FW: Smoothwall and other Linux FWs & ADSL (Revisited)
I've been using SmoothWall for a long time now with ADSL, I agree that as a firewall with pptp it isn't working on Israeli lines, I'm using it only as a router + firewall (3 legs - inter/intra/dmz) and as such it is very good. About the "forked" distro, it's still based on the 2.2 kernel, with all the problems it has, so as a firewall I wouldn't recommend it... they just took SmoothWall for what it had in the 0.99 version and changed the gui(web site), all the bugs and vulnerabilities are still there. Regarding SmoothWall or others as a firewall, of course its best to use a hardened distro for a firewall, but it also may have its own "new" bugs, so every distro has to be checked for what it is. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eli Marmor Sent: Monday, December 02, 2002 6:46 AM To: Raft of Circumcised Penguins Subject: Re: Smoothwall and other Linux FWs & ADSL (Revisited) Meir Kriheli wrote: > I've used smoothwall, till I found about the fully GPLed fork of it named > IPCop (ipcop.sf.net). This one worked great for me and for some of my clients > and supports pptp out of the box. > > PS > > The fork started 'cause smoothwall's lead developer is a real ass. He was > physically attacked some time ago ( as rude as he was, I don't think he > deserved that). > > I couldn't believe the treatment he gave to users of the GPL edition in the > mailing lists, it was very rude. IPCop developers are more pleasent and > helpfull. I suggest giving it a try (their wiki at sf.net seems problematic > for now, hope it gets fixed soon). IPCop is still based on kernel 2.2, so it doesn't support iptables, contrary to the distros I mentioned (LEAF, WOLVERINE and DEVIL-LINUX). If you want to check it nevertheless, and don't have patience to wait till their wiki is up, try the following link: http://216.239.33.100/search?q=cache:CDW_96LQBo4C:ipcop.org/&hl=en&ie=UTF-8 -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: units - was [OT] Story: The case of the 500-mile email
On Sun, 01 Dec 2002 19:07:50 +0200, voguemaster <[EMAIL PROTECTED]> wrote: > > 3. Using SIGALARM. I forgot how this is implemented. Never did go into this since > it has problems (also among platforms). SIGALARM can be used by setting a signal handler (that does nothing). It functions by interrupting (and thus terminating) the current IO operation. You activate the timer by calling `alarm' (simpler, whole seconds) or `setitimer' (more complicated, allow microseconds). I use both `select' with timeout, and `alarm' in client-server TCP applications. > Regarding the speed of light, beeing a physicist myself I have to agree :-) > The signals don't even come close to traveling at the speed of light, as any ping > can show... The ping proves nothing. Most of the ping delay is "computing" delay caused by the NICs and the switches (and routers and bridges for WAN). Some of the delay is caused by the bandwidth. Ehud. -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ mailto:[EMAIL PROTECTED] Better Safe Than Sorry = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: The PS1 puzzle in RH7.3/Gnome
On Sun, 1 Dec 2002 19:46:07 +0200 (EET), Omer Zak <[EMAIL PROTECTED]> wrote: > > Can someone please point out which system script clobbers my precious > setting of PS1 or what other mistake did I commit? The simplest way is to add "set -x" to your script. You'll see if it is really called and any command executed afterward. If you want to save the output to disk add "exec 2> disk-file-name" (this has the disadvantage of hiding the prompt, to see the prompt and all commands run the command "tail -f -n 0 disk-file-name &" ). Ehud -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ mailto:[EMAIL PROTECTED] Better Safe Than Sorry = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: units - was [OT] Story: The case of the 500-mile email
"Ehud Karni" <[EMAIL PROTECTED]> writes: > The ping proves nothing. Most of the ping delay is "computing" delay > caused by the NICs and the switches (and routers and bridges for WAN). > Some of the delay is caused by the bandwidth. While I agree with you in the context of the comment you are replying to, check out this measurement of the speed of light with ping: http://xxx.lanl.gov/abs/physics/0201053 ;-) -- Oleg Goldshmidt | [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
wine spec?
