Re: Broadcom WiFi -- for a public library -- in Fedora 13 maybe?

[Benjamin Scott]

On Mon, Jun 21, 2010 at 9:02 PM, Bill Sconce  wrote:
> We look like
> heros.  Heck, we ARE heros...

Mal: Well, look at this! Appears we got here just in the nick of time.
What does that make us?
Zoe: Big damn heroes, sir!
Mal: Ain't we just?

  Good job, Bill!

> P.S.  There was a yucky part, of course: for the first time ever
> I had to install the unspeakable Flash plugin on a Linux system...

  I suggest Firefox 3.6.4 (now in beta), which gives you
out-of-process plugins, thereby keeping most of Flash's braindamage
isolated from the rest of the browser.

-- Ben

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Dan Jenkins]

On 6/21/2010 8:42 PM, Bill Sconce wrote:
> On Mon, 21 Jun 2010 11:05:18 -0400
> Chip Marshall  wrote
>> On 21-Jun-2010, Bill Sconce  sent:
>>  
>>> START WITH NEVER EXPOSING SSHD ON PORT 22.
>>>
>> You don't secure your house by hiding the door, you secure it by
>> having good locks.
>>  
> I couldn't agree more.  The idea is to cut down on the scratching
> and rattling noises as every script kiddie in Romania bashes on your
> door on the chance it might be unlatched.  Noise is annoying; it's
> hard to see why anyone would recommend that you have to put up with
> it.  (Nevertheless, if you like port 22, use port 22.)
>
> I hope I didn't give the impression that moving off port 22 is the
> only thing I recommend, or do.
>
When I had 26,000 SSH door rattlings, on one server, in one day, I moved 
from port 22 on almost every device we administer. The logs were so full 
of door rattlings, real warnings could get lost. I have never had 
another SSH probe since. They really must be script kiddies - no port 
scans to identify alternate SSH ports. As I can limit most SSH 
connections to a limited pool of originating IPs, I do that too. If 
possible, we only use SSH keys, no password logins. No root logins. 
Protocol 2 only, etc. Of course, no remote access unless it is needed. 
Like any security, the more layers the better.

-- 
Dan Jenkins, Rastech Inc., Bedford, NH, USA, 1-603-206-9951
*** Technical Support Excellence for four decades.

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Broadcom WiFi -- for a public library -- in Fedora 13 maybe?

[Bill Sconce]

On Thu, 10 Jun 2010 16:50:27 -0400
Bill Sconce  wrote:

> a whole stream of replies -- and most significantly,
> an answer to the last question.  (I.e., "don't give up".)

I'm glad I (we) didn't.  Victory!


> Thanks to everyone who responded.  I'll do some more reading 
> and choose a new approach.  The library shall have its laptops
> "FREE OF MICROSOFT" after all!
> 
> More later...

I was back at the library today, armed with the information from
this thread.  I explained to the librarian the copyright issues
regarding firmware (and what firmware is), how the Linux community
works, how it's very seldom that any one of us is the first to
encounter a problem, and how conversely the solution to "your"
problem is often just an e-mail away.

I took in some CAT5 cables and a small hub, connected the first
laptop via cable, and was able to download and use fwcutter (as
recommended here and at the URLs suggested here).  I restarted
NetworkManager, and Presto.  Wireless!  There was their (unsecured)
wifi in the popdown list.  Just like on Windows.  We look like
heros.  Heck, we ARE heros...

They'll use the first laptop for a week or two, see how patrons
like it or what problems they find, then we'll do the other laptop.

So far, so good.

(Thanks to this list!  The Broadcom picture has become less
disgusting than I remembered it, but I would have thrown in the
towel rather than pursue the answer without the tips, and
encouragement, from GNHLUG.)

-Bill


P.S.  There was a yucky part, of course: for the first time ever
I had to install the unspeakable Flash plugin on a Linux system...
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Bill Sconce]

On Mon, 21 Jun 2010 11:05:18 -0400
Chip Marshall  wrote:

> On 21-Jun-2010, Bill Sconce  sent:
> > START WITH NEVER EXPOSING SSHD ON PORT 22.
>
> You don't secure your house by hiding the door, you secure it by
> having good locks.

I couldn't agree more.  The idea is to cut down on the scratching
and rattling noises as every script kiddie in Romania bashes on your
door on the chance it might be unlatched.  Noise is annoying; it's
hard to see why anyone would recommend that you have to put up with
it.  (Nevertheless, if you like port 22, use port 22.)

