From wmail at wricomp.com Sun May 1 22:30:15 2005 From: wmail at wricomp.com (Don Wright) Date: Sun May 1 21:08:31 2005 Subject: [SATLUG] May SATLUG Meeting Notice Message-ID: The May meeting for SATLUG will be held _Wednesday_May_11,_2005_ at SAC. Please note this is a change from the Thursday night previous meetings had used. The room number is still to be decided, as is the program. Rumors of a shootout between rivals Gmail and Yahoo 360 are being neither confirmed nor denied by presidential confidants. Stay tuned to this station for further news as it develops. From Channing at kcefamily.com Mon May 2 10:35:14 2005 From: Channing at kcefamily.com (Channing) Date: Mon May 2 09:10:48 2005 Subject: [SATLUG] MySql v. Oracle Message-ID: <42763AA2.2020902@kcefamily.com> Hi Gang, This may be slightly off-topic, but I was hoping there would be some database guys out there who could point me to a few articles on benchmarking MySQL(v3) against Oracle 9i (basically, which is the stronger product from various standpoints). The target environment would be RHEL 3 on x86 if that makes a difference. Since the environment has not been fully established, I could also use information about MySQL(v4) on RHEL 4 against Oracle 9i. Thanks in advance for your time, Channing From wmail at wricomp.com Mon May 2 11:53:06 2005 From: wmail at wricomp.com (Don Wright) Date: Mon May 2 10:31:11 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <42763AA2.2020902@kcefamily.com> References: <42763AA2.2020902@kcefamily.com> Message-ID: <8kic71hp7p1eb1ccqpmg0plruh0cds9ndt@4ax.com> On Mon, 02 May 2005 09:35:14 -0500, Channing wrote: >This may be slightly off-topic, but I was hoping there would be some >database guys out there who could point me to a few articles on >benchmarking MySQL(v3) against Oracle 9i (basically, which is the >stronger product from various standpoints). Go direct to the company in question. They have numerous case studies and a few benchmarks easily available. The reason so few benchmarks are posted is that proprietary software now comes with a no-benchmarking clause in the license, in addition to the usual no-peeking and no-swearing clauses. http://www.mysql.com/it-resources/benchmarks/ Did you try the obvious Google? http://www.google.com/search?q=mysql+oracle+benchmark From mikeaw at gmail.com Mon May 2 12:21:28 2005 From: mikeaw at gmail.com (Mike Wallace) Date: Mon May 2 10:59:36 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <42763AA2.2020902@kcefamily.com> References: <42763AA2.2020902@kcefamily.com> Message-ID: <4154519d050502092142074bde@mail.gmail.com> Well, what do you need to do with your database? For most projects, MySQL would be the easiest solution. Oracle has a *very* steep learning curve. When you're talking Enterprise level applications, Oracle all the way. For smaller projects, MySQL is comparable to Oracle and I'd recommend that only because MySQL is much easier to setup and maintain. The target environment (RHEL/x86) doesn't make much of a difference. -Mike On 5/2/05, Channing wrote: > Hi Gang, > > This may be slightly off-topic, but I was hoping there would be some > database guys out there who could point me to a few articles on > benchmarking MySQL(v3) against Oracle 9i (basically, which is the > stronger product from various standpoints). The target environment > would be RHEL 3 on x86 if that makes a difference. Since the > environment has not been fully established, I could also use information > about MySQL(v4) on RHEL 4 against Oracle 9i. > > Thanks in advance for your time, > Channing > > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > > > From channing-c at satx.rr.com Mon May 2 13:21:36 2005 From: channing-c at satx.rr.com (Channing) Date: Mon May 2 11:57:03 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <8kic71hp7p1eb1ccqpmg0plruh0cds9ndt@4ax.com> References: <42763AA2.2020902@kcefamily.com> <8kic71hp7p1eb1ccqpmg0plruh0cds9ndt@4ax.com> Message-ID: <427661A0.8040608@satx.rr.com> Don Wright wrote: >On Mon, 02 May 2005 09:35:14 -0500, Channing wrote: > > > >>This may be slightly off-topic, but I was hoping there would be some >>database guys out there who could point me to a few articles on >>benchmarking MySQL(v3) against Oracle 9i (basically, which is the >>stronger product from various standpoints). >> >> > >Go direct to the company in question. They have numerous case studies and a >few benchmarks easily available. The reason so few benchmarks are posted is >that proprietary software now comes with a no-benchmarking clause in the >license, in addition to the usual no-peeking and no-swearing clauses. >http://www.mysql.com/it-resources/benchmarks/ > >Did you try the obvious Google? >http://www.google.com/search?q=mysql+oracle+benchmark > > Hi Don, Google is next. I was seeking the insight of the group before I spend a large amount of time reading. Either way I have research to do, but y'all are great at pointing out things that otherwise would take a good bit of time to uncover. Thanks for your time, Channing From channing-c at satx.rr.com Mon May 2 13:24:27 2005 From: channing-c at satx.rr.com (Channing) Date: Mon May 2 11:59:54 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <4154519d050502092142074bde@mail.gmail.com> References: <42763AA2.2020902@kcefamily.com> <4154519d050502092142074bde@mail.gmail.com> Message-ID: <4276624B.2020408@satx.rr.com> Mike Wallace wrote: >Well, what do you need to do with your database? > Hi Mike, The project is a data consolidation from sources including Access & Sybase. Currently, the company runs Oracle for it's mission-critical applications, but is flexible as to how to tacking all of these one-offs. Thanks for your time, Channing >For most projects, >MySQL would be the easiest solution. Oracle has a *very* steep >learning curve. When you're talking Enterprise level applications, >Oracle all the way. For smaller projects, MySQL is comparable to >Oracle and I'd recommend that only because MySQL is much easier to >setup and maintain. The target environment (RHEL/x86) doesn't make >much of a difference. > >-Mike > > >On 5/2/05, Channing wrote: > > >>Hi Gang, >> >>This may be slightly off-topic, but I was hoping there would be some >>database guys out there who could point me to a few articles on >>benchmarking MySQL(v3) against Oracle 9i (basically, which is the >>stronger product from various standpoints). The target environment >>would be RHEL 3 on x86 if that makes a difference. Since the >>environment has not been fully established, I could also use information >>about MySQL(v4) on RHEL 4 against Oracle 9i. >> >>Thanks in advance for your time, >>Channing >> >> >> >> From greg at turnstep.com Tue May 3 02:16:49 2005 From: greg at turnstep.com (Greg Sabino Mullane) Date: Mon May 2 19:55:10 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <42763AA2.2020902@kcefamily.com> Message-ID: <149db45563c66504bc44affff5062c98@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > This may be slightly off-topic, but I was hoping there would be some > database guys out there who could point me to a few articles on > benchmarking MySQL(v3) against Oracle 9i (basically, which is the > stronger product from various standpoints). The target environment > would be RHEL 3 on x86 if that makes a difference. Since the > environment has not been fully established, I could also use information > about MySQL(v4) on RHEL 4 against Oracle 9i. It's really comparing apples and oranges. You may want to check out PostgreSQL (www.postgresql.org) which is open source, free, and is much closer to Oracle in performance and capabilities. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200505011038 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iD8DBQFCdOo4vJuQZxSWSsgRAiguAJ9LlMT8jD9dKXjka8A0JNrKUaKfFQCgtZdx sHvFShGqMRU2mntz+RHkkD0= =1VVU -----END PGP SIGNATURE----- From mikeaw at gmail.com Tue May 3 10:59:28 2005 From: mikeaw at gmail.com (Mike Wallace) Date: Tue May 3 09:37:43 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <149db45563c66504bc44affff5062c98@biglumber.com> References: <42763AA2.2020902@kcefamily.com> <149db45563c66504bc44affff5062c98@biglumber.com> Message-ID: <4154519d05050307593d0d9cfc@mail.gmail.com> > It's really comparing apples and oranges. You may want to check out > PostgreSQL (www.postgresql.org) which is open source, free, and is > much closer to Oracle in performance and capabilities. In capabilities yes, but not in performance. Also, the missing capabilities in MySQL may not even be needed by this particular database. Besides, many of the missing capabilities that the community was demanding have been included in MySQL 5. One strike against PostgreSQL is that it has a much smaller community than Oracle or MySQL. There are many books and other resources on Oracle and MySQL, but not very many on PostgreSQL. Also, you have to consider the existing skills at the company. If no one has experience with PostgreSQL, but they do have experience with MySQL, that's reason enough for me to use MySQL. I'd actually opt for using Oracle (provided you don't have to pay for a license) because there's apparently others who use and administer Oracle at this particular company. It'd just be more streamlined with everything else and trust me, that is a big benefit. -Mike From bamm at satx.rr.com Tue May 3 22:58:44 2005 From: bamm at satx.rr.com (bamm@satx.rr.com) Date: Tue May 3 14:36:43 2005 Subject: [SATLUG] Protected Mail System Message-ID: <200505031936.j43JaZY19469@alamo.satlug.org> Encrypted message is available. From greg at turnstep.com Wed May 4 01:58:51 2005 From: greg at turnstep.com (Greg Sabino Mullane) Date: Tue May 3 19:37:11 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <4154519d05050307593d0d9cfc@mail.gmail.com> Message-ID: <47cb8f01baf2614dd75e8798d3477bfc@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> It's really comparing apples and oranges. You may want to check out >> PostgreSQL (www.postgresql.org) which is open source, free, and is >> much closer to Oracle in performance and capabilities. > In capabilities yes, but not in performance. While I really have no desire to start a PG vs MYSQL debate[1], that's a pretty bold statement that doesn't really hold up in real-world scenarios. While mysql has a reputation of being fast, it also tends to seriously slow down as you add concurrent users, and also (logically) slows down once you add some of its new features, such as transactionable tables. PGs reputation for slowness dates back to the 6.x series, which has long since been retired. I think you'll find that recent versions are quite fast: usually as fast if not faster than mysql. [1] okay, maybe a little > Also, the missing capabilities in MySQL may not even be needed by this > particular database. True, but if they are coming from Oracle, chances are they are going to be using at least some of the features of a true RDBMS. If not, they wasted a lot of money on Oracle :) when they could have used Berkley DB or sqlite (another alternative the original poster may want to check out). > Besides, many of the missing capabilities that the community was > demanding have been included in MySQL 5. This is the beta version, right? Last I heard, 4.x was recommended for production use. Mysql AB is making progress, it is true, but they still have a long way to go. They only recently added foreign keys and views, and still are missing stored procedures and triggers. Oracle and PG have had all of those in production versions for years. > One strike against PostgreSQL is that it has a much smaller community > than Oracle or MySQL. There are many books and other resources on > Oracle and MySQL, but not very many on PostgreSQL. If by "community" you mean "userbase", then yes, mysql wins this one. The same community/book argument could be made for Windows. :) PostgreSQL has a superb set of mailing lists, and a large developer community that answers questions quite quickly. I would give all three of them high marks as far as community support, and call it a draw. > Also, you have to consider the existing skills at the company. If no > one has experience with PostgreSQL, but they do have experience with > MySQL, that's reason enough for me to use MySQL. This is true. Conversely, if they have experience with Oracle (or any other RDBMS), they are far better going to PostgreSQL, which will be much closer to what they are used to, and sticks closely to the SQL standards. > I'd actually opt for using Oracle (provided you don't have to pay for > a license) because there's apparently others who use and administer Oracle > at this particular company. It'd just be more streamlined with everything > else and trust me, that is a big benefit. No arguments there, although you kind of bolster my previous point about what people are used to. The problem is that Oracle is extraordinarily expensive, and unless you have really extraordinarily high database needs, PostgreSQL is a great replacement, at a great price (free as in BSD). Just wanted the original poster to consider it as an option. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200505021016 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iD8DBQFCdjd9vJuQZxSWSsgRAkUgAJ9InREBXLgc51mBq+Qh/tMEB3I8QgCg9MI0 QeOoA9gkBXvUBuflxXlcY+c= =HViU -----END PGP SIGNATURE----- From wmail at wricomp.com Tue May 3 23:32:25 2005 From: wmail at wricomp.com (Don Wright) Date: Tue May 3 22:10:45 2005 Subject: [SATLUG] Protected Mail System In-Reply-To: <200505031936.j43JaZY19469@alamo.satlug.org> References: <200505031936.j43JaZY19469@alamo.satlug.org> Message-ID: On Tue, 3 May 2005 21:58:44 +0200, bamm@satx.rr.com wrote: Oh no he didn't! Not unless he's having an out-of-Texas experience, and spoofing headers, too. That message is also missing his usual headers. Diagnosis: virus/spam attempt. Resolution: This list ain't that easy. Attempt ignored. >Received: from satlug.org (216-32-56.0102.adsl.tele2.no [193.216.32.56]) > by alamo.satlug.org (8.11.6/8.11.6) with ESMTP id j43JaZY19469 > for ; Tue, 3 May 2005 14:36:36 -0500 From jfw5cpa at gmail.com Tue May 3 23:04:59 2005 From: jfw5cpa at gmail.com (Jim Wells) Date: Tue May 3 22:24:17 2005 Subject: [SATLUG] OT: System Restore CD Question Message-ID: <42782DCB.9090606@gmail.com> I am trying to help a friend of mine who cracked one of the system restore CD's for a Gateway Solo 5300 Laptop that was originally setup with Windows 98. Does anyone have any idea where I might be able to locate a copy of these disks? I looked at the computer show last weekend but I didn't see any of them there. Any help will be much appreciated. Jim From chuck at tetlow.net Wed May 4 00:39:46 2005 From: chuck at tetlow.net (Chuck) Date: Tue May 3 23:17:48 2005 Subject: [SATLUG] OT: System Restore CD Question In-Reply-To: <42782DCB.9090606@gmail.com> References: <42782DCB.9090606@gmail.com> Message-ID: <1115181587.1107.982.camel@laptop> Jim, Hate to throw water on your campfire, but just find any ole Gateway restore CD (or set) won't do. I found out the hard way years ago that the restores were unique to each model of Gateway computer. Each unique model of desktop or laptop came with a different set of software on it. Since the restore CD(s) put all that back, the sets are all different. I found this out the hard way with a friend who had a number of Gateways in his business but could only find one set of restore CD/floppy. Since it didn't match the model we were trying to restore -- it wouldn't work. What a pain. Hope you can find the specific restore for your model. Chuck On Tue, 2005-05-03 at 21:04, Jim Wells wrote: I am trying to help a friend of mine who cracked one of the system restore CD's for a Gateway Solo 5300 Laptop that was originally setup with Windows 98. Does anyone have any idea where I might be able to locate a copy of these disks? I looked at the computer show last weekend but I didn't see any of them there. Any help will be much appreciated. Jim _______________________________________________ SATLUG mailing list SATLUG@satlug.org http://alamo.satlug.org/mailman/listinfo/satlug From wmail at wricomp.com Wed May 4 00:55:34 2005 From: wmail at wricomp.com (Don Wright) Date: Tue May 3 23:33:43 2005 Subject: [SATLUG] OT: System Restore CD Question In-Reply-To: <42782DCB.9090606@gmail.com> References: <42782DCB.9090606@gmail.com> Message-ID: <54lg71pnt2tp8i1a35mdpf59j6kpekporh@4ax.com> On Tue, 03 May 2005 22:04:59 -0400, Jim Wells wrote: >I am trying to help a friend of mine who cracked one of the system >restore CD's for a Gateway Solo 5300 Laptop that was originally setup >with Windows 98. > >Does anyone have any idea where I might be able to locate a copy of >these disks? How about checking eBay for somebody selling one and asking to buy a copy of the proper CD? It's pretty old but Gateway may even have it available for sale. --Don -- 2005 Spring Linux/BSD/OpenSource Fest May 16-21, 2005 -- SAC Nail Technical Center Presented by San Antonio College and SATLUG http://cis.sac.accd.edu/~skolars/satlug/ From david.salisbury at momentumweb.com Wed May 4 12:34:43 2005 From: david.salisbury at momentumweb.com (David Salisbury) Date: Wed May 4 11:12:58 2005 Subject: [SATLUG] Firewall / routing question Message-ID: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> I have a question for all of the networking people out there. I've got an issue with a Linux firewall that I *think* I understand somewhat but then again maybe I don't, and at least not to the depth I'd like. Basically, in this situation, I have a Linux firewall protecting a private network. Using port forwarding I've opened up a port on the firewall so as to access a web server on one of the machines on the private network. So, if I'm anywhere NOT on the private network, I can access the web site by going to 218.276.334.33:8090, where the IP address is of course a real one and of the firewall and 8090 is the port I opened on the firewall. This all works fine. The problem arises when I try to access the web site on the private network by trying to go from the private network, THROUGH the firewall, and back into the private network. ie, referencing the above IP:port FROM a machine within the private network. Now I realize that I could just go straight to the machine on the private network and this wouldn't be a problem, however, with writing various scripts and things it's troublesome to have to maintain versions for "inside" the firewall and versions for "outside" the firewall. My question is, why can't I route like that? What would be stopping that from happening? Other than the fact that it's "not optimal" to make that extra hop and Linux knows that :), what might be the networking reason that this won't work? Thanks in advance for any insights and information ya'll can give! David From jaret at aberlorn.com Wed May 4 12:58:22 2005 From: jaret at aberlorn.com (jaret) Date: Wed May 4 11:37:32 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> Message-ID: <4278FF2E.4090107@aberlorn.com> Yes, you can do this. My partner figured it out using iptables but he's not in this week and our firewall script is so long I'm not sure what to parse out to give to you. I remember we struggled w/ this as well and the solution came down to a few small details. If your question hasn't been answered before next week, I'll post s/thing when he returns. ~Jaret David Salisbury wrote: > I have a question for all of the networking people out there. I've > got an issue with a Linux firewall that I *think* I understand > somewhat but then again maybe I don't, and at least not to the depth > I'd like. > > Basically, in this situation, I have a Linux firewall protecting a > private network. Using port forwarding I've opened up a port on the > firewall so as to access a web server on one of the machines on the > private network. So, if I'm anywhere NOT on the private network, I > can access the web site by going to 218.276.334.33:8090, where the IP > address is of course a real one and of the firewall and 8090 is the > port I opened on the firewall. This all works fine. > > The problem arises when I try to access the web site on the private > network by trying to go from the private network, THROUGH the > firewall, and back into the private network. ie, referencing the > above IP:port FROM a machine within the private network. Now I > realize that I could just go straight to the machine on the private > network and this wouldn't be a problem, however, with writing various > scripts and things it's troublesome to have to maintain versions for > "inside" the firewall and versions for "outside" the firewall. > > My question is, why can't I route like that? What would be stopping > that from happening? Other than the fact that it's "not optimal" to > make that extra hop and Linux knows that :), what might be the > networking reason that this won't work? > > Thanks in advance for any insights and information ya'll can give! > David > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From mikeaw at gmail.com Wed May 4 11:24:25 2005 From: mikeaw at gmail.com (Mike Wallace) Date: Wed May 4 11:49:11 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <47cb8f01baf2614dd75e8798d3477bfc@biglumber.com> References: <4154519d05050307593d0d9cfc@mail.gmail.com> <47cb8f01baf2614dd75e8798d3477bfc@biglumber.com> Message-ID: <4154519d05050408243915ccf3@mail.gmail.com> First and foremost, we don't actually know what the database is being used for. It doesn't make sense to split hairs over MySQL vs PG without even knowing the scope of the project. There's a set of reasons why MySQL is "better." There's another set of reasons why PG is "better." There's still another set for why Oracle is "better." The only way to really have a good idea about things is to know all the vital stats -- company database expertise, database size, number of concurrent users, benefit of streamlining the database with others, etc. Now, on to the hair-splitting! :) > >> It's really comparing apples and oranges. You may want to check out > >> PostgreSQL (www.postgresql.org) which is open source, free, and is > >> much closer to Oracle in performance and capabilities. > > > In capabilities yes, but not in performance. > > While I really have no desire to start a PG vs MYSQL debate[1], that's a > pretty bold statement that doesn't really hold up in real-world > scenarios. It is a bold statement and it *does* hold up in real-world scenarios. Even though there are very few performance comparisons out there, I had found a performance comparison between MySQL 4 and Oracle 9i and some other databases as well (but PG wasn't included). I can't directly compare MySQL and PG because that data wasn't present, but from what I remember Oracle and MySQL tracked very close to each other in throughput and response times with Oracle maintaining a slight lead throughout. > While mysql has a reputation of being fast, it also tends > to seriously slow down as you add concurrent users, and also (logically) > slows down once you add some of its new features, such as transactionable > tables. PGs reputation for slowness dates back to the 6.x series, which > has long since been retired. I think you'll find that recent versions > are quite fast: usually as fast if not faster than mysql. MySQL was designed and built with the idea of speed first, features second. PG was just the opposite. PG has been getting faster and MySQL has been getting more features. Eventually the two will converge. And with respect to concurrent users, I don't know where this idea that MySQL slows down comes from. From what I've seen, MySQL does a very good job at managing hundreds of concurrent users. > > Also, the missing capabilities in MySQL may not even be needed by this > > particular database. > > True, but if they are coming from Oracle, chances are they are going to > be using at least some of the features of a true RDBMS. If not, they > wasted a lot of money on Oracle :) when they could have used Berkley DB > or sqlite (another alternative the original poster may want to check out). They aren't coming from Oracle. The databases they are consolidating are Sybase and Access (which isn't really a database, but no reason to get into that here). The company has Oracle expertise, however. There are plenty of databases to choose from and many that could do the job, but at the top of my list would be the databases which the company has some expertise in. Sure, you can use PG or BDB or MySQL or who knows what else, but if you're going to be the only person with a MySQL (or PG, etc) database, that's a big problem. > > Besides, many of the missing capabilities that the community was > > demanding have been included in MySQL 5. > > This is the beta version, right? Last I heard, 4.x was recommended for > production use. Mysql AB is making progress, it is true, but they still have > a long way to go. They only recently added foreign keys and views, and still > are missing stored procedures and triggers. Oracle and PG have had all of > those in production versions for years. They added foreign keys quite some time ago. And things such as stored procedures, triggers and views have been around for years. The problem is that the cycle of getting the new features into the production database is very slow. If these features are extremely important to you, it is possible to use MySQL 5 with the warning that it's not the production version. > > One strike against PostgreSQL is that it has a much smaller community > > than Oracle or MySQL. There are many books and other resources on > > Oracle and MySQL, but not very many on PostgreSQL. > > If by "community" you mean "userbase", then yes, mysql wins this one. > The same community/book argument could be made for Windows. :) PostgreSQL > has a superb set of mailing lists, and a large developer community that > answers questions quite quickly. I would give all three of them high marks > as far as community support, and call it a draw. Yes, the same community argument could be made for Windows and there's nothing wrong with that. :) Mailing lists are great when you have a particular, distinct question, but if you just have a general purpose question, a book (or equivalent online resource) is much better at handling those queries. Also, books really help out when you have a good one that tells you important things you need to know but you didn't even know that you had a question. > > Also, you have to consider the existing skills at the company. If no > > one has experience with PostgreSQL, but they do have experience with > > MySQL, that's reason enough for me to use MySQL. > > This is true. Conversely, if they have experience with Oracle (or any other > RDBMS), they are far better going to PostgreSQL, which will be much > closer to what they are used to, and sticks closely to the SQL standards. Not necessarily. To know if it is "far better" or not, you need to know what the project requirements are. > > I'd actually opt for using Oracle (provided you don't have to pay for > > a license) because there's apparently others who use and administer Oracle > > at this particular company. It'd just be more streamlined with everything > > else and trust me, that is a big benefit. > > No arguments there, although you kind of bolster my previous point about > what people are used to. The problem is that Oracle is extraordinarily > expensive, and unless you have really extraordinarily high database > needs, PostgreSQL is a great replacement, at a great price (free as in BSD). > Just wanted the original poster to consider it as an option. Yeah, there are plenty of options and they should be considered. And