VPN options
by Keith Lofstrom
I am planning on running a Virtual Private Network from my Fedora
firewall out to a UML virtual colo (running RH9) at another site.
That site will be the place I present services to the world;
httpd, ssh, sftp, smtp. This is to comply with the "no servers"
and dynamic ip restrictions on my Comcast connection to the net;
if my firewall always drives an outbound connection to the
colocation site, I am not worried about changes of ip address,
and I am not opening any inbound ports.
There are a number of options for the VPN - the most attractive
are cipe ( http://sites.inka.de/sites/bigred/devel/cipe.html )
and FreeSwan ( http://www.freeswan.org/ ), though I am told that
one can do all this through an ssh tunnel. I would rather have
simple and secure than super-duper; I have plenty of bandwidth,
and will send outbound http and smtp from the firewall, so the
main bandwidth user will be incoming spam/b/b/b/b mail.
Anyone have some experiences to share about setting up VPN? Is
there anything about either cipe or FreeSwan that is likely to
break with FC1 or FC2?
Keith
--
Keith Lofstrom keithl(a)ieee.org Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
4 years
Problems with 3COM 3C900Combo
by Christian Moller
Hi all Fedora users,
I have just joined this list. I am running the latest Fedora but I can't get
my 3C900Combo networking card to work. I can see that the card is installed
but no IP-address is asigned to it and I can't set it. So I think that there
is a bug in that driver. Any other user out there who have a solution for
this?
Best regards and thanks,
Christian
8 years, 6 months
RAGE XL Framebuffer
by Yanick Quirion
Hi all
I know that is not a specific question about Fedora, but I can't find answer on the kernel mailing list.
Is somebody having server with integrated ATI RAGE XL video card? Is it possible to patch the kernel to support this video card? If I add VGA=791 in my grub.conf, I will have a resolution of 1024x768 which is good, but the display is very slow (especially when the screen is scrolling). If I use I this: "video=aty128fb:1024x768@70" it will not work. I'm using kernel 2.4.22 but I will try 2.6.0-test11 today.
If somebody has a patch, a link or anything else that can help me, it will be appreciated.
Thanks for your help.
Regards,
-----------
Yanick Quirion
Administrateur Réseau/Network Manager
NEOKIMIA INC.
Institut de Pharmacologie de Sherbrooke
3e étage (Édifice Z5)
3001 12e avenue Nord
Sherbrooke, Québec
CANADA
J1H 5N4
Tél.: +1 819 820-6040
Direct: +1 819 820-6855
Fax.: +1 819 820-6841
email: Yanick.Quirion(a)neokimia.com
8 years, 6 months
Soundblaster
by Antonio Montagnani
I have two similar PC (old Pentium but workin fine)
In Pc no.1 I upgraded from RH8 to Fedora and it went fine: Soundblaster
is working fine
In Pc no.2 I made a fresh installation but in redhat-sound-config Fedora
doesn't see any card, that was working on Redhat 9 after soundconfig...
Where is the trick?? I assume that my Sounblaster is an old 16...but
fine on a router/firewall.
Tnx
Antonio
8 years, 6 months
ssh and port 22 problem, cont.
by Gerhard Magnus
Greetings!
I've made some progress on troubleshooting this "ssh & port 22 problem".
Here was my original post:
When I try to connect from a remote machine to my one at home
using ssh I get the error message "ssh: connect to host 64.146.133.1 port
22: Connection refused" -- but using ssh in the outgoing direction (i.e.
from home to the remote location) works fine.
Here's what's happened since:
I have two machines (PuteA and PuteB) sharing an ActionTec DSL modem. The IP
I was using was that of my "Gateway" ISP (64.146.133.1) -- an error. But
when I used the correct, static IP address of the ActionTec
(64.146.133.52) I got this message:
ssh: connect to host 64.146.133.52 port22: Connection refused
I thought I had port forwarding (for port 22) set correctly on the modem. For
troubleshooting, my ISP advised me to run "tcpdump -n host 192.168.0.2" on
PuteA, where 192.168.0.2 is the "internal" IP of PuteA. Then I logged on
to the remote location from PuteB and tried to ssh from there to PuteA
using the static IP address. The ssh from the remote location timed out
with the same "port 22: connection refused" message. The tcpdump on Pute
A gave this message:
> tcpdump: listening on eth0
> 17:27:33.662753 arp who-has 192.168.0.2 tell 192.168.0.1
where 182.168.0.1 is the "internal" IP of the modem. (Sorry if I have
this terminology wrong.)
My ISP says the problem is the firewall on PuteA and that he doesn't do linux
firewalls.
Here are my replies to the people who responded to my first post:
(1) "Do you have the firewall configured to deny incoming packets to port
22?"
How do I check this?
(2) "You need to check that sshd is running on your system."
Yes. I comes up with each boot. Also "service sshd status" gives
"sshd (pid 787) is running".
(3) "sshd uses /etc/hosts.allow and /etc/hosts.deny. Check that they are
configured to allow your remote machine in."
Both files have only commented lines.
