Re: [SLUG] Tcpdump - multiple filters to multiple files?
Hi, The bottom of this is the fact that the packet filtering using tcpdump on linux is not done by tcpdump itself nor by the libpcap, but by the BPF filtering capability of the kernel (read: the kernel only send the appropriate packets to the userland side). To solve your problem, you dont need tcpdump at all: tcpdump is basically a pcap format interpreter. You can do it by opening 100 sockets filtered for one host or 1 socket et filter yourself; obvously, the second one is the only one to scale properly. The amount of code to do that would be small if you only want to dump that to a file. JeF On Mon, Jun 23, 2003 at 08:01:17PM +1000, Umar Goldeli wrote: Howdy, How are we all? :) Here's an interesting question that I'm looking for a solution to - quite simply, is there a way to run tcpdump to capture different ip addresses and output them to different files without running multiple copies of tcpdump? Specifically - something along these lines: * A single tcpdump process captures packets with source or dest IP: 1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time doing the same for 2.3.4.5 and 2.3.4.5.log respectively. Ideally - this scales to the 100 mark or so.. and FAST. I'm pretty sure this can't be done with tcpdump/libpcap - but is there another utility? If none exists - how hard would it be to code such a beast? Also - could it be coded portably so it could compile/run on Solaris etc? Looking forward to hearing your replies... Thanks in advance. :) Cheers, Umar. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] debian can't install php4
php4 is fucked in testing and unfucked in unstable, wait or apt-get install -t unstable php4 JeF On Mon, Mar 24, 2003 at 08:07:10PM +1100, Ramon Buckland wrote: On Mon, 2003-03-24 at 19:59, Tony Green wrote: On Mon, 2003-03-24 at 19:53, Ramon Buckland wrote: Help! Reposting under new subject... I can't install php4 It looks like ive got a dpkg corruption. I assume you've done an 'apt-get update'? Many many times :-( and a apt-get dist-upgrade -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] debian can't install php4
sorry, forgot to say that you needed to have a sources.list with unstable entries. sorry for the F word too though On Mon, Mar 24, 2003 at 10:43:53PM +1100, Ramon Buckland wrote: Thanks Jean-Francois, that did the trick, I was unable to apt-get install -t unstable php4 It came back with the same error, so I just upgraded the box to unstable anyway. Solved the problem. Thanks On Mon, 2003-03-24 at 20:57, Jean-Francois Dive wrote: php4 is fucked in testing and unfucked in unstable, wait or apt-get install -t unstable php4 JeF On Mon, Mar 24, 2003 at 08:07:10PM +1100, Ramon Buckland wrote: On Mon, 2003-03-24 at 19:59, Tony Green wrote: On Mon, 2003-03-24 at 19:53, Ramon Buckland wrote: Help! Reposting under new subject... I can't install php4 It looks like ive got a dpkg corruption. I assume you've done an 'apt-get update'? Many many times :-( and a apt-get dist-upgrade -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Nortel and Cisco VPN
And just remember us where linux is in the picture ? Honestly, to troubleshoot that, we'd need to see a packet dump and eventually the config of the contivty and the vpn3k, A hint, ipsec dont like to be nated, for your problem, this is the wrong solution for the problem, you can define: traffic selection can be specified up to port level if you need (like traffic going from 1.1.1.1 to 1.1.2.1 , tcp, src port 10, dst port 20), so i reckon nat should be excluded from the picture. Have a look at www.cisco.com/tac for sample configs involving nat and ipsec. Finally, i am sure you have a support contract with both organisations (cisco and nortel). JeF On Mon, 2003-03-03 at 12:37, Dinesh Birlasekaran wrote: Hi all, I am trying to do a network printing from one to another site via the static nat option. But so far not any luck. Can anyone help on this issue? The problem = Printer --- Cisco 6000 -- Cisco VPN 2005 -internet-ipsec-tunnel- Nortel Connectity -- Cisco 4000 --- Server Office 1 Local IP -- Cisco 6500 -- Real world ip -- ipsec/NAT on the clients side-- Real world ip-- Cisco 4000 -- Office 2 local ip Now I want to print from the server on the right hand side to the printer on the left hand side? I am able to access the web, ssh..etc. The left hand side (i.e my other office), has given me 2 ip address, one for the users static nat for all and one for printer. I have natted the printer ip on the cisco vpn 3005 as to the local ip of the printer(this is the only way I can go about it, the other office doesn't want to do a network to network). Now if I do a print job on the server, to the given natted ip for the printer, I am not able to get a response. Does anyone have any ideas? Thanks in advance. Dinesh. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] kernel packaging debian
hum, sorry, i reckon i didn't choosed the right langage for the right mailing list (the reverse happend on the belgian ML), sorry ;p off course, use fakeroot and no, the kernel config will be the one from the .config file on your kernel tree. If you wanna have multiple config, simply save the .config file or use multiple kernel source tree. JeF On Sat, 2003-02-22 at 01:29, Ken Foskey wrote: On Sat, 2003-02-22 at 01:20, Jean-Francois Dive wrote: man make-kpkg, mais en gros (pwd a la source du kernel tree, apres avoir applique tes patchs et configure le kernel), make-kpkg kernel-image On Fri, 2003-02-21 at 23:38, Ken Foskey wrote: I want to create a new kernel for my firewall with a few extra patches than the development machine like freeswan. Does any one have a good description on how to build a second copy of a kernel with totally different settings reasonably and safely? Ahhh but this will destroy my current kernel settings for my development machine. Not good, the last thing I want is freeswan on my dev box. There are more tricks to it than that. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] evolution ..
Hi all, After years of text based email client (pine them mutt), i switched to evolution a month ago, i am quite happy but: - I use fetchmail / procmail for filtering and i have no intension to change it. I tried to use maildir option while setting up the accounts, but it definitively does not like my directories and so 'm running an imap server to access my directories which is quite enoying as i have to type a passwd (ok not that bad), but as receive a huge number of emails, the time needed by evolution to read the directory struct increase days after days afer.. Any idea ? - Finally, stupid bug: when a title of an email have a 'special' caracter (like french e's and a's etc..), the string is not displayed after that char. If anyone have a clue for those (especially the 1st one) JeF -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] kernel packaging debian
man make-kpkg, mais en gros (pwd a la source du kernel tree, apres avoir applique tes patchs et configure le kernel), make-kpkg kernel-image On Fri, 2003-02-21 at 23:38, Ken Foskey wrote: I want to create a new kernel for my firewall with a few extra patches than the development machine like freeswan. Does any one have a good description on how to build a second copy of a kernel with totally different settings reasonably and safely? Ta Ken -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] To Debian or not to Debian, that is the ......
I think this is always the same story... Debian moves slower than any other distribution in most of the packages it offers. This is an element in the chose of a distribution. However, generally speaking, the packages have a better quality. Setting up debian is definitively less easy than the others due to the lack of nice install and detection system etc.., this is a fact (even if a lot of people are working on nice features arriving sometimes) , but eveything supported by any linux distro can work in debian too, it is just a matter of patience (in the case of Xfree) or doing the work yourself. Debian is alway compared to a power user distro, this is a fact i reckon even if installing is a really easy thing to do.I would never change from debian to anything else anymore because i know how to make it work for my needs. If you're happy with a distro, why change ? Major rule is to never change something which works... JeF On Fri, 2003-02-21 at 10:41, Mike MacCana wrote: On Fri, 2003-02-21 at 04:17, Mick Boda wrote: Hi all, I have a friend who wants to swap Debian Woody (3.0?) for Redhat 8.0. I'm not particularly happy Redhat 8.0, preferring 7.3 and am looking to change distros. I have always wanted to try Debian, but after frustrating network and video problems, I never got past the install with potato. Out of interest, why weren't you happy with Red Hat 8.0? Mike -- Mike MacCana ConsultantRHCE, MCSE, MCP+I Cybersource: Providing Quality IT Professional Services for 11 Years Specialists in Unix/Linux, TCP/IP and Web Application Development Level 4, 10 Queen St, Melbourne. Ph : 03 9621 2377 Fax: 03 9621 2477 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Debian on Brand-Name servers?
