Sridhar - Original Message - From: "Andy Judge" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, August 13, 2000 6:50 AM Subject: [expert] IP masq and dialpad.com / Mirc DCC Sends > I just configured my Gateway computer. Everything seems to work well, but I > can not use Dialpad.com and DCC send. I would assume that it is because the > ports are blocked. I have the same problem at work. Has anyone made this > work? I loaded all the modules including irc. > > Side note - Is pmfirewall any good? I had to go line by line on rc.firewall > > Andy > >
Re: [expert] IP masq and dialpad.com / Mirc DCC Sends
You may need to open up ports used by DCC and Dialpad for the service to work. I don't know enough about these two to say which ones are used. Also... I've been sing pmfirewall on my redhat firewall since its previous version, and Ive never had any problems. The new install script covers a much wider range of services and configures SYN_Cookies to prevent that particluar DoS. It is not a service, or module...it simply configures ipchains rules thorugh a script upon successful connection. It is highly configurable more so if you understand ipchains, and configures masquerading wonderfully. At least, that's how I feel aout it. There is a pmfirewall message board you can subscribe to for help if you need it, or you can write me with some questions as well: send an e-mail to [EMAIL PROTECTED] with subscribe pmfirewall in the body for the message board. --Greg > I just configured my Gateway computer. Everything seems to work well, but I > can not use Dialpad.com and DCC send. I would assume that it is because the > ports are blocked. I have the same problem at work. Has anyone made this > work? I loaded all the modules including irc. > > Side note - Is pmfirewall any good? I had to go line by line on rc.firewall > > Andy > __ message envoye depuis http://www.ifrance.com emails (pop)-sites persos (espace illimite)-agenda-favoris (bookmarks)-forums Ecoutez ce message par tel ! : 08 92 68 92 15 (france uniquement)
[expert] IP masq and dialpad.com / Mirc DCC Sends
I just configured my Gateway computer. Everything seems to work well, but I can not use Dialpad.com and DCC send. I would assume that it is because the ports are blocked. I have the same problem at work. Has anyone made this work? I loaded all the modules including irc. Side note - Is pmfirewall any good? I had to go line by line on rc.firewall Andy
Re: [expert] IP Ports
-BEGIN PGP SIGNED MESSAGE- Try this on your local linux box: "more /etc/services" Jay On Fri, 04 Aug 2000, you wrote: > Some time ago, someone posted a link to a page that listed and defined all > the port numbers and their purpose. Does anyone still have that link please > ? > > Thanks, Charley - -- -BEGIN PGP SIGNATURE- Version: PGP 6.5.1i iQCVAwUBOYsCQrWkkhmZq4xxAQEusgQAnOhYYEeoON3K96ghMnAN9BiC4/BFCjpY QM28LwdATbdp7YGE0IMEwUk1I6b0NZ3U5hZuuIHwKoBIONYZBRbwkdGMUcrGqJi9 PvuDj8WQOfr08cUfFocege1qZwNlAXvHfDSGihTvKwKCrgiC9wmMIjvr5SCUgwbp LMHDc19svNI= =abWv -END PGP SIGNATURE-
Re: [expert] IP Ports
On Fri, 04 Aug 2000, Sparks, Charley pushed some small plastic letters in this order: > Some time ago, someone posted a link to a page that listed and defined all > the port numbers and their purpose. Does anyone still have that link please > ? > > Thanks, Charley If you are running any form of Linux you already have the file on your hard drive called /etc/services. If not then an example is available at http://athena.fit.qut.edu.au/etc/services Tony
[expert] IP Ports
Some time ago, someone posted a link to a page that listed and defined all the port numbers and their purpose. Does anyone still have that link please ? Thanks, Charley
Re: [expert] IP Masq connection on demand?
Daniel Bodanske wrote: > >Date: > Thu, 27 Jul 2000 10:33:53 +0700 > From: > Daniel Bodanske <[EMAIL PROTECTED]> > My question is, is the an easy fix to disconnect the ppp0 > device > after about 10 mins of idle time and redial if there is a client request > (for > instance, is the store is empty for a couple of hours, so they don'thave > to > pay the ISP time)? > Thanks in advance > Daniel Heres a link. Its very like what I've been using. If you have a relatively recent version of pppd, thats all you need. Set the disconnect with the idle=x option, x being seconds of idle time before disconnect. Good luck, Gene
Re: [expert] IP Masq connection on demand?
