10 Aug
2001
10 Aug
'01
8:51 a.m.
Here's the situation:
Net DSL Windowsbox LAN(dhcp) Linuxbox
The LAN, naturally, has a 192.168.0.0 range of IPs (I think it's a
class C). The DSL modem is connected to the Winbox on USB and the LAN
is a 5-port hub supporting a windows network, with my Linux box (say
hello to gort, folks) creeping in using dhcpd.
The Linux box, and any box on the LAN, can access everything. I think
the Net cannot access anything but the Windows box on the DSL modem
(see <http://gort.cjb.net/>. That's the Winbox.).
Now I need POP3 (and HTTP et al, if possible) access to the Linux box
from the outside world. IP forwarding is enabled on the Winbox.
What do I do now?
PS: Can I get a static IP on the internal network with minimal changes
to the other boxen?
--
Satya. <URL:http://satya.virtualave.net/>
US-bound grad students! For pre-apps, see <URL:http://quickapps.cjb.net/>
10 Aug
10 Aug
3:14 p.m.
--- Satya <satyap(a)satya.virtualave.net> wrote:
Here's the situation:
Net DSL Windowsbox LAN(dhcp) Linuxbox
The LAN, naturally, has a 192.168.0.0 range of IPs
(I think it's a
class C). The DSL modem is connected to the Winbox
on USB and the LAN
is a 5-port hub supporting a windows network, with
my Linux box (say
hello to gort, folks) creeping in using dhcpd.
The Linux box, and any box on the LAN, can access
everything. I think
the Net cannot access anything but the Windows box
on the DSL modem
(see <http://gort.cjb.net/>. That's the Winbox.).
Now I need POP3 (and HTTP et al, if possible) access
to the Linux box
from the outside world. IP forwarding is enabled on
the Winbox.
What do I do now?
PS: Can I get a static IP on the internal network
with minimal changes
to the other boxen?
First, since you're using a 192.168.x.x address, you
cannot afford to connect this LAN to the outside
world, since this address range is a private RFC 1918
assigned one. The Linux box is a part of this subnet,
and so there would be no point in giving it a static
IP on this LAN. What you could do however is to add a
second NIC to the Linux box, give it an external
static IP address (a public address, of course), and
connect it to the outside world, after properly
firewalling it.
If your DSL connection works anything like a sync
serial PPP link, what you need to do is to ask your
ISP to give you two static IP's, with one being for
your Windows box on which you enable IP forwarding.
Your ISP would actually assign you a (say) 4 address
IP subnet, of which of course one address would go for
the network address, one for broadcast and you would
then have two addresses left. One address of these
would be used for your Windows box and one for the
Linux box. This is of course just my guess, that you
can set DSL up the same way that you do a serial link
- but I think it can be done. You would have to
enable IP forwarding on your Windows box for this to
work.
Another option is to use Network Address Translation
(NAT), to rewrite IP packets coming in to access a
particular service on a a private machine within the
network. I do not really recommend this though, as
the security issues can cause you a good deal of
grief.
BTW, I find it rather curious that you're running a
Windows box as a public host, when you have a far
better (Linux) alternative. Why, why, why?
HTH,
Krishnan
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
10:24 p.m.
On Aug 10, 2001 at 05:56, S. Krishnan wrote:
ISP ________ ________
side | | | |
--------|WinBox |-----|LinuxBox|----- To private
|________| |________| network
Enable IP
fwdg on Win
No. And there's a lot of confusion about the network topology I have
here, which I should have specified clearly in my original post:
WinboxNIC
|
DSL -- USBWinboxNIC -- Hub -- NICLinbox
|
NICWinbox
If he does not enable IP forwarding on the Windows
machine, how is he going to connect the Linux box to
the outside world so that outside people have access
Point.
to it? Remember, he wanted people to have web and
POP3 access, so that obviously he needs the Linux
Correct.
suggestion, since you suggest two NIC's, one for
the
WAN and one for the internal LAN, and not to enable IP
forwarding on Linux. You do not seem to have read my
I don't want IP forwarding on Linux. If that were the case, things
would be very easy!
post correctly, since I had suggested that he enable
IP forwarding on the gateway machine, which in fact is
the Windows machine, and not on the Linux box.