well true but for the f*** radeon mobile 9000 that i have on my brand new Dell laptop. On Wed, 2003-02-19 at 17:10, Jeff Waugh wrote: quote who=Phil Scarratt Not sure if you want X server on the box(es), but I had trouble installing XFree86 on new Dell desktop machines - video driver (brand new intel chip, can't remember which one tho) doesn't exist yet. (If this is the ATI chipset, you'll find a working driver in XF86 4.2 and the upcoming 4.3.) - Jeff -- -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Grub and Recompiling a kernel - problems
i think more details'd be welcome (ouput of the crash for exemple) On Sun, 2003-02-16 at 18:47, Terry Collins wrote: Hello Folks I'm currently trying to recompile my first kernel with GRUB as the loader and it isn't working, so I'm after cluebie why not. Basically Grub dies which a kernel panic when it is asked to load the kernel. It is the same place as other. The only difference in lines in grub.conf is the version number. what is also missing from /boot is a /boot/config-2.4.18-14 and /boot/module-info-2.4.18-14debug n my version. How are these created? -- Terry Collins {:-)}}} email: terryc at woa.com.au www: http://www.woa.com.au Wombat Outdoor Adventures Bicycles, Computers, GIS, Printing, Publishing People without trees are like fish without clean water -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] hi
not really. The other side of an ADSL network is a piece of equipement using a twisted pair to send ATM frame on top of an ADSL type of signal (24 ? (not sure anymmore) channels, there is a negociation between the 2 peers, blah blah blah, ). The most easy 'd be to by a cisco with 2 ethernet interfaces if you want to play around. Have a look on ebay. For the price of a new 8xx, i bet you can find a 2500 (well i dont think they exist with 2 ethernet though) or 2600 for playing. Another possibilty is to buy 2 old 2500 with 1 ethernet et 1 serial and crossover connect the 2 serial (with one DTE and one DCE cable). This is how most of people lurned and it'll allow you to play around with more signaling like Frame relay or eventually X25. Old cisco hardware is not that expensive even if it seems to have quite some success on ebay. JeF On Sun, 2003-02-16 at 23:30, Dinesh wrote: hi all, I am planning to buy a cisco 827-4V for home to learn. I have a problem in that, the cisco 827-4V only supports 1 Ethernet and one adsl interface. The problem is I have a cable connection which relies on a dhcp server, so I need ethernet for the cable connection. Which only leaves me with the adsl port to play around with. Is there anything on linux I can interface the cisco 827-4v to the Linux gateway machine, by the ADSL port? Is this do-able? Any help is appreciated. Dinesh. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] hi
On Mon, 2003-02-17 at 08:32, Dave Kempe wrote: Buying that router to learn on doesn't sound like a great idea to me. If you plug the cable connection into the ethernet how are you going to route? The ADSL interface probably won't work in the way you expect. If you want to learn Cisco there are router sims and cheap 2nd hand modular routers like the 1720 around that will be more flexible. Your best bet however for ADSL to work something like you expect is the Roaring penguin PPPoE does have some sort of Access concentrator mode. rp-pppoe have a pppoe server side (terminate the pppoe connection). PPPoE is the encapsulation used on top of the DSL physical network, others are available (PPPoA, bridging). For this scenario, he needs the physical to work too and this is another story. I have no idea how/if it works tho, I just read it exists. dave On Sun, 2003-02-16 at 23:30, Dinesh wrote: hi all, I am planning to buy a cisco 827-4V for home to learn. I have a problem in that, the cisco 827-4V only supports 1 Ethernet and one adsl interface. The problem is I have a cable connection which relies on a dhcp server, so I need ethernet for the cable connection. Which only leaves me with the adsl port to play around with. Is there anything on linux I can interface the cisco 827-4v to the Linux gateway machine, by the ADSL port? Is this do-able? Any help is appreciated. Dinesh. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Linux + PDA
i reckon it really depends on the pocket pc itself and which OS you run on it. linux recognize IRDA port properly (at least the one on my laptop is) and support communication. Now, out of the box synchronisation between your application and evolution, i am not sure... JeF On Thu, 2003-02-06 at 11:42, Jon Biddell wrote: I am wondering the same thing - currently I don't think you can... Of course, installing linux on the PDA is quite another matter... There are several sites that detail techniques to do this, as well as to recover if/when you fsck it up...:-) My e740 would run Linux VERY nicely...:-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Robinson Sent: Thursday, 6 February 2003 09:59 To: [EMAIL PROTECTED] Subject: [SLUG] Linux + PDA Hi fellow Sluggers, I was wondering if anyone knows how to connect a PocketPC to a Linux PC. I can find plenty of articles for Palm (as you would expect since palms have been the choice of Linux users) but with the advent of Evolution being able to talk to exchange servers etc I see the Pocket PC's starting to creep in. When searching for anything remotely relating to pocket PC and Linux it showed nothing but links on how to replace pocket pc with Linux (not a bad idea I might add). If anyone knows of instructions on configuring things so that Linux can Sync a Pocket PC I'd really appreciate links / instructions. TIA Paul -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Firewall MD5 signatures on processes
In your first post, you talk about md5 *signature*, now about md5 checksums. These are 2 different things. Checking file integrity is definitively not the job of the networking stack at all. This does not bring any security benefit. As soon as a box is compromised (as detected by a valid alert on file integrity), changing its network stack configuration to react to that is useless as it could be changed back by the attacking worms. Now if you want to see md5 signed checks on a per process basis, this is a lot of overhead and still does not bring you anything more. Good security is a security which fails nicely. JeF On Sun, 2003-01-26 at 22:27, Minh Van Le wrote: I feel I must point out that, the point of MD5 checksums on applications is to identify which applications have changed or have been trojaned. If the firewall can identify altered file(s) then both the firewall and administrator will have a chance to be alerted. This is significant security. File integrity should be part of the network access layer, and checked by both the firewall and other file integrity audit programs, because the latter (eg. Tripwire) won't do anything to stop trojans from bypassing/tricking the firewall. If a box is hacked, and the intruder has root access then security is finished. The best thing to do is to rebuild with better security prevention. I'm not proposing a be-all-end-all solution, because there're many aspects of security that's handled by different things. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jean-Francois Dive Sent: Saturday, 25 January 2003 23:45 To: Minh Van Le Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] Firewall MD5 signatures on processes As well, if a trojan enter the system, it'll be 90% of the time trough a network application so, which have access to the network -- this wont avoid much at the end of the day. On Fri, Jan 24, 2003 at 10:50:59PM +1100, Minh Van Le wrote: Various firewalls for Windows(TM) have a feature that identify, permit, and deny packets sent by authorised applications. (I use Kerio Personal Firewall [www.kerio.com]). These firewalls use a method for creating and checking MD5 signatures on applications that attempt to access the low-level network layers or device drivers. This feature exists to prevent trojans or unauthorised replacement of binaries eg. a trojaned httpd, that tries to access/bypass the firewall. I know that IPChains and IPTables are packet filtering firewalls, and basically work on src/dest:port [protocol] IP headers, but these internet daemons eg. httpd can be configured to use different ports ... My question is, does IPTables support identifying packets sent from specific applications, or any MD5 checksums on applications or even verifying full path and filename details of any binary that accesses the kernel networking layer ? This would atleast help in identifying what processes are trying to access the firewall. Should checksums be left to file system integrity programs like Tripwire ? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewall MD5 signatures on processes
Linux iptables have the possibility to make matches based on userid, groupid, windows based networking could apply the same technique i suppose. In any case, you better check that the passwd is not accessible from the 'bad' processes. Tripwire check file integrity, this have nothing to do with network access layer, excpet that they are security related features which helps in trojan prevention. Finally, remember that trojans or insiders may have system / root access which deny this whole protection scheme. JeF On Fri, Jan 24, 2003 at 10:50:59PM +1100, Minh Van Le wrote: Various firewalls for Windows(TM) have a feature that identify, permit, and deny packets sent by authorised applications. (I use Kerio Personal Firewall [www.kerio.com]). These firewalls use a method for creating and checking MD5 signatures on applications that attempt to access the low-level network layers or device drivers. This feature exists to prevent trojans or unauthorised replacement of binaries eg. a trojaned httpd, that tries to access/bypass the firewall. I know that IPChains and IPTables are packet filtering firewalls, and basically work on src/dest:port [protocol] IP headers, but these internet daemons eg. httpd can be configured to use different ports ... My question is, does IPTables support identifying packets sent from specific applications, or any MD5 checksums on applications or even verifying full path and filename details of any binary that accesses the kernel networking layer ? This would atleast help in identifying what processes are trying to access the firewall. Should checksums be left to file system integrity programs like Tripwire ? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux on Indy ?
On Sat, Dec 21, 2002 at 05:26:49PM +1100, Chris MacKenzie wrote: Hi All, I have an Indy workstation with stuffed up software (corrupt /etc/passwd) and of course the Irix installation Cd's are no where to be found :-( How is the linux port on sgi machines these days, last time I looked it was somewhat unstable - has it improved any ? it is definitively working, but for indy, i dunno. It is somehow still unstable i reckon. If your only problem is a corrupted /etc/passwd, that sound not too difficult to fix: remove the disk, insert, mount and fix in a linux box. JeF -- Rgds, Chris MacKenzie -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PPP Multilink 2002
yeah, sorry, but i forgot to mention that you'll only have 1 ppp interface if MPPP is successfully negociated as well as a clear statement in the log file. I had it working without changing the mrru though. On Mon, Dec 09, 2002 at 04:37:16PM +1100, Steven Evans wrote: Hey guys The problem has been solved, and in the spirit of finishing a thread, this is how it was fixed. Inside the /etc/ppp/options file, include an option mrru 1500. Once that option is set, the pppd will create the ppp0 bundle and add the ppp1 adapter to it. Cheers, Steve -Original Message- From: Steven Evans Sent: Friday, 6 December 2002 11:13 AM To: 'Jean-Francois Dive' Cc: SLUG Subject: RE: [SLUG] PPP Multilink 2002 Hi Jean, I've been testing this a couple ways: 1) Download 2 files from 2 seperate sites and add up the kb/s, which always end up less than 5kbs. Downloading from a single modem. If i started pinging hosts while this was happening the second modem will still not be used. 2) Start 50 ping sessions to 5 different hosts, the send lights would work for both modems, but one would be receiving. That isnt to be expected, is it? Cheers, Steve -Original Message- From: Jean-Francois Dive [mailto:[EMAIL PROTECTED]] Sent: Friday, 6 December 2002 11:05 AM To: Steven Evans Cc: SLUG Subject: Re: [SLUG] PPP Multilink 2002 are you testing properly ? the linux PPP stack will send traffic trough one PPP channel for each tcp connection (keep one connection on one ppp session), this to avoid reordering problems which are bad with TCP. MPPP (and MMPPP (multi chassi, multilink ppp) setup is difficult to miss on the cisco side as quite simple, so, check it out on your side. JeF On Thu, Dec 05, 2002 at 05:01:47PM +1100, Steven Evans wrote: Hey Guys, Am currently trying to setup a multilink connection with a 2.4.19 kernel, pppd 2.4.1, and slackware 7.1. I have 2 56k modems calling an isp with cisco digital access server 5300/5400's answering the call. I call the isp, get the same ip for both modems, but send traffic through one modem or send from one and receive from the other. imho, that isnt multilink. Are there any pointers (besides pppd multilink) that i am missing? I thought multilinking via 2.4 was easier than 2.2? What logs would you guys like to see? Cheers, Steve Netway Networks Pty Ltd (T) 8920 8877 (F) 8920 8866 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot Netway Networks Pty Ltd (T) 8920 8877 (F) 8920 8866 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug Netway Networks Pty Ltd (T) 8920 8877 (F) 8920 8866 -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Ethernet Port Trunking (etherchannel bonding) doco?
