Compatible DVD Burner with Linux
Hi people. I'm looking at the NEC ND-2500A as a solution for writing DVDs under Linux. Does anyone have experience with using this drive for writing DVDs under Linux? If not can you recommend a good DVD burner that will "play nice" with Linux userland tools? Thanks in advance. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Compatible DVD Burner with Linux
Thank you. Yes, that post shows their GUI successfully burning a DVD under Linux. (I couldn't read the French.) I find that reassuring! There is an interesting and informative web page on the subject of MMC compliance (and non-compliance) at http://fy.chalmers.se/%7Eappro/linux/DVD%2BRW/hcn.html . This seems to a key issue when determining DVD burner behavior under Linux. The article seems to imply not all DVD burners will behave themselves well under Linux. I just stumbled on this after posting to this list. Thank you for your feedback. I don't want to pay a restocking fee if I choose the wrong DVD burner. ;) - Original Message - From: "Jonathan Melhuish" <[EMAIL PROTECTED]> To: "David Cunningham" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, May 08, 2004 6:03 AM Subject: Re: Compatible DVD Burner with Linux > David Cunningham wrote: > > >Hi people. I'm looking at the NEC ND-2500A as a solution for writing DVDs > >under Linux. Does anyone have experience with using this drive for writing > >DVDs under Linux? If not can you recommend a good DVD burner that will > >"play nice" with Linux userland tools? > > > >Thanks in advance. > > > > > I think all DVD burners should work with linux, as far as I can tell, > just as all CD burners do - they generally all conform to the same > (ATAPI?) standard. > > There's a long thread here in which they discuss lots of problems, but > the conclusion seems to be that the drive should work fine: > http://forum.hardware.fr/hardwarefr/OSAlternatifs/sujet-33454-1.htm > > Cheers, > > Jon > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Compatible DVD Burner with Linux
Thank you. Yes, that post shows their GUI successfully burning a DVD under Linux. (I couldn't read the French.) I find that reassuring! There is an interesting and informative web page on the subject of MMC compliance (and non-compliance) at http://fy.chalmers.se/%7Eappro/linux/DVD%2BRW/hcn.html . This seems to a key issue when determining DVD burner behavior under Linux. The article seems to imply not all DVD burners will behave themselves well under Linux. I just stumbled on this after posting to this list. Thank you for your feedback. I don't want to pay a restocking fee if I choose the wrong DVD burner. ;) - Original Message - From: "Jonathan Melhuish" <[EMAIL PROTECTED]> To: "David Cunningham" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, May 08, 2004 6:03 AM Subject: Re: Compatible DVD Burner with Linux > David Cunningham wrote: > > >Hi people. I'm looking at the NEC ND-2500A as a solution for writing DVDs > >under Linux. Does anyone have experience with using this drive for writing > >DVDs under Linux? If not can you recommend a good DVD burner that will > >"play nice" with Linux userland tools? > > > >Thanks in advance. > > > > > I think all DVD burners should work with linux, as far as I can tell, > just as all CD burners do - they generally all conform to the same > (ATAPI?) standard. > > There's a long thread here in which they discuss lots of problems, but > the conclusion seems to be that the drive should work fine: > http://forum.hardware.fr/hardwarefr/OSAlternatifs/sujet-33454-1.htm > > Cheers, > > Jon > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Compatible DVD Burner with Linux