Which I've already done. Now how to access the Linbox from outside?
Granted, I forgot to add that he needed an additional
LAN card to provide routing services for a public IP
address for the Linux box.
Hm hm hm?
using Windows forwarding services - but that will mean
an additional network card on the Windows gateway.
The configuration shown above will do it, eh?
have no idea if it will support multipoint forwarding
services, with one being NAT'ed and one with full
access. Windows Proxy Server ought to work, however.
That's what I want, I think.
configure it that causes all the problems. Remember,
you cannot access the outside world through a firewall
unless it allows IP packets to be forwarded, whether
it is on Windows or Linux or FreeBSD or whatever.
That is what iptables, ipchains, ipfilter, ipfw, etc.
I get the general idea, but I need specifics. How do I address my
Linux box from the outside now?
On Aug 10, 2001 at 20:21, premstud(a)vsnl.com wrote:
|--------|
______|__ |--------|
ISP | 1 | | |
--------|WinBox | |LinuxBox|
|__ ___2_| |________|
|
|----- To private
network
A static route is added from the NIC 1 to the linux box
with
How to do that in Windows?
NIC 1 as the gateway for packets destined to the linux
box.
And how to do that?
The lan connects to the windows gateway through the 2nd
NIC, and is seprated from the external network.
In our case, there is one NIC for the internal network. All packets
should go to it, and those meant for the Linbox will be picked up by
it. How to translate external packets coming to 65.1.1.1 (e.g.) to
192.168.0.127 (e.g.)? And translate only those packets meant for the
Winbox. NAT?
On Aug 10, 2001 at 02:32, S. Krishnan wrote:
First, since you're using a 192.168.x.x address,
you
cannot afford to connect this LAN to the outside
world, since this address range is a private RFC 1918
::nodnodnod::
IP on this LAN. What you could do however is to add a
second NIC to the Linux box, give it an external
Nonono.
Another option is to use Network Address Translation
(NAT), to rewrite IP packets coming in to access a
particular service on a a private machine within the
network. I do not really recommend this though, as
the security issues can cause you a good deal of
grief.
Yes, but looks like this is the only way to go. What security
issues? (Besides the obvious ones of having a box on the net.)
BTW, I find it rather curious that you're running
a
Windows box as a public host, when you have a far
better (Linux) alternative. Why, why, why?
Existing legacy Windows network being invaded by the Linbox (say hello
to gort, everyone).
--
Satya. <URL:http://satya.virtualave.net/>
US-bound grad students! For pre-apps, see <URL:http://quickapps.cjb.net/>
The road to success is under construction...
10:46 p.m.
--- Satya <satyap(a)satya.virtualave.net> wrote:
On Aug 10, 2001 at 05:56, S. Krishnan wrote:
Which I've already done. Now how to access the
Linbox from outside?
A pretty conundrum, Satya. Let me apply my mind (or
what passes for one!) to it, and mail you on this
tomorrow. Actually, the whole thing gets screwed up
because of Windows. I assume you're using NT 4.0/
W2000. Could you tell me who your ISP is? That
should give me an idea of the equipment that they
deploy, which might help a little.
Cheers,
Krishnan
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Granted, I forgot to add that he needed an
additional
LAN card to provide routing services for a public
IP
address for the Linux box.
Hm hm hm?
using Windows forwarding services - but that will
mean
an additional network card on the Windows gateway.
The configuration shown above will do it, eh?
have no idea if it will support multipoint
forwarding
services, with one being NAT'ed and one with
full
access. Windows Proxy Server ought to work,
however.
That's what I want, I think.
I get the general idea, but I need specifics. How do
I address my
Linux box from the outside now?
