[SLUG] Web server with 4 virtual hosts behind firewall
Hi people, I've been asked to setup a web server with 4 virtual hosts...no big deal, but eventually I will also be asked to put that web server behind a firewall. here's the basic idea: 4 domain names each with their own IP Web server is Apache configured with 4 virtual hosts. Firewall is ipchains (could be iptables but i havent had enough experience with it to be comfortable configuring it) the firewall will drop every packet except those aimed at www, dns, and ssh. So here's the question. If each domain has its own IP address does that mean that I will need to bind those ip addresses to the internet interface on the firewall? If so can anyone explain how I can bind multiple ipaddress to 1 interface. If if tell ipchains to only allow www,dns, and ssh on the internet interface, will it allow connections aimed at any of the 4 ip addresses or will it only allow the first one bound to the interface? I'm quite new to this so I dont know if i'm going in the wrong direction so your feedback/suggestions would be most appreciated :) signature.asc Description: This is a digitally signed message part
[SLUG] sendmail rejects
I am getting a bunch of sendmail errors like the one below. What is this, mail seems to be coming in ok. Dec 19 22:44:51 mail1 sm-msp-queue[2894]: gBG63ltp001066: to=kevin, ctladdr=root (0/0), delay=3+05:41:04, xdelay=00:00:00, mailer=relay, pri=8130011, relay=localhost.ctv.com.au., dsn=4.0.0, stat=Deferred: Connection refused by localhost.ctv.com.au. Kind regards Kevin -- Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html Kevin Waterson Byron Bay, Australia -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] sendmail rejects
> Dec 19 22:44:51 mail1 sm-msp-queue[2894]: gBG63ltp001066: to=kevin, ctladdr=root >(0/0), delay=3+05:41:04, xdelay=00:00:00, mailer=relay, pri=8130011, >relay=localhost.ctv.com.au., dsn=4.0.0, stat=Deferred: Connection refused by >localhost.ctv.com.au. Is your domain ctv.com.au? localhost.ctv.com.au is 127.0.0.1... So if you're not accepting mail for whatever domain this mail was addressed to on that machine, it won't go through. :-) If ctv.com.au is not you, yell at someone who caused the mail to want to go to localhost.ctv.com.au. - Jeff -- "We've got a great drummer and a great singer. Those are the key positions. When you find a singer and a drummer this good, you don't leave them." - Stone Gossard, Pearl Jam -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] sendmail rejects
This one time, at band camp, Jeff Waugh <[EMAIL PROTECTED]> wrote: > Is your domain ctv.com.au? yes > localhost.ctv.com.au is 127.0.0.1... So if you're > not accepting mail for whatever domain this mail was addressed to on that > machine, it won't go through. :-) thanks for the reply... the mail was sent to ctv.com.au kind regards Kevin -- Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html Kevin Waterson Byron Bay, Australia -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Web server with 4 virtual hosts behind firewall
Hi Chris, > If each domain has its own IP address does that mean that I > will need to > bind those ip addresses to the internet interface on the > firewall? If so > can anyone explain how I can bind multiple ipaddress to 1 interface. Two options here, which may or may not be practical depending on your IP configuration... 1) Bind the addresses to the web servers and route to them. Use ipchains on the firewall for access control 2) Bind the addresses to the firewall and port forward relevant requests to the internal/DMZ web servers Option 1 is generally the best if its do-able. Option 2 can create mildly tricky issues if you want to see the real IP's of the web page requestors in your web logs. If you want option2, you'd use something like ifconfig eth0 main.ip.address.x network.mask.x.x ifconfig eth0:2 second.ip.address.x network.mask.x.x etc. You may need to enable aliasing in your kernel if not already enabled. > If if tell ipchains to only allow www,dns, and ssh on the internet > interface, will it allow connections aimed at any of the 4 ip > addresses > or will it only allow the first one bound to the interface? If you configure subinterfaces as above you will have multiple internet connections and can apply ipchains to each one. If you route, you can still do much the same. Cheers, Marty Netway Networks Pty Ltd (T) 8920 8877 (F) 8920 8866 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Exceed substitute?