In the /etc/ppp/options file you can try adding the following lines: # Set 'demand' for compatible kernel demand # Satisfy the need for an IP address until # dial-up has assigned one. :10.0.0.0 # Wait for 10 minutes until bringing down # connection. idle 600 If that does not work (and in some circumstances I have experienecd masqued-user authentication problems--can't figure that one out) you can also try diald. diald can be found through freshmeat.net. According to its readme, it handles masquerading and firewalling. Although I am not sure that you will need to rely on the diald script to handle ipchains for you. --Greg > I'm working with some internet cafes in Thailand and are using a Linux > box as > a server and connection to the internet. We use the Squid package to > cache > locally. My question is, is the an easy fix to disconnect the ppp0 > device > after about 10 mins of idle time and redial if there is a client request > (for > instance, is the store is empty for a couple of hours, so they don'thave > to > pay the ISP time)? > Thanks in advance > Daniel > > * Want free email? Sign up at http://www.freeze.com !
Re: [expert] IP Masq connection on demand?
On Thu, 27 Jul 2000, you wrote: > > I'm working with some internet cafes in Thailand and are using a Linux > box as > a server and connection to the internet. We use the Squid package to > cache > locally. My question is, is the an easy fix to disconnect the ppp0 > device > after about 10 mins of idle time and redial if there is a client request > (for > instance, is the store is empty for a couple of hours, so they don'thave > to > pay the ISP time)? > /usr/doc/ppp-/sample/options see the "idle" command option. John
[expert] IP Masq connection on demand?
Date: Thu, 27 Jul 2000 10:33:53 +0700 From: Daniel Bodanske <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] References: 1 I'm working with some internet cafes in Thailand and are using a Linux box as a server and connection to the internet. We use the Squid package to cache locally. My question is, is the an easy fix to disconnect the ppp0 device after about 10 mins of idle time and redial if there is a client request (for instance, is the store is empty for a couple of hours, so they don'thave to pay the ISP time)? Thanks in advance Daniel __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
[expert] IP MASQed Mandrake 7.1 Network Configuration Woes
(please excuse if this message gets double posted, I didn't see it come through the first time!) We all know what the most important use is for our cutting edge PCs. Checking /. and email. And I can't get the blasted box to ping to anything outside of my house when I boot up in Linux. Here's the deal... In my house, we've got a cable modem (from @Home) coming into a Win98 machine (I know...) running Sygate that's doing the network address translation (IP Masquerading/routing/proxying/whatever) for us. This machine has two NICs. One goes out to @Home, the other comes in to a hub. Each of us (6 ppl total) has a computer that we attach (well, logically if not directly..we have two hubs hooked together through the uplink port). The server has an IP address of 192.168.0.1 and it uses DHCP to assign IPs and such to the rest of the machines in the house (of the form, 192.168.0.#... where # is a number between 2 and 9). To summarise a setup that is known to be working under Win 95/98 (my box is 95 and my roommate's downstairs is 98): IP:obtain automatically WINS: disabled Gateway: 192.168.0.1<--This is the Sygate server's IP address DNS: disabled Now, to the best of my ability I configured Linux identically. Logged in a root and used the included graphical network configuration tool, made the following adjustments: - set the global machine name is simply "localhost" (one of my room mates suggested "localhost.@home", but that seems pretty strange to me). - On the "Adaptor 1" page, everything is blank, but the DHCP select box, the driver type (verified to be properly set), and the interface name (i.e. the thing set to "eth0" whose actual title I forgot to write down). - DNS is *not* enabled for normal use and all of the text boxes in that dialog are blank. - I set a default gateway to "192.168.0.1" and the "enable routing" checkbox is *not* checked. (I've tried it checked as well I then applied these settings. Tested them, then rebooted, then tested again. I am able to ping 192.168.0.1. Running "ifconfig" indicates that my IP address was assigned to "192.168.0.3", and I am able to ping this