Re: Roach Motel For Packets...
On Sat, Sep 29, 2001 at 10:46:37AM -0400, Peter Billson wrote: > But if I try to ping eth1, or any of the IPs serviced by eth1, from a > remote machine the packets come into the router and disappear. They > do not get DENYed, ACCEPTed or FORWARDed by IPChains on any > interface. The rules relating to eth0 and eth1 are identical. as is required by RFC, routing is disabled by default. to enable routing: echo 1 >/proc/sys/net/ipv4/ip_forward use /etc/sysctl.conf to have it enabled automatically at boot. craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: dns takeover with dhcp-dns
On Sat, Sep 29, 2001 at 09:04:33PM +0200, PiotR wrote:
> Anyone knows if dhcp-dns allows to filter some hostnames, in order
> not to update them?. With the actual behavior its easy to take over
> dns entries. I'm concerned about users taking over server's dns
> entries.
nope, not possible with dhcp-dns as it's written.
it's perl, though, and probably wouldn't be too hard to modify so that
it rejected specific names.
> Any ideas?
use a subdomain for the dynamic entries. don't put any servers in the
dynamic domain.
e.g. if your main domain is "example.com", use "pn.example.com" for
dhcp-dns...then there's no chance that dhcp-dns can touch your main
domain.
("pn" == abbreviation for private network.)
craig
--
craig sanders <[EMAIL PROTECTED]>
Fabricati Diem, PVNC.
-- motto of the Ankh-Morpork City Watch
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Roach Motel For Packets...
On Sun, Sep 30, 2001 at 10:18:28AM +1000, Craig Sanders wrote: > echo 1 >/proc/sys/net/ipv4/ip_forward > > use /etc/sysctl.conf to have it enabled automatically at boot. That's one way. The other being: vim /etc/network/options There you'll find two other useful options also. All 3 would be the equivalent of the echo or sysctl.conf above. -- CaT"As you can expect it's really affecting my sex life. I can't help it. Each time my wife initiates sex, these ejaculating hippos keep floating through my mind." - Mohd. Binatang bin Goncang, Singapore Zoological Gardens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Roach Motel For Packets...
> as is required by RFC, routing is disabled by default. to enable > routing: > > echo 1 >/proc/sys/net/ipv4/ip_forward > > use /etc/sysctl.conf to have it enabled automatically at boot. 100% correct you are, but I have already done this. Note that "stuff" coming in eth0 is getting forwarded correctly, only packets coming in eth1 are not. Even eth1 itself does not respond to pings even though I can log the packets coming in. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Roach Motel For Packets...
On Sat, 29 Sep 2001, Peter Billson wrote: > I have a Linux router with two connections from different service > providers (eth0 and eth1) coming in and want to route all traffic to go > out eth2. Eth0 is the router's default gateway > > I assigned eth2 two ips (eth2=192.168.0.1 and eth2:0=10.0.0.1)The > (important) routes are set to > > Networkgatewaynetmaskiface > 192.168.0.0 * 255.255.255.0eth2 > 10.0.0.1 * 255.255.255.0eth2 > (eth1 net)* 255.255.255.0eth1 > default(eth0 ip) 0.0.0.0 eth0 > > Ips have been changed to protect the innocent. All ips are really in > the public IP space. > > I am *not* trying to load balance, do BGP or anything like that. I > basically want the boxen on the network to respond to packets coming > from either network. > > I'm using IPChains to get this all working nice. Show us. > If I ping any of the IPs serviced by eth0 (remotely or locally) > everything works fine. I can ping eth0, eth2 or any of the boxes on the > network. > > From the router I can ping eth0, eth1, eth2, and IPs that should be > serviced by eth1 on the network and I can ping the provider going out > eth1. > > From the local network I can ping any other machine and *any* IP on > the router. > > But if I try to ping eth1, or any of the IPs serviced by eth1, from a > remote machine the packets come into the router and disappear. They do > not get DENYed, ACCEPTed or FORWARDed by IPChains on any interface. The > rules relating to eth0 and eth1 are identical. I am not sure if I understand this exactly. It may help to have more information. I have a feeling your replies are being sent out but are being firewalled by another router, since they appear to have a source address that doesn't belong to its network (i.e. address spoofing, SMURF attack). Jeremy C. Reed echo 'G014AE824B0-07CC?/JJFFFI?D64CB>D=3C427=>;>6HI2>
Apache logs
I wonder. For my organization it is not really needed to log every GET instruction given to Apache. Where exactly in the configuration do I have to alter something for that matter? Regards ... -- Jsb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Roach Motel For Packets...