I found weirdX useful sometimes. tightvnc works better imo. -- lestercheung On Thu, Nov 28, 2002 at 02:12:14PM +1100, Peter Rundle wrote: > Nathan, > > depending on the number of windoze desktops you need you might > like to try this. > > Run virtual desktops using XVnc on the box where "Abaqus" is > installed. You can run the most basic of window managers such > as black box. Then use tightVnc on the windoze boxen to access > each desktop and then run Abaqus on the virtual desktop. > > One advantage is that Abaqus can keep running even if the windoze > boxen is shutdown, or you can move to another windoze box and > view the same abaqus instance. > > HTH > > Pete > > P.S BTW Vnc is freeware and tightvnc is good enough to use over > a 33K modem. > > P.P.S yes I've read the advocacy comments about derogatory use of > words re *that* evil empire but given that they choose to steal a > common english language word and make a brand out of it I choose > to refer to their brand as "windoze" so that when writing about > "windows", the reader understands that I'm refering to a gui window > on a users desktop. > > > > > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Netmeeting and Linux Server
check ipmasq howto: http://www.e-infomax.com/ipmasq/howto/c-html/supported-client-software.html basically there is a kernel module for 2.2 kernels and there is a H.323 gateway. -- lestercheung On Wed, Dec 18, 2002 at 12:45:00PM +1100, Simon Bryan wrote: > Hi, > Has anyone any experience running MS Netmeeting from MS desktops thorugh a > RH7.2 server? > The server provides Proxy and firewall and Optus cable connection. > > _ > Simon Bryan > IT Manager > OLMC Parramata > ICQ#: 137562751 > _ > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Bir suikasti doðru okumak - Hablemitoðlu suikasti isaret fisegi
Türkiye yeni döneme 1) Ýktidara gelir gelmez yanýna bir Ermeni patriðini alarak, Hristiyan kliselerine mülkiyet hakký tanýyacaklarýný açýklayan dünyadaki tek "Ýslamcý" parti ünvanýna sahip bir AKP, 2) Türk ordusu ile iþgal kelimesini yanyana kullanan bir dýþiþleri bakaný (Rum deðil Türk), 3) Yaþam sýnýrýna geldikleri için her türlü ahlaksýz teklife açýk hale gelen ve sýrtýna çantasýný alýp Avrupa'ya gidebileceði gibi ham hayallere kapýldýðý için her türlü tarihsel, kültürel ve milli bilinçten yoksun omurgasýzlaþtýrýlan bir halk, 5) Türkiye'nin küçük bir aynasý haline getirilen Kuzey Kýbrýs Türk Cumhuriyeti'nde Rum/AB rüþvetine sarýlan kýþkýrtýlmýþ kitle ile Türkler arasýnda iyice gerilen bir ortam ve bu gerilimi, Mehmet Ali Birand , Çengiz Çandar gibi aldýklarý parayý sonuna kadar hakeden kalemler aracýlýðý ile iyice týrmandýran, yabancý istihbarat örgütlerinin propaganda aracý haline dönüþen bir basýn, 4) Ülke savaþa sürüklenip, ülke topraklarý ABD'nin üssü haline gelirken, hala imam hatiplerdeki baþörtüsü sorununa müdahil olmaya çalýþarak, ülkede milliyetçilikle müslümanlýklýk arasýnda çizgi çizmeye çalýþanlarýn ekmeðine yað süren bir MGK baþkaný ile girmiþken, Türkiye'deki yabancý istihbarat örgütlerinin nasýl cirit attýðýna dair çalýþmalarý ile tanýnan ve en son Alman vakýflarýna yönelik çalýþmasý, Almanya'yý ciddi þekilde rahatsýz eden (AKP'nin son Avrupa seferindeki gözden kaçan tavizlerden biri - Kýbrýs'ýn verildiði bir masada Alman vakýflarýna yönelik baskýnýn arka plana itilmesi yolunda verilen tavizin lafý mý olur) Doçent Dr. Necip Hablemitoðlu bir suikaste kurban gitmiþtir. Hablemitoðlu bir çok açýdan önemli bir isimdir : 1) Uður Mumcu'dan sonra yabancý istihbarat ajanslarý(Alman, ABD, Ýngiliz, Ýsrail) ve bunlarýn paravan örgütlerine yönelik en ciddi çalýþmalardan birini yapan isimdir. Bu çalýþmalarý Almanya baþta olmak üzere Türkiye'yi yörüngelerinde sabitleþtirmek isteyen emperyal güçleri ciddi þekilde rahatsýz etmiþtir. 