I hope I didn't give the impression that moving off port 22 is the
only thing I recommend, or do.  On the contrary, I spent solid weeks
(documented in changelogs) several years ago researching all the SSH
options, determining the sshd configurations I believe to be correct
for my clients(*), and  writing a Python program to parse the
applicable manpage (options and defaults change!), QA the available
(many) options, and produce a recommended sshd_config together with
a checklist and a set of annotations for manual review.  'Been doing
that for years now, for every sshd I set up.

> > "START" with port 22...

-Bill


(*) I found it interesting that, when I saw this thread, that

  a) when I went to ensure that my Python program disallows
 "keyboard interactive", I found that it does so, and has done
 so since the beginning

  b) I wasn't able to remember what "keyboard interactive" means,
 in spite of having known it a couple of years ago, or whether
 it's in my set of deprecated settings, and had to look it up
 again.

(Hmm.  Is SSH too complicated?  Y'think?)
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Why does one interface interfere with another?

[Greg Rundlett (freephile)]

Thanks Joshua,

"man interfaces" helped refresh my memory about the options besides "auto"

Greg Rundlett




On Mon, Jun 21, 2010 at 10:01 AM, Joshua Judson Rosen
wrote:

> "Greg Rundlett (freephile)"  writes:
> >
> > I have a system with two physical network interfaces; a cat45 ethernet
> port
> > and a wireless card - otherwise known as any normal computer.
> >man interfaces
> > I configured the wired interface (eth0) to be static by editing
> /etc/network/
> > interfaces (see bottom) and I let the network-manager applet handle the
> > networking system, making my wireless interface address governed by DHCP.
> >
> > When the wired port has no connection (because I connect the cable to
> another
> > system), the wireless gets all confused and doesn't connect.  Sometimes
> it
> > doesn't even show my wireless network (causing me to blame the Netgear
> > wireless router and reboot the wireless router.)  Trying a ping to the
> router,
> > it tries to go through the wired address.
>
> Yes--you're telling the system to always bring up eth0 at boot,
> and to set your default gateway to something out through eth0.
>
> > This happens even if there is NO wired connection from the time of
> > boot.
>
> You're asking for this by specifying "auto".
>
> It sounds like you want to use "allow-hotplug" and *not* "auto";
> then you can have have network-manager or ifplugd manage the interface
> exclusively, sense whether there's a cable attached, and automatically
> ifup/ifdown the device when you connect/disconnect the cable.
>
> --
> "Don't be afraid to ask (λf.((λx.xx) (λr.f(rr."
>
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Benjamin Scott]

On Mon, Jun 21, 2010 at 11:05 AM, Chip Marshall  wrote:
> On 21-Jun-2010, Bill Sconce  sent:
>> START WITH NEVER EXPOSING SSHD ON PORT 22.
>
> http://en.wikipedia.org/wiki/Security_through_obscurity
>
> Personally, I think this is a flawed approach to securing a machine.

  I put sshd on a non-standard port, but I don't depend on that for
security.  I do it as a method of keeping a low profile.  It cuts down
on log noise, if nothing else.  It's also a counter-measure against
zero-day exploitation of SSH vulnerabilities.  I don't see how that's
a bad thing.

  Combined with a guarded port knocking scheme, it can be a fairly
effective counter-measure against wide-area automated scans.

  The classic definition of "security by obscurity" is an element
which, once known, compromises security, and which cannot be easily
changed without changing the security design.  For example, I believe
all Xerox copiers made in the past several years use the same "service
password" to access a diagnostic menu.  There's no way to change it,
and the field service techs all depend on it being the same.  *That's*
security by obscurity.

  If my *only* method of defense was a non-standard SSH port, and I
was using weak passwords and never updated my software, then yes,
*that* would be a problem.

  It's an aphorism in the security world that a car alarm doesn't
prevent a car thief from stealing your car.  It just makes it easier
to steal the car parked next to yours.

> It only serves to encorage full port scans of machines, which wastes even
> more bandwidth.

  If attackers are going to move to doing full port scans, they're
going to do that.  They don't need or care about our encouragement.
They've got more resources available than us.

-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Benjamin Scott]

On Mon, Jun 21, 2010 at 10:04 AM, Ted Roche  wrote:
>>  Apparently attackers are going after "keyboard interactive"
>> authentication, which is separate from "password authentication".
>>
>
> So, even if I have set PasswordAuthentication no in my sshd_config,
> there's still a way to ssh into the server without a key pair? That's
> confusing.