Presently I'm going to try the NEC ND-2500A. I just ordered it. I'll be happy to post my results back here once I've had a chance to put it through it's paces. - Original Message - From: "hugo vanwoerkom" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, May 08, 2004 7:43 AM Subject: Re: Compatible DVD Burner with Linux > David Cunningham wrote: > > Thank you. Yes, that post shows their GUI successfully burning a DVD under > > Linux. (I couldn't read the French.) I find that reassuring! > > There is an interesting and informative web page on the subject of MMC > > compliance (and non-compliance) at > > http://fy.chalmers.se/%7Eappro/linux/DVD%2BRW/hcn.html . This seems to a > > key issue when determining DVD burner behavior under Linux. The article > > seems to imply not all DVD burners will behave themselves well under Linux. > > I just stumbled on this after posting to this list. > > Thank you for your feedback. I don't want to pay a restocking fee if I > > choose the wrong DVD burner. ;) > > > > So what's your choice? > > H. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: "blocking" hosts
Not really. This is helpful but will only block access to those services that are compiled against tcp wrappers. To block all access you can use iptables or add a blocked route to your routing table. For example: route add -net 194.73.242.0/24 reject # (this will block all access from the class C network 194.73.242.0) route add -host 194.73.242.132 reject# (this will block all access from the IP address 194.73.242.132) If you want this to persist after reboot then you will need to add the command to one of your start up scripts. I use rc.local. <|>/\\/|<|> - Original Message - From: "Matthew Daubenspeck" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 18, 2004 5:14 AM Subject: "blocking" hosts > If I want to block all access to my debian box from a certain IP, is it > as simple as placing the IP in /etc/hosts.deny? I am using debian > woody... > > Thanks. > -- > Matthew Daubenspeck > > 08:13:06 up 5 days, 17:58, 1 user, load average: 0.02, 0.04, 0.01 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Dynamic DNS Setup
There is an open source solution for this called DHIS. http://www.dhis.org/r5/downloads.html You can install their server and client software so that *you* get to run the nameserver. If this doesn't do what you need then it shouldn't be too hard to write a script to handle this for you. I use a script on my clients and servers so that I have better control over exactly what happens. <|>/\\/|<|> - Original Message - From: "Support" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 20, 2004 5:38 PM Subject: Re: Dynamic DNS Setup > At 02:27 PM 5/20/04, Paul Johnson wrote: > >Support <[EMAIL PROTECTED]> writes: > > > > > Can debian support dynamic dns ? Where can I find the info and how to > > > configure it ? > > > >If we're talking about dyndns.org's services, I would suggest > >http://www.dyndns.org/ or nntp://news.dyndns.org/dyndns.general for > >more information. > > > >Does this help? > > > >-- > >Paul Johnson > ><[EMAIL PROTECTED]> > >Linux. You can find a worse OS, but it costs more. > > Hi! Paul > > How about to configure debian server as Dynamic DNS Server ? > > > > Best Regards, > Support > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Compatible DVD Burner with Linux
> David Cunningham escribió: > >>Hi people. I'm looking at the NEC ND-2500A as a solution for writing >> DVDs >>under Linux. Does anyone have experience with using this drive for >> writing >>DVDs under Linux? If not can you recommend a good DVD burner that will >>"play nice" with Linux userland tools? >> >>Thanks in advance. >> >> >> >> >> > I think we would look for boxes with the sentence "Linux Compatible" ;) > > Regards. > > I disagree. In fact I tend to ignore that. There have been many occasions when hardware I buy that's advertised as "Linux Compatible" turns out to function poorly under Linux. Very frequently my best experiences are with hardware that the manufacturer never bothers to advertise as Linux compatible and yet it works flawlessly. This issue is more complex than you suggest. For this reason I poll mailing lists and newsgroups for advice from people who have had good experiences with their hardware under Linux. This has consistently provided me good results. Best Wishes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: disks are hot hot hot
