Re: [SLUG] Netmask calculations.
On Mon, 20 Jan 2003 [EMAIL PROTECTED] wrote: I'm wanting to restrict web access, using squid's acl, on two machines in the local network here - 192.168.100.20 and 192.168.100.30 My theory on netmask addresses is poor, and I've been specifying the addresses and netmask as 192.168.100.20-192.168.100.30/255.255.255.0 This is wrong - squid reports the error: aclParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.100.20-192.168.100.30/255.255.255.0' The result is that this blocks more than the intended IP addresses. :( What should I be specifying as a netmask, and how do I calculate appropriate netmasks. Oooh, netmasks. Interesting things. netmasks. If you can get them right, then you'll never have a problem with IP again. However, the explaination is somewhat involved, so if you want more detail, feel free to email me off list - I'll just answer your question and be done with it. The short answer is - you can't filter the IP addresses you specify. You have to filter based on bit boundaries in the binary conversion of the address, and for a block that small, they exist at 192.168.100.0 - 192.168.100-15 192.168.100.16 - 192.168.100.31 192.168.100.32 - 192.168.100.47 192.168.100.48 - 192.168.100.63 You can see the progression. So, basically, the smallest block you can filter on which includes the range you want is the addresses from 192.168.100.16 through 192.168.100.31 To do this, you need the following network definition 192.168.100.16, netmask 255.255.255.240 This gives you the following definitions Network address - 192.168.100.16 Broadcast address - 192.168.100.31 Host addresses - 192.168.100.17 through 192.168.100.30 That covers most of what you want - however, be aware that if you use this definition on only the Squid setup, strange things might happen - I'm not sure exactly HOW Squid parses this information internally - but that's definitely the netmask you need to use to enclose only that block of addresses. You should note that you'll also block 192.168.100.18, 18 19 as well as the ten addresses you want - but you can't do it any other way. DaZZa -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Netmask calculations.
On Mon, Jan 20, 2003 at 07:41:11PM +1100, [EMAIL PROTECTED] wrote: On Mon, 20 Jan 2003 [EMAIL PROTECTED] wrote: addresses and netmask as 192.168.100.20-192.168.100.30/255.255.255.0 '192.168.100.20-192.168.100.30/255.255.255.0' You should note that you'll also block 192.168.100.18, 18 19 as well as the ten addresses you want - but you can't do it any other way. Normally yes excepts it's squid and squid can deal with address ranges so you should be able to do this do this acl myrange src 192.168.100.20-192.168.100.30/32 gives you ips 20-30 inclusive -- John http://www.inodes.org/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] [ot] Testing
Title: Message
Migrated mail
account. Testing.
#
dewald.troskie # dimension.data.south.africa # teamsource projects :: gensec
desk # tel ::
+27 (011) 575 2723 # cell :: +27 (084) 305 6157 # email ::
[EMAIL PROTECTED]
***
This message contains information intended solely for the addressee,
which is confidential or private in nature and subject to legal privilege.
If you are not the intended recipient, you may not peruse, use,
disseminate, distribute or copy this message or any file attached to this
message. Any such unauthorised use is prohibited and may be unlawful. If
you have received this message in error, please notify the sender
immediately by e-mail, facsimile or telephone and thereafter delete the
original message from your machine.
Furthermore, the information contained in this message, and any
attachments thereto, is for information purposes only and may contain the
personal views and opinions of the author, which are not necessarily the
views and opinions of Dimension Data (South Africa) (Proprietary) Limited
or its subsidiaries and associated companies ("Dimension Data"). Dimension
Data therefore does not accept liability for any claims, loss or damages
of whatsoever nature, arising as a result of the reliance on such
information by anyone.
Whilst all reasonable steps are taken to ensure the accuracy and
integrity of information transmitted electronically and to preserve the
confidentiality thereof, Dimension Data accepts no liability or
responsibility whatsoever if information or data is, for whatsoever
reason, incorrect, corrupted or does not reach its intended destination.