2) Ayný zamanda, Müslüman olduðu zannedilen fakat Türkiye'de Ýslamý Hristiyanlaþtýrmak (dinler arasý diyalog senaryolarý) gibi bir misyon verilen Fettullahçý kadrolara yönelik çalýþmalarý, "Ýslam" üzerinden yapýlacak manipülasyonlara açýk kapý býrakmaktadýr. 3) Hablemitoðlu, Türklerin Ýslamiyet öncesi köklerine aðýrlýk veren bir isimdir. Bu özelliði ile zaman zaman, Türklük ile Ýslam arasýnda çizgi çekmek isteyen ve bu yolla toplumdaki muhafazakar çevreleri diðerlerinden ayrýþtýrmayý planlayanlar tarafýndan suistimal edilmiþtir. 4) Devlet içinde baðýmsýz ve büyük Türkiye için çabalayan kadrolarla yakýn temas halindedir. Bu kadrolar, büyük fakat jandarma Türkiye ile büyük fakat koloni Türkiye isteyen kadrolara karþý mücadele halindedir. Hablemitoðlu suikastinin arkasýndaki güçler konusunda bütün bu arka plana raðmen somut bir þey söylemek zor olsa da, cinayetin hemen sonrasýnda medyaya yansýtýlan bilgilerin niteliði, suikastin planlamasýnýn kurþun aþamasý ile sýnýrlý tutulmadýðý ve sonrasýnýn da düþünüldüðü þüphesi uyandýrýyor. .. Cinayetle ilgili kamuoyunu çabuk yargý vermeye ve soruþturmayý yürütenleri de yanlýþ yönlendirebilecek bir bilgi akýþý gözlenmektedir. Sadece bir kýsmý alýnabilen bir araba plakasýnýn hemen basýna yansýmasý ve Hablemitoðlu'nun bomba tehditleri aldýðý için arabasýnýn kapýsýný uzaktan açmaya baþladýðý (bu artýk herkesin yaptýðý bir uygulamadýr ve bombalý saldýrýya tedbir niteliði taþýmaz) ve dolayýsý ile saldýrganlarýn bunu haber alarak silahla öldürmeye karar vermiþ olabilecekleri yolundaki "medya" tespitleri bu kuþkularý arttýrmaktadýr. Bu suikastin arkasýnda dýþ güçler var ise, bunlarýn izini HaberTurk gibi bu gibi zamanlarda çok deðerli kamuoyu oluþturma iþlevi görmek için kurulmuþ olan basýn-yayýn organlarýný takip ederek rahatça görebilirsiniz. Psikolojik savaþýn paralý askerleri paralarýný bu gibi zamanlarda hakederler. Türkiye 2023 olarak Hablemitoðlu suikasti hakkýnda yukarýdaki tespitlere dayanarak kolaycý çýkarýmlar yapmak yerine, þu deðerlendirmemizi dikkatinize sunmak istiyoruz : ABD'nin Irak'a yerleþmesi esas planda sadece bir ara adým olup, esas plan bölgenin yeniden yapýlanmasýdýr. Bu yapýlanma, Türkiye içindeki güç mücadelesinin de sonucuna baðlý olarak Türkiye'yi de içermektedir. Türkiye 2023, ABD'nin Irak'a yerleþmesini tamamlamasýndan sonra (bu illa Baðdat'ýn iþgali ve Saddam'ýn devrilmesi anlamýna gelmemektedir), Türkiye'yi de planlarý arasýna dahil eden güçlerin planlarý doðrultusunda, milliyetçilik-din ekseninde çalkantýlar beklemektedir. Fakat Hablemitoðlu cinayeti, bu çalkantýlarýn tahminimizden de erken gelen bir iþaret fiþeðidir. Bu çerçevede toplumu gittikçe gerginleþtirilen ve polarize edilen Kuzey Kýbrýs Türk Cumhuriyeti ile , dýþ güçlerin maþasý olma konusunda çok aceleci ve acemi davranan AKP'nin, iktidarda olduklarýný zannederek askeri-oligarþik güçlere karþý seslerini daha sert bir biçimde yükseltmeye baþlayacak olan kýrýlgan tabaný (Vakit'in bugün attýðý "Ýþ
[SLUG] Mandrake 9 CDs
