caching only name server config question
Hello, I have been setting up a caching only name server (bind) on a linux firewall/router. The name server seems to be working like it should. My question is: Which DNS address do I have to put in the DNS fields of the windoze workstations in the LAN, the DNS addresses of my ISP or the ip address of the fw/router? I have tried the ip address of the fw/router but it did not work. Now I have set the ip address of the fw/router in the host field and the ip addresses of my ISP in the DNS field. This works but I am afraid the windoze workstations will bypass the caching only name server this way. TIA, Robert-Jan Kuijvenhoven -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
RE: RH 6.1 Firewall network problems
> "R. Kuijvenhoven" wrote: > > > From the second workstation I can't > > > ping anything. > > > > Still doesn't work. > > Stage 1) Check cabling. Thanks, it was the cabling indeed. There is fibre optic cable between the part of the network this computer is in and the rest of the network. The company who installed the network should have connected the fibre to the hub, but they connected the fibre directly to the server (Novell 3.12). The result is that only IPX/SPX is passed through. Do you have any idea if there is a (software) workaround for this? Robert-Jan -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
RE: How to log who is visiting which web pages
> On Thu, 6 Jan 2000, R. Kuijvenhoven wrote: > > > I have installed an ipchains firewall/router. I would like to be able to > > check the "surfing behaviour" of some of the employees, because > I know that > > they will be surfing instead of working if we are not able to check what > > they are doing. > [--snip--] > > Is there a better way of handling this? > > Yes. If you don't trust your employees, don't give them web access. > > If they need web access to do their jobs, and you don't trust them, set up > a proxy server which serves only approved web sites. > > But if you don't trust your employees, you've got bigger problems than > this technical issue... Thanks, you are absolutely right. However, it is not that you really can't trust them, it is just that some of them can get carried away sometimes. Robert-Jan -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
How to log who is visiting which web pages
> heh, this was asked about a week ago. I think that in the end the guy > went for this solution: > > what you might want to do is to set up a proxy (maybe squid?) somewhere > on your network, and then using ipchains you can "invisibly" redirect > all traffic on port 80 to that host (with the exclusion of that host, > because otherwise you'd just be redirecting it to itself when it wants > to make a real request:). then you can just look at the output of your > proxy log files and see who's doing what. that way it is completely > transparent to the end user, and you don't have to reconfigure any web > browsers at all. > > > this has some good points to it: > 1) it makes it really hard to surf the web without being logged. I won't > say impossible, because I've got some nice code here that will allow me > to do that :) > > 2) you create another service to your users and improve their web > browsing experience. > > it also has some bad points, but the only one that I can think of is > that you need more disk space to cache web pages... > > someone else mentioned some package for filtering out the logs into a > nicer format if you don't like the raw logs. can't remember what is was > called though... > > we briefly touched on other solutions as well. there is software for > windows called Webboy which does this (www.ngdsoftware.com). or, using > libpcap you can write a program that will listen to traffic and sift out > all the http requests. that's a little harder. I was going to give that > a shot last week, but, well, I never got around to it :) > > hope that helps! > sugarboy Thanks, I will try squid. -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
How to log who is visiting which web pages
Hello, I have installed an ipchains firewall/router. I would like to be able to check the "surfing behaviour" of some of the employees, because I know that they will be surfing instead of working if we are not able to check what they are doing. I thought of adding the -l option to some of the ipchains rules, but I think this will generate an enormous amount of log entries. Is there a better way of handling this? TIA, Robert-Jan Kuijvenhoven -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
RE: RH 6.1 Firewall network problems
> Hello, > > I have been setting up a RH 6.1 firewall/router for a LAN (Novell) with 8 > (windoze) workstations. Configuring the first 5 workstations to use the > firewall went smoothly. I did not get the other three workstations > configured however. From the first workstation I can't ping the > firewall and > from the firewall I can't ping the workstation. I can ping other > workstations from the first workstation. This workstation is working now (don't ask me why, I didn't change anything. Strange micro$oft behavior). > From the second workstation I can't > ping anything. Still doesn't work. > The third workstation can't make a network connection at all > when I set-up an IP address and a gateway address. Solved this one: changed the IPX/SPX-protocols frame-type from "AUTO" to the real frame-type. > I am aware of the fact that this is probably a windoze problem (as always) > and that this is definitely not a windoze mailing list. However, > since a lot > of people have the firewall / LAN set-up I am hoping someone can > help me out > anyway. > TIA, Robert-Jan Kuijvenhoven -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