On Aug 10, 2001 at 20:21, premstud(a)vsnl.com wrote:
|--------|
______|__ |--------|
ISP | 1 | | |
--------|WinBox | |LinuxBox|
|__ ___2_| |________|
|
|----- To private
network
A static route is added from the NIC 1 to the
linux
box with
How to do that in Windows?
NIC 1 as the gateway for packets destined to the
linux box.
And how to do that?
The lan connects to the windows gateway through
the
2nd NIC, and is seprated from the external network.
In our case, there is one NIC for the internal
network. All packets
should go to it, and those meant for the Linbox will
be picked up by
it. How to translate external packets coming to
65.1.1.1 (e.g.) to
192.168.0.127 (e.g.)? And translate only those
packets meant for the
Winbox. NAT?
11:45 p.m.
On Aug 10, 2001 at 10:05, S. Krishnan wrote:
tomorrow. Actually, the whole thing gets screwed up
because of Windows. I assume you're using NT 4.0/
No kidding!
W2000. Could you tell me who your ISP is? That
It's XP or ME right now, but the guy is changing to W2K soon. The ISP
is Directvdsl (I'm sure there're some StudlyCaps in there, but I don't
know where).
--
Satya. <URL:http://satya.virtualave.net/>
US-bound grad students! For pre-apps, see <URL:http://quickapps.cjb.net/>
The server threw an exception.
11 Aug
11 Aug
9:04 p.m.
--- Satya <satyap(a)satya.virtualave.net> wrote:
On Aug 10, 2001 at 10:05, S. Krishnan wrote:
It's XP or ME right now, but the guy is changing to
W2K soon. The ISP
is Directvdsl (I'm sure there're some StudlyCaps in
there, but I don't
know where).
Satya, I did some checking, and we need to know how
this guy is allocating IPs. DSL is a serial link, and
the issue is of deserializing it at your end. Since
you're using USB, I wonder what would happen if you
used a USB hub. It just might take care of the
necessary deserialization, so that in this case the
connection mode would depend on the DSL carrier
protocol. Actually, I know so little about DSL that I
wouldn't be able to comment any further - I have
absoultely no hands on experience or reading in this
area. (If the link layer protocol is PPP, then you
will have to route to his network, just like an ISP
leased line, or so I presume. If on the other hand it
is something other than a point-to-point protocol,
maybe you can get two IPs off it directly.) WHy don't
you talk to his network techs and see what they
suggest?
If I get something else, I will mail you offlist.
Sorry for not replying before, but the office leased
line was down (bless MTNL and their pointy little
heads), so that I had to use my home dialup to reply.
Rgds,
Krishnan
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
1:08 a.m.
> >A static route is added from the NIC 1 to the
linux
> box with
>
> How to do that in Windows?
use the "route add" command.
to see ur current routes use the "route print" command.
route add (linux ip) (linux mask) (winnic1 ip)
dest dest mask gateway
If he does not enable IP forwarding on the Windows
machine, how is he going to connect the Linux box to
the outside world so that outside people have access
Point.
why do u want to risk ur internal network
from external attacks, ur diagrams
itself states that u r using a hub. enable ip forwarding for packets
destined to
linux thru the winnic going to the hub, the other winnic leave it as it is.
Since hub is shared media, ip will be broadcasted to all the ports, linux
server
will listen to the address being called in and will respond by the specific
service.
krishnan, isps use a technique called Classless interdomain routing to
reserve
the present ip address for the maximum clients.
regards,
prem.
----- Original Message -----
From: S. Krishnan <sri_krishnan(a)yahoo.com>
To: <linuxers(a)mm.ilug-bom.org.in>
Cc: <satyap(a)satya.virtualave.net>
Sent: Friday, August 10, 2001 10:35 PM
Subject: Re: [ILUG-BOM] Windows/Linux IP forwarding?
>
> --- Satya <satyap(a)satya.virtualave.net> wrote:
> > On Aug 10, 2001 at 05:56, S. Krishnan wrote:
> > Which I've already done. Now how to access the
> > Linbox from outside?