  The OpenSSH server has a built-in password prompt/input system, but
it can also farm that job out to PAM or other suitable technologies.
There are other ways to use a keyboard for authentication than
standard Unix passwords, so this isn't just complexity.
One-time-passwords and two-factor things like those RSA SecurID tokens
both require user input, for example.

  It's a good idea to explicitly disable any authentication methods
you're not using.

-- Ben

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Tom Buskey]

On Mon, Jun 21, 2010 at 11:05 AM, Chip Marshall  wrote:
> On 21-Jun-2010, Bill Sconce  sent:
>> START WITH NEVER EXPOSING SSHD ON PORT 22.
>
> http://en.wikipedia.org/wiki/Security_through_obscurity
>
> Personally, I think this is a flawed approach to securing a machine. It

I don't think anyone here is advocating a different port to improve
security.  It's to get out of the way of script kiddies.

> only serves to encorage full port scans of machines, which wastes even
> more bandwidth.

That might happen, but I don't think full scans of random systems has
happened yet.

This is an attack on random machines.  A targeted machine will
probably get a full scan.


> Sure, my logs have a lot of failed login attempts, but failed login
> attempts mean my security is working. It's the successful ones you need
> to watch out for.

I'll get alert in my logs if SSH is scanned no matter which ports it
is on.  If I need it tested, I'll scan it myself.  I won't lose that
alert amongst a haystack of automated attacks though.

>
> You don't secure your house by hiding the door, you secure it by
> having good locks.

If someone looks at your house quickly to break in, they might see
there are no doors out back and quickly move on to the next house that
has a back door.  Maybe your door is more hidden and you have good
locks anyways.

This was the mentality for having "The Club" highly visible in your
car.  Which would be good if the Club wasn't so useful as a prybar and
easy to defeat otherwise.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Chip Marshall]

On 21-Jun-2010, Bill Sconce  sent:
> START WITH NEVER EXPOSING SSHD ON PORT 22.

http://en.wikipedia.org/wiki/Security_through_obscurity

Personally, I think this is a flawed approach to securing a machine. It
only serves to encorage full port scans of machines, which wastes even
more bandwidth.

Sure, my logs have a lot of failed login attempts, but failed login
attempts mean my security is working. It's the successful ones you need
to watch out for.

You don't secure your house by hiding the door, you secure it by
having good locks.

-- 
Chip Marshall 
http://weblog.2bithacker.net/  KB1QYWPGP key ID 43C4819E
v4sw5PUhw4/5ln5pr5FOPck4ma4u6FLOw5Xm5l5Ui2e4t4/5ARWb7HKOen6a2Xs5IMr2g6CM


pgpmH90f0n1Cc.pgp
Description: PGP signature
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Bill Sconce]

On Mon, 21 Jun 2010 10:04:59 -0400
Ted Roche  wrote:

> On Mon, Jun 21, 2010 at 9:28 AM, Benjamin Scott  wrote:
> >
> >  Apparently attackers are going after "keyboard interactive"
> > authentication, which is separate from "password authentication".
> >
> 
> So, even if I have set PasswordAuthentication no in my sshd_config,
> there's still a way to ssh into the server without a key pair? That's
> confusing.
> 
> Time to break out the dog-eared snail book and get a refresh...

I had to do the same.  "Challenge/Response" ??   "S/Key" 
From Barret & Silverman, "SSH...The Definitive Guide", 1st ed., p 175:
  "S/Key is a one-time password system, created by Bellcore [...]
  'One-time' means that each time you authenticate, you provide a
  different password" ...
The remote sshd service provides you with an integer and a string,
which you enter into a magic calculator on your local machine,
along with a secret passphrase [never transmitted], and the
"calculator" produces your one-time password.

My reading is that Yes, there's a way to ssh in without a key pair;
but No, the bad guys don't get in that way (unless the one-time key
framework was very poorly set up somehow); and What You Care About
is that a machine which OFFERS the S/Key method will get lots of
attention from the world of botnets.

START WITH NEVER EXPOSING SSHD ON PORT 22.

-Bill
who just went and looked, and found one of his servers with S/Key
still defaulted (on), but with not a peep in the logs because of
not being on port 22.

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Kevin D. Clark]

Ted Roche writes:

> Oh, a reminder: a fellow GNHLUGer told a tale not too long ago about
> testing ssh changes: always keep an exiting connection open when
> you're making changes. This way, when you lock yourself out of making
> new connections with the changes, you can use your old connection to
> reverse the changes. A good lesson learned. By someone else!