> On Tue, 2004-05-11 at 09:35, Antony Gelberg wrote: >> Hi all, >> >> I've recently built my first ever server with a pre-compiled kernel >> (2.6.4 >> from backports.org). I had two 160GB SATA disks which both failed after >> only >> a couple of months. I found this extremely strange, unless they were >> from a bad batch (not likely in this day and age). They've gone back to >> my supplier as faulty anyway. >> >> One thing I did notice is that the disks were rather hot, abnormally >> imo. >> The server is hardly stressed, as it's pretty much providing DNS, SMTP, >> and IMAP for all of one user! :) Motherboard is an ASUS A7N8X. >> >> What I am wondering is, is there some type of power saving mode / >> setting that I might have missed, a module perhaps? Or do these new >> fangled disks just run very hot? I've replaced them with two Samsung >> 160GB PATAs, and they're quite warm after only an hour or so, but >> admittedly they are doing a RAID sync. > > I'm guessing you're using 7200 RPM or better disks. I've never seen a > 7200 RPM disk that didn't run rather warm. Some get hotter than others, > but they're all rather hot. I have, in the last 10 months, replaced 5 > drives, all of which failed within about a month of getting them. I was > also having some heat issues with the computer in general. I added two > more case fans and got a couple of hard drive heatsinks. They're copper, > about the same size as a drive, and have two fans on the bottom. They > attach to the bottom of the drive and have an in-line power coupler that > you can put between the power supply and the drive itself. I got them > for $10 (US) a piece and since then have not had a single drive failure > or heat problem. YMMV of course. Sounds good. What brand and model of heatsink do you use? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Compatible DVD Burner with Linux
> - Original Message - > From: "Pedro M. (Morphix User)" <[EMAIL PROTECTED]> > Date: Tuesday, May 11, 2004 1:51 pm > Subject: Re: Compatible DVD Burner with Linux > >> David Cunningham escribió: >> >> >Hi people. I'm looking at the NEC ND-2500A as a solution for >> writing DVDs >> >under Linux. Does anyone have experience with using this drive >> for writing >> >DVDs under Linux? If not can you recommend a good DVD burner >> that will >> >"play nice" with Linux userland tools? >> > >> >Thanks in advance. >> > > > I bought the NEC 2500A a couple of months ago. I burn mostly data DVDs > on Redhat 9 under K3B. Works like a dream. No coasters, no > complaints. Great price-point too. All in all, A1. > > HTH, > > Chris Thanks for the feedback Christopher. Do you have any trouble getting the NEC ND-2500A to burn DVDs at 8X on Linux? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Does nice-ness exist for bandwidth? [sic]
> Can I nice various network jobs [eg, web-browsing, apt-get update, > mail-get] > like I would a CPU process. > > Here's the deal. > > Using nice on my linux box is great. > eg. > nice make-kpkg --revision=x kernel_image > > While compiling my kernel I still get priority to other > things that I'm doing [mozilla, ooffice, etc] but if I'm > not doing anything all my cpu cycles go to the compile. > [I'm sure most people know what nice is but I want to make > sure my point is clear.] > > I'd like to do the same thing with respect to bandwidth. > eg. > netnice wget http://foo.com/dirty_big_download > netnice apt-get dist-upgrade > > Now if I'm web-browsing and reading a page already loaded > all the bandwidth goes to wget/apt-get. > But when I am loading a web-site or checking my mail then > the priority for the bandwidth goes to the browser like > in the cpu-nice example. > > === > Does an application that achieves the above exist currently? > If not; is it possible or even a good idea? > > Thankyou, > > Lex. > > PS - I'd appreciate a CC because I'm not on user list but > I will check the web archives regardless. > I believe I read recently that tc (traffic control) and iptables can be combined to provide a solution for what you're describing. Someone correct me if I'm wrong but it seems you can use iptables to set rules such that all web traffic (port 80 and 443 for example) can be directed into one traffic management queue (queue discipline?) and all apt-get traffic can be routed into another queue (depending on which tcp port it uses) and so on. I plan to implement (try to implement) this myself soon. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: cdrecord error
