b

Your case described and explained. (LDP free publication, http://www.tldp.org/guides.html mdk used to have a "nag" rpm for this) Linux Network Administrator's Guide From appendix A Example Network: The Virtual Brewery ... The Virtual Brewery and the Virtual Winery each have a class C subnet of the Brewery's class B network, and gateway to each other via the host vlager, which also supports UUCP connection. ... Chapter 5: Configuring TCP/IP Networking ... Howto setup vlager et all. (Have not done this yet) HIH

Hi Other idea 1: Don't know enough to critique your iptables setup! Maybe attack that machine with latest nessus or something? Other idea 2: Other kernel ipv4 gizmo's to consider ? Most of following is in here somewhere: (no german version yet so) http://www.gentoo.org/doc/en/gentoo-security.xml Note: If your are running a firewall/expert system the following may not be necessary or usefull or advisable. kernel ipv4 settings #(Lot's of probably useless feedback on startup messages #in following [included just to make sure they are set as wished]) echo "Options /proc/sys/net/ipv4" if [ -e /proc/sys/net/ipv4/icmp_echo_ignore_all ]; then # if variable exist echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all # set variable msg=`cat /proc/sys/net/ipv4/icmp_echo_ignore_all` # build feedback message echo -e "t${msg} = icmp_echo_ignore_all" # display feedback message fi if [ -e /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ]; then echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts msg=`cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts` echo -e "t${msg} = icmp_echo_ignore_broadcasts" fi if [ -e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ]; then echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses msg=`cat /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses` echo -e "t${msg} = icmp_ignore_bogus_error_responses" fi if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo "1" > /proc/sys/net/ipv4/ip_forward #echo "0" >... if not gateway machine msg=`cat /proc/sys/net/ipv4/ip_forward` echo -e "t${msg} = ip_forward" fi echo " /proc/sys/net/ipv4/conf/*/rp_filter" for i in /proc/sys/net/ipv4/conf/*; do b_n=`basename ${i}` if [ -e $i/rp_filter ]; then echo "1" > $i/rp_filter msg=`cat $i/rp_filter` echo -e "t${msg} = $b_n" fi done echo " /proc/sys/net/ipv4/conf/all" if [ -e /proc/sys/net/ipv4/conf/all/accept_source_route ]; then echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route msg=`cat /proc/sys/net/ipv4/conf/all/accept_source_route` echo -e "t${msg} = accept_source_route" fi if [ -e /proc/sys/net/ipv4/conf/all/accept_redirects ]; then echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects msg=`cat /proc/sys/net/ipv4/conf/all/accept_redirects` echo -e "t${msg} = accept_redirects" fi if [ -e /proc/sys/net/ipv4/conf/all/log_martians ]; then echo "1" > /proc/sys/net/ipv4/conf/all/log_martians msg=`cat /proc/sys/net/ipv4/conf/all/log_martians` echo -e "t${msg} = log_martians" fi HIH

Hi One more for the toolbox. Extremely light use here. dia Homepage: http://www.gnome.org/gnome-office/dia.shtml Description: Diagram Creation Program (lots of plugins) dia2code Homepage: http://dia2code.sourceforge.net Description: Convert UML diagrams produced with Dia to various source code flavours. HIH

Hi Maybe portmap and nfs are not yet running when filesystems in /etc/fstab are mounted ? Is there feedback in logs ? If I am on track, ideas. Change service startup order so that portamp and nfs are started after network setup and before filesytems in fstab are mounted or manually 're'mount nfs shares as last entries commands in your "rc.local" file (I think in mandrake it's /etc/rc.d/rc.local, for me it's /etc/conf.d/local.start, no idea for your linux) i.e. nfs mount instructions just before user get's control at a cli or in gui. HIH

Hi Just in case, gateway set? Output of ifconfig and route would help all reading....

Hi Got the snort email alert too. Nothing pressing here since RPC does not run here, it is usually not needed. If it is not running it cannot be exploited ! Will upgrade soon anyway. Since you don't have a Lan setup yet you certainly don't need/use NIS, NFS or r services.(might be more rpc uses: don't know) i.e. you don't need rpc services. Turn them off (portmap, nfs, nis). rpcinfo -p (to check) (you can always turn them back on if needed or if something breaks!?) However if your router device can firewall too and you need NFS(soon will be openafs for me) on lan(remove r services use ssh instead) make sure it does not allow outside(web) connections to ports.(/etc/services) sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP sunrpc 111/udp portmapper My firewall machine often drops port 111 attempts even though that port is not open ! (They are fishing in an empty ocean) Hope your plain ML security settings include a firewall denying what you do not what to supply to the www. Some reading: The Linux System Administrators' Guide at http://www.tldp.org/guides.html Ch. 12 Remote Procedure Call HIH

Hi Dont know anything about a mcc wizard setup. On a 8.1 machine in /etc/ncp.conf I have ... # Public Canadian meteorological ... at Dorval, Québec, Canada server ntp1.cmc.ec.gc.ca (and that is it for setup) I found the public time server reading: http://www.eecis.udel.edu/~mills/ntp/servers.html then http://www.eecis.udel.edu/~mills/ntp/clock2a.html (probably some public ones in there closer to you) service ntpd.../chkconfig.../wizard... to taste. The 8.1 setup does a ntpdate ... to sync gross time differences before launching the ntpd daemon. The other machine not mandrake I manually launch ntpdate... before launching the daemon(about same setup as 8.1). Have not tried yet syncing second machine from other syncing on public web time server.

Just a thought from the dark! /sbin/ldconfig

Hi Are these it? rss_glx: DESCRIPTION="OpenGL screensavers, ported to GLX. Suitable for use with xscreensaver" HOMEPAGE="http://rss-glx.sourceforge.net/" SRC_URI="mirror://sourceforge/rss-glx/rss_glx-0.6.8.tar.bz2" ... /usr/lib/xscreensaver/euphoria /usr/lib/xscreensaver/lattice /usr/lib/xscreensaver/cyclone /usr/lib/xscreensaver/fieldlines /usr/lib/xscreensaver/flocks /usr/lib/xscreensaver/flux /usr/lib/xscreensaver/helios /usr/lib/xscreensaver/plasma /usr/lib/xscreensaver/skyrocket /usr/lib/xscreensaver/solarwinds /usr/lib/xscreensaver/hufo_smoke /usr/lib/xscreensaver/hufo_tunnel /usr/lib/xscreensaver/colorfire /usr/lib/xscreensaver/sundancer2

Have you considered emacs/xemacs ? I think if I knew how to ask they would tell me the color of my socks.

Longshot: maybe delete some .directory file ? Fed up & give up: mv .kde .kde-KEEP!

Allo My .02 read is that your kernel is setup and used to 1 only tcpip connection it now has 2 and does not know how to route them correctly (not setup for this). Are you getting any feedbackcomplaints in logs ? On a similar micro lan the machine having the 2 links has this set to 1 /proc/sys/net/ipv4/ip_forward The other has it set to 0. This 1 might be magical, hope it is but dought it. Anyway for me all this networking voodoo nat, masquerading, forwarding, filtering was handled by bastille-firewall (now gone from mdk I hear) while basic networking was through installation then netconf. (dont remember much of it I am afraid)