Greetings I'm after some Mandrake 9 CDs (so I can have a go at replacing my W2k Laptop). Does anyone know where I can get them (without downloading)? Thanks in advance! Robert Maurency IT Department Ascham School +61 2 8356 7004 www.ascham.nsw.edu.au * This mail, including any attached files may contain confidential and privileged information for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended receipient (or authorised to receive information for the recipient), please contact the sender by reply e-mail and delete all copies of this message. * -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Mandrake 9 CDs
There was a 2CD set available on the cover of APC a couple of months ago (I have them here but there's no date on the cover, and I can't find the magazine !!!) Jon => I'm after some Mandrake 9 CDs (so I can have a go at => replacing my W2k Laptop). => => Does anyone know where I can get them (without downloading)? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Mandrake 9 CDs
You could buy them from either www.everythinglinux.com.au or www.lsl.com.au. Everythinglinux is in Sydney, lsl is in melbourne. > Greetings > > I'm after some Mandrake 9 CDs (so I can have a go at replacing my W2k > Laptop). > > Does anyone know where I can get them (without downloading)? > > Thanks in advance! > > Robert Maurency > IT Department > Ascham School > +61 2 8356 7004 > www.ascham.nsw.edu.au > > * > This mail, including any attached files may contain > confidential and privileged information for the sole > use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. > If you are not the intended receipient (or authorised to > receive information for the recipient), please contact > the sender by reply e-mail and delete all copies of > this message. > * > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Mandrake 9 CDs
I have the Mandrake 9.0 cds from the cover of the APC magazine and from what i can remember it was the october issue. If you like i can copy the cd-roms and send them to you. On Fri, 2002-12-20 at 09:04, Robert Maurency wrote: > Greetings > > I'm after some Mandrake 9 CDs (so I can have a go at replacing my W2k > Laptop). > > Does anyone know where I can get them (without downloading)? > > Thanks in advance! > > Robert Maurency > IT Department > Ascham School > +61 2 8356 7004 > www.ascham.nsw.edu.au > > * > This mail, including any attached files may contain > confidential and privileged information for the sole > use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. > If you are not the intended receipient (or authorised to > receive information for the recipient), please contact > the sender by reply e-mail and delete all copies of > this message. > * signature.asc Description: This is a digitally signed message part
[SLUG] weird Mac scanner file format
Hi, What format is this, please? gimp doesn't know it nor does file $ od -c barbara/Lindsay1 | head 000 F S P A 003 \0 \0 \0 037 004 \0 \0 211 003 \0 \0 020 030 \0 \0 \0 h 030 \a \0 h 030 \a \0 001 \0 \0 \0 040 \0 \0 \0 \0 Ð î + \0 \0 \0 \0 \0 \0 \0 \0 \0 060 0 \0 \0 \0 \0 \0 \0 \0 ` \0 \0 \0 006 \0 \0 \0 100 \0 \0 \0 \0 \0 \0 \0 \0 d \0 \0 \0 x \0 \0 \0 120 036 À + \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 140 \n \0 \0 \0 \0 \0 \0 \0 B a c k g r o u 160 n d \0 \0 \0 \0 \0 \0 020 \0 \0 \0 001 \0 \0 \0 200 \0 \0 \0 \0 \0 \0 \0 \0 B M 226 ¿ + \0 \0 \0 220 \0 \0 6 \0 \0 \0 ( \0 \0 \0 037 004 \0 \0 211 003 and how do you read it? Jim Donovan -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Kernel Messages
Howdy Folks
Where do I go to investigate kernel messages like this below?
URLs?
Google will show me hundreds of similar, but nothing that really helps
me understand what is going on.