i know that some devices tend to merge channeling and trunking, trunking beeing 802.1q which is vlan tags on a link. Channeling (or bonding) only agregate links together. This should be easy to check if you sniff traffic on your bond0 interface and see if frames are normal or tagged. my 2 euro-cents tips :) JeF On Fri, Dec 06, 2002 at 04:56:20PM +1100, Craige McWhirter wrote: I'm trying to bond two ethernet ports together and have the setup all but working. My real stumbling block appears to be my inability to locate decent documentation on performing this feat. Does anyone know where I can find some doco on setting up ethernet port trunking (or etherchannel bonding). Google isn't returning results of any use (perhaps I'm asking the wrong question?). The LDP also comes up dry. For the curious, I've done the following: - configured a server trunk using two ports on a Foundry Fastiron II - trunking setup has been saved and enabled (deployed in Foundry's preferrred terms) - loaded the bonding kernel driver - Plugged both eth0/1 from the server into said ports on the switch - Created bond0 - ran ifenslave on eth0/1 and they are set to slave - Default route is via bond0 While links lights are on, I cannot communicate with the outside network in anyway. I've got a gut feeling there's on magical step that's missing. Any clue bats? -- Cheers, Craige. GPG Key fingerprint = C206 904F 5231 2F2E 8DAA F094 5879 71B5 0960 CF37 http://arseclown.tv/ -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot msg28664/pgp0.pgp Description: PGP signature
Re: [SLUG] PPP Multilink 2002
are you testing properly ? the linux PPP stack will send traffic trough one PPP channel for each tcp connection (keep one connection on one ppp session), this to avoid reordering problems which are bad with TCP. MPPP (and MMPPP (multi chassi, multilink ppp) setup is difficult to miss on the cisco side as quite simple, so, check it out on your side. JeF On Thu, Dec 05, 2002 at 05:01:47PM +1100, Steven Evans wrote: Hey Guys, Am currently trying to setup a multilink connection with a 2.4.19 kernel, pppd 2.4.1, and slackware 7.1. I have 2 56k modems calling an isp with cisco digital access server 5300/5400's answering the call. I call the isp, get the same ip for both modems, but send traffic through one modem or send from one and receive from the other. imho, that isnt multilink. Are there any pointers (besides pppd multilink) that i am missing? I thought multilinking via 2.4 was easier than 2.2? What logs would you guys like to see? Cheers, Steve Netway Networks Pty Ltd (T) 8920 8877 (F) 8920 8866 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Hangup (SIGHUP) - modem keeps hanging up....
i'd start by adding 'debug' to the list of pppd options, may give you some clues. On Wed, Oct 30, 2002 at 05:07:46PM +1100, dan wrote: Hi, Don't know if anyone can shed any light on this but I am trying to connect to a modem using wvdial on SuSE 7.2. I have configured wvdial with all the relevant settings and it is dialing connecting for different periods of time before I get the Modem has hung up message. The weird thing is sometimes the connect lasts for 10 minutes and other times it just drop the connection immediately. The only thing I have in the /var/log/message is: pppd[]: Hangup (SIGHUP) pppd[]: Modem hangup ...and on the screen I get the pppd exit code of 16. Does anyone know what I can do to trace/fix the problem. I can connect fine using my windows box so Any ideas? Dan -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Proxy Arp
On Mon, Oct 21, 2002 at 08:42:37PM +1000, John Ferlito wrote: Anyone know if proxy arp works into 2.2 kernels? Basically I have a /28 hanging off eth0 I have changed that to a /29 and put the other half of the /29 on eth1 if your network is properly split in 2, you dont need proxy arp, except if you didn't changed the client station (in those times, you really like DHCP) .. if you did not, simply enable proxy_arp on all interfaces (/proc/sys/net/ipv4/conf/all/proxy_arp) and this should make the trick. to check if it is working, you should see: - station A connected to port A of router arp for station B connected to port B of the router. - Router interface A answer with it's own ethernet address. - here we go. JeF I've tried echo 1 /proc/sys/net/pv4/conf/eth1/proxy_arp and adding individual arp entries like so arp -s ip address on eth1 subnet eth0 hardware address pub but the box just won't reply to arp requests on eth0 an ideas? I have never done this before so its quite possible I'm not doing it quite right. -- John http://www.inodes.org/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Debain Woody Info
On Thu, Oct 10, 2002 at 10:15:14AM +0930, David Fitch wrote: On Thu, Oct 10, 2002 at 08:28:41AM +1000, Mick Boda wrote: Does the new Debian support the Realtec rtl8139 NIC? (2.2r did not) yes (8139too module), and mine worked in 2.2 as well (different driver can't remember the name) rtl8139 Dave. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Debian Testing
On Wed, Sep 25, 2002 at 07:14:16AM +1000, Mary wrote: On Tue, Sep 24, 2002, Steve Lindsay wrote: A question for debian-ites. Is there much value in tracking debian testing? I was thinking that it might be a nice way to stay relatively up to date with new software (compared to stable), not _too_ risky in terms of stability (compared to unstable), and not too hard on the dialup connection (compared to unstable). I started running unstable after testing froze for woody. But I quite liked tracking testing, unstable has been known to break things like ssh, lilo and apache (well, it is unstable) which was annoying even on my absolutely non-critical desktop. Based on such impeccable reasoning I updated my sources.list to point at testing and the updates were 178mb! (on my connection this is a lng download) I understand that it has been a while since woody was released so there will have been plenty of updates to catch up with but are changes to testing usually added at such a rate that I'm going to be up for big updates like this on a regular basis? My modem is still sore. Packages go into testing once they've been in unstable for a little while (a week or so?) and no critical bugs have been reported. So it depends how often you update. The packages will change a little less often than unstable, but will change fairly frequently. Update once a month, and it will be well over 100MB each time. Update more often, and it will only be 5-10MB as Erik said. the frequency depends on the urgency of the update, but generally speaking, it is around a week, 10 days. I personally runs testing on most of my boxes, without any problems. Once in a while some issues happens (recently, the merge of some core packages into coreutils made the upgrade non smooth, but it is not really a common thing). Some people are working on diffs download (rsync) trough apt instead of the full packages, which should help a lot when connected trough low speed lines. JeF -Mary -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Managing a large network
did you bought some cisco shares not so long ago ? cisco is not the only one obviously who offer those possibilites.. Adding to the fact that this building is most likely already have a regular phone lines, and that Voip is really interesting for WAN communications and not LAN's. (yes voice mail blablabla, but a plain stupid old PBX still works very nicelly for a fractional cost.), and i am not even talking about bugs and stability of Voip architectures. Technology is nice, when used properly in a proper environement. On Wed, Sep 18, 2002 at 10:51:00PM +1000, Richard Neal wrote: Actually dont just look at the network to carry data but also voice, CISCO now also allows you to integrate VoIP on the same network ie voice,voice mail,SMS and their are CISCO digital telephones (there are actually other companies making telephones for CISCO's VoIP network now).If you think a network is just for data your living in the past, there are heaps of large gov/companies swapping to integrated VoIP and data solutions as we speak. -- * Hey if you're going to get mad at me every time I do something * * stupid, then I guess I'll just have to stop doing stupid things! * On Wed, 2002-09-18 at 10:20, Richard Hayes wrote: Dear list, I have been asked to investigate how to measure end usage for a large network around 1,000 ethernet ports. There are two versions: a) It is going into a new building and they want to prewire it (easy) b) Retrofit into an existing building My initial reaction was to run Cat 5 to each room and a managed switch per floor connected at Gigabit speeds into a router with redundant links but I would appreciated any suggestions. Has anyone had experience with large scale wireless? regards, Richard Hayes -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Managing a large network
On Wed, Sep 18, 2002 at 10:28:49AM +1000, Terry Collins wrote: Richard Hayes wrote: Dear list, I have been asked to investigate how to measure end usage for a large network around 1,000 ethernet ports. There are two versions: a) It is going into a new building and they want to prewire it (easy) b) Retrofit into an existing building My initial reaction was to run Cat 5 to each room and a managed switch per floor connected at Gigabit speeds into a router with redundant links but I would appreciated any suggestions. Look at fibre from the data hub to each managed switch, then Cat5 to the desktop from the switch. it really have a cost impact and does not bring you heaps. gig over coper works properly. I'd put a L3 switch to aggregate all your distribution switches, or a regular switch with multiple coper gig ports and then a router attached with a trunk to do intervlan routing. L3 switching really give you a pretty good boost however. All of this depends on the budget you want to put in. Another good thing to do is to try to get the same brand for the lot, it helps for software upgrade and may give you interesting additional features (like global QoS etc..). Brands, i'd go cisco, but price is often an issue and we can't say they 're cheap. Also look at multiple switches per floor (particularly if a big floor). They can be distributed around the floor in small wall mount, locked cabinets in managers rooms, etc The worst setup I've ever seen was a telecentre (24 desktops) all running off one cat5 wire. It just didn't work. Has anyone had experience with large scale wireless? Do a proper costing and I think you will find that you are trading off security and reliability for a marginal captial saving. -- Terry Collins {:-)}}} Ph(02) 4627 2186 Fax(02) 4628 7861 email: [EMAIL PROTECTED] www: http://www.woa.com.au Wombat Outdoor Adventures Bicycles, Books, Computers, GIS People without trees are like fish without clean water -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Mailing list archive / news server.