I usually test out sshd/firewall changes by employing the following
two schemes:

1:  as a quick test, I run "sshd -e -d -p 1234", where "1234" is the
number of some temporary, unused port.  Then I "ssh -p 1234" from some
other machine to test the config changes.

2:  when I test out firewall (iptables) rules, I generally check once,
check again, and then I test by typing this:

  /etc/init.d/iptables restart ; sleep 600 ; /etc/init.d/iptables stop

During the five minutes that my new rules are in effect, I test.
However, in the event that something goes haywire, I know that in five
minutes I will have access again.


Seriously, by combining these two practices, I have kept myself out of
some very tough situations

Regards,

--kevin
-- 
alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/
GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E

 Wipe him down with gasoline 'til his arms are hard and mean
 From now on boys this iron boat's your home
 So heave away, boys.
   -- Tom Waits

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Mark Komarinski]

On 06/21/2010 09:54 AM, Marc Nozell (m...@nozell.com) wrote:
> FYI, I've been using sshguard for a few month to drop routes to sites 
> that are probing my server.
>
> None of the docs seemed to be quite right, so I wrote up some notes on 
> getting it working debian/Lenny here: 
> http://nozell.com/blog/2010/03/09/sshguard-on-debianlenny/
>
>
sshguard is in lenny-backports, but the rest of the documentation is 
quite helpful as the debian package doesn't do any of the setup.  Thanks!

-Mark
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Ted Roche]

On Mon, Jun 21, 2010 at 9:28 AM, Benjamin Scott  wrote:
>
>  Apparently attackers are going after "keyboard interactive"
> authentication, which is separate from "password authentication".
>

So, even if I have set PasswordAuthentication no in my sshd_config,
there's still a way to ssh into the server without a key pair? That's
confusing.

Time to break out the dog-eared snail book and get a refresh...

Oh, a reminder: a fellow GNHLUGer told a tale not too long ago about
testing ssh changes: always keep an exiting connection open when
you're making changes. This way, when you lock yourself out of making
new connections with the changes, you can use your old connection to
reverse the changes. A good lesson learned. By someone else!

-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Why does one interface interfere with another?

[Joshua Judson Rosen]

"Greg Rundlett (freephile)"  writes:
>
> I have a system with two physical network interfaces; a cat45 ethernet port
> and a wireless card - otherwise known as any normal computer.
> 
> I configured the wired interface (eth0) to be static by editing /etc/network/
> interfaces (see bottom) and I let the network-manager applet handle the
> networking system, making my wireless interface address governed by DHCP.
> 
> When the wired port has no connection (because I connect the cable to another
> system), the wireless gets all confused and doesn't connect.  Sometimes it
> doesn't even show my wireless network (causing me to blame the Netgear
> wireless router and reboot the wireless router.)  Trying a ping to the router,
> it tries to go through the wired address.

Yes--you're telling the system to always bring up eth0 at boot,
and to set your default gateway to something out through eth0.

> This happens even if there is NO wired connection from the time of
> boot.

You're asking for this by specifying "auto".

It sounds like you want to use "allow-hotplug" and *not* "auto";
then you can have have network-manager or ifplugd manage the interface
exclusively, sense whether there's a cable attached, and automatically
ifup/ifdown the device when you connect/disconnect the cable.

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr."

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Chip Marshall]

On 21-Jun-2010, Marc Nozell (m...@nozell.com)  sent:
> FYI, I've been using sshguard for a few month to drop routes to
> sites that are probing my server.

On my cable modem at least, I've been seeing an huge increase in
distributed SSH bruteforcing, so sshguard isn't effective. There's
clearly a pattern in the usernames being attempted, but the source IPs
are all over the place.

-- 
Chip Marshall 
http://weblog.2bithacker.net/  KB1QYWPGP key ID 43C4819E
v4sw5PUhw4/5ln5pr5FOPck4ma4u6FLOw5Xm5l5Ui2e4t4/5ARWb7HKOen6a2Xs5IMr2g6CM


pgpT9HK1uOLeR.pgp
Description: PGP signature
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Spike in SSH attacks

[Marc Nozell (m...@nozell.com)]

FYI, I've been using sshguard for a few month to drop routes to sites that
are probing my server.