I am compiling wine most of the, time and would like to package it before installing. Anyone has a nice spec made up before I make one/google for one? = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
The bright future of VMware
As those who follow the questions which I have recently posted to Linux-IL could predict, I have recently experimented with VMware's wares. My conclusion led me quicly to the investor relationship page in their Web site, where I was informed that the company is privately held, so I can't buy their shares. No wonder. The smart venture capitalists dump on the public worthless shares in lame dotcoms, while they keep to themselves the really good stuff. On the other hand, I am predicting bright future for them. After people learn the VMware way to reduce the pain of administering MS-Windows installations, they'll cease to directly install MS-Windows on their PCs, choosing instead to install them in virtual machines running on more stable (such as Linux) hosts. For this to happen, however, VMware will have to develop some drivers to allow real-time DVD and video playing, and the like (not a serious problem, if they can exploit the consumer market). The benefits from switching from direct installation to virtual machine based installation: 1. Windows XP activation mechanism won't prevent you from upgrading your hardware, as the virtual machine (which is all that Windows XP sees) stays the same. 2. You can save a checkpoint of your virtual machine at some other place before trying dangerous software. If the software corrupts your installation inside the virtual machine, you just copy back from the checkpoint, instead of reinstalling everything. 3. Disinfecting a virus-infected PC is matter of: - Copying your important (and uninfected) files outside to Linux filesystem (using Samba). - Copying back the virtual machine files from backup copy. - After rebooting, copy back your files from the Linux filesystem. 4. If you sandbox a virtual machine (no access to your Linux filesystem), you can run it without antivirus, and since VMware tries not to slowdown your system too much, you gain back large part of the computer's performance. 5. For busy professionals, who really need stable PCs, the cost of VMware (about $300 per license) is recouped by not having to twice put the PC out of service for 1/2 day each time, for OS+applications reinstallation. One day, maybe I'll try to use VMware to ressurect my MS-Windows 95 installation, which survived several years without having to reinstall everything from the beginning, and which died only when I was forced to upgrade my PC's motherboard. --- Omer WARNING TO SPAMMERS: see at http://www.zak.co.il/spamwarning.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: units - was [OT] Story: The case of the 500-mile email
02/12/02 11:52:53, Ehud Karni <[EMAIL PROTECTED]> wrote: >On Sun, 01 Dec 2002 19:07:50 +0200, voguemaster <[EMAIL PROTECTED]> wrote: >> >> 3. Using SIGALARM. I forgot how this is implemented. Never did go into this since >> it has problems (also among platforms). > >SIGALARM can be used by setting a signal handler (that does nothing). >It functions by interrupting (and thus terminating) the current IO >operation. You activate the timer by calling `alarm' (simpler, whole >seconds) or `setitimer' (more complicated, allow microseconds). I use >both `select' with timeout, and `alarm' in client-server TCP >applications. Was merely saying I forgot the details of it. Using SIGALARM is a bad scheme for timeouts. > >The ping proves nothing. Most of the ping delay is "computing" delay >caused by the NICs and the switches (and routers and bridges for WAN). >Some of the delay is caused by the bandwidth. Thanks for saying exactly what I did. The ping shows that information on the network doesn't even come close to the speed of light. That was my point. Eli "There's so many different worlds So many different suns And we have just one world But we live in different ones.." - Dire Straits - "Brothers in Arms" = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
[SOLVED] Re: The PS1 puzzle in RH7.3/Gnome
On 1 Dec 2002, Oleg Goldshmidt wrote: > I would be very surprized if ~/.bash_profile got executed for every > xterm. It should not be: ~/.bash_profile is only sourced for login > shells, cf. "man bash". From your description, I think your system > behaves properly and according to documentation. > > I export PS1 and PS2 from ~/.bashrc, which works just fine. I moved the assignment to PS1 from .bash_profile to .bashrc, and now it works great. Thanks! My surprise is that assignments to PS1 made in .bash_profile were not inherited by the shells in xterms. Thanks also to the others, who made the effort to contribute advice. --- Omer WARNING TO SPAMMERS: see at http://www.zak.co.il/spamwarning.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Hack sought
