Re: Restricting root log in except on console
Hi... Must of missed that one, thanks. I will look at it now. If I need telnet access, how would I restrict root access to the console only? Greg - Original Message - From: "David Talkington" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 19, 2002 4:44 PM Subject: Re: Restricting root log in except on console > -BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greg Caskey wrote: > > >Hi we have a Redhat 6.2 linux firewall and I would like to restrict the root > >log on access to only the console window. If you ssh in you must login as a > >user and then can goto SU if you have the priviliages. > > Have you read the man page for sshd and looked at the options in > sshd_config? I think you'll find your answers there. > > - -d > > > - -- > David Talkington > > PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp > > -BEGIN PGP SIGNATURE- > Version: PGP 6.5.8 > Comment: Made with pgp4pine 1.75-6 > > iQA/AwUBPMCdub9BpdPKTBGtEQIUbACeNvRrXqu0mdMp2hfVSYmhmUppO0cAoKCT > qTysJuHu3O6NH1n7FNN/D8dd > =tBcV > -END PGP SIGNATURE- > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Restricting root log in except on console
Hi we have a Redhat 6.2 linux firewall and I would like to restrict the root log on access to only the console window. If you ssh in you must login as a user and then can goto SU if you have the priviliages. However I cannot seem to find out where to do this? Any help would be appreciated. Greg ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Slow POP3 / SMTP / FTP connection from internal windoze machinesto linux firewall (gateway)
Hello...
Here is the details of my network.
External:
100MB connection to our ISP who is providing our primary dns services
linux 6.2 firewall gateway (PIII - 600MHz cpu with 128MB ram, 30GB hHD)
running qmail
Internal:
dlink 10/100 24 port switch
20 win9x desktop machines (various hardware config's) running DHCP
1 PIII 400 with 128MB ram PDC, WINS, etc
Please let me know if you need more detail
Greg
- Original Message -
From: "Jonathan M. Slivko" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 14, 2002 5:42 PM
Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
machines to linux firewall (gateway)
> Can you give us a detailed description of what your network looks like,
> along with some network hardware descriptions?
>
> -- Jonathan
>
> - Original Message -
> From: "Greg Caskey" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, March 14, 2002 7:14 PM
> Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
> machines to linux firewall (gateway)
>
>
> > Hello...
> >
> > Well, except the internal network is the only slow section with
> > smtp,pop3,ftp, etc From the outside world pop3, http, etc are fine?
> >
> > Still Puzzled
> >
> > - Original Message -
> > From: "Jonathan M. Slivko" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, March 14, 2002 4:41 PM
> > Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
> > machines to linux firewall (gateway)
> >
> >
> > > Could it have been a network issue on your ISP's side?
> > > -- Jonathan
> > >
> > > - Original Message -
> > > From: "Greg Caskey" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, March 14, 2002 6:15 PM
> > > Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
> > > machines to linux firewall (gateway)
> > >
> > >
> > > > Puzzling Question
> > > >
> > > > I have not had a chance to implement this fix to the caching DNS
> server,
> > > > however Now our connection speed is no longer slow. I can get
email,
> > > > telnet, etc at regular speed? I have not updated any changes on my
> side
> > > so
> > > > I am wondering?
> > > >
> > > > Do you have anything that I can look at to see what is changing?
DNS
> > > route
> > > > and Netstat -a runs fine, nslookup on my 10.0.0.1 is still not
getting
> > > > resolved as my ISP (of course) does not know about it but the
network
> > > > resolves quickly.
> > > >
> > > > Stumped?
> > > >
> > > >
> > > >
> > > > - Original Message -
> > > > From: "Emmanuel Seyman" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Friday, March 08, 2002 4:13 AM
> > > > Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
> > > > machines to linux firewall (gateway)
> > > >
> > > >
> > > > > On Thu, Mar 07, 2002 at 10:48:54AM -0700, Greg Caskey wrote:
> > > > > >
> > > > > >
> > > > > > 1. The 2nd NIC's IP address is 10.0.0.1 for the internal
machines.
> > > > Would my
> > > > > > named.conf look like this:
> > > > > >
> > > > > > options {
> > > > > > directory "/var/named";
> > > > > > };
> > > > >
> > > > > Make it this:
> > > > >
> > > > > options {
> > > > > directory "/var/named";
> > > > > forwarders { ISP backup 1 IP; ISP backup 2 IP; };
> > > > > forward only;
> > > > > listen-on { 10.0.0.1; };
> > > > > };
> > > > >
> > > > > > Or should it be for 10.0.0.1 instead of 127.0.0.1?