hello JeF, i found what yo're looking for: news.gmane.org .. JeF On Sun, Sep 08, 2002 at 12:48:59AM +1000, Jean-Francois Dive wrote: Hello world ! Does someone knows a place where i could get the archive in news of the securityfocus, and linux kernel-dev mailing list ? I tried the newsserver from optus (my provider), but does not seems to be there (i must admin that i dont know much about nntp though ...) JeF -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Mailing list archive / news server.
Hello world ! Does someone knows a place where i could get the archive in news of the securityfocus, and linux kernel-dev mailing list ? I tried the newsserver from optus (my provider), but does not seems to be there (i must admin that i dont know much about nntp though ...) JeF -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] tcpdump question
nope, means udp packet from left ip to right ip, src port 2556, dst 2556, size 31. You'll figure out when you have fragments, the output is obvious. JeF On Fri, Aug 30, 2002 at 09:04:24PM +1000, Bernhard Lüder wrote: Hi, does this line from tcpdump mean I have udp fragmentation? Or if not what does it mean? 20:59:08.874529 192.168.xxx.xxx.2556 192.168.xxx.xxx.2556: udp 31 [tos 0xe0] Bernhard -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] small network w/ linux box as hub
from what we see of the output of the routing table, he used /32 masks, so they are not on the same network. However, this wont work either as ethernet is not a point to point media. You should use /30 masks and split properly the 2 networks. Another thing to check is the mask you put on the win machines. On Thu, May 02, 2002 at 02:33:05PM +1000, Matthew Hannigan wrote: If they're on the same network, you need make your machine a bridge. http://www.tldp.org/HOWTO/mini/Bridge+Firewall.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Which is first - chicken or egg?
Hello, I suppose you use freeswan for the linux ipsec stack. If this is the case, isakmp packets are handeled in a classical way so, the behavior is the one you should expect and it seems to be the case. For ipsec packet (ah and esp), the explained behavior make sense: the packet arrive in the external physical interface, go trough the NAT code (effect, the destination ip address is changed), then the ipsec code is called and drop the packet as it is ipsec protected , but does not match the security policy (the lookup is done based on selectors which uses the ip address, and should (freeswan does not support it) use the src port and dst port and protocol type (at ip level). Another problem is that if you use AH, the authentication HMAC function will fail as well as it does include the ip header header as well. I reckon the solution in your case is to not NAT esp and ah packet on your physical interface, but only the processed ip packets coming from ipsecX interface and it should work. Hope that help, Cheers, JeF I am trying to set up IPSec tunnels in an environment where the external interface of the router/tunnel box has a NAT'd address using netfilter, and for some reason the inbound packets arn't being DNAT'd as I want them. It looks, from the error messages out of IPSec, that IPSec might be seeing the packets before the PREROUTING routine in iptables (which is where the DNAT gets done) and hence dropping the packets before they get to prerouting. Either that, or I have a screwed DNAT rule, but it looks OK and an almost identical one does work for UDP port 500 which is the key exchange for the IPSec tunnel setup. It just doen't seem to want to work for protocol 50 (esp) or for protocol 51 (ah). BTW, I am having to DNAT because the upstream carrier uses RFC1918 addresses at their interface. Does anyone have any ideas on this problem. Which is first - chicken or egg? -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com I believe that forgiving them [terrorists] is God's function. Our job is simply to arrange the meeting. - General Storm'n Norman Schwartzkopf -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Why is my IPSec tunnel not being routed
On Tue, Apr 02, 2002 at 01:37:31PM +1000, Howard Lowndes wrote: That's a big mistery, only the freeswan folks could explains what this stack is doing sometimes... didn't you forgot to add left/right|nexthop on one of the side ? JeF I am trying to set up an IPSec tunnel between two sites. One site puts the route into the routing table OK, but the other side won't. Running ipsec auto --status and route -n for the good side give the detail below. Note that for the good side, the line containing the word policy shows the interface as ppp0 erouted, but that the otherone shows eth1 unrouted. The eth1 is correct, but I just cannot work out how to get the routing table set up. # ipsec auto --status 000 interface ipsec0/ppp0 144.137.43.76 000 000 WD_WN: 192.168.43.0/24===144.137.43.76[@atelwn.atel.com.au]---172.31.22.24... 000 WD_WN: ...202.129.91.245[@atelwd.atel.com.au]===192.168.42.0/24 000 WD_WN: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 WD_WN: policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; interface: ppp0; erouted 000 WD_WN: newest ISAKMP SA: #1; newest IPsec SA: #2; eroute owner: #2 000 000 #2: WD_WN STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28043s; newest IPSEC; eroute owner 000 #2: WD_WN [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 000 #1: WD_WN STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2601s; newest ISAKMP # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 172.31.22.240.0.0.0 255.255.255.255 UH0 00 ppp0 172.31.22.240.0.0.0 255.255.255.255 UH0 00 ipsec0 203.17.235.125 0.0.0.0 255.255.255.255 UH0 00 ppp1 10.0.0.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.42.0172.31.22.24255.255.255.0 UG0 00 ipsec0 192.168.43.00.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 172.31.22.240.0.0.0 UG0 00 ppp0 but for the bad side the details are: # ipsec auto --status 000 interface ipsec0/eth1 202.129.91.245 000 000 WD_WN instance: 192.168.42.0/24===202.129.91.245[@atelwd.atel.com.au]---172.24.158.129... 000 WD_WN instance: ...144.137.43.76[@atelwn.atel.com.au]===192.168.43.0/24 000 WD_WN instance: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1 000 WD_WN instance: policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; interface: eth1; unrouted 000 WD_WN instance: newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner: #0 000 WD_WN: 192.168.42.0/24===202.129.91.245[@atelwd.atel.com.au]---172.24.158.129... 000 WD_WN: ...%any[@atelwn.atel.com.au]===192.168.43.0/24 000 WD_WN: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1 000 WD_WN: policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; interface: eth1; unrouted 000 WD_WN: newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 000 #2: WD_WN:144.137.43.76 STATE_QUICK_R1 (sent QR1, inbound IPsec SA installed, expecting QI2); EVENT_RETRANSMIT in 16s 000 #1: WD_WN:144.137.43.76 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3316s; newest ISAKMP # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 202.129.91.246 0.0.0.0 255.255.255.255 UH0 00 eth0 172.24.158.129 0.0.0.0 255.255.255.255 UH0 00 eth1 139.130.60.65 0.0.0.0 255.255.255.255 UH0 00 ppp0 203.44.224.112 0.0.0.0 255.255.255.252 U 0 00 eth0 202.129.91.244 0.0.0.0 255.255.255.252 U 0 00 eth1 202.129.91.244 0.0.0.0 255.255.255.252 U 0 00 ipsec0 192.168.42.00.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 172.24.158.129 0.0.0.0 UG0 00 eth1 -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com I believe that forgiving them [terrorists] is God's function. Our job is simply to arrange the meeting. - General Storm'n Norman Schwartzkopf -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] GRE and netfilter NAT
i dont know if there is already a NAT module for PPTP for iptables (maybe), you should look at the latest release of iptables (download the latest tarball), and check for pptp. If not, and you only have one client inside, you can simple make a static mapping ofr GRE, and udp 17Something. Hope that help, JeF On Mon, Mar 25, 2002 at 09:41:27AM +1000, Jim Clark (Logique) wrote: Has anyone successfully got a pptp client running behind a linux firewall/NAT (linux 2.4.x / netfilter)? Or even a reference to howto/faq? (I have found some, but they are all for linux 2.0 2.2) -- Thanks, Jim. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] strange ports and strange daemons
Yep, smux is the old way of having a hierarchical structure of snmp agents, a master and some slaves. another point is snmp proxy: an snmp agent proxy some mibs for other devices and SMUX is the protocol used to communicate between the master and the slaves. The new way to do it is called agent-X JeF On Sat, Mar 23, 2002 at 09:21:38AM +1100, Christopher Booth wrote: Yes smux199/tcp# SNMP Unix Multiplexer smux199/udp But I read something online that said that it was now redundant and http://www.sans.org/y2k/081400.htm talks about the port being used to as a hack attempt The wierd thing is now I have smtp and pop-3 running on my laptop, which aren't listed in the services in Mandrake Control Panel. /etc/xinetd.d has a service called fam which I don't where it comes from either... I turned off snmp so now have no smux but lsof -i gives me @ausmasodp-121m init.d]# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME portmap2159 root3u IPv4 4490 UDP *:sunrpc portmap2159 root4u IPv4 4491 TCP *:sunrpc (LISTEN) routed 2466 root3u IPv4 4756 UDP *:router sshd 2491 root3u IPv4 4801 TCP *:ssh (LISTEN) xinetd 2534 root3u IPv4 4829 TCP localhost.localdomain:1024 (LISTEN) xinetd 2534 root4u IPv4 4833 TCP *:pop3 (LISTEN) xinetd 2534 root5u IPv4 4834 TCP *:swat (LISTEN) cupsd 2595 root0u IPv4 5125 TCP *:ipp (LISTEN) master 2929 root9u IPv4 5160 TCP *:smtp (LISTEN) turning off postfix turned off smtp I would like to turn off pop-3 and sunrpc but can't seem to find where they are started. I am checking in /etc/rc.d and /etc/xinetd.d Chris On Sat, 23 Mar 2002 08:27:30 +1100 Anton Winter [EMAIL PROTECTED] wrote: On Sat, 2002-03-23 at 01:21, Christopher Booth wrote: I did a nmap scan of myself tonight and noticed that I have something call smux open on port 199 199/tcpopensmux port 199 is used by snmpd -- Anton Winter http://myrddin.org GPG key id: 0x5B15EDE6 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Opinions, please.