- Original Message - From: "Peter Rohrman" <[EMAIL PROTECTED]> To: "Thomas Adam" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, May 13, 2004 1:23 PM Subject: Re: cdrecord error > Well, I couldn't get "cdrecord" to work under Debian, so I went back and > installed Solaris x86. Funny thing happened when I did that. Solaris x86 > was giving me the same error when I tried to run "cdrecord." After poking > around for a while, I noticed that volmgt was on. I shut off volmgt, and > viola! cdrecord worked on Solaris x86!!! > > Is there a volmgt on Debian in my way of using cdrecord? If someone out > there knows, please pass it on as I would rather use debian than Sol x86. > > Pete It's a known issue on Solaris that you must disable volmgt in order for cdrecord to work. On Linux you *must* have three things: (1) a parameter passed to the kernel at boot time, (2) the ide-scsi kernel module loaded, (3) cdrecord. Here's a step by step. Be root to proceed. First of all be sure you know which device file (under /dev) refers to your cd burner. If it's primary slave then it's /dev/hdb and if it's secondary master then it's /dev/hdc and if it's secondary slave then it's /dev/hdd. Lat's say for sake of argument it's secondary master (/dev/hdc). Then your lilo append line must look like this: append="hdc=ide-scsi" If you already have an append line with other arguments in it then be sure to include those arguments between the quotes. The important part is that you use the correct device name, "hdc=ide-scsi" or "hdd=ide-scsi" or whatever is needed. When this is done, run lilo, reboot and check to see if your kernel recognized it. Issue this command: dmesg | grep ide_setup You should see something like "ide_setup: hdc=ide-scsi" appear. That takes care of step 1. Now you need to load the ide-scsi driver. I'm going to assume you don't have it compiled directly into the kernel. Issue this line from the command prompt. modprobe ide-scsi Now if you run dmesg you should see something like this toward the end of the dmesg output: scsi0 : SCSI host adapter emulation for IDE ATAPI devices Vendor: SONY Model: CD-RW CRX0811 Rev: MYS2 Type: CD-ROM ANSI SCSI revision: 02 Now you're very close to being able to use your burner. The last step is to use cdrecord. Cdrecord expects your burner to be a scsi device. To find the scsi device number you're best off typing this: cdrecord --scanbus The output should resemble this (more or less): Cdrecord 2.00.3 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling Linux sg driver version: 3.1.25 Using libscg version 'schily-0.7' scsibus0: 0,0,0 0) 'SONY' 'CD-RW CRX0811 ' 'MYS2' Removable CD-ROM 0,1,0 1) * 0,2,0 2) * 0,3,0 3) * 0,4,0 4) * 0,5,0 5) * 0,6,0 6) * 0,7,0 7) * scsibus1: 1,0,0 100) 'SIIG' 'CompactFlash Car' '0113' Removable Disk 1,1,0 101) * 1,2,0 102) * 1,3,0 103) * 1,4,0 104) * 1,5,0 105) * 1,6,0 106) * 1,7,0 107) * If that doesn't work try modprobe sg first. This tells us the scsi device of the burner is 0,0,0. That's the argument you provide to cdrecord. The following line works just fine on my system: cdrecord -v -speed 8 -dev 0,0,0 example.iso All these things must be correct. You need to get the scsi device number correct, the kernel must acknowledge your cd burner in the dmesg output, you must supply the correct /dev/hdX device name, and the ide-scsi module must be loaded. If any of these things are missing or wrong then all bets are off. Hope this helps! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: cdrecord error