> > > > >
> > > > > Nope. All DNS servers are masters for 127.0.0 since 127.0.0.1
> > > > > always points to the local machine.
> > > > >
> > > > > > 2. The /etc/resolv.conf file should be as follows with my server
> as
> > > the
> > > > > > caching server?
> > > > >
> > > > > Brillant.
> > > > >
> > > > > > Is there anything else I need to setup?
> > > > >
> > > > > You'll need the /var/named/named.local file specified in
named.conf
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Slow POP3 / SMTP / FTP connection from internal windoze machinesto linux firewall (gateway)
Hello...
Well, except the internal network is the only slow section with
smtp,pop3,ftp, etc From the outside world pop3, http, etc are fine?
Still Puzzled
- Original Message -
From: "Jonathan M. Slivko" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 14, 2002 4:41 PM
Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
machines to linux firewall (gateway)
> Could it have been a network issue on your ISP's side?
> -- Jonathan
>
> ----- Original Message -
> From: "Greg Caskey" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, March 14, 2002 6:15 PM
> Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
> machines to linux firewall (gateway)
>
>
> > Puzzling Question
> >
> > I have not had a chance to implement this fix to the caching DNS server,
> > however Now our connection speed is no longer slow. I can get email,
> > telnet, etc at regular speed? I have not updated any changes on my side
> so
> > I am wondering?
> >
> > Do you have anything that I can look at to see what is changing? DNS
> route
> > and Netstat -a runs fine, nslookup on my 10.0.0.1 is still not getting
> > resolved as my ISP (of course) does not know about it but the network
> > resolves quickly.
> >
> > Stumped?
> >
> >
> >
> > - Original Message -
> > From: "Emmanuel Seyman" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, March 08, 2002 4:13 AM
> > Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
> > machines to linux firewall (gateway)
> >
> >
> > > On Thu, Mar 07, 2002 at 10:48:54AM -0700, Greg Caskey wrote:
> > > >
> > > >
> > > > 1. The 2nd NIC's IP address is 10.0.0.1 for the internal machines.
> > Would my
> > > > named.conf look like this:
> > > >
> > > > options {
> > > > directory "/var/named";
> > > > };
> > >
> > > Make it this:
> > >
> > > options {
> > > directory "/var/named";
> > > forwarders { ISP backup 1 IP; ISP backup 2 IP; };
> > > forward only;
> > > listen-on { 10.0.0.1; };
> > > };
> > >
> > > > Or should it be for 10.0.0.1 instead of 127.0.0.1?
> > >
> > > Nope. All DNS servers are masters for 127.0.0 since 127.0.0.1
> > > always points to the local machine.
> > >
> > > > 2. The /etc/resolv.conf file should be as follows with my server as
> the
> > > > caching server?
> > >
> > > Brillant.
> > >
> > > > Is there anything else I need to setup?
> > >
> > > You'll need the /var/named/named.local file specified in named.conf .
> > >
> > > Emmanuel
> > >
> > >
> > >
> > > ___
> > > Redhat-list mailing list
> > > [EMAIL PROTECTED]
> > > https://listman.redhat.com/mailman/listinfo/redhat-list
> > >
> >
> >
> >
> > ___
> > Redhat-list mailing list
> > [EMAIL PROTECTED]
> > https://listman.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Slow POP3 / SMTP / FTP connection from internal windoze machinesto linux firewall (gateway)
Puzzling Question
I have not had a chance to implement this fix to the caching DNS server,
however Now our connection speed is no longer slow. I can get email,
telnet, etc at regular speed? I have not updated any changes on my side so
I am wondering?
Do you have anything that I can look at to see what is changing? DNS route
and Netstat -a runs fine, nslookup on my 10.0.0.1 is still not getting
resolved as my ISP (of course) does not know about it but the network
resolves quickly.
Stumped?
- Original Message -
From: "Emmanuel Seyman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 4:13 AM
Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
machines to linux firewall (gateway)
> On Thu, Mar 07, 2002 at 10:48:54AM -0700, Greg Caskey wrote:
> >
> >
> > 1. The 2nd NIC's IP address is 10.0.0.1 for the internal machines.
Would my
> > named.conf look like this:
> >
> > options {
> > directory "/var/named";
> > };
>
> Make it this:
>
> options {
> directory "/var/named";
> forwarders { ISP backup 1 IP; ISP backup 2 IP; };
> forward only;
> listen-on { 10.0.0.1; };
> };
>
> > Or should it be for 10.0.0.1 instead of 127.0.0.1?