Hi all, I'm having this small but nagging problem and I thought I might find some enlightment here. The essential part of the problem description (you don't want to hear the whole story...) is this: I have a client machine which sends UDP datagrams to a Linux based server. Under some specific circumstances, some box in the middle (upon which I have no control) mangles the UDP checksum, so the packet reaches the server with incorrect checksum, and hence conveniently and silently discarded. Assume, for the moment, that I have no control over the path, so the packet *does* arrive broken. And assume further, that it *is* intact (except for the CS), and also assume that I do want it to be accepted at the server. I'm seeking a Q&D hack to help this happen. (yeah, I know, this is counter-RFC, don't tell anyone...). Ideally, what I'd like is to have an iptables mangle rule, which will just insert 0 into the CS field of any UDP packet that satisfies some criteria (zero is legit UDP). Can this be done without writing iptables extension modules? Or, is there a way to tell the kernel not to drop bad CS UDP packets? (short glance at some kernel code implies that short of a patch, the answer is no - but I didn't really look that hard - yet). (btw it's an old - 2.2.19 - kernel. Don't ask...). Thanks! Doron = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: The bright future of VMware
> My conclusion led me quicly to the investor relationship page in their > Web site, where I was informed that the company is privately held, so > I can't buy their shares. No wonder. The smart venture capitalists > dump on the public worthless shares in lame dotcoms, while they keep > to themselves the really good stuff. Well, their biggest investment came from Dell Investment arm. Dell invested $20 million at VMWare. According to their managment (some of their managers are Israelies) they are in profit since the early beginning. > On the other hand, I am predicting bright future for them. After > people learn the VMware way to reduce the pain of administering MS-Windows > installations, they'll cease to directly install MS-Windows on their > PCs, choosing instead to install them in virtual machines running on more > stable (such as Linux) hosts. Hardly. 1. VMWare in most cases runs at 50% of your machine speed, with half of your memory. 2. VMWare PC emulation is incomplete (see panics with the latest .Net build beta, longhorn alpha, Red Hat 8.0 panics etc) - they add stuff as they release new versions (3.2 as I write this email doesn't fully support 8.0 and rawhide) > For this to happen, however, VMware will have to develop some drivers > to allow real-time DVD and video playing, and the like (not a serious > problem, if they can exploit the consumer market). Very problematic issues which envolves some heavy tuning for real time and fast performance (thats why you don't have full screen video for example). Add to that the fact that VMWare don't have so far any intention to do more hardware direct support (like their partial USB stuff - try to connect a webcam to a VMWare session or any async stuff hardware to see what I mean). > The benefits from switching from direct installation to virtual machine > based installation: > > 1. Windows XP activation mechanism won't prevent you from upgrading > your hardware, as the virtual machine (which is all that Windows XP > sees) stays the same. Wrong. Try to change the "hardware" enviroment in a legit Win XP copy for more thrn 6 times and you'll get the activation key request. > 2. You can save a checkpoint of your virtual machine at some other > place before trying dangerous software. If the software corrupts > your installation inside the virtual machine, you just copy back > from the checkpoint, instead of reinstalling everything. And you can do it with XP (system restore to a previous date/time) or simply save your registry. Of course, saving a snapshot of your virtual disk is a great plus ;) > 3. Disinfecting a virus-infected PC is matter of: - Copying your > important (and uninfected) files outside to Linux filesystem > (using Samba). - Copying back the virtual machine files from backup copy. >- After rebooting, copy back your files from the Linux filesystem. You can also boot your machine into a "Live" Linux distribution, save your files, and restore your windows session.. > 4. If you sandbox a virtual machine (no access to your Linux > filesystem), you can run it without antivirus, and since VMware > tries not to slowdown your system too much, you gain back large part > of the computer's performance. It slows down lots of times. Ever tried to run Red Hat 8.0 graphical desktop inside vmware? You'll see how slow it is if you're using VMWare display instead