I wanted the original poster to realize that the most important thing is meeting the requirements of the project rather than finding the dreamiest datatbase. I have shot myself in the foot before when I have gone with the dreamiest solution rather than the solution that best fits the problem at hand. -Mike From solinym at gmail.com Wed May 4 16:23:01 2005 From: solinym at gmail.com (Travis H.) Date: Wed May 4 15:01:17 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <4278FF2E.4090107@aberlorn.com> References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> <4278FF2E.4090107@aberlorn.com> Message-ID: Yeah you are going to have to post your "iptables -L" output. You should be able to access the public-side IP just fine from within the protected network and the details about why its not working lie in your iptables rules. Also IP forwarding should be turned on. Other than that - nothing should be stopping it. From zip at liberto.org Wed May 4 16:48:11 2005 From: zip at liberto.org (Andrew Hodel) Date: Wed May 4 15:26:19 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> Message-ID: <4279350B.8060109@liberto.org> We have this problem also, the only 2 ways I can think to fix it are: 1. Tell users inside the NAT to go to the private IP ;) 2. Add another rule on the firewall: if request for IP_ADDR:PORT is from LOCAL_NET_INTERFACE then redirect to LOCALIP:PORT /iptables -A INPUT -p tcp -i eth0 -d your.pub.lic.ip --dport 80 -j REDIRECT --to-destination 192.168.0.20:80/ Something like that should work :) Andrew David Salisbury wrote: > I have a question for all of the networking people out there. I've > got an issue with a Linux firewall that I *think* I understand > somewhat but then again maybe I don't, and at least not to the depth > I'd like. > > Basically, in this situation, I have a Linux firewall protecting a > private network. Using port forwarding I've opened up a port on the > firewall so as to access a web server on one of the machines on the > private network. So, if I'm anywhere NOT on the private network, I > can access the web site by going to 218.276.334.33:8090, where the IP > address is of course a real one and of the firewall and 8090 is the > port I opened on the firewall. This all works fine. > > The problem arises when I try to access the web site on the private > network by trying to go from the private network, THROUGH the > firewall, and back into the private network. ie, referencing the > above IP:port FROM a machine within the private network. Now I > realize that I could just go straight to the machine on the private > network and this wouldn't be a problem, however, with writing various > scripts and things it's troublesome to have to maintain versions for > "inside" the firewall and versions for "outside" the firewall. > > My question is, why can't I route like that? What would be stopping > that from happening? Other than the fact that it's "not optimal" to > make that extra hop and Linux knows that :), what might be the > networking reason that this won't work? > > Thanks in advance for any insights and information ya'll can give! > David > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From solinym at gmail.com Wed May 4 17:38:22 2005 From: solinym at gmail.com (Travis H.) Date: Wed May 4 16:16:28 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <4279350B.8060109@liberto.org> References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> <4279350B.8060109@liberto.org> Message-ID: Why wouldn't DNAT on the PREROUTING table work? From zip at liberto.org Wed May 4 17:46:01 2005 From: zip at liberto.org (Andrew Hodel) Date: Wed May 4 16:24:04 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> <4279350B.8060109@liberto.org> Message-ID: <42794299.7000206@liberto.org> I don't see why it wouldn't, however wouldn't you rather have the packets going direct to the correct host, instead of through NAT? Andrew Travis H. wrote: >Why wouldn't DNAT on the PREROUTING table work? >_______________________________________________ >SATLUG mailing list >SATLUG@satlug.org >http://alamo.satlug.org/mailman/listinfo/satlug > > > From david.salisbury at momentumweb.com Wed May 4 17:47:21 2005 From: david.salisbury at momentumweb.com (David Salisbury) Date: Wed May 4 16:25:28 2005 Subject: [SATLUG] Firewall / routing question References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> <4278FF2E.4090107@aberlorn.com> Message-ID: <057301c550f2$dc00e100$e500a8c0@dsalisburycst> Actually, this is an older box and so it's using ipchains right now instead of iptables! But based on what everyone has written in so far I'm tinkering with the ipchains rules some more right now to see what I can figure out. I *should* be able to do this with ipchains even though it's a bit older, right? ----- Original Message ----- From: "Travis H." To: "The San Antonio Linux User's Group Mailing List" Sent: Wednesday, May 04, 2005 3:23 PM Subject: Re: [SATLUG] Firewall / routing question > Yeah you are going to have to post your "iptables -L" output. You > should be able to access the public-side IP just fine from within the > protected network and the details about why its not working lie in > your iptables rules. > > Also IP forwarding should be turned on. > > Other than that - nothing should be stopping it. From vern.davis at gmail.com Wed May 4 18:36:56 2005 From: vern.davis at gmail.com (Vern Davis) Date: Wed May 4 17:15:59 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <057301c550f2$dc00e100$e500a8c0@dsalisburycst> References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> <4278FF2E.4090107@aberlorn.com> <057301c550f2$dc00e100$e500a8c0@dsalisburycst> Message-ID: <5ef09f1050504153661fba925@mail.gmail.com> On 5/4/05, David Salisbury wrote: > Actually, this is an older box and so it's using ipchains right now instead > of iptables! But based on what everyone has written in so far I'm tinkering > with the ipchains rules some more right now to see what I can figure out. I > *should* be able to do this with ipchains even though it's a bit older, > right? > Seems like I had this same problem on a firewall/webserver box - I couldn't get it to work until I upgraded the OS and started using iptables. Alzheimer's is setting in, and I don't remember more details. Sorry. -- vern.davis@gmail.com From e2eiod at gmail.com Wed May 4 21:01:43 2005 From: e2eiod at gmail.com (Robert Pearson) Date: Wed May 4 18:40:00 2005 Subject: [SATLUG] MySql v. Oracle In-Reply-To: <4154519d05050408243915ccf3@mail.gmail.com> References: <4154519d05050307593d0d9cfc@mail.gmail.com> <47cb8f01baf2614dd75e8798d3477bfc@biglumber.com> <4154519d05050408243915ccf3@mail.gmail.com> Message-ID: On 5/4/05, Mike Wallace wrote: > First and foremost, we don't actually know what the database is being > used for. > ...[snip]... > Yeah, there are plenty of options and they should be considered. And > I wanted the original poster to realize that the most important thing > is meeting the requirements of the project rather than finding the > dreamiest datatbase. I have shot myself in the foot before when I > have gone with the dreamiest solution rather than the solution that > best fits the problem at hand. How true still. I once did an evaluation of Ingres, Oracle and Sybase. This was before CA (Computer Automation) acquired Ingres and destroyed it. At that time Sybase was the fastest streaming database on the planet. Oracle was the new kid on the block. The goal of the project was to replace a proprietary flat-file database with a relational database. Flat-file databases do not scale well. They are very fast initially but slow rapidly with growth. They are always maintenance pigs. In my test Sybase won hands down on the test condition for bandwidth, streaming or multi-media throughput. A transaction request of a few bytes delivered Gigabytes of data. The data was seismic. On OLTP tests Ingres was first, Oracle second with Sybase the slowest. Oracle was not a whole lot slower than Ingres. Both Oracle and Sybase could support more transactions than Ingres before becoming noticeably slower in response. Ingres had the best and most user friendly query language. It was proprietary, a negative mark, but easier to use than SQL was in those days, particular for the casual user. Oracle had the best developer's toolkit. A really wonderful collection of development tools. Oracle was the slowest of the three on OLTP but above our defined minimum threshold. The programmers picked Oracle for the development tools. It worked out OK. The performance improved every year and so did the development tools. Sybase and Ingres hung around for a few years and pretty much disappeared from the main-stream. I have worked with many databases since then. Oracle is not my favorite but it works in many environments. It has some scaling issues as do most databases. It is kind of like no one ever gets fired for buying IBM because IBM works. So does Oracle. In the SOHO and SMB environment I only look at MySQL, Postgre and BDB. I really like BDB because it has a lot of promise. It is an "iffy" choice because of market share. Where will you get it in 5 years? How will it be maintained? Thanks, Robert From chuck at tetlow.net Wed May 4 21:21:13 2005 From: chuck at tetlow.net (Chuck) Date: Wed May 4 19:59:15 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> Message-ID: <1115256074.1107.2249.camel@laptop> David, Is the web server serving up pages on the standard port 80 or on the port 8090? And of course, is the firewall translating ports from 8090 down to 80??? That is the real question here. You could do it either way. If the webserver is serving pages on 8090 -- you would hit it with the firewall's real world IP, a colon, and port 8090 from the outside. On the inside, you would hit it with the inside IP, a colon, and port 8090. So, you have to put in the port number no matter where you are. But if the firewall is doing translation, you hit it on the inside with JUST the inside network IP address of the web server. And that's the best way to do it. In this configuration, the packets hit the firewall real world outside IP on port 8090 -- and the firewall translates the packets to port 80 before sending them inside to the web server. With this set up, the people on the inside wouldn't have to add a :8090 to the inside webserver address. This set up should also allow you to keep a single set of pages. Since the packets hit the server itself on port 80 whether from the inside or outside -- same pages serve both. Does that help David? Chuck On Wed, 2005-05-04 at 11:34, David Salisbury wrote: I have a question for all of the networking people out there. I've got an issue with a Linux firewall that I *think* I understand somewhat but then again maybe I don't, and at least not to the depth I'd like. Basically, in this situation, I have a Linux firewall protecting a private network. Using port forwarding I've opened up a port on the firewall so as to access a web server on one of the machines on the private network. So, if I'm anywhere NOT on the private network, I can access the web site by going to 218.276.334.33:8090, where the IP address is of course a real one and of the firewall and 8090 is the port I opened on the firewall. This all works fine. The problem arises when I try to access the web site on the private network by trying to go from the private network, THROUGH the firewall, and back into the private network. ie, referencing the above IP:port FROM a machine within the private network. Now I realize that I could just go straight to the machine on the private network and this wouldn't be a problem, however, with writing various scripts and things it's troublesome to have to maintain versions for "inside" the firewall and versions for "outside" the firewall. My question is, why can't I route like that? What would be stopping that from happening? Other than the fact that it's "not optimal" to make that extra hop and Linux knows that :), what might be the networking reason that this won't work? Thanks in advance for any insights and information ya'll can give! David _______________________________________________ SATLUG mailing list SATLUG@satlug.org http://alamo.satlug.org/mailman/listinfo/satlug From chuck at tetlow.net Wed May 4 21:29:07 2005 From: chuck at tetlow.net (Chuck) Date: Wed May 4 20:07:08 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <057301c550f2$dc00e100$e500a8c0@dsalisburycst> References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> <057301c550f2$dc00e100$e500a8c0@dsalisburycst> Message-ID: <1115256548.1116.2261.camel@laptop> No, IPChains didn't have prerouting/postrouting or port forwading ability built in. I used to do it pre-IPTables using IPMaskAdmin. Its a separate package that plugs in and gives you that port forwarding ability. Chuck On Wed, 2005-05-04 at 16:47, David Salisbury wrote: Actually, this is an older box and so it's using ipchains right now instead of iptables! But based on what everyone has written in so far I'm tinkering with the ipchains rules some more right now to see what I can figure out. I *should* be able to do this with ipchains even though it's a bit older, right? ----- Original Message ----- From: "Travis H." To: "The San Antonio Linux User's Group Mailing List" Sent: Wednesday, May 04, 2005 3:23 PM Subject: Re: [SATLUG] Firewall / routing question > Yeah you are going to have to post your "iptables -L" output. You > should be able to access the public-side IP just fine from within the > protected network and the details about why its not working lie in > your iptables rules. > > Also IP forwarding should be turned on. > > Other than that - nothing should be stopping it. _______________________________________________ SATLUG mailing list SATLUG@satlug.org http://alamo.satlug.org/mailman/listinfo/satlug From