Yeah. I'm interested to know if that works for you. I was worried there for a bit. I thought maybe you had a 2.6 kernel and I didn't realize it. <|>/\\/|<|> > David, > > That sounds like a plan. Next week, I'll wipe out Sol x86 and put Debian > back on. I don't think that sarge gives me the 2.6 kernel, so I guess > that I don't have to worry about what Greg added to this thread. > > I'll let you know how it goes. > > Pete > > On Thu, 13 May 2004, David Cunningham wrote: > > > - Original Message - > > From: "Peter Rohrman" <[EMAIL PROTECTED]> > > To: "Thomas Adam" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Thursday, May 13, 2004 1:23 PM > > Subject: Re: cdrecord error > > > > > > > Well, I couldn't get "cdrecord" to work under Debian, so I went back and > > > installed Solaris x86. Funny thing happened when I did that. Solaris x86 > > > was giving me the same error when I tried to run "cdrecord." After poking > > > around for a while, I noticed that volmgt was on. I shut off volmgt, and > > > viola! cdrecord worked on Solaris x86!!! > > > > > > Is there a volmgt on Debian in my way of using cdrecord? If someone out > > > there knows, please pass it on as I would rather use debian than Sol x86. > > > > > > Pete > > > > > > > > It's a known issue on Solaris that you must disable volmgt in order for > > cdrecord to work. On Linux you *must* have three things: (1) a parameter > > passed to the kernel at boot time, (2) the ide-scsi kernel module loaded, > > (3) cdrecord. > > > > Here's a step by step. Be root to proceed. First of all be sure you know > > which device file (under /dev) refers to your cd burner. If it's primary > > slave then it's /dev/hdb and if it's secondary master then it's /dev/hdc and > > if it's secondary slave then it's /dev/hdd. > > > > Lat's say for sake of argument it's secondary master (/dev/hdc). Then your > > lilo append line must look like this: > > append="hdc=ide-scsi" > > > > If you already have an append line with other arguments in it then be sure > > to include those arguments between the quotes. > > The important part is that you use the correct device name, "hdc=ide-scsi" > > or "hdd=ide-scsi" or whatever is needed. > > > > When this is done, run lilo, reboot and check to see if your kernel > > recognized it. Issue this command: > > dmesg | grep ide_setup > > > > You should see something like "ide_setup: hdc=ide-scsi" appear. That takes > > care of step 1. Now you need to load the ide-scsi driver. I'm going to > > assume you don't have it compiled directly into the kernel. Issue this line > > from the command prompt. > > modprobe ide-scsi > > > > Now if you run dmesg you should see something like this toward the end of > > the dmesg output: > > scsi0 : SCSI host adapter emulation for IDE ATAPI devices > > Vendor: SONY Model: CD-RW CRX0811 Rev: MYS2 > > Type: CD-ROM ANSI SCSI revision: 02 > > > > Now you're very close to being able to use your burner. The last step is to > > use cdrecord. Cdrecord expects your burner to be a scsi device. To find > > the scsi device number you're best off typing this: > > cdrecord --scanbus > > > > The output should resemble this (more or less): > > Cdrecord 2.00.3 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling > > Linux sg driver version: 3.1.25 > > Using libscg version 'schily-0.7' > > scsibus0: > > 0,0,0 0) 'SONY' 'CD-RW CRX0811 ' 'MYS2' Removable CD-ROM > > 0,1,0 1) * > > 0,2,0 2) * > > 0,3,0 3) * > > 0,4,0 4) * > > 0,5,0 5) * > > 0,6,0 6) * > > 0,7,0 7) * > > scsibus1: > > 1,0,0 100) 'SIIG' 'CompactFlash Car' '0113' Removable Disk > > 1,1,0 101) * > > 1,2,0 102) * > > 1,3,0 103) * > > 1,4,0 104) * > > 1,5,0 105) * > > 1,6,0 106) * > > 1,7,0 107) * > > > > If that doesn't work try modprobe sg first. > > This tells us the scsi device of the burner is 0,0,0. That's the argument > > you provide to cdrecord. The following line works just fine on my system: > > cdrecord -v -speed 8 -dev 0,0,0 example.iso > > > > All these things must be correct. You need to get the scsi device number > > correct, the kernel must acknowledge your cd burner in the dmesg output, you > > must supply the correct /dev/hdX device name, and the ide-scsi module must > > be loaded. If any of these things are missing or wrong then all bets are > > off. Hope this helps! > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: squid + transparent proxying + ssl prots ?