elvis is definitively the one this vi clone simply Rocks !!! On Fri, Mar 22, 2002 at 12:29:24AM +1100, Ken Foskey wrote: On Thu, 2002-03-21 at 17:28, Bill Bennett wrote: I'd like to install elvis, which is a vi/ex clone, but it occurred to me to ask if anyone has any experience with others. Has anyone any strong feelings they'd like to air? gvim rocks It seems to have the most updates happening to it. Runs great on the other operating system as well. KenF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PPTP and different network sizes
If you push your default gateway into the ppp tunnel interface, then you'll have troubles to send the GRE packet carring the PPTP traffic into it, it could be managed with a host route pointing to the external interface for the remote vpn peer address. However windows have some strange way to handle default routes so .. Anyway, i reckon that the netmask is a standard PPP attribute, this should be configurable within the ppptp server which starts the pppd processes . Hope that help, JeF On Fri, Mar 22, 2002 at 01:30:08PM +1100, David Kempe wrote: handed out rather than a /24. Just trying to save some pain of having windows users manually adding routes to other subnets. Isnt that what a default gateway is for? dave -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] iptables accounting
In fact,instead of loggging each packet, you should simply use the 2 counters associated with each rule. So, for example: Chain FORWARD (policy ACCEPT 2408 packets, 1136110 bytes) pkts bytes target prot opt in out source destination 00all -- * * 192.168.1.1 0.0.0.0/0 Then account on it. ip-ng does this parsing and store the counters. Pay attention that thoses counters are 64bit ones and not 32 bit as usual. On Fri, Mar 22, 2002 at 01:59:05PM +1100, [EMAIL PROTECTED] wrote: Hi to everybody on the list Thanks to all who replied to my Solaris / Linux query a couple of weeks ago. I need a little help with a iptables problem. I am trying to configure a linux machine to sit between two networks and log data downloads by hosts. ie 192.168.10.0 - - - - - - - - - - - --eth0 - linux box - eth1 - - - - - - - - - - - - - - - - - - - 192.168.20.0 I can currently log traffic using iptables to all destinations on y.0 using a separate rule under OUTPUT -A FORWARD -j LOG --log-level 6 -d 192.168.2.0/255.255.255.0 -i eth1 -A OUTPUT -j LOG --log-level 6 -d 192.168.20.8 -A OUTPUT -j LOG --log-level 6 -d 192.168.20.9 -A OUTPUT -j LOG --log-level 6 -d 192.168.20.10 And these messages are being logged to a file. Does anyone have a suggestion for software that generates reports on the amount of data going to each server that I can use for billing on a monthly basis?? regards Grant -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] RedHat - Debian
that's sounds like a 'no problem': install debian, reformat hdb, and leave hdc untouched when creating partitions, then, mount hdc in /home during installation (there is an option for that) and voila it's done. JeF On Wed, Mar 13, 2002 at 01:28:16PM +1100, Richard Hayes wrote: Dear list, I have a RH box that I would to convert to Debian. It has 2 disks hdb hdc with the system stuff on hdb and /home on hdc. Using Diskdruid I can easily format the system disk (hdb) but just nominate the mount point of the home directories (hdc) Using cfdisk I can not see how to keep the /home untouched. It wants to write the partiontable therefore destroying the data. If I dont't reformat and use install over the top of RH, does Debian use any unusal partioning? I am using the wrong tool? Should I just mount the /home directories later? regards, Debian Dumby -- Richard Hayes Nada Marketing - 113-115 Oxford St Darlinghurst Australia Phone: +(61-2) 9360 Fax +(61-2) 9361 0094 0414 618 425 http://www.nada.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] looking for oldies ..
hi all A little off topic but.. I am looking for some old non intel computer, possibly around sydney. I have no clues on where to start except ebay. I already saw some people on the list which seems to be addicted to that kind of hardware so any tips 'd be great. I am particulary looking for: A Sun sparc like an ultraSparc2 or sparcStation 5. An Alpha 200Mhz or around. All of this, off course, to setup and play around with linux. Thanks for any help, cheers, JeF -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Can anyone explain - IPSec latency
Hello, Do you experience any packet drop at the same time on the slow connections? JeF On Wed, Feb 20, 2002 at 06:08:33AM +1100, Howard Lowndes wrote: Can anyone explain, or even guess, why the difference between ex-tunnel and in-tunnel ping times is so much more when the link is ADSL to PSTN -v- ADSL to ADSL. I know why the base latency is greater, but that doesn't explain the difference in latencies. All machines at the gateways are comparable (typically mid-range Celerons). Typically: ADSL to ADSL (3 cases) ex-tunnel=65msec in-tunnel=80msec diff=15msec ADSL to PSTN (1 case) 185 23550 ADSL to PSTN (1 case) 345 490145 -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com I believe that forgiving them [terrorists] is God's function. Our job is simply to arrange the meeting. - General Storm'n Norman Schwartzkopf -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- - Jean-Francois Dive -- [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] any tool to dump memory
and more generally because you are in process level and that there is a mechanism called memory protection which means that each process can only use it's particular memory space However, there is a solution: /dev/kmem which is an image of the whole memory, read and write access. You obsiously need to be root to access is. You can use open/lseek/read/write to play with it. Cheers, JeF On Fri, 18 Jan 2002, Matthew Dalton wrote: henry wrote: Dears: 1. Any tool to dump memory under linux ? gdb? 2. Why cant I link lib for readl() ? #include asm/io.h int main() { return readl(0x4001) ; } readl() is a macro defined in asm/io.h Your program can't find it because it's defined within a #ifdef __KERNEL__ / #endif construct, and your code isn't part of the kernel. Matthew -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] IPSec tunnel latency
hi, This is definitively qui strange. It is possible that the provider would make some QOS on the path. Routing on a different path is possible but very unlikely i think. I would proceed this way: - enable some debugs for this particular tunnel and see if there is not some strange things happening that could explain this latency. - Try to find a tool (or write one) which send packet with IP proto at 50, and tcpdump them on the other side and see what is the latency. - I hardly imagine that a modem could not work for those particula packets. - check the level of ICMP returning to the problematic side, maaybe is there an MTU problem. - Check if you dont have too much packet droped by IPSec (most likely, rejected because out of window, this indicate that the packet going are not following the path of the incoming one), which could explain a lot of TCP retransmissions. - Check the decrypted traffic for such retransmit of TCP segments. JeF On Wed, 16 Jan 2002, Howard Lowndes wrote: Further to this enquiry. I have got the timing graphs posted at http://caterworld.com.au/traffic/packets if you want to see what I am on about. On Wed, 16 Jan 2002, Howard Lowndes wrote: Would anyone care to make a stab in the dark on this one before I do a 250km trip to replace the modem. -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com We are either doing something, or we are not. 'Talking about' is a subset of 'not'. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Telstra Megalink