Hi all, I have successfully created a Linux "Roach Motel"... packets check in, but they don't check out! Unfortunately, I was trying to create a router! :-) I have a Linux router with two connections from different service providers (eth0 and eth1) coming in and want to route all traffic to go out eth2. Eth0 is the router's default gateway I assigned eth2 two ips (eth2=192.168.0.1 and eth2:0=10.0.0.1)The (important) routes are set to Networkgatewaynetmaskiface 192.168.0.0 * 255.255.255.0eth2 10.0.0.1 * 255.255.255.0eth2 (eth1 net)* 255.255.255.0eth1 default(eth0 ip) 0.0.0.0 eth0 Ips have been changed to protect the innocent. All ips are really in the public IP space. I am *not* trying to load balance, do BGP or anything like that. I basically want the boxen on the network to respond to packets coming from either network. I'm using IPChains to get this all working nice. If I ping any of the IPs serviced by eth0 (remotely or locally) everything works fine. I can ping eth0, eth2 or any of the boxes on the network. From the router I can ping eth0, eth1, eth2, and IPs that should be serviced by eth1 on the network and I can ping the provider going out eth1. From the local network I can ping any other machine and *any* IP on the router. But if I try to ping eth1, or any of the IPs serviced by eth1, from a remote machine the packets come into the router and disappear. They do not get DENYed, ACCEPTed or FORWARDed by IPChains on any interface. The rules relating to eth0 and eth1 are identical. It is as if the packets coming in eth1 are not getting forwarded but I can't figure out why not, particularly when the IPChains rules work for eth0. Any suggestions where to look? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache logs
The following lines SetEnvIf Request_URI \.gif no_log_request SetEnvIf Request_URI \.jpg no_log_request Define what you don't want logged with SetEnvIf statement. The lines above sets this for files with the .gif and .jpg extensions. Then set your CustomLog line like this. This can be turned on or off for each virtual server by adding or removing the "env=!no_log_request" at the end of the CustomLog configuration line. CustomLog /var/www/log/access_log "combined" env=!no_log_request HTH eirik "Jordi S . Bunster" wrote: > > I wonder. For my organization it is not really needed to log every GET > instruction given to Apache. Where exactly in the configuration do I > have to alter something for that matter? > > Regards ... > > -- Jsb > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
dns takeover with dhcp-dns
Hi Anyone knows if dhcp-dns allows to filter some hostnames, in order not to update them?. With the actual behavior its easy to take over dns entries. I'm concerned about users taking over server's dns entries. Any ideas? -- ... ___ ... | /| |\ | | /-| Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/ |-\ | o-|--| e-mail: [EMAIL PROTECTED] | [EMAIL PROTECTED] |--|-o | \-| finger [EMAIL PROTECTED] for public gnupg key |-/ | |...\|_|/...| :wq -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: vmailmgr issue
Heey, glad my memory isn't in as bad of condition as I first thought. :) I'm not positive, but I do know that qmail reads a bunch of control files upon startup, and it looks like your error message is stating that the control directory cannot be found. On a default qmail install from src, the top level directory for qmail is /var/qmail. Inside of that, among several other directories, is one called "control". Inside of that are several text files that contain things like virtual host lists, aliases, etc... Here's what my control/ directory looks like: databytes locals plusdomain virtualdomains defaultdomain locals.lock rcpthosts virtualdomains.lock defaulthostme rcpthosts.lock Make sure your qmail install is finding these files, and you should be good to go. If all else fails, go grab a Newcastle or BlueMoon, print out "Life with qmail" (http://www.lifewithqmail.org/), download the qmail source, and start the install from scratch. That proved to be the easiest way to get it installed for me. (Only took me a couple of hours to get qmail, courier-imap/pop, qmailadmin, vpopmail, and sqwebmail installed)... YMMV- Eric >On Fri, Sep 28, 2001 at 12:00:11PM -0700, Loopshot Operator wrote: >> I don't know about vmailmgr, but from what I remember, vpopmail was >> the newer version of vmailmgr (I *think*), and I have vpopmail > >From what I can find you are correct, thanks for the heads up. > >This time I got qmail, vpopmail AND qmail admin working AND I can USE it :) >kindof > >When attempting to start qmail I get: >alert: cannot start: unable to read controls > >A search on google mainly returns the manpage for qmail-log ... not really >any help. > >Looking at some other issues I checked the perms for both /var/lib/qmail and >/var/qmail, etc. and made sure they were all the same (alias.qmail). > >Any ideas? qmail was installed from apt (qmail-src, build-qmail, etc.) > >I hate admining email... no wonder I've never had to do this before. > >A.Sleep > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