kong at thejosh.net Wed May 4 22:34:32 2005 From: kong at thejosh.net (Josh Moore) Date: Wed May 4 21:02:51 2005 Subject: [SATLUG] OT: System Restore CD Question In-Reply-To: <42782DCB.9090606@gmail.com> References: <42782DCB.9090606@gmail.com> Message-ID: <42798638.9030201@thejosh.net> You could always just buy a full version of 98 and download the drivers for the laptop from Gateway's website. Or you could try to get your friend to go for Linux. But for the restore CD or 98, eBay is your best bet. Jim Wells wrote: >I am trying to help a friend of mine who cracked one of the system >restore CD's for a Gateway Solo 5300 Laptop that was originally setup >with Windows 98. > >Does anyone have any idea where I might be able to locate a copy of >these disks? I looked at the computer show last weekend but I didn't >see any of them there. > >Any help will be much appreciated. > >Jim > >_______________________________________________ >SATLUG mailing list >SATLUG@satlug.org >http://alamo.satlug.org/mailman/listinfo/satlug > > > From leif at paisd.net Thu May 5 00:06:34 2005 From: leif at paisd.net (Leif Johnson) Date: Wed May 4 22:30:01 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <4279350B.8060109@liberto.org> Message-ID: I had a problem like this for my GradeSpeed server (which I wanted on the 192 side of our school LAN). Andrew sent me the iptables script to do the DNAT which worked fine from the outside, but users that had the same server for their proxy services kept getting a "BAD GATEWAY" error. I just set up another proxy server for those users on the LAN and it worked fine. Sincerely, -Leif Johnson Port Aransas ISD 100 Station St Port Aransas Tx 78373 361 749-1200 ext. 316 On Wed, 4 May 2005, Andrew Hodel wrote: > We have this problem also, the only 2 ways I can think to fix it are: > > 1. Tell users inside the NAT to go to the private IP ;) > > 2. Add another rule on the firewall: > > if request for IP_ADDR:PORT is from LOCAL_NET_INTERFACE then redirect to > LOCALIP:PORT > > /iptables -A INPUT -p tcp -i eth0 -d your.pub.lic.ip --dport 80 -j REDIRECT --to-destination 192.168.0.20:80/ > > Something like that should work :) > > > > Andrew > > David Salisbury wrote: > > > I have a question for all of the networking people out there. I've > > got an issue with a Linux firewall that I *think* I understand > > somewhat but then again maybe I don't, and at least not to the depth > > I'd like. > > > > Basically, in this situation, I have a Linux firewall protecting a > > private network. Using port forwarding I've opened up a port on the > > firewall so as to access a web server on one of the machines on the > > private network. So, if I'm anywhere NOT on the private network, I > > can access the web site by going to 218.276.334.33:8090, where the IP > > address is of course a real one and of the firewall and 8090 is the > > port I opened on the firewall. This all works fine. > > > > The problem arises when I try to access the web site on the private > > network by trying to go from the private network, THROUGH the > > firewall, and back into the private network. ie, referencing the > > above IP:port FROM a machine within the private network. Now I > > realize that I could just go straight to the machine on the private > > network and this wouldn't be a problem, however, with writing various > > scripts and things it's troublesome to have to maintain versions for > > "inside" the firewall and versions for "outside" the firewall. > > > > My question is, why can't I route like that? What would be stopping > > that from happening? Other than the fact that it's "not optimal" to > > make that extra hop and Linux knows that :), what might be the > > networking reason that this won't work? > > > > Thanks in advance for any insights and information ya'll can give! > > David > > > > _______________________________________________ > > SATLUG mailing list > > SATLUG@satlug.org > > http://alamo.satlug.org/mailman/listinfo/satlug > > > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From jfw5cpa at gmail.com Thu May 5 00:00:57 2005 From: jfw5cpa at gmail.com (Jim Wells) Date: Wed May 4 22:38:57 2005 Subject: [SATLUG] OT: System Restore CD Question In-Reply-To: <1115181587.1107.982.camel@laptop> References: <42782DCB.9090606@gmail.com> <1115181587.1107.982.camel@laptop> Message-ID: <42798C69.8080509@gmail.com> Thank you for the suggestions. I will get the EXACT model number and keep looking. I know the reason they needed the restore disk was to get a specific "hot-swap?" driver that was corrupted so acccessing the internet isn't a viable option, at least right now. Thanks, Jim > On Tue, 2005-05-03 at 21:04, Jim Wells wrote: > > I am trying to help a friend of mine who cracked one of the system > restore CD's for a Gateway Solo 5300 Laptop that was originally setup > with Windows 98. > > Does anyone have any idea where I might be able to locate a copy of > these disks? I looked at the computer show last weekend but I didn't > see any of them there. > > Any help will be much appreciated. > > Jim > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > > http://alamo.satlug.org/mailman/listinfo/satlug > > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From zeb.fletcher at gmail.com Thu May 5 00:33:12 2005 From: zeb.fletcher at gmail.com (Zeb Fletcher) Date: Wed May 4 23:11:19 2005 Subject: [SATLUG] Re: OT: System Restore CD Question In-Reply-To: <42798C69.8080509@gmail.com> References: <42782DCB.9090606@gmail.com> <1115181587.1107.982.camel@laptop> <42798C69.8080509@gmail.com> Message-ID: <128bff2f05050421332e6894c@mail.gmail.com> Dumb question but have you tried contacting Gateway to see if they still have the CD ? They might sell you one or exchange your broken one. for a small fee. Zeb On 5/4/05, Jim Wells wrote: > Thank you for the suggestions. I will get the EXACT model number and > keep looking. I know the reason they needed the restore disk was to > get a specific "hot-swap?" driver that was corrupted so acccessing the > internet isn't a viable option, at least right now. > > Thanks, > Jim > > > On Tue, 2005-05-03 at 21:04, Jim Wells wrote: > > > > I am trying to help a friend of mine who cracked one of the system > > restore CD's for a Gateway Solo 5300 Laptop that was originally setup > > with Windows 98. > > > > Does anyone have any idea where I might be able to locate a copy of > > these disks? I looked at the computer show last weekend but I didn't > > see any of them there. > > > > Any help will be much appreciated. > > > > Jim > > > > _______________________________________________ > > SATLUG mailing list > > SATLUG@satlug.org > > > > http://alamo.satlug.org/mailman/listinfo/satlug > > > > > > _______________________________________________ > > SATLUG mailing list > > SATLUG@satlug.org > > http://alamo.satlug.org/mailman/listinfo/satlug > > > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From rhermida at prodigy.net Thu May 5 10:51:22 2005 From: rhermida at prodigy.net (Ramon Hermida) Date: Thu May 5 11:29:37 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: 6667 Message-ID: <20050505165123.73402.qmail@web80203.mail.yahoo.com> I remember that we used to have the same issue where I worked at with the firewall and with people not being able to access internal web servers from the inside. The solution was to set up DNS servers, one for the inside, and one for the outside. That way, if the users wanted to go to www.sampleserver.com from the inside, the DNS server would give them 192.168.1.100, and if people were hitting www.sampleserver.com from the outside, they would get 209.209.209.209 (sample IP address). Technically, it was only (1) dns server since BIND will allow you to setup views to serve both internal/external requests. This is my $0.02. Regards -RH --- Leif Johnson wrote: > > I had a problem like this for my GradeSpeed server > (which I wanted on the > 192 side of our school LAN). Andrew sent me the > iptables script to do the > DNAT which worked fine from the outside, but users > that had the same > server for their proxy services kept getting a "BAD > GATEWAY" error. I just > set up another proxy server for those users on the > LAN and it worked fine. > > Sincerely, > -Leif Johnson > Port Aransas ISD > 100 Station St > Port Aransas Tx 78373 > 361 749-1200 ext. 316 > > > > On Wed, 4 May 2005, Andrew Hodel wrote: > > > We have this problem also, the only 2 ways I can > think to fix it are: > > > > 1. Tell users inside the NAT to go to the private > IP ;) > > > > 2. Add another rule on the firewall: > > > > if request for IP_ADDR:PORT is from > LOCAL_NET_INTERFACE then redirect to > > LOCALIP:PORT > > > > /iptables -A INPUT -p tcp -i eth0 -d > your.pub.lic.ip --dport 80 -j REDIRECT > --to-destination 192.168.0.20:80/ > > > > Something like that should work :) > > > > > > > > Andrew > > > > David Salisbury wrote: > > > > > I have a question for all of the networking > people out there. I've > > > got an issue with a Linux firewall that I > *think* I understand > > > somewhat but then again maybe I don't, and at > least not to the depth > > > I'd like. > > > > > > Basically, in this situation, I have a Linux > firewall protecting a > > > private network. Using port forwarding I've > opened up a port on the > > > firewall so as to access a web server on one of > the machines on the > > > private network. So, if I'm anywhere NOT on the > private network, I > > > can access the web site by going to > 218.276.334.33:8090, where the IP > > > address is of course a real one and of the > firewall and 8090 is the > > > port I opened on the firewall. This all works > fine. > > > > > > The problem arises when I try to access the web > site on the private > > > network by trying to go from the private > network, THROUGH the > > > firewall, and back into the private network. > ie, referencing the > > > above IP:port FROM a machine within the private > network. Now I > > > realize that I could just go straight to the > machine on the private > > > network and this wouldn't be a problem, however, > with writing various > > > scripts and things it's troublesome to have to > maintain versions for > > > "inside" the firewall and versions for "outside" > the firewall. > > > > > > My question is, why can't I route like that? > What would be stopping > > > that from happening? Other than the fact that > it's "not optimal" to > > > make that extra hop and Linux knows that :), > what might be the > > > networking reason that this won't work? > > > > > > Thanks in advance for any insights and > information ya'll can give! > > > David > > > > > > _______________________________________________ > > > SATLUG mailing list > > > SATLUG@satlug.org > > > http://alamo.satlug.org/mailman/listinfo/satlug > > > > > > > _______________________________________________ > > SATLUG mailing list > > SATLUG@satlug.org > > http://alamo.satlug.org/mailman/listinfo/satlug > > > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From jaret at aberlorn.com Thu May 5 13:25:39 2005 From: jaret at aberlorn.com (jaret) Date: Thu May 5 12:03:43 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <20050505165123.73402.qmail@web80203.mail.yahoo.com> References: <20050505165123.73402.qmail@web80203.mail.yahoo.com> Message-ID: <427A5713.9090208@aberlorn.com> That would work. But depending on the situation it could be overkill... For example for small-shops if you use a DNS hoster (like GoDaddy or Register.com) then you don't need to setup an internal DNS server. Then all you are responsible for is your firewall and the corresponding firewall script that routes IP requests in and out of the network. With the right script you can make the private network talk to the public DNS server which then resolves back to your private network Webserver or Email/Postfix (or whatever server you want). So, if I'm in my private network on Mozilla and type my web address, the packets are first sent through the firewall to the public DNS and back through the firewall to the webserver. Yes, it is a long-route to travel... but I don't have to fuss over a DNS server. With DSL I don't notice a speed hit, though obviously there is one in the details. Ramon Hermida wrote: >I remember that we used to have the same issue where I >worked at with the firewall and with people not being >able to access internal web servers from the inside. > >The solution was to set up DNS servers, one for the >inside, and one for the outside. That way, if the >users wanted to go to www.sampleserver.com from the >inside, the DNS server would give them 192.168.1.100, >and if people were hitting www.sampleserver.com from >the outside, they would get 209.209.209.209 (sample IP >address). Technically, it was only (1) dns server >since BIND will allow you to setup views to serve both >internal/external requests. > >This is my $0.02. > >Regards > >-RH > >--- Leif Johnson wrote: > > >>I had a problem like this for my GradeSpeed server >>(which I wanted on the >>192 side of our school LAN). Andrew sent me the >>iptables script to do the >>DNAT which worked fine from the outside, but users >>that had the same >>server for their proxy services kept getting a "BAD >>GATEWAY" error. I just >>set up another proxy server for those users on the >>LAN and it worked fine. >> >>Sincerely, >>-Leif Johnson >>Port Aransas ISD >>100 Station St >>Port Aransas Tx 78373 >>361 749-1200 ext. 316 >> >> >> >>On Wed, 4 May 2005, Andrew Hodel wrote: >> >> >> >>>We have this problem also, the only 2 ways I can >>> >>> >>think to fix it are: >> >> >>>1. Tell users inside the NAT to go to the private >>> >>> >>IP ;) >> >> >>>2. Add another rule on the firewall: >>> >>>if request for IP_ADDR:PORT is from >>> >>> >>LOCAL_NET_INTERFACE then redirect to >> >> >>>LOCALIP:PORT >>> >>>/iptables -A INPUT -p tcp -i eth0 -d >>> >>> >>your.pub.lic.ip --dport 80 -j REDIRECT >>--to-destination 192.168.0.20:80/ >> >> >>>Something like that should work :) >>> >>> >>> >>>Andrew >>> >>>David Salisbury wrote: >>> >>> >>> >>>>I have a question for all of the networking >>>> >>>> >>people out there. I've >> >> >>>>got an issue with a Linux firewall that I >>>> >>>> >>*think* I understand >> >> >>>>somewhat but then again maybe I don't, and at >>>> >>>> >>least not to the depth >> >> >>>>I'd like. >>>> >>>>Basically, in this situation, I have a Linux >>>> >>>> >>firewall protecting a >> >> >>>>private network. Using port forwarding I've >>>> >>>> >>opened up a port on the >> >> >>>>firewall so as to access a web server on one of >>>> >>>> >>the machines on the >> >> >>>>private network. So, if I'm anywhere NOT on the >>>> >>>> >>private network, I >> >> >>>>can access the web site by going to >>>> >>>> >>218.276.334.33:8090, where the IP >> >> >>>>address is of course a real one and of the >>>> >>>> >>firewall and 8090 is the >> >> >>>>port I opened on the firewall. This all works >>>> >>>> >>fine. >> >> >>>>The problem arises when I try to access the web >>>> >>>> >>site on the private >> >> >>>>network by trying to go from the private >>>> >>>> >>network, THROUGH the >> >> >>>>firewall, and back into the private network. >>>> >>>> >>ie, referencing the >> >> >>>>above IP:port FROM a machine within the private >>>> >>>> >>network. Now I >> >> >>>>realize that I could just go straight to the >>>> >>>> >>machine on the private >> >> >>>>network and this wouldn't be a problem, however, >>>> >>>> >>with writing various >> >> >>>>scripts and things it's troublesome to have to >>>> >>>> >>maintain versions for >> >> >>>>"inside" the firewall and versions for "outside" >>>> >>>> >>the firewall. >> >> >>>>My question is, why can't I route like that? >>>> >>>> >>What would be stopping >> >> >>>>that from happening? Other than the fact that >>>> >>>> >>it's "not optimal" to >> >> >>>>make that extra hop and Linux knows that :), >>>> >>>> >>what might be the >> >> >>>>networking reason that this won't work? >>>> >>>>Thanks in advance for any insights and >>>> >>>> >>information ya'll can give! >> >> >>>>David >>>> >>>>_______________________________________________ >>>>SATLUG mailing list >>>>SATLUG@satlug.org >>>>http://alamo.satlug.org/mailman/listinfo/satlug >>>> >>>> >>>> >>>_______________________________________________ >>>SATLUG mailing list >>>SATLUG@satlug.org >>>http://alamo.satlug.org/mailman/listinfo/satlug >>> >>> >>> >>_______________________________________________ >>SATLUG mailing list >>SATLUG@satlug.org >>http://alamo.satlug.org/mailman/listinfo/satlug >> >> >> >_______________________________________________ >SATLUG mailing list >SATLUG@satlug.org >http://alamo.satlug.org/mailman/listinfo/satlug > > > From junkmailer at satx.rr.com Thu May 5 14:56:38 2005 From: junkmailer at satx.rr.com (Luis) Date: Thu May 5 13:33:14 2005 Subject: [SATLUG] OT: System Restore CD Question In-Reply-To: <42798C69.8080509@gmail.com> References: <42782DCB.9090606@gmail.com> <1115181587.1107.982.camel@laptop> <42798C69.8080509@gmail.com> Message-ID: <427A6C66.1090406@satx.rr.com> I had an ex girlfriend who had the same problem. I contacted the company and after some sweet talking they set her a replacement set of original cd's. Give them a call. It can't hurt! Luis Jim Wells wrote: >Thank you for the suggestions. I will get the EXACT model number and >keep looking. I know the reason they needed the restore disk was to >get a specific "hot-swap?" driver that was corrupted so acccessing the >internet isn't a viable option, at least right now. > >Thanks, >Jim > > > >>On Tue, 2005-05-03 at 21:04, Jim Wells wrote: >> >> I am trying to help a friend of mine who cracked one of the system >> restore CD's for a Gateway Solo 5300 Laptop that was originally setup >> with Windows 98. >> >> Does anyone have any idea where I might be able to locate a copy of >> these disks? I looked at the computer show last weekend but I didn't >> see any of them there. >> >> Any help will be much appreciated. >> >> Jim >> >> _______________________________________________ >> SATLUG mailing list >> SATLUG@satlug.org >> >>http://alamo.satlug.org/mailman/listinfo/satlug >> >> >>_______________________________________________ >>SATLUG mailing list >>SATLUG@satlug.org >>http://alamo.satlug.org/mailman/listinfo/satlug >> >> >> > >_______________________________________________ >SATLUG mailing list >SATLUG@satlug.org >http://alamo.satlug.org/mailman/listinfo/satlug > > > From zip at liberto.org Thu May 5 15:52:32 2005 From: zip at liberto.org (Andrew Hodel) Date: Thu May 5 14:30:37 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <20050505165123.73402.qmail@web80203.mail.yahoo.com> References: <20050505165123.73402.qmail@web80203.mail.yahoo.com> Message-ID: <427A7980.3040005@liberto.org> Read this: http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch04.html For setting up split dns, however I do not think this is the best way to fix this problem. Andrew Ramon Hermida wrote: >I remember that we used to have the same issue where I >worked at with the firewall and with people not being >able to access internal web servers from the inside. > >The solution was to set up DNS servers, one for the >inside, and one for the outside. That way, if the >users wanted to go to www.sampleserver.com from the >inside, the DNS server would give them 192.168.1.100, >and if people were hitting www.sampleserver.com from >the outside, they would get 209.209.209.209 (sample IP >address). Technically, it was only (1) dns server >since BIND will allow you to setup views to serve both >internal/external requests. > >This is my $0.02. > >Regards > >-RH > >--- Leif Johnson wrote: > > >>I had a problem like this for my GradeSpeed server >>(which I wanted on the >>192 side of our school LAN). Andrew sent me the >>iptables script to do the >>DNAT which worked fine from the outside, but users >>that had the same >>server for their proxy services kept getting a "BAD >>GATEWAY" error. I just >>set up another proxy server for those users on the >>LAN and it worked fine. >> >>Sincerely, >>-Leif Johnson >>Port Aransas ISD >>100 Station St >>Port Aransas Tx 78373 >>361 749-1200 ext. 316 >> >> >> >>On Wed, 4 May 2005, Andrew Hodel wrote: >> >> >> >>>We have this problem also, the only 2 ways I can >>> >>> >>think to fix it are: >> >> >>>1. Tell users inside the NAT to go to the private >>> >>> >>IP ;) >> >> >>>2. Add another rule on the firewall: >>> >>>if request for IP_ADDR:PORT is from >>> >>> >>LOCAL_NET_INTERFACE then redirect to >> >> >>>LOCALIP:PORT >>> >>>/iptables -A INPUT -p tcp -i eth0 -d >>> >>> >>your.pub.lic.ip --dport 80 -j REDIRECT >>--to-destination 192.168.0.20:80/ >> >> >>>Something like that should work :) >>> >>> >>> >>>Andrew >>> >>>David Salisbury wrote: >>> >>> >>> >>>>I have a question for all of the networking >>>> >>>> >>people out there. I've >> >> >>>>got an issue with a Linux firewall that I >>>> >>>> >>*think* I understand >> >> >>>>somewhat but then again maybe I don't, and at >>>> >>>> >>least not to the depth >> >> >>>>I'd like. >>>> >>>>Basically, in this situation, I have a Linux >>>> >>>> >>firewall protecting a >> >> >>>>private network. Using port forwarding I've >>>> >>>> >>opened up a port on the >> >> >>>>firewall so as to access a web server on one of >>>> >>>> >>the machines on the >> >> >>>>private network. So, if I'm anywhere NOT on the >>>> >>>> >>private network, I >> >> >>>>can access the web site by going to >>>> >>>> >>218.276.334.33:8090, where the IP >> >> >>>>address is of course a real one and of the >>>> >>>> >>firewall and 8090 is the >> >> >>>>port I opened on the firewall. This all works >>>> >>>> >>fine. >> >> >>>>The problem arises when I try to access the web >>>> >>>> >>site on the private >> >> >>>>network by trying to go from the private >>>> >>>> >>network, THROUGH the >> >> >>>>firewall, and back into the private network. >>>> >>>> >>ie, referencing the >> >> >>>>above IP:port FROM a machine within the private >>>> >>>> >>network. Now I >> >> >>>>realize that I could just go straight to the >>>> >>>> >>machine on the private >> >> >>>>network and this wouldn't be a problem, however, >>>> >>>> >>with writing various >> >> >>>>scripts and things it's troublesome to have to >>>> >>>> >>maintain versions for >> >> >>>>"inside" the firewall and versions for "outside" >>>> >>>> >>the firewall. >> >> >>>>My question is, why can't I route like that? >>>> >>>> >>What would be stopping >> >> >>>>that from happening? Other than the fact that >>>> >>>> >>it's "not optimal" to >> >> >>>>make that extra hop and Linux knows that :), >>>> >>>> >>what might be the >> >> >>>>networking reason that this won't work? >>>> >>>>Thanks in advance for any insights and >>>> >>>> >>information ya'll can give! >> >> >>>>David >>>> >>>>_______________________________________________ >>>>SATLUG mailing list >>>>SATLUG@satlug.org >>>>http://alamo.satlug.org/mailman/listinfo/satlug >>>> >>>> >>>> >>>_______________________________________________ >>>SATLUG mailing list >>>SATLUG@satlug.org >>>http://alamo.satlug.org/mailman/listinfo/satlug >>> >>> >>> >>_______________________________________________ >>SATLUG mailing list >>SATLUG@satlug.org >>http://alamo.satlug.org/mailman/listinfo/satlug >> >> >> >_______________________________________________ >SATLUG mailing list >SATLUG@satlug.org >http://alamo.satlug.org/mailman/listinfo/satlug > > > From david.salisbury at momentumweb.com Thu May 5 16:09:02 2005 From: david.salisbury at momentumweb.com (David Salisbury) Date: Thu May 5 14:47:06 2005 Subject: [SATLUG] Firewall / routing question References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> <1115256074.1107.2249.camel@laptop> Message-ID: <033801c551ae$4b097ec0$e500a8c0@dsalisburycst> Chuck, I think even if I made the port on the public side port 80, I'd still have the same problem. Is that what you're saying? Whether it's 80 on the public side or 11443 on the public side, it's still forwarding in to a port 80 on the internal box, and trying to route to it by referencing the outer ip:port while I'm on an internal machine will still be a problem. And it's not that I have to keep two sets of pages, one for the inner people and one for the outer people, but two sets of SCRIPTS since the script I'm writing makes a call to PHP script sitting on the internal web server. And I can't reference the internal server from a public script (like, 192.168.x.x and such), and also (the problem) can't reference the public server from an internal script since referencing that public server is a reference that forwards back inside the private network. I hope that I've made that make sense. It is very possible I didn't read your response the way you intended, so let me know if that's the case. Thanks for yours and everyone else's responses though! Still messing with firewall rules, David ----- Original Message ----- From: "Chuck" To: "The San Antonio Linux User's Group Mailing List" Sent: Wednesday, May 04, 2005 8:21 PM Subject: Re: [SATLUG] Firewall / routing question > David, > > Is the web server serving up pages on the standard port 80 or on the > port 8090? And of course, is the firewall translating ports from 8090 > down to 80??? > > That is the real question here. You could do it either way. If the > webserver is serving pages on 8090 -- you would hit it with the > firewall's real world IP, a colon, and port 8090 from the outside. On > the inside, you would hit it with the inside IP, a colon, and port > 8090. So, you have to put in the port number no matter where you are. > > But if the firewall is doing translation, you hit it on the inside with > JUST the inside network IP address of the web server. And that's the > best way to do it. In this configuration, the packets hit the firewall > real world outside IP on port 8090 -- and the firewall translates the > packets to port 80 before sending them inside to the web server. With > this set up, the people on the inside wouldn't have to add a :8090 to > the inside webserver address. This set up should also allow you to keep > a single set of pages. Since the packets hit the server itself on port > 80 whether from the inside or outside -- same pages serve both. > > Does that help David? > > > Chuck From vern.davis at gmail.com Thu May 5 16:29:48 2005 From: vern.davis at gmail.com (Vern Davis) Date: Thu May 5 15:07:51 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: <033801c551ae$4b097ec0$e500a8c0@dsalisburycst> References: <035201c550c7$2fc87ef0$e500a8c0@dsalisburycst> <1115256074.1107.2249.camel@laptop> <033801c551ae$4b097ec0$e500a8c0@dsalisburycst> Message-ID: <5ef09f105050513296831826e@mail.gmail.com> On 5/5/05, David Salisbury wrote: > Chuck, > > I think even if I made the port on the public side port 80, I'd still have > the same problem. Is that what you're saying? Whether it's 80 on the > public side or 11443 on the public side, it's still forwarding in to a port > 80 on the internal box, and trying to route to it by referencing the outer > ip:port while I'm on an internal machine will still be a problem. And it's > not that I have to keep two sets of pages, one for the inner people and one > for the outer people, but two sets of SCRIPTS since the script I'm writing > makes a call to PHP script sitting on the internal web server. And I can't > reference the internal server from a public script (like, 192.168.x.x and > such), and also (the problem) can't reference the public server from an > internal script since referencing that public server is a reference that > forwards back inside the private network. > > I hope that I've made that make sense. It is very possible I didn't read > your response the way you intended, so let me know if