*
Re: [SLUG] NTFS resizing without partition magic
To be honest the best way to get XP and Linux to work together is to make a FAT 32 partition on the same system, or do what I did for a buddy was I grabbed a second hand 1 gig hardisk and added it to his the system and formated it as Fat32 this way both XP and Linux can read and write to the same files on the same system. NTFS support is a bit iffy in Linux its OK for reading but I wouldn't trust it for writing right now maybe later this year who knows. * Hey if you're going to get mad at me every time I do something * * stupid, then I guess I'll just have to stop doing stupid things! * On Sun, 2003-01-19 at 20:07, Kevin Saenz wrote: Hi all, I am after a tool that will allow me to resize an NTFS partition with out loosing data. I am trying to get Linux and XP to co-exist on my laptop, but this won't happen thanks to the HP recovery disks and the partition wizard on mandrake. :( I have tried fips it doesn't understand NTFS. I really don't want to buy Partition Magic. Thanks -- Kevin Saenz [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Knoppix and Ispell and Emacs
what about trying another live cd such as Demo Linux? (I have seen some copies in mags at the Newsagent recently) http://www.demolinux.org/ On Mon, 20 Jan 2003 13:21, Mark A. Bell wrote: Hi, I have a friend who just got a Knoppix CD because she needs to edit LaTex files with Emacs. She's a Windows user. The problem is that the Ispell on the Knoppix CD seems to be German only - even with the option 'lang=us'. It throws the error 'can't find file american.hash' I can only find (-iname '*.hash') a deutch.hash file on the CD. Can anyone think of a work around to get English Ispell under Knoppix? Right now she's using Windows XEmacs (no Ispell) and I hesitate to recommend doing a full Linux installation just to get a spell-checker. thanks mark = mark a. bell http://www.users.bigpond.com/m487396 __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Laptop problem
On Tue, 2003-01-21 at 08:12, Alan L Tyree wrote: On Mon, 2003-01-20 at 20:13, Ken Foskey wrote: On Mon, 2003-01-20 at 16:51, Alan L Tyree wrote: On Tue, 2003-01-21 at 06:27, James Gregory wrote: On Sun, 2003-01-19 at 21:57, Alan L Tyree wrote: I'm having trouble with a laptop ethernet hookup. When the machine boots, it fails to see eth0 but then it seems to configure it later. I think I have fixed this. In the startup directories (/etc/rc.d/rc5.d/ in my case) the original files were: S10network S24pcmcia I changed S24 to S07 so that the pcmcia stuff is executed before the network stuff. What distro release is this? Have you raised a bug report. This is ugly. RH8 on a Compaq Armada. It has been a very frustrating experience. I have never done bug reports - is this the kind of thing that should be reported? This is definitely something to be reported. http://bugzilla.redhat.com/bugzilla/ I did a very quick search and turned up nothing on this. If we don't report these bug they never get fixed. Think about the other people trying to work this out, with you bugzilla explaining the work around this is five minutes work. -- Thanks KenF OpenOffice.org developer -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Laptop problem
On Tue, 2003-01-21 at 08:38, Ken Foskey wrote: ARRR! Bloody thing didn't work on boot this morning! I changed it back to the original, shut the machine down. Restart: during boot it reports that the eth0 config has failed, but when I log in it is OK. I give up. Back to a nice simple dos machine, no networks, no nothing except getting some work done! Just kidding. But it is frustrating. Any ideas gratefully received. Alan I think I have fixed this. In the startup directories (/etc/rc.d/rc5.d/ in my case) the original files were: S10network S24pcmcia I changed S24 to S07 so that the pcmcia stuff is executed before the network stuff. What distro release is this? Have you raised a bug report. This is ugly. RH8 on a Compaq Armada. It has been a very frustrating experience. I have never done bug reports - is this the kind of thing that should be reported? This is definitely something to be reported. http://bugzilla.redhat.com/bugzilla/ I did a very quick search and turned up nothing on this. If we don't report these bug they never get fixed. Think about the other people trying to work this out, with you bugzilla explaining the work around this is five minutes work. -- Thanks KenF OpenOffice.org developer -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- -- Alan L Tyree[EMAIL PROTECTED] http://www.law.usyd.edu.au/~alant Tel: +61 2 4782 2670 Mobile: +61 405 084 990 Fax: +61 2 4782 7092 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] TCP connection problem
I have some ethernet attached printservers from Intel (much like HP's Jetdirect boxes). These things can be administered via telnet or webbrowser. The problem I'm having is that they reject any connection requests (telnet and www) from my debian box running kernel 2.4.20. Other boxes running older kernels connect fine. Using ethereal the difference seems to be the tcp flags set when the initial connection request (telnet or www) is made. On the boxes that can connect only the SYN flag is set to which the printserver replies with SYN and ACK set. On the Debian 2.4.20 box the SYN, CWR and ECN flags are set to which the printserver replies with RST and ACK set (causing the connection to be terminated). CWR=Congestion window reduced, ECN=ECN-Echo - Whatever that means. This intrigues me. What's going on here, and how would I influence which flags are initially set? Is this even the problem? Thanks for your help. Best regards, Matthias -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] SAMBA - Solution!