address as well as 127.0.0.1. I am unable to ping my roommates addresses (it can't find them), but apparently they can ping me. I cannot ping Slashdot.org (again, cannot find), but pinging the dotted-quad IP address for Slashdot shows "network unreachable". This led me to believe that I had a routing issue on my hands. Following this revelation, as much of the routing information that I could grab from Linux is below. (note: the tables were hand-aligned with spaces in a fixed width font, but Outlook Express is Evil(tm), so I'm not expecting it to look right on anyone else's machine) Linux output from "route" command (run as root): routing table Dest GwGenMaskMetric Iface 192.168.0.0* 255.255.255.0 0 eth0 127.0.0.0 * 255.0.0.0 0 lo Linux output from "route -C" command (run as root): routing cache Source Dest Gw Iface 192.168.0.1255.255.255.255255.255.255.255 lo After reading the man page for "route", I attempted to add static routes with the following commands: route -host add 192.168.0.1 gw 192.168.0.3 netmask 255.255.255.0 dev eth0 route -net add 0.0.0.0 gw 192.168.0.1 netmask 255.255.255.0 dev eth0 This did not solve the problem, nor did it change either routing table. It seems to me that the gateway ("Gw") information is incorrect, and, I believe central to the network connectivity issues I'm having. I'm unsure of the meaning of a gateway of "*" (from the "route" command's output), but it can't be the same as 192.168.0.1. I continued my research by booting the same machine back into 95. The net connections still worked perfectly. Here is the routing configuration under 95: Win 95 output from "route print" command: Network AddressNetmask Gateway AddressInterface Metric 0.0.0.00.0.0.0 192.168.0.1192.168.0.3 1 127.0.0.0 255.0.0.0127.0.0.1 127.0.0.1 1 192.168.0.0255.255.255.0192.168.0.3192.168.0.3 1 192.168.0.3255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.0.255 255.255.255.255 192.168.0.3192.168.0.3 1 224.0.0.0 224.0.0.0192.168.0.3192.168.0.3 1 255.255.255.255255.255.255.255 192.168.0.3192.168.0.3 1 This machine was able to connect to the net using RedHat 6.0 just a few days ago. I like Mandrake's included apps and the "smoothness" of the distribution a lot, and I expected to have no problems setting it up, but now, I'm fresh out of ideas. Any suggestions? Thanks in advance! --chris
Re: [expert] IP MAsq / IP Chains problems on mandrake 7
Perhaps your firewall is working as expected but your hosts.allow and hosts.deny rules are denying any access? Mine look like (pretty much) like this: # cat /etc/hosts.deny # # Mandrake-Security : if you remove this comment, remove the next line too. ALL:ALL EXCEPT LOCAL:DENY # cat /etc/hosts.allow # ALL:192.168.101.:ALLOW You'd use whatever you use for your local subnet above. Darcy Brodie wrote: > > Hello > > i am still having trouble with this Mandrake setup. > I am attempting to setup IP Masqurading through IP Chains . > I have had this configuration previously running on a RH 5 box, and decided > to upgrade. > > I have used the PMFirewall program to create the firewall and > masqurading rules. From the Linux box, I can ping both the internal > network and the internet. However, from a workstation running win98, I > can only ping the linux box. When I attempt to ping the intetnet, I get > the following (thanks to tcpdump) > > 13:05:47.551865 192.168.67.20 > 220867-db: icmp: 192.168.67.20 udp > port unreachable [tos 0xc0] > > I have have removed all of the pmfirewall rules and tried a very basic > ip chains rules as follows > > echo "1" > /proc/sys/net/ipv4/ip_forward > /sbin/ipchains -P forward DENY > /sbin/ipchains -A forward -s 192.168.67.0/24 -j MASQ > > i realize that this is probablu the simplst ip masq rules that can be > set, but I still get the same message in tcpdump > > I am using 2 network cards, 1 connected directly to my cable modem > (which gets it's ip via dhcp) This is eth0 > The second one is connected to my local network with a static ip of > 192.168.67.20 > The win98 workstation has a static ip of 192.168.67.2 > On the linux box, the DNS server is pointing to the DNS server from > my ISP > The default gateway is also pointing to my ISP's gateway > The above settings are exactly the same as what I was running on > the RH5 box, but I was using ipfwadm for my rules > > Darcy -- "Brian, the man from babble-on" [EMAIL PROTECTED] Brian T. Schellenberger http://www.babbleon.org Support http://www.eff.org. Support decss defendents. Support http://www.programming-freedom.org. Boycott amazon.com.