> >
> > >Granted, I forgot to add that he needed an
> > additional
> > >LAN card to provide routing services for a public
> > IP
> > >address for the Linux box.
> >
> > Hm hm hm?
> >
> > >using Windows forwarding services - but that will
> > mean
> > >an additional network card on the Windows gateway.
> >
> > The configuration shown above will do it, eh?
> >
> > >have no idea if it will support multipoint
> > forwarding
> > >services, with one being NAT'ed and one with full
> > >access. Windows Proxy Server ought to work,
> > however.
> >
> > That's what I want, I think.
> >
> >
> > I get the general idea, but I need specifics. How do
> > I address my
> > Linux box from the outside now?
> >
> > On Aug 10, 2001 at 20:21, premstud(a)vsnl.com wrote:
> >
> > > |--------|
> > > ______|__ |--------|
> > >ISP | 1 | | |
> > >--------|WinBox | |LinuxBox|
> > > |__ ___2_| |________|
> > > |
> > > |----- To private
> > > network
> >
> >A static route is added from the NIC 1 to the
linux
> box with
>
> How to do that in Windows?
> >
> > >NIC 1 as the gateway for packets destined to the
> > linux box.
> >
> > And how to do that?
> >
> > >The lan connects to the windows gateway through the
> > 2nd NIC, and is seprated from the external network.
> >
> > In our case, there is one NIC for the internal
> > network. All packets
> > should go to it, and those meant for the Linbox will
> > be picked up by
> > it. How to translate external packets coming to
> > 65.1.1.1 (e.g.) to
> > 192.168.0.127 (e.g.)? And translate only those
> > packets meant for the
> > Winbox. NAT?
> >
> >
> A pretty conundrum, Satya. Let me apply my mind (or
> what passes for one!) to it, and mail you on this
> tomorrow. Actually, the whole thing gets screwed up
> because of Windows. I assume you're using NT 4.0/
> W2000. Could you tell me who your ISP is? That
> should give me an idea of the equipment that they
> deploy, which might help a little.
>
> Cheers,
>
> Krishnan
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
> _______________________________________________
> Next Lug Meet on 17th August on IRC @ #linuxers
> Linuxers mailing list
>
> Linuxers(a)mm.ilug-bom.org.in
>
> http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
>
>
8:48 p.m.
--- Prem D'Souza <premstud(a)vsnl.com> wrote:
krishnan, isps use a technique called Classless
interdomain routing to
reserve
the present ip address for the maximum clients.
I'm quite conversant with CIDR actually - its been
around since the early 90's. If you see my
explanation of subnets, you'll realize that what I
have described uses VLSMs (Variable Length Subnet
Masks), which are the basis of CIDR addressing. You
would have needed to refer me to CIDR if I had
proposed classful routing, which I haven't.
The issue here is not the use of CIDR ar all - we're
talking tiny subnets of 2 clients, 4 clients, etc,
which are smaller than the smallest classful netmask
(class C, which does 254 usable net addresses). What
I described was how ISPs actually *have* wastefully
allocated addresses in the past - using VLSMs! If you
read my post through, you'll find that I have
deprecated this practice.
Incidentally, that still does not address the issue of
deserializing a (hypothetical) PPPOE connection, since
the DSL link is a copper pair which is translated at
the premise edge - into what, I do not know.
If you'd like to discuss this further, please mail me
offlist, since much of this stuff is not pertinent to
the ILUG-BOM mailing list.
Rgds,
Krishnan
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
22 Dec
22 Dec
10:39 a.m.
New subject: ps -fwww and [proc]
Hi,
I am trying to use Big Brother (a monitoring tool) to watch system
processes.
For this I need a list of system process, which I get by doing a ps -efwww
(1 java program showing up as multiple entries in the ps output is not a
problem)
However, for my java processes, after a while, I see [java] in the output of
ps, instead of the full command line.
Any hints why this happens ??
Thanks
Shahed.
7948
days inactive
8082
days old
8 comments
4 participants
participants (4)
-
Prem D'Souza -
S. Krishnan -
Satya -
Shahed Moolji