> >> Hi. > >> > >> Please can some one advise how to setup squid to transparently proxy ssl > >> ports, it's currently proxing http with no problem.. > >> > >> Many thanks > >> Gregory Machin > >> > > > > It sounds like what you need is masquerading or possibly port forwarding. > > I > > manage a squid proxy for my company but no other connections are proxied. > > Instead we use a machine as an internet gateway and use masquerading to > > route SSH connections off the local private subnet to the internet. Many > > organizations do this. One way to do this is with iptables. Let me know > > if > > you'd like some examples. > > > > <|>/\\/|<|> > > > > yip that sounds corrcet do you have an example for me ? of how to forward > from my internal nic to the gatway nic ? > > Thanks a stack The best way to do this depends on what you already have set up and your company's security policies. I'll give you an example of how I do it and perhaps you can figure out the best way to apply these ideas to your own setup. Please note, I'm not an "expert" in this area. I can however tell you what works for me and what my understanding is of the subject. You're likely to get some follow up emails with corrections about my explanation here. First of all the company I work for has a number of machines on their private network. We use "net 10" for our lan. There is one gateway machine and all internet access from clients on net 10 gets routed through the gateway machine. The gateway machine is connected both to net 10 and to an internet router by way of a firewall. Here's a crude picture of that setup: Clients on net 10. 10.0.0.1 though 10.0.0.253 | Connect via lan cable and switches to | Gateway machine (10.0.0.254 lan side / 62.192.14.212 internet side) | Connects via lan cable to | Internet firewall | Connects via cable and router to | Our ISP which in turn connects us to the internet The default gateway of all the lan clients is set to the lan side address of the gateway machine (10.0.0.254) This means all internet requests must pass through this one machine to reach the internet. The internet IP of our gateway is (hypothetically) 62.192.14.212. The iptables command can be used to perform a range of functions in Linux including forwarding, firewalling with stateful packet inspection and the masquerading function so that all your clients may access the internet. When properly configured, the gateway will forward packets from any of your lan clients to the internet and forward any returning traffic back to the correct client on your lan. This is similar to proxying but (put simply) there is no caching involved. Here's is a VERY BASIC script for iptables that demonstrates a way to perform masquerading. You run this script on your Linux gateway. Generally you will want to add a number of additional firewall rules to help secure your gateway. While this script should work for your setup, it is not to be considered the final or complete solution for your setup. I expressly disclaim any liability for what this script will do once used in your organization. It's simply the minimum required to successfully activate ip masquerading for your network. For more information on iptables you can go check out http://www.netfilter.org/ . You'll find a lot of valuable information there. Basically what this script does is allow most lan traffic unrestricted access to the internet and only allow internet traffic to reach the lan if it is in response to a host on the lan. There are many ways to configure this to accomplish your own tasks. This is just one way. It really should be hardened with additional rules to afford your gateway more protection. However this script has been sufficient (security wise) on my personal lan at home because my internet router is also a firewall. The script I use at my company is more complex and involves firewalling as a layer of redundancy to the commercial firewall. #!/bin/bash IPTABLES=/usr/sbin/iptables MODPROBE=/sbin/modprobe LOCALNET=10.0.0.0/8 INT=eth0 # Name of the internal lan side network card EXT=eth1 # Name of the external internet side network card $MODPROBE ipt_MASQUERADE $MODPROBE ip_conntrack_ftp $MODPROBE ip_nat_ftp # Enable forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # This clears existing rules and sets default policies # These policies assume you have a firewall between the gateway and the internet $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F $IPTABLES -t mangle -F # Masquerading rules $IPTABLES -A FORWARD -i $EXT -o $INT -d $LOCALNET -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INT -o $EXT -s $LOCALNET -j ACCEPT # Perform actual masquerading in postrouting $IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE To customize this script
Re: squid + transparent proxying + ssl prots ?