that's the case. > Thanks for yours and everyone else's responses though! > > Still messing with firewall rules, > David > I had this same problem on a firewall/webserver box that ran an early version of Redhat which only had ipchains. Seems like the problem went away when I upgraded the box and started using iptables. -- vern.davis@gmail.com From channing-c at satx.rr.com Thu May 5 16:59:54 2005 From: channing-c at satx.rr.com (Channing) Date: Thu May 5 15:35:19 2005 Subject: [SATLUG] OT: Dale, are you out there? Message-ID: <427A894A.6050405@satx.rr.com> Hi Dale, I'm the guy you spoke to after the meeting in March, well one of them anyway. Please contact me off-list, I have a question for you about that conversation. My address is: channing dash c at satx dot rr dot com Thanks Channing From jfw5cpa at gmail.com Fri May 6 11:43:36 2005 From: jfw5cpa at gmail.com (Jim Wells) Date: Fri May 6 10:21:34 2005 Subject: [SATLUG] Re: OT: System Restore CD Question In-Reply-To: <128bff2f05050421332e6894c@mail.gmail.com> References: <42782DCB.9090606@gmail.com> <1115181587.1107.982.camel@laptop> <42798C69.8080509@gmail.com> <128bff2f05050421332e6894c@mail.gmail.com> Message-ID: <427B8298.6050201@gmail.com> Zeb, That was the very first thing my friend did when he found the crack in the CD. The person they talked to at Gateway told them that they did not have the old restore CD's for Windows 98 systems. I think, though, that I will suggest that they try calling again. Maybe the first person didn't know what the heck they were talking about. Thanks, Jim Zeb Fletcher wrote: > Dumb question but have you tried contacting Gateway to see if they > still have the CD ? They might sell you one or exchange your broken > one. for a small fee. > > Zeb > > > On 5/4/05, Jim Wells wrote: > >>Thank you for the suggestions. I will get the EXACT model number and >>keep looking. I know the reason they needed the restore disk was to >>get a specific "hot-swap?" driver that was corrupted so acccessing the >>internet isn't a viable option, at least right now. >> >>Thanks, >>Jim >> >> >>>On Tue, 2005-05-03 at 21:04, Jim Wells wrote: >>> >>> I am trying to help a friend of mine who cracked one of the system >>> restore CD's for a Gateway Solo 5300 Laptop that was originally setup >>> with Windows 98. >>> >>> Does anyone have any idea where I might be able to locate a copy of >>> these disks? I looked at the computer show last weekend but I didn't >>> see any of them there. >>> >>> Any help will be much appreciated. >>> >>> Jim >>> >>> _______________________________________________ >>> SATLUG mailing list >>> SATLUG@satlug.org >>> >>>http://alamo.satlug.org/mailman/listinfo/satlug >>> >>> >>>_______________________________________________ >>>SATLUG mailing list >>>SATLUG@satlug.org >>>http://alamo.satlug.org/mailman/listinfo/satlug >>> >> >>_______________________________________________ >>SATLUG mailing list >>SATLUG@satlug.org >>http://alamo.satlug.org/mailman/listinfo/satlug >> > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From Walt.DuBose at RANDOLPH.AF.MIL Fri May 6 12:07:31 2005 From: Walt.DuBose at RANDOLPH.AF.MIL (DuBose Walt Civ AETC CONS/LGCA) Date: Fri May 6 10:45:42 2005 Subject: [SATLUG] Another Survey Message-ID: <2A407034E7DA06459E4248D9018BE33D076D5D9F@fstymx52.randolph.aetc.ds.af.mil> See http://www.arrl.org/survey.php3 This tells me that hams are buying new hardware not converting to XP. Search for previous computer surveys and see the trend. Walt From cilorentson at devtex.net Wed May 11 12:11:25 2005 From: cilorentson at devtex.net (Chuck Lorentson) Date: Fri May 6 10:49:19 2005 Subject: [SATLUG] Restore CD qestion,cl Message-ID: <42822EAD.20602@devtex.net> If a restore cd can not be had/found, does that mean the computer is no longer useful? I run into this problem, called the manufacture, they wanted to sell new restore cds, in the mean time, found out the problem was something else. But in this ''process'' I wondered,,,, will this cpu become a '''doorstop'''? cl From geoffw5omr at gmail.com Fri May 6 12:20:29 2005 From: geoffw5omr at gmail.com (Geoff) Date: Fri May 6 10:58:30 2005 Subject: [SATLUG] Restore CD qestion,cl In-Reply-To: <42822EAD.20602@devtex.net> References: <42822EAD.20602@devtex.net> Message-ID: On 5/11/05, Chuck Lorentson wrote: > If a restore cd can not be had/found, does that mean the computer is no > longer useful? > I run into this problem, called the manufacture, they wanted to sell new > restore cds, in the mean > time, found out the problem was something else. But in this ''process'' > I wondered,,,, will this cpu become > a '''doorstop'''? cl You ask that in a Linux Users Group list? ;-) Format the drive, load Linux. Your choice of flavor (distribution). Gateway knows Windows, and that's about it. -- Regards, -Geoff Oscar loves trash, but hates spam. Get the Lead out to reply. From chmims at gmail.com Fri May 6 21:45:10 2005 From: chmims at gmail.com (Charles Mims) Date: Fri May 6 20:23:19 2005 Subject: [SATLUG] Restore CD qestion,cl In-Reply-To: <42822EAD.20602@devtex.net> References: <42822EAD.20602@devtex.net> Message-ID: <9e4edf58050506184570160ab7@mail.gmail.com> I have an old Compaq that came with restore CD for Win95. I have successfully installed Win98, WinXP and mutiple versions of Linux using the standard install disk for the OS. On 5/11/05, Chuck Lorentson wrote: > If a restore cd can not be had/found, does that mean the computer is no > longer useful? > I run into this problem, called the manufacture, they wanted to sell new > restore cds, in the mean > time, found out the problem was something else. But in this ''process'' > I wondered,,,, will this cpu become > a '''doorstop'''? cl > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From mester at satx.rr.com Fri May 6 22:14:33 2005 From: mester at satx.rr.com (Mike Ester) Date: Fri May 6 20:52:31 2005 Subject: [SATLUG] Restore CD qestion,cl In-Reply-To: References: <42822EAD.20602@devtex.net> Message-ID: <20050506211433.2be944f6@ws400.satx.rr.com> On Fri, 06 May 2005 11:20:29 -0500 Geoff wrote: > On 5/11/05, Chuck Lorentson wrote: > > If a restore cd can not be had/found, does that mean the computer is > > no longer useful? > > I run into this problem, called the manufacture, they wanted to sell > > new restore cds, in the mean > > time, found out the problem was something else. But in this > > ''process'' I wondered,,,, will this cpu become > > a '''doorstop'''? cl > > You ask that in a Linux Users Group list? ;-) > > Format the drive, load Linux. Your choice of flavor (distribution). > Hmmmm, sounds like a job for............SUPERTUX!!!!!!!!!!!! -- Mike Ester 830-822-2241 AOL Instant Messenger: hermsys Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html A free alternative to Microsoft Office: http://www.openoffice.org From wrkwatchr at hotmail.com Fri May 6 22:58:34 2005 From: wrkwatchr at hotmail.com (WrkWatchr) Date: Fri May 6 21:41:05 2005 Subject: [SATLUG] Restore CD qestion,cl In-Reply-To: <20050506211433.2be944f6@ws400.satx.rr.com> Message-ID: I have to ask...why mess with the restore CD. Ifn they are looking for Win 98...find someone with an unused copy, load it up, then go find all the necessary drivers via goggle. I can't remember ever going back to a restore CD to reinstall a system if I had another alternative available (if you insist on Windows) Roy -----Original Message----- From: satlug-bounces@satlug.org [mailto:satlug-bounces@satlug.org] On Behalf Of Mike Ester Sent: Friday, May 06, 2005 9:15 PM To: geoff-pb-w5omr@gmail.com; The San Antonio Linux User's Group Mailing List Subject: Re: [SATLUG] Restore CD qestion,cl On Fri, 06 May 2005 11:20:29 -0500 Geoff wrote: > On 5/11/05, Chuck Lorentson wrote: > > If a restore cd can not be had/found, does that mean the computer is > > no longer useful? > > I run into this problem, called the manufacture, they wanted to sell > > new restore cds, in the mean > > time, found out the problem was something else. But in this > > ''process'' I wondered,,,, will this cpu become > > a '''doorstop'''? cl > > You ask that in a Linux Users Group list? ;-) > > Format the drive, load Linux. Your choice of flavor (distribution). > Hmmmm, sounds like a job for............SUPERTUX!!!!!!!!!!!! -- Mike Ester 830-822-2241 AOL Instant Messenger: hermsys Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html A free alternative to Microsoft Office: http://www.openoffice.org _______________________________________________ SATLUG mailing list SATLUG@satlug.org http://alamo.satlug.org/mailman/listinfo/satlug From dmyhand at cox-internet.com Sat May 7 09:45:07 2005 From: dmyhand at cox-internet.com (Dennis Myhand) Date: Sat May 7 08:22:15 2005 Subject: [SATLUG] More Screen Resolution? Message-ID: <1115473507.7788.3.camel@localhost.localdomain> I just did a net install of Sarge and it went great. Now I want to change my screen resolution to 1024X768. 800X600 is the highest allowed. xf86config does not change this. What do I need to change to get to a higher resolution? From ziriax at gmail.com Sat May 7 11:04:25 2005 From: ziriax at gmail.com (John Ziriax) Date: Sat May 7 09:42:25 2005 Subject: [SATLUG] More Screen Resolution? In-Reply-To: <1115473507.7788.3.camel@localhost.localdomain> References: <1115473507.7788.3.camel@localhost.localdomain> Message-ID: <31bde60e05050708047be321f8@mail.gmail.com> Dennis, Here's the relevant section of my /etc/X11/XF86Config-4 file. Make a backup and change according to you monitors specs and the resolutions you would like. I don't remember how Sarge configured this, but it is not my work. Good luck. John -------------------------------------------------- Section "Monitor" Identifier "@BL:2db3" HorizSync 30-85 VertRefresh 50-160 Option "DPMS" EndSection Section "Screen" Identifier "Default Screen" Device "Generic Video Card" Monitor "@BL:2db3" DefaultDepth 24 SubSection "Display" Depth 1 Modes "1280x1024" "1024x768" "800x600" "640x480" EndSubSection SubSection "Display" Depth 4 Modes "1280x1024" "1024x768" "800x600" "640x480" EndSubSection SubSection "Display" Depth 8 Modes "1280x1024" "1024x768" "800x600" "640x480" EndSubSection SubSection "Display" Depth 15 Modes "1280x1024" "1024x768" "800x600" "640x480" EndSubSection SubSection "Display" Depth 16 Modes "1280x1024" "1024x768" "800x600" "640x480" EndSubSection SubSection "Display" Depth 24 Modes "1280x1024" "1024x768" "800x600" "640x480" EndSubSection EndSection ---------------------------------------- On 5/7/05, Dennis Myhand wrote: > I just did a net install of Sarge and it went great. Now I want to > change my screen resolution to 1024X768. 800X600 is the highest > allowed. xf86config does not change this. What do I need to change to > get to a higher resolution? > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > -- John From mester at satx.rr.com Sat May 7 11:06:49 2005 From: mester at satx.rr.com (Mike Ester) Date: Sat May 7 09:44:47 2005 Subject: [SATLUG] More Screen Resolution? In-Reply-To: <1115473507.7788.3.camel@localhost.localdomain> References: <1115473507.7788.3.camel@localhost.localdomain> Message-ID: <20050507100649.631b213e@ws400.satx.rr.com> On Sat, 07 May 2005 08:45:07 -0500 Dennis Myhand wrote: > I just did a net install of Sarge and it went great. Now I want to > change my screen resolution to 1024X768. 800X600 is the highest > allowed. xf86config does not change this. What do I need to change > to get to a higher resolution? > I usually go to a virtual console and run: dpkg-reconfigure xserver-xfree86 -- Mike Ester 830-822-2241 AOL Instant Messenger: hermsys Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html A free alternative to Microsoft Office: http://www.openoffice.org From scarolan at gmail.com Sun May 8 16:06:45 2005 From: scarolan at gmail.com (Sean Carolan) Date: Sun May 8 14:44:53 2005 Subject: [SATLUG] eth0 fighting with wlan0 Message-ID: <277020fc05050813061dfeda51@mail.gmail.com> Hi gang: I recently moved into a house which was not practical to run cat5 cable through. I now have a wireless 802.11b USB adapter that I call wlan0. wlan0 works just fine, but only after manually stopping eth0 and then restarting wlan0. I am using a Fedora Core 3 box. I have found config files in three locations: [scarolan@fortknox sysconfig]$ find . -name "ifcfg*" ./networking/profiles/default/ifcfg-eth0 ./networking/profiles/default/ifcfg-wlan0 ./networking/devices/ifcfg-eth0 ./networking/devices/ifcfg-wlan0 ./network-scripts/ifcfg-eth0 ./network-scripts/ifcfg-wlan0 ./network-scripts/ifcfg-lo I have set up all of the ifcfg-eth0 scripts to look like this: # Realtek|RTL-8139/8139C/8139C+ DEVICE=eth0 BOOTPROTO=none BROADCAST=192.168.1.255 HWADDR=13:37:H4:X0:RB:0X IPADDR=192.168.1.2 NETMASK=255.255.255.0 NETWORK=192.168.1.0 ONBOOT=no TYPE=Ethernet USERCTL=no PEERDNS=no GATEWAY=192.168.1.1 IPV6INIT=no What I don't understand is, why is it still coming up at boot time, when I have ONBOOT=no? Any ideas? Ideally wlan0 would come up and eth0 stays OFF at boot time. thanks Sean From lblodgett at glorypath.com Mon May 9 08:58:44 2005 From: lblodgett at glorypath.com (Larry Blodgett) Date: Mon May 9 07:36:58 2005 Subject: [SATLUG] Sun Cobalt RaQ3 Hard Drive Message-ID: <4078c236127ff1546a53bd419908d7cf@glorypath.com> I recently got a RaQ3 and decided to put in a second hard drive (40 gig IDE Maxtor). So I set the drive as slave an plugged it into the bus. The existing master was about 20 gig. When I did maintenance it formated but it was only about 4.5 gig. So I tried an 8 gig drive and it seems to be all the drive. Does anyone have a RaQ3 and could they shed some light on this? I have a post on the SUN RaQ3 list but no answers have come back. Thanks for any help. Larry Blodgett From scarolan at gmail.com Mon May 9 10:31:23 2005 From: scarolan at gmail.com (Sean Carolan) Date: Mon May 