RH 6.1 Firewall network problems
Hello, I have been setting up a RH 6.1 firewall/router for a LAN (Novell) with 8 (windoze) workstations. Configuring the first 5 workstations to use the firewall went smoothly. I did not get the other three workstations configured however. From the first workstation I can't ping the firewall and from the firewall I can't ping the workstation. I can ping other workstations from the first workstation. From the second workstation I can't ping anything. The third workstation can't make a network connection at all when I set-up an IP address and a gateway address. I am aware of the fact that this is probably a windoze problem (as always) and that this is definitely not a windoze mailing list. However, since a lot of people have the firewall / LAN set-up I am hoping someone can help me out anyway. TIA, Robert-Jan Kuijvenhoven -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
RE: ipchains and dynamic ip question
> > Hello, > > > > I am new to ipchains so I have read a lot of documentation > about setting up > > chains. However, I don't understand how set up rules for > dynamic ip. I read > > the following example: > > > > # remote interface, any source, going to permanent ppp address is valid > > # > > Get the IP from ifconfig: > > extip=`ifconfig $ippp0 | grep inet | cut -d : -f 2 | cut -d \ -f 1` Where do I have to put this line? I have tried it at the prompt, but ipchains doesn't accept it. > > > ipchains -A input -i ippp0 -s 0.0.0.0/0 -d $extip/32 -j ACCEPT > > > > # almost the same rule for the output chain > > # > > ipchains -A output -i ippp0 -s extip/32 -d 0.0.0.0/0 -j ACCEPT > > $extip (and $ippp0 ?) You are absolutely right! extip was a typing error. I have used ippp0 because the external interface is always ippp0 in my case. Thanks, Robert-Jan -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
ipchains and dynamic ip question
Hello, I am new to ipchains so I have read a lot of documentation about setting up chains. However, I don't understand how set up rules for dynamic ip. I read the following example: # remote interface, any source, going to permanent ppp address is valid # ipchains -A input -i ippp0 -s 0.0.0.0/0 -d $extip/32 -j ACCEPT # almost the same rule for the output chain # ipchains -A output -i ippp0 -s extip/32 -d 0.0.0.0/0 -j ACCEPT If I am not mistaking, with dynamic ip, the ppp address isn't necessarily the same every time a connection is made. What is the right way to handle this? TIA, Robert-Jan Kuijvenhoven -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
RE: Problem getting ISDN loaded at boot
> >- depmod gives an error: modprobe: error reading ELF header: No such file > of directory. > > Have you tried specifying a full pathname? > /lib/modules/2.2.12-20/misc/hisax.o When I try 'depmod /lib/modules/2.2.13/misc/hisax' I get the message: modprobe: error reading ELF header: Success > > Rather than doing a modprobe manually (or automatically in > /etc/rc.d/init.d/) it may be better to load it with all the other > modules by > throwing a line in /etc/conf.modules? > > I'd try something like: > > alias ippp0 hisax I have tried it, but it does not work either. I have checked the logs but they look just same as when this line is not in conf.modules. Any other ideas? Thanks, Robert-Jan -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
Problem getting ISDN loaded at boot
Hello, I have installed a RH6.1 distro and am trying to install a Teles HFC-S ISDN card now. I can get the card working by loading the module at the prompt, giving a 'modprobe hisax', but the module is not loaded at boot. I have checked the /etc/rc.d/init.d/isdn file and it contains the line 'modprobe hisax'. So, something is probably going wrong at boot. So I have taken a look at the /var/log/boot.log file and found out the following: - isapnp enables the card OK - depmod gives an error: modprobe: error reading ELF header: No such file of directory. However the next line shows: rc.sysinit: Finding module dependencies succeeded. Giving a depmod -a at the prompt also results in the 'error reading ELF header' message. - ifup: SIOCADDRT: Network is unreachable - ifup: Reading configuration ... - ifup: /etc/isdn/ippp0.conf - ifup: /dev/isdninfo: No such device - ipup: Oops, an error - network: Bringing up interface ippp0 failed What I think happens is that ifup can't bring up the ippp0 interface because the hisax module is not loaded. When I give a ifup ippp0 at the prompt, without having the hisax module loaded, I get the same error. However, when I load the hisax module first, ifup ippp0 works just fine. So the question is: "Why is the hisax module not loaded at boot?" Could it have to do with the depmod problem or is there something else going wrong here? Any help is appreciated. TIA, Robert-Jan -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.