> yip that sounds corrcet do you have an example for me ? of how to forward > from my internal nic to the gatway nic ? > > Thanks a stack > >> Hi. > >> > >> Please can some one advise how to setup squid to transparently proxy ssl > >> ports, it's currently proxing http with no problem.. > >> > >> Many thanks > >> Gregory Machin > >> > > > > It sounds like what you need is masquerading or possibly port forwarding. > > I > > manage a squid proxy for my company but no other connections are proxied. > > Instead we use a machine as an internet gateway and use masquerading to > > route SSH connections off the local private subnet to the internet. Many > > organizations do this. One way to do this is with iptables. Let me know > > if > > you'd like some examples. > > > > <|>/\\/|<|> Hmm. Looks like some lines were wrapped in my last post. Here's the script again as an attachment. <|>/\\/|<|> #!/bin/bash IPTABLES=/usr/sbin/iptables MODPROBE=/sbin/modprobe LOCALNET=10.0.0.0/8 INT=eth0 # Name of the internal lan side network card EXT=eth1 # Name of the external internet side network card $MODPROBE ipt_MASQUERADE $MODPROBE ip_conntrack_ftp $MODPROBE ip_nat_ftp # Enable forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # This clears existing rules and sets default policies # These policies assume you have a firewall between the gateway and the internet $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F $IPTABLES -t mangle -F # Masquerading rules $IPTABLES -A FORWARD -i $EXT -o $INT -d $LOCALNET -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INT -o $EXT -s $LOCALNET -j ACCEPT # Perform actual masquerading in postrouting $IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE
Re: mouse doesnt work in console
> On Sun, 9 May 2004 11:39:39 -0600, Bob wrote: > >> > >Yes. Stop X first. Get it working on the console before worrying > >about it working in X. By leaving X reading from /dev/psaux you now > >have two different processes reading the same device. > > I have done that, in many diferent ways: > - killing X and gpm, restarting gpm : nothing > -changing /etc/X11/default-display-manager to start in console after reboot, > then killing gpm, and making gpmconfig using diferent configurations (imps2, > ps2, autops2; repeat_type raw, ms3, none): nothing > > I get this information related whit gpm > > $ ps -ef | grep gpm > root 397 1 0 18:00 ?00:00:00 gpm > root 928 926 0 22:37 pts/100:00:00 grep gpm > > $ ls -l /dev/gpm* > srwxrwxrwx1 root root0 may 9 18:00 /dev/gpmctl > prwxr-xr-x1 root root0 may 9 18:00 /dev/gpmdata > > I changed those x permissions on /dev/gpmdata (i thought it could make a > difference, but nothing) > > $ ls -l /dev/psaux > crw---1 root root 10, 1 may 9 22:37 /dev/psaux > > (I dont know what the c means) > > $ ls -l /var/run/gpm.pid > -rw---1 root root4 may 9 18:00 /var/run/gpm.pid > > $ gpm -v > gpm 1.19.6, Thu Oct 4 00:21:21 CEST 2001 > > I really dont know what the problem is. > > >Note that depending upon the presence of 'mousedev' as a kernel module > >mouse events will be automatically repeated to /dev/input/mice which > >should also be in your X config file. See the kernel docs on mousedev > >for more information. > > I installed mousedev with modconf, but it didnt change my X config file, it is > still /dev/psaux. > > The thing is: > /dev/psaux is the correct device > gpm.conf is OK > files related with gpm are OK > > but gpm doesnt work! what am I doing wrong? > Thanks > > Andres > Something else you might try is compiling gpm from scratch. I had a similar problem until I downloaded and compiled a newer version. Also, what results do you get with: gpm -m /dev/psaux -t imps2 <|>/\\/|<|> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: squid + transparent proxying + ssl prots ?
> Hi. > > Please can some one advise how to setup squid to transparently proxy ssl > ports, it's currently proxing http with no problem.. > > Many thanks > Gregory Machin > It sounds like what you need is masquerading or possibly port forwarding. I manage a squid proxy for my company but no other connections are proxied. Instead we use a machine as an internet gateway and use masquerading to route SSH connections off the local private subnet to the internet. Many organizations do this. One way to do this is with iptables. Let me know if you'd like some examples. <|>/\\/|<|> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