Re: [expert] IP MAsq / IP Chains problems on mandrake 7
Civileme wrote: > Darcy Brodie wrote: > > > > Hello > > > > i am still having trouble with this Mandrake setup. > > I am attempting to setup IP Masqurading through IP Chains . > > I have had this configuration previously running on a RH 5 box, and decided > > to upgrade. > > > > I have used the PMFirewall program to create the firewall and > > masqurading rules. From the Linux box, I can ping both the internal > > network and the internet. However, from a workstation running win98, I > > can only ping the linux box. When I attempt to ping the intetnet, I get > > the following (thanks to tcpdump) > > > > 13:05:47.551865 192.168.67.20 > 220867-db: icmp: 192.168.67.20 udp > > port unreachable [tos 0xc0] > > > > I have have removed all of the pmfirewall rules and tried a very basic > > ip chains rules as follows > > > > echo "1" > /proc/sys/net/ipv4/ip_forward > > /sbin/ipchains -P forward DENY > > /sbin/ipchains -A forward -s 192.168.67.0/24 -j MASQ > > > > i realize that this is probablu the simplst ip masq rules that can be > > set, but I still get the same message in tcpdump > > > > I am using 2 network cards, 1 connected directly to my cable modem > > (which gets it's ip via dhcp) This is eth0 > > The second one is connected to my local network with a static ip of > > 192.168.67.20 > > The win98 workstation has a static ip of 192.168.67.2 > > On the linux box, the DNS server is pointing to the DNS server from > > my ISP > > The default gateway is also pointing to my ISP's gateway > > The above settings are exactly the same as what I was running on > > the RH5 box, but I was using ipfwadm for my rules > > > > Darcy > > ipchains -P forward DENY > ipchains -A forward -i eth0 -j MASQ > echo 1 > /proc/sys/net/ipv4/ip_forward > > On the win98 box default gateway is 192.168.67.20 (Win doesn't > know much about routing) > > DNS's should be spec'ed on both machines, if only to save time > and the search sequence hosts. dns on the linbox. > > Let me know how that works > > Civileme > ] Thank you for your assistance. I changed my dns lookup on hte windoze box to also point to my isp's dnx server, and everything is working now Darcy
Re: [expert] IP MAsq / IP Chains problems on mandrake 7
Darcy Brodie wrote: > > Hello > > i am still having trouble with this Mandrake setup. > I am attempting to setup IP Masqurading through IP Chains . > I have had this configuration previously running on a RH 5 box, and decided > to upgrade. > > I have used the PMFirewall program to create the firewall and > masqurading rules. From the Linux box, I can ping both the internal > network and the internet. However, from a workstation running win98, I > can only ping the linux box. When I attempt to ping the intetnet, I get > the following (thanks to tcpdump) > > 13:05:47.551865 192.168.67.20 > 220867-db: icmp: 192.168.67.20 udp > port unreachable [tos 0xc0] > > I have have removed all of the pmfirewall rules and tried a very basic > ip chains rules as follows > > echo "1" > /proc/sys/net/ipv4/ip_forward > /sbin/ipchains -P forward DENY > /sbin/ipchains -A forward -s 192.168.67.0/24 -j MASQ > > i realize that this is probablu the simplst ip masq rules that can be > set, but I still get the same message in tcpdump > > I am using 2 network cards, 1 connected directly to my cable modem > (which gets it's ip via dhcp) This is eth0 > The second one is connected to my local network with a static ip of > 192.168.67.20 > The win98 workstation has a static ip of 192.168.67.2 > On the linux box, the DNS server is pointing to the DNS server from > my ISP > The default gateway is also pointing to my ISP's gateway > The above settings are exactly the same as what I was running on > the RH5 box, but I was using ipfwadm for my rules > > Darcy ipchains -P forward DENY ipchains -A forward -i eth0 -j MASQ echo 1 > /proc/sys/net/ipv4/ip_forward On the win98 box default gateway is 192.168.67.20 (Win doesn't know much about routing) DNS's should be spec'ed on both machines, if only to save time and the search sequence hosts. dns on the linbox. Let me know how that works Civileme ]
Re: [expert] IP MAsq / IP Chains problems on mandrake 7