(4) "Also, if your /etc/ssh/sshd_config file has VerifyReverseMapping
turned on, you will get kicked out if your remote address does not work
with a reverse dns lookup."
There's a "VerifyReverseMapping no" line in the file but it's been commented
out.
(5) "Just to be sure: when you are at home machine, try 'ssh localhost'.
If this works, you probably need to check your firewall."
It seems to work -- I ssh to the machine itself.
(6) "This is common on every system I have ever loaded with FC2. Your
iptables are blocking the connection. You can do one of the following:
iptables -A INPUT -m tcp -p tcp --dport 22 - j ACCEPT"
I tried this. The ssh to PuteA from the remote location still times out.
(7) "Oh yes I also took out the REDHAT firewall entrie as I dont have a
clue as to how to work with it."
I've fiddled endlessly with this "system tool" at each of the three levels
of security as well as using the "customize" option to set eth0 as a
trusted device and to allow incoming ssh. It doesn't show the settings
that actually exist.
(8) "If your fedora box is connected directly to a DSL modem, you should
be able to find your IP address by running ifconfig from the command
line and looking for 'inet addr:' (probably under 'eth0')."
eth0 Link encap:Ethernet HWaddr 00:40:05:81:60:8E
inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2184 errors:0 dropped:0 overruns:0 frame:0
TX packets:2005 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1122075 (1.0 Mb) TX bytes:190214 (185.7 Kb)
Interrupt:5 Base address:0x3000
Could this be the problem -- the "inet addr" of 192.168.0.4? As far as I
can tell, the modem is 192.168.0.1, PuteA is 192.168.0.2, and PuteB is
192.168.0.3. I haven't set anything as 192.168.0.4.
(9) "nmap 64.146.133.52"
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
23/tcp open telnet
53/tcp open domain
80/tcp open http
Shouldn't ssh be here? And what's telnet doing open? The books have me
scared to death of this... hackers, crackers, script kiddies, etc.
Thanks for the help!
Jerry Magnus
15 years, 8 months
eth0 dont start at bootime
by Wolfgang Morawetz
Hi,
each time i boot fedora i must enable by hand the eth0 device (by the
gui congig-tool).
What must i do to enable the device at boot?
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=bugs.acme
# cat /etc/sysconfig/networking/devices/ifcfg-eth0
# cat /etc/sysconfig/networking/profiles/default/ifcfg-eth0
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
all 3 the same output
# Macronix, Inc. [MXIC]|MX987x5
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:50:BF:76:39:8F
ONBOOT=yes
TYPE=Ethernet
DHCP_HOSTNAME=bugs.acme
USERCTL=no
PEERDNS=no
Thx
Wolfgang
alias wfx (http://teg.sf.net)
15 years, 10 months
Yum on x86_64
by Gareth Bult
Hi,
I seem to have (finally :) ) acquired a complete(ish) / working x86_64
system .. but I'm still having trouble with a few bits, not least "yum".
I get;
Server: Fedora Core 1 - i386 - Base
Server: Fedora Core 1 - i386 - Released Updates
Server: Fedora Core 1 - i386 - Unreleased Updates
Finding updated packages
Traceback (most recent call last):
File "/usr/bin/yum", line 60, in ?
yummain.main(sys.argv[1:])
File "yummain.py", line 204, in main
File "clientStuff.py", line 363, in getupdatedhdrlist
File "clientStuff.py", line 409, in bestversion
IndexError: list index out of range
[root@squizzey oddjob]#
(This is a modified system [2.6.0-test11] however it seems to run well)
Pointing it at mozilla's channel for SeaMonkey seems to work if I
disable the default channels, however...
Anyone any ideas ?
(I was sort of expecting to see it say "no x86_64 updates supported yet"
as opposed to a complete crash)
Also, can yum pull SRPMS and rebuild them ?
tia
Gareth.
15 years, 10 months
Changing the Color Coded Filesystem
by General Manager
Hello,
Can Anyone tell me how I can change the color files systems. The color blue
for the "Directories" is really hard to see.
Also is there a way to change the background color?
Thanks
17 years
kudzu and modems.
by akonstam@trinity.edu
I can't understand the behavior of kudzu in respect to my serial
modem. After initial installation it detects the modem but after that
it is ignored. What I mean is I can remove the modem and kudzu ignores
the change, or I can remove the modem from the kudzu database and
kudzu ignores the change. I can run: kudzu --class MODEM and kudzu
will remove all my hardware from its database except the MOUSE but it
still ignores the modem.
How can I get kudzu to notice that I have changed, removed or added
the modem?
--
-------------------------------------------
Aaron Konstam
Computer Science
Trinity University
One Trinity Place.
San Antonio, TX 78212-7200
telephone: (210)-999-7484
email:akonstam@trinity.edu
17 years, 2 months
OT: Power Supplies
by RoboticGolem
Does everyone here agree that a 500watt power supply is sufficient
enough for a dual MP 1800 board with 4 hard disks, DVDrom, cdrw,
dvdrw, and plenty of self powered usb hubs? I'm trying to figure out
whats up with my computer and my next stop is to call an electrician.
-Matt
17 years, 5 months