Hi, Thanks to the list for helping me sort out samba. Just in case anyone else has problems I found the following document really useful (thanks to someones suggestion) DIAGNOSIS.txt The problems was my Windows TCP/IP settings. In the advances options in the TCP/IP properties under the WINS tab I enabled NETBIOS over TCP/IP and added the ip address of my Linux box to the Wins address list and it all works. Cheers. Dan - Original Message - From: Lindsay Holmwood To: [EMAIL PROTECTED] Sent: Monday, January 20, 2003 5:34 PM Subject: RE: [SLUG] SAMBA Greetings,When you specify "linuxbox" in the net use command, are you specifyinga netbios name, or an IP address? I temporarily used your configuration on my samba server, and when Itried to connect to it from windows 2k by specifying the netbios name,windows simply refused to acknowlege that the linux box existed.I then specified the ip address in the net use command, and it workedperfectly.I think that this may be the answer to your problem!All the best,Lindsay
Re: [SLUG] TCP connection problem
Matthias Oertli [EMAIL PROTECTED] writes: On the Debian 2.4.20 box the SYN, CWR and ECN flags are set to which the printserver replies with RST and ACK set (causing the connection to be terminated). CWR=Congestion window reduced, ECN=ECN-Echo - Whatever that means. This intrigues me. What's going on here, and how would I influence which flags are initially set? Is this even the problem? ,[ /usr/src/linux/Documentation/filesystems/proc.txt ] | tcp_ecn | --- | This file controls the use of the ECN bit in the IPv4 headers, this is a | new feature about Explicit Congestion Notification, but some routers and | firewalls block trafic that has this bit set, so it could be necessary | to echo 0 to /proc/sys/net/ipv4/tcp_ecn, if you want to talk to this | sites. For more info you could read RFC2481. ` I also turn off tcp_timestamps as well, when its on it adds 18 bytes (from memory) to the tcp header making MSS 1442 (instead of 1460). I think CWR is part of ECN. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] TCP connection problem
[EMAIL PROTECTED] wrote: Matthias Oertli [EMAIL PROTECTED] writes: On the Debian 2.4.20 box the SYN, CWR and ECN flags are set to which the printserver replies with RST and ACK set (causing the connection to be terminated). CWR=Congestion window reduced, ECN=ECN-Echo - Whatever that means. This intrigues me. What's going on here, and how would I influence which flags are initially set? Is this even the problem? ECN is Explicit Congestion Notification. This is a new feature in the TCP protocol. Before ECN a lost packet was *assumed* to be lost due to congestion. That assumption fails for wireless networks, where there is a high level of natural packet loss. Being a new feature, some stuff which checks reserved bits breaks. More info at http://www.icir.org/floyd/ecn.html Intel no longer makes or supports print servers, so you'll need to turn off ECN on the Linux box. Edit /etc/sysctl.conf adding net.ipv4.tcp_ecn = 0 and run as root sysctl -p Given Intel's lack of support, you might want to move the printer to the Linux box and have it act as the print server (most Linux distributions support lpd, NetWare, Windows and AppleTalk print protocols). It's also unwise to put printers in the same VLAN as PCs. Better that printers have their own VLAN and that a machine sit between the two VLANs that acts as the spool for all the printers. This gives a single way to manage and account all print traffic. This is worthwhile even in a small office with a lot of trust (eg: then an Apple user can delete the job I submitted from Linux). I also turn off tcp_timestamps as well, when its on it adds 18 bytes (from memory) to the tcp header making MSS 1442 (instead of 1460). Not a good idea. TCP needs to accurately calculate the round trip time between the two hosts. The timestamp allows this to be done to a greater degree of accuracy than running a external timer and also gives valid RTT under congestion. The RTT estimate effects performance so much that you're far better off having a more accurate RTT than gaining a few bytes per packet by turning the timestamping off. One overly delayed packet will undo all of your byte-by-byte savings. You might not wish to run TCP timestamp and TCP selective acknowledgment if you have a modem link running VJ TCP/IP header compression. You should run Timestamps and SACK in all other scenarios. -- Glen Turner(08) 8303 3936 or +61 8 8303 3936 Australian Academic and Research Network www.aarnet.edu.au -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] NTFS resizing without partition magic