Darcy Brodie wrote: > Hello > > i am still having trouble with this Mandrake setup. > I am attempting to setup IP Masqurading through IP Chains . > I have had this configuration previously running on a RH 5 box, and decided > to upgrade. > > I have used the PMFirewall program to create the firewall and > masqurading rules. From the Linux box, I can ping both the internal > network and the internet. However, from a workstation running win98, I > can only ping the linux box. When I attempt to ping the intetnet, I get > the following (thanks to tcpdump) > > 13:05:47.551865 192.168.67.20 > 220867-db: icmp: 192.168.67.20 udp > port unreachable [tos 0xc0] > > I have have removed all of the pmfirewall rules and tried a very basic > ip chains rules as follows > > echo "1" > /proc/sys/net/ipv4/ip_forward > /sbin/ipchains -P forward DENY > /sbin/ipchains -A forward -s 192.168.67.0/24 -j MASQ > > i realize that this is probablu the simplst ip masq rules that can be > set, but I still get the same message in tcpdump > > I am using 2 network cards, 1 connected directly to my cable modem > (which gets it's ip via dhcp) This is eth0 > The second one is connected to my local network with a static ip of > 192.168.67.20 > The win98 workstation has a static ip of 192.168.67.2 > On the linux box, the DNS server is pointing to the DNS server from > my ISP > The default gateway is also pointing to my ISP's gateway > The above settings are exactly the same as what I was running on > the RH5 box, but I was using ipfwadm for my rules > > Darcy try this: /sbin/ipfwadm -F -p deny /sbin/ipfwadm -F -a m -S 192.168.67.0/24 -D 0.0.0.0/0 which works for me. (mandrake 7.1)
[expert] IP MAsq / IP Chains problems on mandrake 7
Hello i am still having trouble with this Mandrake setup. I am attempting to setup IP Masqurading through IP Chains . I have had this configuration previously running on a RH 5 box, and decided to upgrade. I have used the PMFirewall program to create the firewall and masqurading rules. From the Linux box, I can ping both the internal network and the internet. However, from a workstation running win98, I can only ping the linux box. When I attempt to ping the intetnet, I get the following (thanks to tcpdump) 13:05:47.551865 192.168.67.20 > 220867-db: icmp: 192.168.67.20 udp port unreachable [tos 0xc0] I have have removed all of the pmfirewall rules and tried a very basic ip chains rules as follows echo "1" > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.67.0/24 -j MASQ i realize that this is probablu the simplst ip masq rules that can be set, but I still get the same message in tcpdump I am using 2 network cards, 1 connected directly to my cable modem (which gets it's ip via dhcp) This is eth0 The second one is connected to my local network with a static ip of 192.168.67.20 The win98 workstation has a static ip of 192.168.67.2 On the linux box, the DNS server is pointing to the DNS server from my ISP The default gateway is also pointing to my ISP's gateway The above settings are exactly the same as what I was running on the RH5 box, but I was using ipfwadm for my rules Darcy
Re: [Re: [expert] IP Masq / networking]
Ken Thompson <[EMAIL PROTECTED]> wrote: Ken, Check out EDGE (url below). I've messed with it some and it's a diskless router/firewall based on Debian. Boots and runs from a floppy, want's 16Mb RAM and suggests a 486 or better CPU.. http://edge.fireplug.net/latest/index.html === Ken Thompson Electrocom Computer Services 1801 Wayne Dr. Payette, Idaho 83661 Ph. (208) 642-7101 (888) 642-7101 E-Mail [EMAIL PROTECTED] http://www.nwaa.com Computer Sales - Service and Repair Internet Web Site Design Thanks! I'm looking into this right now. sounds like it will be the right application for me. ken. Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
Re: [Re: [expert] IP Masq / networking]
Thanks! I have everything listed, so hopefully I can get this up and running as soon as I get compaq's bios partition downloaded and copied over to a hard drive for the deskpro,much nicer on other systems where you don't have to worry about that! Tthanks again. Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
Re: [expert] IP Masq / networking
Ken, Check out EDGE (url below). I've messed with it some and it's a diskless router/firewall based on Debian. Boots and runs from a floppy, want's 16Mb RAM and suggests a 486 or better CPU.. http://edge.fireplug.net/latest/index.html === Ken Thompson Electrocom Computer Services 1801 Wayne Dr. Payette, Idaho 83661 Ph. (208) 642-7101 (888) 642-7101 E-Mail [EMAIL PROTECTED] http://www.nwaa.com Computer Sales - Service and Repair Internet Web Site Design
Re: [expert] IP Masq / networking
On Mon, Jun 05, 2000 at 12:38:05AM -0400, ken bonner wrote: -> -> -> Hello all. -> I have read a couple of messages here on IP masq, and was kind of hoping that -> it would get a bit deeper, but no luck! -> -> I am thinking about setting up an old 486,or one of my 'trash' pentiums with -> ipmasq, or some other method to let the home network connect to the internet, -> and was wondering about a few things. So if you can help Thanks! -> -> 1, what would be the minimum system that would work? -> I have an old compaq deskpro 486-66 32 megs,(no hard drive right now), -> and a couple of pentiums that are pretty much just laying around for now. I have a 486 DX2/66, 16 MB physical, 32 MB cache, which runs just fine. -> -> 2, how much ram,and disk space would be needed? is more better? Probably not. You should not run any services other than the firewall on your firewall, and that reduces your requirements. The more computers behind the firewall, the