of forwarding X sessions.. > 5. For busy professionals, who really need stable PCs, the cost of VMware > >(about $300 per license) is recouped by not having to twice put the > PC out of service for 1/2 day each time, for OS+applications reinstallation. It got it place, but I hardly see anyone starting to use VMWare and their Windows as guest. The VMware people are investing their efforts on VMWare ESX and GSX. I tested their VMWare ESX and it's a really great. Install it on a very high end server (4+ processors, 16GB RAM with plenty of disk space) and install to your client their KVM clients - and it works like a charm. You'll get a Red Hat 6.2 console on the server and the scripting stuff to do tasks between VM's is really amazing (do some scripts, ask the script to reboot some vm to do something, switch live to another vm with another OS - really cool stuff) but it costs few thousand dollars. The GSX version is for something like 4 guest OS's running in 1 machine (you need 2+ processors, 2GB RAM etc)... On the other hand I do see some bright future to ... wine. I've been talking on the phone with Jeremy White (CEO of CodeWeavers) and they'll publish soon their road-map. Their current work shows some really cool progress, with multiple windows versions emulation (to run several versions of the same app without chocking your machine), and lots of applications supported (office stuff, multimedia stuff soon (so video will be shown way better), and other stuff.. don't take my word, look at it: h
DiskOnKey Problem
Hi Clan, I am having a problem with an old 32 MB DiskOnKey I got a a present. First time I pluged it in it got detected as /dev/sda - no problem there... But when I copy files to it and then try to read them on a Win machine I get the message: "Media not formated, whould you like to format it now?" What gives? Any ideas? Amichai. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: DiskOnKey Problem
Quoting Amichai Rotman, from the post of Tue, 03 Dec: > First time I pluged it in it got detected as /dev/sda - no problem there.. > > But when I copy files to it and then try to read them on a Win machine I get > the message: "Media not formated, whould you like to format it now?" well, if it's anything like a zip drive (just one example) it must have a /dev/sda3 partition formatted to vfat to be recognized by winblows. why the third partition? who knows... maybe to signify a removable media. the best is format it from windows and use whatever it did there from linux. in any case, it has to be a vfat partition, and not the entire sda itself. good luck! -- No rocket scientist Ira Abramov http://ira.abramov.org/email/ This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal. msg23694/pgp0.pgp Description: PGP signature
Re: DiskOnKey Problem
On Tue, 2002-12-03 at 01:59, Amichai Rotman wrote: > Hi Clan, > > I am having a problem with an old 32 MB DiskOnKey I got a a present. > > First time I pluged it in it got detected as /dev/sda - no problem there... > > But when I copy files to it and then try to read them on a Win machine I get > the message: "Media not formated, whould you like to format it now?" If it's anything like mine you simply need to use the 'vfat' filesystem with it because Windows doesn't udnerstand any other format. Here it works great. Gilad. -- Gilad Ben-Yossef <[EMAIL PROTECTED]> http://benyossef.com "Geeks rock bands cool name #8192: RAID against the machine" = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Hack sought
On Tue, 2002-12-03 at 00:52, Doron Shikmoni wrote: > Ideally, what I'd like is to have an iptables mangle rule, which will > just insert 0 into the CS field of any UDP packet that satisfies some > criteria (zero is legit UDP). Can this be done without writing iptables > extension modules? > Or, is there a way to tell the kernel not to drop bad CS UDP packets? > (short glance at some kernel code implies that short of a patch, the > answer is no - but I didn't really look that hard - yet). > (btw it's an old - 2.2.19 - kernel. Don't ask...). Ok, first since it's a 2.2.x kernel then you don't have iptables at all - only ipchains. Second, the quickest hack I can think of (save of writing a kernel module or patching the kernel) is to write a small program that captures the packet in user space (opens a raw promiscious socket and listens for it, perhaps by using libpcap to do the really dirty work) and then injects the corrected packet back to the kernel via 'netlink'. A little hairy, but it's easier to debug user space code. Hope this helps, Gilad. > > Thanks! > Doron > > > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > -- Gilad Ben-Yossef <[EMAIL PROTECTED]> http://benyossef.com "Geeks rock bands cool name #8192: RAID against the machine" = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