There is one small problem I don't have a XP home cd rom I have HP's recovery disks. which won't allow me to select what partition size I'd like nor will it allow me to select the format. To be honest the best way to get XP and Linux to work together is to make a FAT 32 partition on the same system, or do what I did for a buddy was I grabbed a second hand 1 gig hardisk and added it to his the system and formated it as Fat32 this way both XP and Linux can read and write to the same files on the same system. NTFS support is a bit iffy in Linux its OK for reading but I wouldn't trust it for writing right now maybe later this year who knows. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Winbind
Hi all, I am testing out the use of Winbind to authenticate users (I will need this soon to authenticate to a W2K domain). All seems fine, the server has joined the domain and I cna et info back with wbinfo. However my reading of the docs indicates that I should be able to login to the linux box using a Windows domain user in the form DomainName+username where + is my windbind seperator. When I try this I get an Access denied and in the error logs I get: Jan 21 12:35:53 kirk sshd[10984]: Failed password for illegal user sbryan from 10.192.1.14 port 1467 Jan 21 12:35:55 kirk sshd[10984]: PAM pam_set_item: NULL pam handle passed The user is both a member of the domain and a local user on the Linux box. The Linux Box is RH7.2 Samba 2.2.5 Any clues or good reading sources appreciated, or am I wrong and you can't fo this? _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Win2K No Mapping between account names and SID's prob...
Hi all This is an old problem with Samba which I have fixed before and have racked my brains to try and remember how I fixed it or got around it with no luck. Searched through the samba mailling list archives most of the day with no luck either. The situation is: Trying to add a Win2K workstation to a Samba PDC. It comes up with the error No mapping between account names and security ID's has occurred when trying to do so. Can anyone remember what the fix is? I am in the process of updating to the latest Samba version, but thought I'd check here in the mean time. Currently running smb 2.2.3a-6 Fil -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] RE: Win2K No Mapping between account names and SID's prob...
Managed to get around the problem mysql. One of the working Win2k machines on the domain controlled by the Samba PDC has a copy of Norton Ghost Corporate Edition (trialware) which I sued to remotely join the machine to the domain. I am still interested in peoples experience with this problem though. Also, on a separate topic, what do/have people used to roll out large mildly quantities of workstations quickly - I am considering the Patagonia solution. Fil -- Message -- Subject: Win2K No Mapping between account names and SID's prob... Date: Tue, 21 Jan 2003 15:45:44 +1100 From: Phil Scarratt [EMAIL PROTECTED] To: Slug [EMAIL PROTECTED] Hi all This is an old problem with Samba which I have fixed before and have racked my brains to try and remember how I fixed it or got around it with no luck. Searched through the samba mailling list archives most of the day with no luck either. The situation is: Trying to add a Win2K workstation to a Samba PDC. It comes up with the error No mapping between account names and security ID's has occurred when trying to do so. Can anyone remember what the fix is? I am in the process of updating to the latest Samba version, but thought I'd check here in the mean time. Currently running smb 2.2.3a-6 Fil --- -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Winbind
On Tue, 2003-01-21 at 13:41, Simon Bryan wrote: The user is both a member of the domain and a local user on the Linux box. The Linux Box is RH7.2 Samba 2.2.5 Any clues or good reading sources appreciated, or am I wrong and you can't fo this? What is the local uid? if its not ~1, then you probably haven't configured the nsswitch configuration man winbindd will help :}. Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. signature.asc Description: This is a digitally signed message part