more resources you will want on the firewall. -> -> 3, what would the performance hit be compared to a direct connection? Here in -> the big city of Pierson mi. (pop 207) the only ISP is a bit overloaded from -> all the outlaying towns,and it's the king of slow,even at 2am. so any -> performance hit is a big hit. What do you mean, direct connection? T1? I haven't tried a 486 on the end of a T1, but suspect it might get a tad slow from time to time. It does just fine and dandy on a 56K dialup connection, though. In fact the masqerading box speed things up on a dialup line. I have a caching only DNS server on the firewall, and it greatly speeds everything up by reducing DNS calls across the dialup link. -- -- C^2 No windows were crashed in the making of this email. Looking for fine software and/or web pages? http://w3.trib.com/~ccurley
Re: [expert] IP Masq / networking
ken bonner wrote: > > Hello all. > I have read a couple of messages here on IP masq, and was kind of hoping that > it would get a bit deeper, but no luck! > > I am thinking about setting up an old 486,or one of my 'trash' pentiums with > ipmasq, or some other method to let the home network connect to the internet, > and was wondering about a few things. So if you can help Thanks! > > 1, what would be the minimum system that would work? > I have an old compaq deskpro 486-66 32 megs,(no hard drive right now), > and a couple of pentiums that are pretty much just laying around for now. > > 2, how much ram,and disk space would be needed? is more better? > > 3, what would the performance hit be compared to a direct connection? Here in > the big city of Pierson mi. (pop 207) the only ISP is a bit overloaded from > all the outlaying towns,and it's the king of slow,even at 2am. so any > performance hit is a big hit. > > 4, any other reccomendations on software that would do the same thing? > > Thanks again, I've learned quite a bit from lurking in the shadows here, > Most of the time I find info I'm looking for without having to post,but no > such luck on this one! > > ken. Well, any linux with kernel 2.2.x will probably work, the later the better. You need no graphics on the "firewall", just a console "server" with mail, web, and ftp disabled. From the sounds of it you have a modem dialup connection so you need NICS--ethernet interface cards--1 for the gateway/firewall and one for each other computer connected. A hub and ethernet cable from each computer A modem on the firewall. You set up your modem for ppp and set the default gateway device on your firewall to ppp0 You assign an address to each machine (IP address) 192.168.x.y (with x and y between 0 and 255) are "experimental" addresses according to RFC 1918 so you can use those knowing no internet router will relay them. Also 10.x.y.z and 176.16.x.y thru 176.31.z.a are in that category-- for simplicity use these addresses 192.168.1.254 for the ethernet interface on the firewall 192.168.1.2-253 for the other computers in your network. a NETMASK of 255.255.255.0 Now in /etc/resolv.conf on your firewall put the IP Addresses of the dns servers you will be using, and do the same in network neighborhood and the networking sections of your other computing boxes (depending on OP system) Now on your gateway box put the following code in /etc/rc.local ipchains -P forward DENY ipchains -A forward -i ppp0 -j MASQ echo 1 > /proc/sys/net/ipv4/ip_forward And on each of the other computers make the default gateway 192.168.1.254 There is no performance hit--masquerading/demasquerading takes less time than a 112k-clocked register takes to fill or empty on the modem. If you are using several computers at the same time, then there would be a splitting of bandwidth among them (as in DLing files to two or more computers) PASSIVE Ftp will work from behind the firewall but active will not, so be sure to set your ftp client to passive mode. Other services are largely unaffected. Civileme
RE: [expert] IP Masq / networking
Your 486 should work just fine. See if you can find the on-line documentation for the "Linux Router Project". It uses an older kernel but is quite compact. Essentially you load it from a floppy once it is set up and forget about it. Sounds like an ideal use for the old 486 as no hard drive is required. I'd give you more details but I'm sketchy on them. We constructed these routers as part of a data communications course so I know it can be done. -Original Message- From: ken bonner [mailto:[EMAIL PROTECTED]] Sent: June 4, 2000 9:38 PM To: [EMAIL PROTECTED] Subject: [expert] IP Masq / networking Hello all. I have read a couple of messages here on IP masq, and was kind of hoping that it would get a bit deeper, but no luck! I am thinking about setting up an old 486,or one of my 'trash' pentiums with ipmasq, or some other method to let the home network connect to the internet, and was wondering about a few things. So if you can help Thanks!