>
> Nope. All DNS servers are masters for 127.0.0 since 127.0.0.1
> always points to the local machine.
>
> > 2. The /etc/resolv.conf file should be as follows with my server as the
> > caching server?
>
> Brillant.
>
> > Is there anything else I need to setup?
>
> You'll need the /var/named/named.local file specified in named.conf .
>
> Emmanuel
>
>
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Slow POP3 / SMTP / FTP connection from internal windoze machinesto linux firewall (gateway)
Hello...
Thank you to everyone that has helped out on this. Should I be running Bind
9.x on this machine?
Greg
- Original Message -
From: "Emmanuel Seyman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 4:13 AM
Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
machines to linux firewall (gateway)
> On Thu, Mar 07, 2002 at 10:48:54AM -0700, Greg Caskey wrote:
> >
> >
> > 1. The 2nd NIC's IP address is 10.0.0.1 for the internal machines.
Would my
> > named.conf look like this:
> >
> > options {
> > directory "/var/named";
> > };
>
> Make it this:
>
> options {
> directory "/var/named";
> forwarders { ISP backup 1 IP; ISP backup 2 IP; };
> forward only;
> listen-on { 10.0.0.1; };
> };
>
> > Or should it be for 10.0.0.1 instead of 127.0.0.1?
>
> Nope. All DNS servers are masters for 127.0.0 since 127.0.0.1
> always points to the local machine.
>
> > 2. The /etc/resolv.conf file should be as follows with my server as the
> > caching server?
>
> Brillant.
>
> > Is there anything else I need to setup?
>
> You'll need the /var/named/named.local file specified in named.conf .
>
> Emmanuel
>
>
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Slow POP3 / SMTP / FTP connection from internal windoze machinesto linux firewall (gateway)
Hi...
Thanks for your reply. My questions on this are as follows:
1. The 2nd NIC's IP address is 10.0.0.1 for the internal machines. Would my
named.conf look like this:
options {
directory "/var/named";
};
;
zone "0.0.127.in-addr.arpa"{
type master;
file "named.local";
};
zone "." {
type hint;
file "";
};
Or should it be for 10.0.0.1 instead of 127.0.0.1?
2. The /etc/resolv.conf file should be as follows with my server as the
caching server?
search mydomain.com
nameserver 10.0.0.1
nameserver ISP backup 1 IP
nameserver ISP backup 2 IP
Is there anything else I need to setup?
Greg
- Original Message -
From: "Emmanuel Seyman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 07, 2002 9:55 AM
Subject: Re: Slow POP3 / SMTP / FTP connection from internal windoze
machines to linux firewall (gateway)
> On Thu, Mar 07, 2002 at 09:13:43AM -0700, Greg Caskey wrote:
> >
> > My question then is how do I change this.
> > I have added the line to the /etc/hosts file: (which made netstat -r
fast)
> > 10.0.0.1 fqdn alias
>
> I believe you'll need to run a cacheing nameserver on the machine (there's
> a rpm on the CD) and use that as your primary DNS (keeping your ISP's
> two DNS servers as backup.
>
> That way, all your machines will know about your internal network.
>
> Emmanuel
>
>
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Slow POP3 / SMTP / FTP connection from internal windoze machines tolinux firewall (gateway)
Hello... I have a 6.2 machine setup with DNS services from my ISP. This machine acts as our firewall/gateway machine as well as our qmail pop server. The machine has two Nic's one external and one for the internal network both have separate IP's. Our internal network consists of many win95 - win2K machines. The problem is in our internal network access to the gateway machine. Any Connect attempts (port 110/23/etc) from internal to our firewall runs very slow but will eventually connect (/var/log/maillog reports upto 4mins of wait time) to the RH 6.2 machine. External access is fast (ftp, pop3 or http). running netstat -rn is fast and netstat -a (or route) is slow. This tells me that DNS resolution (or reverse IP lookup) is failing somewhere I believe the problem is that because our ISP is hosting our DNS it does not know anything about our internal IP 10.0.0.1 as is showing when you run nslookup 10.0.0.1 - "no response from server" My question then is how do I change this. I have added the line to the /etc/hosts file: (which made netstat -r fast) 10.0.0.1 fqdn alias But still no go on the other services from our internal network (or a netstat -a or a route) Any help is appreciated Greg Caskey