Hello, the point is that, i dont choose, the customer did, i just have to connect with it. He does not know exactly what it is as Telstra is pretty vague about it. On Tue, 15 Jan 2002, DaZZa wrote: On Tue, 15 Jan 2002, Jean-Francois Dive wrote: We have to setup a connection to the megalink service for a customer from a linux box. Telstra does not have a lot of information about what you gonna have when you take the service, so maybe someone of you knows more than them about it. Here is what i understand from this service: - It is based on E1 type of link and you receive the appropriate number of slots depending on the bandiwth you required. Nope. A Megalink is a dedicated, 2 megabit per second, point to point service. Yep, but it seems it is based on E1 framing isn't it ? What you want is a Primary rate ISDN service, {assuming you do want what you described}, which you can buy in 10, 20 or 30 channel variants. - Now the point is to know how Telstra terminate the network at the customer premise, which will change the type of interface we have to support: will it be an E1 connection (then which type of connector: RJ48 or dual BNC type of connector (120 or 75 ohm), what about the CSU/DSU ?), or will they give a box which transform the E1 framing to a classical WAN serial connection (V35 type of connection) ? This latest configuratio is the one we have for our own framerelay connection, but nobody here is sure if this was included by telstra or if we had to finance the box. Depends what you actually buy. A proper megalink will be terminated on an orange box {which I used to know the name of - god, old age sucks!} with coaxial connectors - it's been so long since I did this that I can't remember the exact details, but I *think* they're RG96 connectors on a high grade 50 ohm coax - but I could be completely wrong. Anyway, this pair of coax cables {transmit and receive} go to a 2 megabit per second modem - the only ones I ever used were Scitec Saturn2000's or 2001 - which has either a V35 or X.21 interface. Mmm that's match our installation, we hook on this wan serial interface. From here, you connect to your router with the appropriate cable - V35 or X.21. If you really want an ISDN service with multiple channels, you will be terminated to either an RJ45 connector with ISDN pinouts, or even more simply to a krone block in your frame, and you have to bring it out to your RJ45 yourself. I dont specificatlly wanna it, just one pipe of 2 megs. If you want a frame relay service, it's different again - you'll get a 4 wire circuit terminated to a DSU with an X.21 interface {V35 on request, but last time I asked for V35, they got really shitty and claimed it was being phased out, and wouldn't I like X.21?}. That's bull***, V35 is still the standard connection for serial interfaces that i know. All the cisco have this interface on standard. - We need to get internet access trough this megalink, to the associated Telstra servie. What is the used L2 encpas to make the link ? Is it HDLC (if yes, Cisco HDLC or not), or framerelay ? Again, depends on what you buy. A megalink is a point to point connection which runs HDLC. Nothing else is necessary. A primary rate ISDN service can run ppp, ppp-multilink, or frame-relay over ISDN as you wish. That's up to the router configuration. If you're connecting to Telstra for internet access, it'll most likely be ppp-multilink. If you go for a frame relay service, it'll run most likely run encapsulation frame-relay, or frame-relay IETF - depends on the other end's connection. Will depend on the internet provider i suppose. - Last point, for my own curiosity, does someone know what type of WAN does Telstra use for thos services ? Is it a quite legacy E3/E1 etc.. architecture, or do they use SDH/Sonet or maybe MPLS/IP or MPLS/ATM based one ? Again {I'm saying this a lot!}, depends on the connection you get. Most of Telstra's network, if it's a long distance connection, is multiplexed onto the national Sonet fibre ring at some point. Some ISDn services come into the building as what they call lightstream - basically, they run a fibre into the building and through ATM down it to a add/drop multiplexer and pull out individual 2 meg streams. This only happens on large buildings, though, where they can logically expect large demand for voice/data services. Could be a LightStream 1010 (cisco LS1010, ATM switch) Sometimes it's plain old copper, with standard ISDN, multiplexed somewhere upstream from your exchange. Good luck looking for more detail than that - Standards? We don't need no steenkin' Standards! Ahh i like to work with clear information, support and when everybody knows it's job perfectly. What a perfect world. DaZZa thanks for the info, that definitively confirm that i will know when the telstra people will give us an answer about the service my
RE: [SLUG] PPPD and C source -Tracking that External IP....
what you look for is a serie like: pid = fork(); if(pid != parentPid) { // we are in the child excve(pppd); } probably. JeF On Wed, 16 Jan 2002, George Vieira wrote: I've done a little more research and found that there is no link between PPTP and PPPD which is traceable.. The only thing I can now think of is to make PPTP to pass the ipparam parameter to PPPD then it can be tracked back..eg. 1) VPN client connects from address 141.x.x.x 2) PPTPD accepts the connection 3) PPTPD creates a /var/run/pptpd-link0 and stores the external IP into it (more client connections become -link1, -link2, etc) 4) PPTPD forks PPPD using: pppd blah blah blah ipparam ${ipparam}-link0 (Note: Incase the user already uses ipparam it is passed and -link0 is added to it.ie. mypptp-link0) 5) PPPD starts up and uses the ipparam passed by PPTP and possibly anything else the user sent ( ${ipparam} ). PPPD ip-up.local can then determine from the ipparam parameter what the IP address is from the file containing the true IP address of the client (/var/run/pptp-link0) ... # ip-up.local (example) #!/bin/sh LINK=`echo $6 | cut -f 2 -d -` REALIP=`cat /var/run/pptpd-$LINK` This sounds like it'll work without modifying the PPPD source code but has created alot more tweaking on the PPTPD source side... Worst thing is I have not coded C in 10 years and it's changed alot to me.. Now for the hard part.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Telstra Megalink
Hello Slugers, We have to setup a connection to the megalink service for a customer from a linux box. Telstra does not have a lot of information about what you gonna have when you take the service, so maybe someone of you knows more than them about it. Here is what i understand from this service: - It is based on E1 type of link and you receive the appropriate number of slots depending on the bandiwth you required. - Now the point is to know how Telstra terminate the network at the customer premise, which will change the type of interface we have to support: will it be an E1 connection (then which type of connector: RJ48 or dual BNC type of connector (120 or 75 ohm), what about the CSU/DSU ?), or will they give a box which transform the E1 framing to a classical WAN serial connection (V35 type of connection) ? This latest configuratio is the one we have for our own framerelay connection, but nobody here is sure if this was included by telstra or if we had to finance the box. - We need to get internet access trough this megalink, to the associated Telstra servie. What is the used L2 encpas to make the link ? Is it HDLC (if yes, Cisco HDLC or not), or framerelay ? - Last point, for my own curiosity, does someone know what type of WAN does Telstra use for thos services ? Is it a quite legacy E3/E1 etc.. architecture, or do they use SDH/Sonet or maybe MPLS/IP or MPLS/ATM based one ? Thanks guys, JeF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] DSL vs Cable security
the 2 main security things linked to this topis is that some CPE's (DSL or Cable) are not properly configured and so some attacks are possible (reconfigure subscribers settings), and the fact that on cable, you share the media, which may lead to traffic sniff and directed attacks to addresses which would not be router on the internet. JeF On Fri, 11 Jan 2002, Dennis M. Gray wrote: A friend in the USA has been told that DSL is more secure than cable modem. Are there anything to back up this claim? All opinions solicited. Thanks, Dennis -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] GPL, an argument .
mm souds interesting :)) On Fri, 4 Jan 2002, Jeff Waugh wrote: quote who=Jean-Francois Dive becoming an industry standard for that area (ala apache, bind, etc..), what will happens to company selling and producing the same type of product ? ... Then you have a lucrative software and support consulting company. As the creators of the most widely deployed, standards-defining software, you're the pick of the crowd as far as who do I call? goes. sendmail is a sack of shit, but that hasn't exactly hurt Sendmail Inc. - Jeff -- So please lets focus on preparing to beat up our neighbours instead of spending all the energy on domestic violence. - Christian Schaller on GNOME -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] GPL, an argument .
Hi all, After a long discussion with someone about the GPL and the open source model of business, he raised a point which i cant find any very valid argument, maybe you guys will be able to gimme your point on this: The idea is that developping free sofware leads the author to it's own professional death: if the opensource movement works to it's extreme extend, what will happens to the company that sell whatever proprietary sofware ? It's faith is death or recycling. As most of the opensource developpers are professionals, this directly leads them to a no job future. The extended idea he raises is that developping an opensource software simply cut any value of the work we do. My point of view is that the business model of a simple software engineering company will have to move towards service integration and consultancy, but this is true that in a way this movement may lead a major change in the industry. JeF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] GPL, an argument .