[expert] IP Masq / networking
Hello all. I have read a couple of messages here on IP masq, and was kind of hoping that it would get a bit deeper, but no luck! I am thinking about setting up an old 486,or one of my 'trash' pentiums with ipmasq, or some other method to let the home network connect to the internet, and was wondering about a few things. So if you can help Thanks! 1, what would be the minimum system that would work? I have an old compaq deskpro 486-66 32 megs,(no hard drive right now), and a couple of pentiums that are pretty much just laying around for now. 2, how much ram,and disk space would be needed? is more better? 3, what would the performance hit be compared to a direct connection? Here in the big city of Pierson mi. (pop 207) the only ISP is a bit overloaded from all the outlaying towns,and it's the king of slow,even at 2am. so any performance hit is a big hit. 4, any other reccomendations on software that would do the same thing? Thanks again, I've learned quite a bit from lurking in the shadows here, Most of the time I find info I'm looking for without having to post,but no such luck on this one! ken. Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
Re: [expert] IP Masq / networking
you use the nic attached to the hub. "Joseph S. Gardner" wrote: > > Quick question, > > Am currently setting up my home network with IP Masq. etc. to have > access to my DSL line. I have a single machine that is used for a > gateway (and normal workstation) with 2 NIC's. One is attached to my > DSL modem, the other is attached to my hub. > > The question is, when I assign a gateway addy to my networked boxes > which addy do I use? the DSL, the NIC attached to the DSL or the NIC > attached to the hub? > > I know, real basics here but I've been running on stupid for a couple of > months now and it's the simple things that trip me. (I'd go off the > deep end if I knew how to swim 8-) > > TIA > -- > Joseph S. Gardner > Senior Designer / Technical Support > Kirby Co., Cleveland, OH > [EMAIL PROTECTED] > > Linux is like a wigwam... > No windows, no gates. > Apache inside > > Registered linux user #1696600 > ICQ #63389227
Re: [expert] IP Masq / networking
On Fri, Jun 02, 2000 at 10:00:01AM +0200, [EMAIL PROTECTED] wrote: -> Hi ! -> -> On the LAN boxes the gateway should be the masqing linux box and on the -> linux box the gateway will be the router or the IP of the ISP (if they -> gave you an address). Ask them what IP you should assign to the gateway -> address. -> Bye, -> Ago -> This correct as far as it goes. The firewall has two ip addresses, so the next question is, which one should he use? The answer is, the IP address on the local network. Also, in case he doesn't already know this, if he does not have a range of IP addresses assigned to him, he should use an "experimental" network for his internal network. See RFCs 1597 and 1918. Available networks are: #Class | Networks # A| 10.0.0.0 # B| 172.16.0.0 through 172.31.0.0 # C| 192.168.0.0 through 192.168.255.0 -- -- C^2 No windows were crashed in the making of this email. Looking for fine software and/or web pages? http://w3.trib.com/~ccurley
Re: [expert] IP Masq / networking
Hi ! On the LAN boxes the gateway should be the masqing linux box and on the linux box the gateway will be the router or the IP of the ISP (if they gave you an address). Ask them what IP you should assign to the gateway address. Bye, Ago