None of the docs seemed to be quite right, so I wrote up some notes on
getting it working debian/Lenny here:
http://nozell.com/blog/2010/03/09/sshguard-on-debianlenny/

You'll know it is working when you get stuff like this in the logs:

lordshiva:~# grep sshguard /var/log/auth.log
Jun 20 10:49:37 lordshiva sshguard[2660]: Blocking 211.254.130.116:4 for
>420secs: 4 failures over 542 seconds.
Jun 21 01:49:05 lordshiva sshguard[2660]: Blocking 217.118.97.58:4 for
>420secs: 4 failures over 6 seconds.
Jun 21 01:57:51 lordshiva sshguard[2660]: Blocking 24.39.144.137:4 for
>420secs: 4 failures over 780 seconds.
Jun 21 01:58:52 lordshiva sshguard[2660]: Blocking 217.118.97.58:4 for
>1680secs: 4 failures over 6 seconds.
Jun 21 02:05:17 lordshiva sshguard[2660]: Blocking 24.39.144.137:4 for
>1680secs: 4 failures over 4 seconds.
Jun 21 02:50:04 lordshiva sshguard[2660]: Blocking 217.118.97.58:4 for
>0secs: 4 failures over 6 seconds.

-marc

On Mon, Jun 21, 2010 at 9:28 AM, Benjamin Scott wrote:

> http://isc.sans.edu/diary.html?storyid=9031
>
> http://isc.sans.edu/diary.html?storyid=9034
>
>  Apparently attackers are going after "keyboard interactive"
> authentication, which is separate from "password authentication".  If
> you are using SSH public/private keys only, make sure you have
> "ChallengeResponseAuthentication no" set in your /etc/ssh/sshd_config
> file.  If you must use passwords, make sure everyone has a strong
> password, and consider using techniques like scan detection,
> IP-address access control, port knocking, non-standard port, etc.
>
> -- Ben
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>



-- 
Marc Nozell (m...@nozell.com) http://www.nozell.com/blog
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Spike in SSH attacks

[Benjamin Scott]

http://isc.sans.edu/diary.html?storyid=9031

http://isc.sans.edu/diary.html?storyid=9034

  Apparently attackers are going after "keyboard interactive"
authentication, which is separate from "password authentication".  If
you are using SSH public/private keys only, make sure you have
"ChallengeResponseAuthentication no" set in your /etc/ssh/sshd_config
file.  If you must use passwords, make sure everyone has a strong
password, and consider using techniques like scan detection,
IP-address access control, port knocking, non-standard port, etc.

-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Computer hardware poster by sonic84

[Jon 'maddog' Hall]

>  Hmmm.  I wonder if some cookie company somewhere decided that they
>might as well use fortune(6) to obtain their copy...

My favorite fortune(6) was for Mock Apple Pie made from Ritz Crackers,
originally printed on the back of the Ritz Cracker box.

If it is true that this fortune cookie company was getting their copy
from fortune(6) it would be interesting to see how they fit the recipe
on one of those little slips of paper

http://www.kraftrecipes.com/recipes/ritz-mock-apple-pie-53709.aspx

http://members.cox.net/jjschnebel/mocaplpi.html

md

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Why does one interface interfere with another?

[Ken D'Ambrosio]

On Sun, June 20, 2010 10:10 pm, Greg Rundlett (freephile) wrote:

> http://live.gnome.org/NetworkManager/SystemSettings touches on this
> problem apparently by saying that I could set network-manager to ignore
> anything defined in /etc/network/interfaces.  But, I don't want it
> ignored, I just want it to work well :-)

G.  You're touching on something that irks the heck out of me --
though I haven't experienced exactly what you're discussing.  For me, if
anything, it's the opposite: I hate the fact that the GUI works like this:

Networking -> Wireless

If "Networking" is enabled, then, by definition, NetworkManager feels it
manages your physical Ethernet interface.  And, only then can you enable
WiFi.  Yes, there are no doubt ways to work around this via config files,
etc., but it's insanely annoying when (say) trying to set up a quickie
testbed using your WiFi connection as your data conduit to turn your
computer into a router/NAT/whatever for something hanging off your
Ethernet.  Instead of Wireless being a subset of Networking, why couldn't
it work the way Mobile Broadband does -- entirely independently?  It's
irksome having your ifconfig statements get zapped by the dhcp client
daemon you forget is even running...

After typing all of the above, it occurs to me that your problem sounds
suspiciously like a subnet mask issue, perhaps?  What IP addresses and
subnet masks are you using?  Are there, perhaps, two default gateways,
which won't work well shy of policy-based routing or the presence of a
routing protocol?  The contents of "ifconfig" and "netstat -rn" would
help.

-Ken


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/