Dec 20 03:07:00 dragonfly kernel: Unable to handle kernel NULL pointer
dereference at virtual address 0012
Dec 20 03:07:00 dragonfly kernel: printing eip:
Dec 20 03:07:00 dragonfly kernel: c014d728
Dec 20 03:07:00 dragonfly kernel: *pde =
Dec 20 03:07:00 dragonfly kernel: Oops:
Dec 20 03:07:00 dragonfly kernel: via82cxxx_audio uart401 ac97_codec
sound soundcore binfmt_misc nfsd parport_pc lp parport autofs nfs lockd
sunrpc tulip ide-cd cdrom usb-uhci usbcore ext3 jbd
Dec 20 03:07:00 dragonfly kernel: CPU:0
Dec 20 03:07:00 dragonfly kernel: EIP:0010:[]Not
tainted
Dec 20 03:07:00 dragonfly kernel: EFLAGS: 00010202
Dec 20 03:07:00 dragonfly kernel:
Dec 20 03:07:00 dragonfly kernel: EIP is at dnotify_flush [kernel] 0x38
(2.4.18-18.7.x)
Dec 20 03:07:00 dragonfly kernel: eax: 4000 ebx: 0002 ecx:
db4ba900 edx: db4baa08
Dec 20 03:07:00 dragonfly kernel: esi: d7cf9240 edi: d0b3b740 ebp:
b988 esp: c77a3f8c
Dec 20 03:07:00 dragonfly kernel: ds: 0018 es: 0018 ss: 0018
Dec 20 03:07:00 dragonfly kernel: Process python (pid: 2401,
stackpage=c77a3000)
Dec 20 03:07:00 dragonfly kernel: Stack: d7cf9240 d0b3b740
c0138edf d7cf9240 d0b3b740 d7cf9240 0005
Dec 20 03:07:00 dragonfly kernel:0005 c0138f43 d7cf9240
d0b3b740 c77a2000 c010893b 0005 b97c
Dec 20 03:07:00 dragonfly kernel:40047b18 0005 0005
b988 0006 002b 002b 0006
Dec 20 03:07:00 dragonfly kernel: Call Trace: [] filp_close
[kernel] 0x3f (0xc77a3f98))
Dec 20 03:07:00 dragonfly kernel: [] sys_close [kernel] 0x43
(0xc77a3fb0))
Dec 20 03:07:00 dragonfly kernel: [] system_call [kernel] 0x33
(0xc77a3fc0))
Dec 20 03:07:00 dragonfly kernel:
--
Terry Collins {:-)}}} Ph(02) 4627 2186 Fax(02) 4628 7861
email: [EMAIL PROTECTED] www: http://www.woa.com.au
Wombat Outdoor Adventures
"People without trees are like fish without clean water"
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] sendmail queue
How long does a mail stay in the mail queue for? Kind regards Kevin -- Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html Kevin Waterson Byron Bay, Australia -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] sendmail queue
On Fri, Dec 20, 2002 at 10:48:29AM +1100, Kevin Waterson wrote: > How long does a mail stay in the mail queue for? Depends upon your MTA configuration. Sendmail's default is five days with a non-delivery warning sent after four hours. Look for these directives in your .mc file: define(`confTO_QUEUEWARN', `4h')dnl define(`confTO_QUEUERETURN', `5d')dnl Cheers, John -- whois [EMAIL PROTECTED] GPG key id: 0xD59C360F http://kirriwa.net/john/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] One for the brains trust.
I have a linux firewall on the end of a ppp link to Telstra Direct. It's a Pentium II box, 2.4.19 kernel. Very standard config. The modem 'link' stays 'up'. But there are intermittent 'outages'. Every so often there is an outage of 4 minutes, 57ish seconds. This happens with the following periodicity An outage every eight hours of 4 mins. Then after a few days, outages occur more frequently. Ping times seem pretty long as well in general. I've noticed this on another link using 2.4 kernel with an HDSL link to DavNet. Any clues? Regards & happy pagan festival to all. Markt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] One for the brains trust.
Can you characterise the outage in more detail? Does the ppp peer remain pingable? (ie is the problem upstream of the modem link) If not do you see activity on the modem txd led when you try to ping? (ie is the problem in your box or modem) Cheers -Rod > I have a linux firewall on the end of a ppp link to Telstra Direct. > > It's a Pentium II box, 2.4.19 kernel. > > Very standard config. > > The modem 'link' stays 'up'. > > But there are intermittent 'outages'. > > Every so often there is an outage of 4 minutes, 57ish seconds. > > This happens with the following periodicity > > An outage every eight hours of 4 mins. > > Then after a few days, outages occur more frequently. > Ping times seem pretty long as well in general. > > I've noticed this on another link using 2.4 kernel with an HDSL link to DavNet. > > Any clues? > > Regards & happy pagan festival to all. > > Markt > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] weird Mac scanner file format
On Fri, Dec 20, 2002 at 10:18:41AM +1100, [EMAIL PROTECTED] wrote: > Hi, > What format is this, please? gimp doesn't know it nor does file > $ od -c barbara/Lindsay1 | head > 000 F S P A 003 \0 \0 \0 037 004 \0 \0 211 003 \0 \0 did you try running the 'file' command on it? What program was it? If it was some proprietary thing then your only option is to reverse engineer it. >From a quick google it could be some part of a word document? http://www.aozw65.dsl.pipex.com/generator_wword8.htm#55 -i [EMAIL PROTECTED] http://www.gelato.unsw.edu.au -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] One for the brains trust.