yep i totally agree, this is the classical capitalist against socialism debate, but i dont think this is the point here. I do some opensource stuff and like to bring my tallents and stuff to the community. Ok, here is an example: i am actually paid to develop product that will be opensource. What will happen, if i work properly and manage to make a clean very usable, perfect, blablabla stuff , becoming an industry standard for that area (ala apache, bind, etc..), what will happens to company selling and producing the same type of product ? ... I rekon that the future will have to go trough customer orriented service instead of big cash software selling companies which does exist at the moment... JeF On Fri, 4 Jan 2002, Terry Collins wrote: Jean-Francois Dive wrote: ...snip The idea is that developping free sofware leads the author to it's own professional death: ...snip. This is just the normal capitalist crap argument that your sole worth is how much income you generate. The fact is that a lot of a healthy society runs on the voluntary and mutual co-operation. Hence Slug, free WWW pages and other stuff. -- Terry Collins {:-)}}} Ph(02) 4627 2186 Fax(02) 4628 7861 email: [EMAIL PROTECTED] www: http://www.woa.com.au Wombat Outdoor Adventures Bicycles, Books, Computers, GIS People without trees are like fish without clean water -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Bandwith Shaping/Throttling
Otherwise, have a look at the click router project, which does include very good shaping elements (google, click router project at the MIT). JeF On Wed, 12 Dec 2001, Visser, Martin (SNO) wrote: Have a look at NistNET for a comprehensive Network Emulation Tool that can not only do bandwidth shaping, but also simulate delay, error characteristics etc. See http://snad.ncsl.nist.gov/itg/nistnet/ Martin Visser Network Consultant - Compaq Global Services Compaq Computer Australia 3 Richardson Place North Ryde, Sydney NSW 2113 Australia Phone: +61-2-9022-1670 Mobile: +61-411-254-513 Email:[EMAIL PROTECTED] -Original Message- From: Shaun Cronin [mailto:[EMAIL PROTECTED]] Sent: Thursday, 6 December 2001 5:30 PM To: [EMAIL PROTECTED] Subject: [SLUG] Bandwith Shaping/Throttling Hi All, The phb's have blessed me with the task of working how to simulate a 256k/512k connection between two servers. In that latter stages of the project, one server will placed in a server farm with a 256k (eventually upgarded to 512k) connection. Hence they need a proof of concept that there won't be problems with data transfer restricted to 512k. I know there is hardware that can do this but I wondered if a linux box could be used instead (and show to certain management types that Linux is wonderful). I've found rshaper which may do what I want it do. I have a Linux box doing nothing with two NICs installed. My theory is using rshaper on one NIC (which would be connected to the server that would be at 512k in real life) I can give them what they want. Has anyone used rshaper and if so, would my scenario work? Cheers, Shaun -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] icmp and payload.
Hi all, Does someone knows if, when receiving back an icmp message, the option of the original ip packets are in the payload of the icmp ? The icmp rfc says: Internet Header + 64 bits of Data Datagram The internet header plus the first 64 bits of the original datagram's data. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first 64 data bits of the original datagram's data. I know that the ip header of this icmp message IP option management is specified in the IP RFC, bug what about the option of the originating message ? Thanks, JeF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] icmp and payload.
yep, i was talking about the ip one, thanks a lot. JeF On Mon, 10 Dec 2001, John Ferlito wrote: On Mon, Dec 10, 2001 at 09:46:14PM +1100, Jean-Francois Dive wrote: Hi all, Does someone knows if, when receiving back an icmp message, the option of the original ip packets are in the payload of the icmp ? You will get the IP options but not the tcp optons since tc options are bast the first 64 bits. -- John Ferlito Senior Engineer Bulletproof Networks ph: +61 (0) 2 9663 9000 fax: +61 (0) 2 9662 4744 mob: +61 (0) 410 519 382 http://www.bulletproof.net.au/ This e-mail and any attachments are confidential and may be legally privileged. Only the intended recipient may access or use it and no confidentiality or privilege is waived or lost by mistaken transmission. If you are not the intended recipient you must not copy or disclose this email's contents to any person and you must delete it and notify us immediately. Bulletproof Networks uses virus scanning software but excludes all liability for viruses or similar in any attachment as well as for any error or incompleteness in the contents of this e-mail. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] debian hacked
yep, cable share the media between the neighbours up to the concentrator. Check the src mac address is from your card ... - Original Message - From: David Kempe [EMAIL PROTECTED] To: Ken Foskey [EMAIL PROTECTED]; slug [EMAIL PROTECTED] Sent: Saturday, November 17, 2001 9:27 AM Subject: Re: [SLUG] debian hacked On Sat, 17 Nov 2001 00:02, Ken Foskey wrote: arp who-has 211.28.46.140.optus.net.au tell 211.28.46.1.optus.net.au then is will pick up a resolution and give a client id instead of an IP. and so on, repeatedly. Um I think you will find that thats your neighbourhood arp traffic. I think that the arp traffic is shared between neighbourhood cable modems. My little brother asked me about this traffic once (he works at bigpond cable/adsl). After some analysis we agreed it was broadcast neighbourhood traffic on the cable network. Nothing to be worried about... Dave -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Its illegal
I am just ... shocked !! I thought this was done by some geeky childrens; but not even, it was ordred and paid by MS.. This is absolutly non professional and outrageous. JeF On Tue, 13 Nov 2001, [EMAIL PROTECTED] wrote: http://www.smh.com.au/news/0111/14/national/national20.html mail2web - Check your email from the web at http://mail2web.com/ . -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Binding ftpd to limited interfaces
This depend on which FTP daemon you runs ... check conf file or daemon startup params On Fri, 9 Nov 2001, Adam Kennedy wrote: Morning all I have a debian machine that is used as a sort of services gateway, it runs 6 or 7 public ips, and then I use a userspace port redirector, rinetd, to redirect arbitrary ports through to the internal machines ( a variety of Win32, Mac and linux ). I've redirected http, cvs, and a range of other ports just fine. However, I'm having a problem with ftp. For some reason, the ftp daemons insist on using all the interfaces. Does anyone know of a way of reconfiguring ftpd to only bind to a single port? Thanks Adam -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PAT question .. (general)
Yep, that i know, but my point was to know how the NAT code knows to which internal host it have to send the ICMP as we dont have port numbers in an ICMP message and only the destination address is not ok as 2 internal station could have connected to the same server. The answer was in fact that in the payload of the ICMP you have the original IP packet + 64bit of the next payload: aka the TCP header and ports -- the information is completed. JeF On Wed, 31 Oct 2001, Matt Hyne wrote: At Wednesday, 31/10/2001 09:55 AM (+1100), Jean-Francois Dive wrote: Hi all, i was wandering something with PAT: If you have multiple boxes trying to access the same server on the internet, going trough the same PAT router, so using the same external ip address: if the sender stack does Path MTU discovery (most of the stack does now), and if both hit a smaller MTU in the way, how does the NAT code knows where to send back the ICMP on the inside of the PAT router .? I believe it does work, but how ? All PAT/NAT does is translates the private IP address to a public ip+port via a lookup table using the src and dst ip addresses/port numbers. Each session will have a different translation thus each path's MTU is retained. JeF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] SuSE-7.3
Excellent ! :) On Thu, 1 Nov 2001, Stuart Cooper wrote: Is SuSE-7.3 available in Australia yet? Hoping to bring one with me but not sure it will be available in Canada before I leave in December. Not yet, and no word from the usual sources when it will be (guys ??). I believe SuSE are being ... recalcitrant ... at the moment... I've just emailed a few contacts there directly to see if it can be hurried up. If you can't wait; you can roll your own using the following procedure: How to make your own SuSE 7.3, from SuSE 7.1 or 7.2 === 1) Create a new impossible three-dimensional shape; in green for the professional edition and blue for personal edition. Print out this figure and slap in on the front of the SuSE product box. The blue shape should look a bit like a spinning top and the green shape should have triangle things in it. 2) Make new versions of the SuSE sysadmin tool Yast and X admin tool SaX: # ln -s /sbin/yast2 /sbin/yast3 # ln -s /usr/X11R6/bin/sax2 /usr/X11R6/bin/sax3 Also have a later point release of KDE and a choice to install up to 5 different Linux kernels during the installation. 3) Create another four CDs for the professional pack so that SuSE now comes on 11 CDs not a disappointing 7. You should be able to do this by grabbing the latest stable version of absolutely everything from rpmfind.net. After you've done this find some more RPM archive sites and grab everything off them as well. Then do freshmeat. 4) Create some more high quality documentation. Every 70th diagram should be captioned in German and not English. 5) (hard) Exhaustively test the installation and software configurations. Provide installation support and a superb web site and support database. Get another round of funding from IBM and Intel. Hope this helps :) Stuart. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] PAT question .. (general)
Hi all, i was wandering something with PAT: If you have multiple boxes trying to access the same server on the internet, going trough the same PAT router, so using the same external ip address: if the sender stack does Path MTU discovery (most of the stack does now), and if both hit a smaller MTU in the way, how does the NAT code knows where to send back the ICMP on the inside of the PAT router .? I believe it does work, but how ? JeF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] SuSE-7.3
Did not saw it yet ... On Mon, 29 Oct 2001, Bob Hubbard wrote: Is SuSE-7.3 available in Australia yet? Hoping to bring one with me but not sure it will be available in Canada before I leave in December. Thanks Bob Bob Hubbard St.Albert, Ab CANADA -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] OpenNMS experience
Hi all, I was wandering if someone had any experience with openNMS , good or bad ? Thanks, JeF
Re: [SLUG] Hang on FTP connections