9 09:09:19 2005 Subject: [SATLUG] eth0 fighting with wlan0 In-Reply-To: <200505082044.j48KisGn011681@biochem.uthscsa.edu> References: <277020fc05050813061dfeda51@mail.gmail.com> <200505082044.j48KisGn011681@biochem.uthscsa.edu> Message-ID: <277020fc05050907313658f37@mail.gmail.com> > Perhaps all you need to do is issue: > > route add default gw 192.168.1.1 wlan0 (or whatever the IP address of your > default gw is). Borries: Sorry I was not clear. I have set up wlan0 to have the same IP address as eth0. Yes, I know that's probably bad form but I have a bunch of services forwarded to that IP address and didn't want to bother changing them. Since eth0 is not needed at all at this point, I have disabled it by renaming all the ifcfg-eth0 scripts. If we move again and have cat5 available I'll hook it back up. thanks for all your help. Sean From msellers at sbcglobal.net Mon May 9 17:31:49 2005 From: msellers at sbcglobal.net (Michael W. Sellers) Date: Mon May 9 16:09:06 2005 Subject: [SATLUG] moving OS to new disk Message-ID: <427FD6C5.60503@sbcglobal.net> Wondering if anyone can give me some advice. Google has yeilded a little, but I'm not sure if I trust it so far. I have 2 old ide drives with my OS on them (just one installation of Linux) I have 2 new sata drives Want to migrate the OS from the old drives to the new ones I've read that you can use dd or cp -a to accomplish this. But I'm doubtful. cp -a gave me a bunch error when trying to copy the root partition. the errors were related to file access permissions for the most part. I am doing this as root of course. Thanks Mike From msellers at sbcglobal.net Mon May 9 17:41:42 2005 From: msellers at sbcglobal.net (Michael W. Sellers) Date: Mon May 9 16:18:48 2005 Subject: [SATLUG] moving OS to new disk In-Reply-To: <427FD6C5.60503@sbcglobal.net> References: <427FD6C5.60503@sbcglobal.net> Message-ID: <427FD916.40200@sbcglobal.net> Oh yeah! My new drives are twice the capacity of the old ones, so I want to change the sizes of my partitions Mike From jennifervg at yahoo.com Mon May 9 15:44:49 2005 From: jennifervg at yahoo.com (Jennifer Van Gorkom) Date: Mon May 9 16:22:45 2005 Subject: [SATLUG] moving OS to new disk In-Reply-To: 6667 Message-ID: <20050509214449.15170.qmail@web30412.mail.mud.yahoo.com> --- "Michael W. Sellers" wrote: > Oh yeah! > My new drives are twice the capacity of the old > ones, so I want to > change the sizes of my partitions > > Mike Mike mount both the old drive and the new one using something like knoppix. then type (cd /mnt/olddrive; tar cf - . ) | (cd /mnt/newdrive; tar xvfp - ) This should copy everything to the new drive and all that is left to do is set up the booting of the drive. Jennifer __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail From jeremymann at gmail.com Mon May 9 17:46:50 2005 From: jeremymann at gmail.com (Jeremy Mann) Date: Mon May 9 16:24:46 2005 Subject: [SATLUG] moving OS to new disk In-Reply-To: <427FD916.40200@sbcglobal.net> References: <427FD6C5.60503@sbcglobal.net> <427FD916.40200@sbcglobal.net> Message-ID: <79ec289f05050914464be7e966@mail.gmail.com> Mount your new drive and partition normally. Then use rsync from the old drive to the new drive: As root: rsync -av --exclude="proc" / /mnt/new_drive/ On 5/9/05, Michael W. Sellers wrote: > Oh yeah! > My new drives are twice the capacity of the old ones, so I want to > change the sizes of my partitions > > Mike > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > -- Jeremy From david.salisbury at momentumweb.com Mon May 9 17:58:14 2005 From: david.salisbury at momentumweb.com (David Salisbury) Date: Mon May 9 16:36:06 2005 Subject: [SATLUG] moving OS to new disk References: <427FD6C5.60503@sbcglobal.net> Message-ID: <014001c554e2$32f31260$e500a8c0@dsalisburycst> Mike, I was trying to accomplish the same thing and ran into various problems with dd and cp (personally). For me they didn't behave too consistently. This is a non-Linux-specific solution, but I purchased Acronis Trueimage (http://www.acronis.com/) and moved my 60 gig Slack10 installation at home to a new 250 gig drive and it worked great. Only thing I had to do was boot up with a disc and re-run LILO since it got confused after being on a new drive. It worked really well though. I've just read some of other solutions people have posted, though, and haven't tried any of those. I think I may give them a shot and see how they work, as it'd be nice to be able to migrate to a new drive without having to purchase any new software! David ----- Original Message ----- From: "Michael W. Sellers" To: Sent: Monday, May 09, 2005 4:31 PM Subject: [SATLUG] moving OS to new disk > Wondering if anyone can give me some advice. Google has yeilded a > little, but I'm not sure if I trust it so far. > > I have 2 old ide drives with my OS on them (just one installation of > Linux) > I have 2 new sata drives > Want to migrate the OS from the old drives to the new ones > > I've read that you can use dd or cp -a to accomplish this. But I'm > doubtful. cp -a gave me a bunch error when trying to copy the root > partition. the errors were related to file access permissions for the > most part. I am doing this as root of course. > > Thanks > > Mike > > > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From morfic at gentoo.org Tue May 10 02:07:54 2005 From: morfic at gentoo.org (Daniel Goller) Date: Mon May 9 18:37:46 2005 Subject: [SATLUG] moving OS to new disk In-Reply-To: <20050509214449.15170.qmail@web30412.mail.mud.yahoo.com> References: <20050509214449.15170.qmail@web30412.mail.mud.yahoo.com> Message-ID: <42804FBA.9040306@gentoo.org> Jennifer Van Gorkom wrote: > --- "Michael W. Sellers" > wrote: > >>Oh yeah! >>My new drives are twice the capacity of the old >>ones, so I want to >>change the sizes of my partitions >> >>Mike > > > Mike > > mount both the old drive and the new one using > something like knoppix. then type > > (cd /mnt/olddrive; tar cf - . ) | (cd /mnt/newdrive; > tar xvfp - ) > that would be my prevered choice, worked great many times, as will the rsync option, purchasing trueimage for this task seems to be overkill ($$ wise) > This should copy everything to the new drive and all > that is left to do is set up the booting of the drive. > > Jennifer > > > > __________________________________ > Yahoo! Mail Mobile > Take Yahoo! Mail with you! Check email on your mobile phone. > http://mobile.yahoo.com/learn/mail > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From wmail at wricomp.com Mon May 9 23:34:18 2005 From: wmail at wricomp.com (Don Wright) Date: Mon May 9 22:12:59 2005 Subject: [SATLUG] Meeting reminder - Wednesday May 11 Message-ID: Just a reminder that the next SATLUG meeting is this Wednesday. Also a reminder that the Open Source Fest is next week. If you already know everything, come out and help SATLUG and our hosts at SAC direct traffic and otherwise keep things organized. If not, stop in and see the free sessions - and bring a friend. --Don -- 2005 Spring Linux/BSD/OpenSource Fest May 16-21, 2005 -- SAC Nail Technical Center Presented by San Antonio College and SATLUG http://cis.sac.accd.edu/~skolars/satlug/ From solinym at gmail.com Tue May 10 01:23:28 2005 From: solinym at gmail.com (Travis H.) Date: Tue May 10 00:01:27 2005 Subject: [SATLUG] NAS question Message-ID: So I want to add some fault-tolerant storage to my network. I think I want about 1TB, and I want to serve it via NFS and SMB. I think PATA or SATA is the way to go, due to their low cost (although I do <3 SCSI). I have to do RAID 5 or 0+1 so that I can be fault tolerant. I'd like to be able to do hot-swap and hot-spare, with automatic rebuild, but that's just icing. So far I've looked at: 1) Adaptec's SNAP servers, which seem pretty cool, but they're pricey - like $4300 for 1TB. 2) Dell PowerVault is like $3300 for 1TB and they run Windoze (ewww...). If I do it myself with Linux, I see the following tradeoffs: 1) Have to find a 4-port SATA card that is well supported by Linux. 2) Won't support hot-plug or dynamic rebuild 3) Won't fit neatly in a 1U case (not that I have a rack to put it in though) 4) Could talk IPSec 5) Could boot off solid-state flash drive (which means no OS cluttering up the main storage drives and no boot drive that could crash and take it all out) 6) Could secure it better, could upgrade software easier, better compatibility with Linux clients*. [*] I've noticed some OSes have restrictions on the device major/minor numbers that they will allow, and if the client has a different restriction, some mknod commands will fail. Not that you usually need device files on NFS shares. ;-) Am I right on these counts? It seems like NAS servers are overpriced. Does anyone have experience with LVM and software RAID on Linux? BTW: Can you run LVD cables to external drives? I have 4 FH bays in an enclosure that aren't being used and I see a good deal on large LVD SCSI drives. From scarolan at gmail.com Tue May 10 10:11:26 2005 From: scarolan at gmail.com (Sean Carolan) Date: Tue May 10 08:49:39 2005 Subject: [SATLUG] Stumped with SSH Public Key Authentication Message-ID: <277020fc050510071131438712@mail.gmail.com> Ok maybe someone can point me in the right direction here. I have set up my RSA public and private key pair on my laptop here at work. I copied the contents of id_rsa.pub to the .ssh/authorized_keys2 file on my home computer which is accessible via ip address or DynDNS hostname. It still keeps asking me for a password though. Strangely, I can access the server at my workplace from both the laptop and home computer without any password though. As far as I can tell, I have authorized_keys2 file and permissions set up exactly the same on both computers. Any ideas where I can look to fix this? Is there a setting that turns on and off pk authorization? Thanks Sean From afouty at swri.edu Tue May 10 10:15:11 2005 From: afouty at swri.edu (Allen Fouty) Date: Tue May 10 08:56:47 2005 Subject: [SATLUG] Stumped with SSH Public Key Authentication In-Reply-To: <277020fc050510071131438712@mail.gmail.com> References: <277020fc050510071131438712@mail.gmail.com> Message-ID: <4280C1EF.7010508@swri.edu> Sean, when you execute ssh use several -v switches which will dump a lot of output to the screen on what is actually failing in the key authentication. ex: ssh -vvv me@somecrazyhost This may provide some clues. Thanks, Allen Sean Carolan wrote: > Ok maybe someone can point me in the right direction here. > > I have set up my RSA public and private key pair on my laptop here at > work. I copied the contents of id_rsa.pub to the > .ssh/authorized_keys2 file on my home computer which is accessible via > ip address or DynDNS hostname. > > It still keeps asking me for a password though. Strangely, I can > access the server at my workplace from both the laptop and home > computer without any password though. As far as I can tell, I have > authorized_keys2 file and permissions set up exactly the same on both > computers. > > Any ideas where I can look to fix this? Is there a setting that turns > on and off pk authorization? > > Thanks > > Sean > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > -- ---------------------------------- Allen Fouty Analyst, SwRI 210.522.3560 phone 210.647.4325 fax ================================== From jesse.gonzalez.jr at gmail.com Tue May 10 10:55:03 2005 From: jesse.gonzalez.jr at gmail.com (Jesse Gonzalez) Date: Tue May 10 09:32:58 2005 Subject: [SATLUG] Stumped with SSH Public Key Authentication In-Reply-To: <277020fc050510071131438712@mail.gmail.com> References: <277020fc050510071131438712@mail.gmail.com> Message-ID: It is possible that ssh is configured to look for .ssh/authorized_keys. Just grep for 'authorized' in /etc/ssh/sshd_config. That will tell you where to put your keys. ~jesse On 5/10/05, Sean Carolan wrote: > Ok maybe someone can point me in the right direction here. > > I have set up my RSA public and private key pair on my laptop here at > work. I copied the contents of id_rsa.pub to the > .ssh/authorized_keys2 file on my home computer which is accessible via > ip address or DynDNS hostname. > > It still keeps asking me for a password though. Strangely, I can > access the server at my workplace from both the laptop and home > computer without any password though. As far as I can tell, I have > authorized_keys2 file and permissions set up exactly the same on both > computers. > > Any ideas where I can look to fix this? Is there a setting that turns > on and off pk authorization? > > Thanks > > Sean > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From mikeaw at gmail.com Tue May 10 10:58:13 2005 From: mikeaw at gmail.com (Mike Wallace) Date: Tue May 10 09:36:10 2005 Subject: [SATLUG] Stumped with SSH Public Key Authentication In-Reply-To: <4280C1EF.7010508@swri.edu> References: <277020fc050510071131438712@mail.gmail.com> <4280C1EF.7010508@swri.edu> Message-ID: <4154519d0505100758e0a6309@mail.gmail.com> I have seen instances where ssh will look for the older authorized_keys file instead of authorized_keys2. Take a look at the verbose output and see if something like this is happening. -Mike On 5/10/05, Allen Fouty wrote: > Sean, > > when you execute ssh use several -v switches which will dump a lot of output to > the screen on what is actually failing in the key authentication. > > ex: ssh -vvv me@somecrazyhost > > This may provide some clues. > > Thanks, > > Allen > > Sean Carolan wrote: > > > Ok maybe someone can point me in the right direction here. > > > > I have set up my RSA public and private key pair on my laptop here at > > work. I copied the contents of id_rsa.pub to the > > .ssh/authorized_keys2 file on my home computer which is accessible via > > ip address or DynDNS hostname. > > > > It still keeps asking me for a password though. Strangely, I can > > access the server at my workplace from both the laptop and home > > computer without any password though. As far as I can tell, I have > > authorized_keys2 file and permissions set up exactly the same on both > > computers. > > > > Any ideas where I can look to fix this? Is there a setting that turns > > on and off pk authorization? > > > > Thanks > > > > Sean > From scarolan at gmail.com Tue May 10 11:27:35 2005 From: scarolan at gmail.com (Sean Carolan) Date: Tue May 10 10:05:30 2005 Subject: [SATLUG] Stumped with SSH Public Key Authentication In-Reply-To: <4154519d0505100758e0a6309@mail.gmail.com> References: <277020fc050510071131438712@mail.gmail.com> <4154519d0505100758e0a6309@mail.gmail.com> Message-ID: <277020fc050510082760aa2a92@mail.gmail.com> Here's the verbose output: [scarolan@dellnote .ssh]$ ssh my.linuxbox.com -v OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to my.linuxbox.com [1.3.3.7] port 22. debug1: Connection established. debug1: identity file /home/scarolan/.ssh/identity type -1 debug1: identity file /home/scarolan/.ssh/id_rsa type 1 debug1: identity file /home/scarolan/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'my.linuxbox.com' is known and matches the RSA host key. debug1: Found key in /home/scarolan/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Trying private key: /home/scarolan/.ssh/identity debug1: Offering public key: /home/scarolan/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Trying private key: /home/scarolan/.ssh/id_dsa debug1: Next authentication method: password scarolan@my.linuxbox.com's password: From xXx at satx.rr.com Tue May 10 12:08:59 2005 From: xXx at satx.rr.com (xXx) Date: Tue May 10 10:46:54 2005 Subject: [SATLUG] Firefox has flaws? Message-ID: <4280DC9B.9030206@satx.rr.com> I came across this on the net this morning..... http://business.timesonline.co.uk/article/0,,9075-1606392,00.html From pac at fortuitous.com Tue May 10 12:45:17 2005 From: pac at fortuitous.com (Phil Carinhas) Date: Tue May 10 11:23:11 2005 Subject: [SATLUG] moving OS to new disk In-Reply-To: <79ec289f05050914464be7e966@mail.gmail.com> References: <427FD6C5.60503@sbcglobal.net> <427FD916.40200@sbcglobal.net> <79ec289f05050914464be7e966@mail.gmail.com> Message-ID: <20050510164517.GA9499@mail.fortuitous.com> On Mon, May 09, 2005 at 04:46:50PM -0500, Jeremy Mann wrote: > Mount your new drive and partition normally. Then use rsync from the > old drive to the new drive: > > As root: > rsync -av --exclude="proc" / /mnt/new_drive/ You may want to preserve Hard links with the -H option: rsync -aHvx / /mnt/new_root_part ... etc for your other partitions ... The -x tells rsync not to cross partition boundaries on copy, so /proc /tmpfs and others won't get copied. -Phil .--------------------------------------------------------. | Philip A. Carinhas | http://fortuitous.com | | Fortuitous Technologies | Linux Consulting & Training | `--------------------------------------------------------' From jesse.gonzalez.jr at gmail.com Tue May 10 11:47:09 2005 From: jesse.gonzalez.jr at gmail.com (Jesse Gonzalez) Date: Tue May 10 12:11:44 2005 Subject: [SATLUG] Stumped with SSH Public Key Authentication In-Reply-To: <277020fc050510082760aa2a92@mail.gmail.com> References: <277020fc050510071131438712@mail.gmail.com> <4154519d0505100758e0a6309@mail.gmail.com> <277020fc050510082760aa2a92@mail.gmail.com> Message-ID: Quick and dirty HOWTO 1) ssh-keyget -t dsa (Follow prompts, I recommend using a passphrase, as you can use ssh-agent to handle key forwarding for you once authenticated) 2) scp ~/.ssh/id_dsa.pub user@boxB:.ssh/boxA-id_dsa.pub 3) ssh user@boxB 3a) cd .ssh[2] ; cat boxA-id_dsa.pub >> authorized_keys[2] the expected authorized keys file is located in your sshd_config file 3b) exit boxB 4) verify by opening a ssh connection to boxB 4a) you will be prompted for you passphrase if you specified one in 1) above 5) Repeat steps 1-4 above for boxB to boxA On 5/10/05, Sean Carolan wrote: > Here's the verbose output: > > [scarolan@dellnote .ssh]$ ssh my.linuxbox.com -v > OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to my.linuxbox.com [1.3.3.7] port 22. > debug1: Connection established. > debug1: identity file /home/scarolan/.ssh/identity type -1 > debug1: identity file /home/scarolan/.ssh/id_rsa type 1 > debug1: identity file /home/scarolan/.ssh/id_dsa type -1 > debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 > debug1: match: OpenSSH_3.9p1 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.9p1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'my.linuxbox.com' is known and matches the RSA host key. > debug1: Found key in /home/scarolan/.ssh/known_hosts:1 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Next authentication method: gssapi-with-mic > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Next authentication method: publickey > debug1: Trying private key: /home/scarolan/.ssh/identity > debug1: Offering public key: /home/scarolan/.ssh/id_rsa > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Trying private key: /home/scarolan/.ssh/id_dsa > debug1: Next authentication method: password > scarolan@my.linuxbox.com's password: > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From scarolan at gmail.com Tue May 10 15:03:28 2005 From: scarolan at gmail.com (Sean Carolan) Date: Tue May 10 13:41:23 2005 Subject: [SATLUG] Stumped with SSH Public Key Authentication In-Reply-To: References: <277020fc050510071131438712@mail.gmail.com> <4154519d0505100758e0a6309@mail.gmail.com> <277020fc050510082760aa2a92@mail.gmail.com> <277020fc0505100950500c6ead@mail.gmail.com> Message-ID: <277020fc050510120349fa358a@mail.gmail.com> Ok, sorry for the long post but here's the -vvv verbose output: [scarolan@dellnote .ssh]$ ssh my.linux.box -vvv OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to my.linux.box [myipaddyhere] port 22. debug1: Connection established. debug1: identity file /home/scarolan/.ssh/identity type -1 debug3: Not a RSA1 key file /home/scarolan/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/scarolan/.ssh/id_rsa type 1 debug3: Not a RSA1 key file /home/scarolan/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/scarolan/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 518/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/scarolan/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /home/scarolan/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'my.linux.box' is known and matches the RSA host key. debug1: Found key in /home/scarolan/.ssh/known_hosts:1 debug2: bits set: 509/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/scarolan/.ssh/identity ((nil)) debug2: key: /home/scarolan/.ssh/id_rsa (0x852b628) debug2: key: /home/scarolan/.ssh/id_dsa (0x852b640) debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-with-mic,password debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/scarolan/.ssh/identity debug3: no such identity: /home/scarolan/.ssh/identity debug1: Offering public key: /home/scarolan/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Offering public key: /home/scarolan/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password scarolan@my.linux.box's password: From jesse.gonzalez.jr at gmail.com Tue May 10 15:12:22 2005 From: jesse.gonzalez.jr at gmail.com (Jesse Gonzalez) Date: Tue May 10 13:50:17 2005 Subject: [SATLUG] Stumped with SSH Public Key Authentication In-Reply-To: <277020fc050510120349fa358a@mail.gmail.com> References: <277020fc050510071131438712@mail.gmail.com> <4154519d0505100758e0a6309@mail.gmail.com> <277020fc050510082760aa2a92@mail.gmail.com> <277020fc0505100950500c6ead@mail.gmail.com> <277020fc050510120349fa358a@mail.gmail.com> Message-ID: What about the permissions? On 5/10/05, Sean Carolan wrote: > Ok, sorry for the long post but here's the -vvv verbose output: > > [scarolan@dellnote .ssh]$ ssh my.linux.box -vvv > OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to my.linux.box [myipaddyhere] port 22. > debug1: Connection established. > debug1: identity file /home/scarolan/.ssh/identity type -1 > debug3: Not a RSA1 key file /home/scarolan/.ssh/id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file /home/scarolan/.ssh/id_rsa type 1 > debug3: Not a RSA1 key file /home/scarolan/.ssh/id_dsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file /home/scarolan/.ssh/id_dsa type 2 > debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 > debug1: match: OpenSSH_3.9p1 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.9p1 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 129/256 > debug2: bits set: 518/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /home/scarolan/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 1 > debug3: check_host_in_hostfile: filename /home/scarolan/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 1 > debug1: Host 'my.linux.box' is known and matches the RSA host key. > debug1: Found key in /home/scarolan/.ssh/known_hosts:1 > debug2: bits set: 509/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/scarolan/.ssh/identity ((nil)) > debug2: key: /home/scarolan/.ssh/id_rsa (0x852b628) > debug2: key: /home/scarolan/.ssh/id_dsa (0x852b640) > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug3: start over, passed a different list publickey,gssapi-with-mic,password > debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password > debug3: authmethod_lookup gssapi-with-mic > debug3: remaining preferred: publickey,keyboard-interactive,password > debug3: authmethod_is_enabled gssapi-with-mic > debug1: Next authentication method: gssapi-with-mic > debug2: we sent a gssapi-with-mic packet, wait for reply > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug2: we sent a gssapi-with-mic packet, wait for reply > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug2: we did not send a packet, disable method > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/scarolan/.ssh/identity > debug3: no such identity: /home/scarolan/.ssh/identity > debug1: Offering public key: /home/scarolan/.ssh/id_rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Offering public key: /home/scarolan/.ssh/id_dsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: ,password > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > scarolan@my.linux.box's password: > _______________________________________________ > SATLUG mailing list > SATLUG@satlug.org > http://alamo.satlug.org/mailman/listinfo/satlug > From thomas.cameron at camerontech.com Tue May 10 18:01:02 2005 From: thomas.cameron at camerontech.com (Thomas Cameron) Date: Tue May 10 16:39:01 2005 Subject: [SATLUG] Condensed postscript print on RH 7.2? Message-ID: <000901c555ab$c1989ca0$fc00a8c0@neuromancer> I am running a proprietary application on Red Hat 7.2. I can't change the app or the platform for commercial "support" reasons. I have set up a printer hanging off a Windows XP box running print services for Unix and am sending print jobs to it. The print jobs go just fine, but they are printing 132 characters on an 80 character layout and wrapping text. It makes the reports unusable. Anyone know how to set up RH 7.2 to condense text? I remember doing it once back when RH 7.x was brand new but I can't remember how I did it. I've been messing with /var/spool/lpd/[queue]/mf.cfg, specifically the mpage settings, but it doesn't seem to be doing anything. Any pointers much appreciated. Thomas From geoff at nighthawk.dyndns.org Thu May 5 11:05:01 2005 From: geoff at nighthawk.dyndns.org (Geoff) Date: Tue May 10 21:01:40 2005 Subject: [SATLUG] Firewall / routing question In-Reply-To: References: Message-ID: <427A361D.5040409@nighthawk.dyndns.org> Leif Johnson wrote: >I had a problem like this for my GradeSpeed server (which I wanted on the >192 side of our school LAN). Andrew sent me the iptables script to do the >DNAT which worked fine from the outside, but users that had the same >server for their proxy services kept getting a "BAD GATEWAY" error. I just >set up another proxy server for those users on the LAN and it worked fine. > > > Seems I recall I had this same problem, Leif, but my solution was the hosts.allow file. That, or it was the correct setup in /etc/resolv.conf (SuSE) You might let the list know about that... I'm not in -that- account... I have gmail forward everything to this address.. when I feel I -need- to post something, I'll actually go through the effort of logging into gmail and posting something to the list. Regards, -Geoff/W5OMR (/5 New Orleans, LA) From leif at paisd.net Tue May 10 22:49:16 2005 From: leif at paisd.net (Leif Johnson) Date: Tue May 10 21:12:43 2005 Subject: [SATLUG] Firewall / routing quest In-Reply-To: <427A361D.5040409@nighthawk.dyndns.org> Message-ID: G: I'd be interested to hear if this problem was resolved too Geoff. (top posted w/ enthusiasm /etc -Ha!) -- Sincerely, -Leif Johnson Port Aransas ISD 100 Station St Port Aransas Tx 78373 361 749-1200 ext. 316 On Thu, 5 May 2005, Geoff wrote: > Leif Johnson wrote: > > >I had a problem like this for my GradeSpeed server (which I wanted on the > >192 side of our school LAN). Andrew sent me the iptables script to do the > >DNAT which worked fine from the outside, but users that had the same > >server for their proxy services kept getting a "BAD GATEWAY" error. I just > >set up another proxy server for those users on the LAN and it worked fine. > > > > > > > > Seems I recall I had this same problem, Leif, but my solution was the > hosts.allow file. That, or it was > the correct setup in /etc/resolv.conf (SuSE) > > You might let the list know about that... I'm not in -that- account... I > have gmail forward everything to > this address.. when I feel I -need- to post something, I'll actually go > through the effort of logging into > gmail and posting something to the list. > > Regards, > -Geoff/W5OMR > (/5 New Orleans, LA) > > >