One of 2 things. 1) It could be a line fault or something like that, hence it sounds like a problem with telstra, give them a call and ask them to look into it. 2) Telstra doesnt provide reliable service to world+dog. Move to a more reliable ISP. RequestDSL comes to mind, they have outages once a year. Cheers, Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, 20 December 2002 11:12 AM To: SLUG Subject: [SLUG] One for the brains trust. I have a linux firewall on the end of a ppp link to Telstra Direct. It's a Pentium II box, 2.4.19 kernel. Very standard config. The modem 'link' stays 'up'. But there are intermittent 'outages'. Every so often there is an outage of 4 minutes, 57ish seconds. This happens with the following periodicity An outage every eight hours of 4 mins. Then after a few days, outages occur more frequently. Ping times seem pretty long as well in general. I've noticed this on another link using 2.4 kernel with an HDSL link to DavNet. Any clues? Regards & happy pagan festival to all. Markt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug Netway Networks Pty Ltd (T) 8920 8877 (F) 8920 8866 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Web server with 4 virtual hosts behind firewall
> Two options here, which may or may not be practical depending on your IP > configuration... > 1) Bind the addresses to the web servers and route to them. Use ipchains on > the firewall for access control > 2) Bind the addresses to the firewall and port forward relevant requests to > the internal/DMZ web servers another possibility may be: 3) Swap the domains to name based vhosts, CNAME or A them to the firewalls external interface and port forward 80/tcp to the web server in the DMZ. Thus any new hostings can be done by configuring a vhost and adding a new CNAME/A record. No messing around with ip aliasing. cheers, Chris -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: Re: [SLUG] General question Re: Securing Redhat Linux IS: question re: sshd
> Can you explain why you exclude sshd? Buffer overruns ? ;-) Properly protected from the outside it should be OK though. Chris -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] General question Re: Securing Redhat Linux
> If you spend enough time on it you can convince yourself that any box is > "secure". Secure systems is one area where debian excels though. Debian > packaging policy means that old, reliable software is used in favour of > newer, possibly more functional, but possibly also less secure software. NB: This is not a Debian bash, I've just got very little (tending to zero) experience of it. I would hope that Debian, whilst keeping to more elderly software, back-ports security fixes to their distribution ? Also, given that some software releases happen because of security fixes, you may well find that older software is not always more secure. I remember the old sendmail "bug of the month club" times, where those unlucky enough to still be using that MTA would be updating their software on a fairly regular basis to try and keep up-to-date with the fixes. Fortunately we were using Smail, and then Qmail. :-) cheers, Chris -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: WAS: Re: [SLUG] General question Re: Securing Redhat Linux
> If there is no port for them to logon to > then how can they gain access unless they are a local user? Buffer overruns in your IDS or libpcap ? :-) Chris -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Mandrake and apache error
> Mind you apache.apache is strange, but I guess thats mandrakes way. Debian has > www-data.www-data. Same difference IMHO, it's just a user to own the web files, and not the same user that owns the config files. cheers, Chris (trying to catch up on emails) -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] General question Re: Securing Redhat Linux
> I would hope that Debian, whilst keeping to more elderly software, > back-ports security fixes to their distribution ? "Like, totally." http://lists.debian.org/debian-security-announce/debian-security-announce-2002/threads.html (If you go back in the LWN archives, there's a comparison between distro security practices. It's a bit different now, because Red Hat have improved enormously, but Debian was on top back then, and I'd be surprised if they weren't still there, or nearby, now.) - Jeff -- "Love never misses the chance to put the boot in." - Kelly, SLOU -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] General question Re: Securing Redhat Linux
Quoting Chris Samuel <[EMAIL PROTECTED]>: > > If you spend enough time on it you can convince yourself that any box > is > > "secure". Secure systems is one area where debian excels though. > Debian > > packaging policy means that old, reliable software is used in favour > of > > newer, possibly more functional, but possibly also less secure > software. > > NB: This is not a Debian bash, I've just got very little (tending to > zero) > experience of it. > > I would hope that Debian, whilst keeping to more elderly software, > back-ports security fixes to their distribution ? security fixes for anything on the current stable release are always available on security.debian.org for example :) -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