Hi, It is still a DNS problem i beleive, not on the client side, but on the server side: the ftp server tries to reverse lookup the incoming address to log it probably and so hang on that. Check if 192.168.0.3 is resolvable on the server side. (host 192) Hope this help, JeF On Thu, 27 Sep 2001, Minh Van Le wrote: My CuteFTP sessions hang or timeout during the handshake to a linux host. It could be DNS/hostname related. I'm not sure. nslookups to the target host always return the same interface, even though there are two interfaces - so the proportion of connection problems to the probability of hitting the right interface doesn't suggest that it is DNS/hostname related. The status messages in CuteFTP clearly say it's connecting to 200.0.0.2, which is right. The source is 192.168.0.3 however. I've checked hosts.{allow,deny} and it checks out. I've also disabled firewalls. There's nothing in the syslogs to suggest a problem. CuteFTP just sits there indefinitely on trying to establish a socket to one of my linux hosts. The socket is established properly immediately after a 2nd retry, and successive reconnects. But if a socket hasn't be established for 10 or 15 minutes, CuteFTP hangs again. STATUS: Socket connected. Waiting for welcome message ... I'm using Redhat 7.1. Is it a tcpwrapper thing ? something to do with TCP streams and xinetd firing child processes to accomodate the connection ? I haven't tried running a standalone instance of FTP. Maybe that'd help. Are there other ways to debug these sorts of problems ? Should I use tcpdump ? -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Routing problem
That made sense before your box was rebooted: you had host addresses pointing to the interfaces and only one network address for another nic, which is correct, after reboot, the kernel added the route for the network when the card went up.. JeF On Mon, 24 Sep 2001, Tom Massey wrote: Thanks for the suggestions to put things onto separate subnets. This seems to be the answer (haven't been able to change things yet, all the machines are actually in the US and I haven't got in touch with the guy who has physical access). I can only assume that the setup worked originally because the modules and routing info were added when Red Hat was looking the other way, but after a reboot the system recognised the need to add routes, and things broke because the broken configuration added broken routes. Interesting that it wasn't recognised as an invalid config, and actually worked fine, until after the reboot. Thanks again, Tom -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Regarding to Routing Socket
Unfortunatly, linux does not support the sysctl as most of other unix does, so, no routing Socket. the replacement is netlink(7) and rtnetlink(7). Good luck. JeF On Fri, 21 Sep 2001, uday wrote: Hi All Routing Socket is used adding /Deliting route in the system routing table in Linux. Routing Socket uses rt_msghdr structure , RST_DST, RTA_GATEWAY, RTM_ADD, RTM_CHANGE, RTM_DELETE etc define values . These structure and values should be in net/route.h of Linux Kernel, but these structure and define values are not in net/route.h file of Redhat LINUX 7.1. I am getting compiliation error for these structure and define vales. Plz guide me Which Linux Version should be use ? Is it seperate patch for linux? If Yes, from where will i get? Thanx in advance. Uday -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Routing problem
Hi, As soon as you assigned a netwotk to a NIC, it's entry is automatically addes to the routing table. I dont get why you assigne the same network addresses to different interface (routing wont be easy for the box :) What you have to to is to change the addresses on eth2/3/1 to have separate networks (check the mask). JeF On Mon, 24 Sep 2001, Tom Massey wrote: Hi all. I'm having some difficulty with routing under Red Hat 7. Basic situation: Me and few friends have a machine running RH7 that we're playing with networking stuff on, different configurations just for the hell of it basically. At the moment the machine contains 4 NICs - eth0 to a cable modem, eth1 to a LAN (masquerading etc), then eth2 and eth3 which each go to separate machines, isolated from the rest. This was all set up and working fine, but then the machine was rebooted. Now whenever eth1, eth2, or eth3 are brought up, something adds a route to the routing table such that each interface is associated with the destination 192.168.1.0, as well as any other routing info we stick in /etc/sysconfig/static-routes. This happens whether the interface is brought up with ifup or ifconfig. At the moment the routing table looks like: Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.13192.168.1.10255.255.255.255 UGH 0 00 eth3 192.168.1.13* 255.255.255.255 UH0 00 eth3 192.168.1.12192.168.1.9 255.255.255.255 UGH 0 00 eth2 192.168.1.12* 255.255.255.255 UH0 00 eth2 192.168.1.0 * 255.255.255.0 U 0 00 eth1 192.168.1.0 * 255.255.255.0 U 0 00 eth2 192.168.1.0 * 255.255.255.0 U 0 00 eth3 xx.xx.xx.xx * 255.255.255.0 U 0 00 eth0 127.0.0.0 * 255.0.0.0 U 0 00 lo default xx.xx.xx.xx 0.0.0.0 UG0 00 eth0 (The x's are just to avoid my friend beating me up for disclosing his IP number ;-) This is obviously a really messy routing table, but 192.168.1.10 == eth3, 192.168.1.9 == eth2, and the destinations are correct. Problem seems to be the routes to 192.168.1.0. I haven't been able to work out where they're coming from. route del 192.168.1.0 gives SIOCDELRT: No such process. Can't seem to get rid of these routes no matter what I try. And I can't seem to work out where they're coming from in the first place. /etc/sysconfig/network-scripts/ifcfg-eth1 looks like: DEVICE=eth1 USERCTL=no ONBOOT=yes BOOTPROTO=none IPADDR=192.168.1.1 As do ifcfg-eth2, and ifcfg-eth3, with different IPADDR. /etc/sysconfig/static-routes looks like: eth2 host 192.168.1.12 eth3 host 192.168.1.13 (we've also had gateway info in there at some stage, this seems to make no difference) This was all set up before the reboot and was working - i.e. the kernel (2.2.19) was recompiled to support the NICs we were going to stick in the machine, the machine was powered down, the NICs inserted, the machine booted, the necessary entries were added to /etc/modules.conf, the NIC modules loaded OK, all necessary changes were made so that the NICs could talk to the machines conected to them. Then after a reboot, this new routing info was loaded, that seems to have broken things so that whenever the interfaces are brought up, routes to 192.168.1.0 are added, though we don't seem to have changed anything that would lead to this. I've googled and so on, but can't seem to find any relevant info. Can anyone tell me where these routes to 192.168.1.0 are coming from? I have a feeling it's something really simple I've missed, but I just can't see what. I just can't figure out what's happened so that a set up that was working fine before a reboot is completely broken after the reboot. Thanks for any thoughts, Tom -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Postfix and dynamic IP
Hi all, I've got two issues with the postfix installation i have: First some background: i use postfix as mail delivery system on my laptop which get connected trough lan-DHCP or diallup, so get ip and name resolutio changing all the time. My issues are: 1. Postfix copied the name resolution config file in /var/spool/postfix/etc , which is a problem as my resolv.conf does change when i change my connection. So, i hit that postfix cant resolve name if i dont copy back the correct file in /var/spool/.. The solution i am thinking is to setup bind on the local machine, but i believe there is a nicer solution. Does someone have an idea ? 2. Some servers refuse to accept the emails i deliver (freebsd.org for exemple) because the name used in the config (myhostname) is not a public one, so the remote server refuse the HELO: myhostname, saying the name does not exist. Faking this by a real name is possible, but then i'll have to hack it by defining it in the /etc/hosts, i dont think it is a nice solution either. Does someone have a better solution for this ? Thanks for any help, Cheers, JeF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Memory usage in gateway system.
On Fri, 21 Sep 2001, Mike Holland wrote: On Fri, 21 Sep 2001, Keiran Sweet wrote: I have recompiled the kernel to disable modules, statically include the network card drivers, and all other hardware drivers, plus include all needed netfilter support. Why bother with all that? Whats wrong with modules? If modules are not needed because the configuration is fixed, then it is better to remove the support for a simple reason: security measure. Nasty stuffs can be done when module support is enabled on a machine: load a nice rootkit module and that's it, you own the machine from it's real root. Modules does save memory simply because you can choose to only load what you need at a time, but not by it's nature: a driver loaded in a module will use the same ressources as if it was statically included in the kernel. All of this managed to get the kernel size down from about 2 megs(plus modules) to about 722k. I'm surprised - I thought modules were supposed to keep memory use down. Too many non-modules drivers in the kernel? Still, I dont think you need have bothered. 64MB is more than plenty for your purpose. My question is why i am constantly noticing that the systems memory is always becoming highly used, upon boot it uses 17megs of the 64 availiable, and i'll check back a day later to see it using about 62 megs of memory. I have asked a few people about this, and they have advised me that its due to HDD caching ect, ie, more writing/reading activity the more RAM You just answered your own question. Unused memory will fill with disk cache. What does the command free -m tell you? Also ps aux will tell you pre-process memory use (virtual resident). I have looked through a few books and havent been able to find much dead trees? STFW , e.g. http://www.google.com/search?hl=ensafe=offq=linux+memory-management+faq http://www.mainmatter.com/linux-faq/sec6.html#AEN2058 -- Mike Holland [EMAIL PROTECTED] --==-- Everybody is talking about the weather but nobody does anything about it. -- Mark Twain -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] CCNA
Expensive, maybe, but hard, i highly doubt ... CCIE theorical exams was not that difficult (ok, the lab is another story), so, if you prepare yourself correctly, you should try directly take the CCNP (my 2cent tip). JeF On Wed, 19 Sep 2001, Steven Blunt wrote: It was about $200 to sit the exam IIRC. The page to look at is: http://www.cisco.com/warp/public/10/wwtraining/certprog/lan/programs/ccna.ht ml For exam details, call Prometric on 1800 808 657. Not sure whether it is worth anything tho, typing CCNA into Seek gives a reasonable number of hits but most would expect experience to match. - Original Message - From: Minh Van Le [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 2:43 PM Subject: [SLUG] CCNA Is CCNA worth doing these days ? I hear it's hard and expensive (?). I did a google on +ccna +sydney site:.au and turned up some broken links and seemingly dodgy sites. Is there an authoritative CCNA site ? Even a FAQ for Australian residents or something. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug