From owner-fwtk-users Mon Nov 2 06:56:00 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA11602 for fwtk-users-outgoing; Mon, 2 Nov 1998 06:36:53 -0500 (EST) Message-ID: <002501be0657$7a5ba3a0$2b10a8c0@rpet.quaestor.hu> From: "_PTR_" To: Subject: sql - asp - http Date: Mon, 2 Nov 1998 12:53:47 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0022_01BE065F.D5378D40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This is a multi-part message in MIME format. ------=_NextPart_000_0022_01BE065F.D5378D40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi FWTK-USERS! I have a quaestion again, I hope somebody will answer it. We have a webserver (APACHE-SSL) in our DMZ, this can bee seen from the = outside. We have an another one (IIS) inside. The internal IIS talks to = an SQL server (with ASP), and it generates html pages, as a result of an = sql query, that should be seen from the outside. I thought that the = apache recieves the request, and it forwards to the internal IIS, who = makes its job with the sql / asp, then gives the results to the apache = again, or directly to the user outside.=20 Hope you could understand my problem: how can I do it with FWTK? How can = I establish the communication between the webservers through the = firewall? PLease help, I'm completely stuck in this problem.... Thanx in advance: Peter Ratkai ------=_NextPart_000_0022_01BE065F.D5378D40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi FWTK-USERS!
 
I have a quaestion again, I hope = somebody will=20 answer it.
 
We have a webserver (APACHE-SSL) in = our DMZ,=20 this can bee seen from the outside. We have an another one (IIS) inside. = The=20 internal IIS talks to an SQL server (with ASP), and it generates html = pages, as=20 a result of an sql query, that should be seen from the outside. I = thought that=20 the apache recieves the request, and it forwards to the internal IIS, = who makes=20 its job with the sql / asp, then gives the results to the apache again, = or=20 directly to the user outside.
Hope you could understand my = problem: how can I=20 do it with FWTK? How can I establish the communication between the = webservers=20 through the firewall?
 
PLease help, I'm completely stuck in = this=20 problem....
 
Thanx in advance:
 
Peter = Ratkai
------=_NextPart_000_0022_01BE065F.D5378D40-- From owner-fwtk-users Mon Nov 2 08:44:02 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA12024 for fwtk-users-outgoing; Mon, 2 Nov 1998 08:40:32 -0500 (EST) Message-Id: <199811021340.IAA12024@portal.ex.tis.com> Date: Sun, 1 Nov 1998 21:12:33 -0500 (EST) From: owner-fwtk-users@ex.tis.com To: owner-fwtk-users@tis.com Subject: BOUNCE fwtk-users@portal.ex.tis.com: Non-member submission from [lewst@yahoo.com] Sender: owner-fwtk-users@portal.ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] >From majordomo-owner Sun Nov 1 21:12:31 1998 Received: from relay.hq.tis.com (firewall-user@relay.hq.tis.com [192.94.214.100]) by portal.ex.tis.com (8.9.1/8.9.1) with ESMTP id VAA10362 for ; Sun, 1 Nov 1998 21:12:31 -0500 (EST) Received: by relay.hq.tis.com; id VAA00623; Sun, 1 Nov 1998 21:37:56 -0500 (EST) Received: from clipper.hq.tis.com(10.33.1.2) by relay.hq.tis.com via smap (4.1) id xma000614; Sun, 1 Nov 98 21:36:59 -0500 Received: from relay.hq.tis.com (firewall-user@relay.hq.tis.com [10.33.1.1]) by clipper.hq.tis.com (8.9.1/8.9.1) with ESMTP id VAA02362 for ; Sun, 1 Nov 1998 21:30:49 -0500 (EST) From: lewst@yahoo.com Received: by relay.hq.tis.com; id VAA00606; Sun, 1 Nov 1998 21:36:57 -0500 (EST) Received: from send105.yahoomail.com(205.180.60.128) by relay.hq.tis.com via smap (4.1) id xma000599; Sun, 1 Nov 98 21:36:08 -0500 Message-ID: <19981102023214.27009.rocketmail@send105.yahoomail.com> Received: from [207.205.181.146] by send105.yahoomail.com; Sun, 01 Nov 1998 18:32:14 PST Date: Sun, 1 Nov 1998 18:32:14 -0800 (PST) Subject: http-gw and anonftpd To: fwtk-users@tis.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Is anyone else having trouble viewing pages on an anonftpd server from behind http-gw? For example, see the qmail homepage: ftp://koobera.math.uic.edu/www/qmail.html I can access it ok directly, but from behind http-gw, I get this error: FTP Error- 230 230 Hi. No need to log in; I'm an anonymous ftp server. Any ideas how I can get http-gw to co-exist with these type of pages? _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com From owner-fwtk-users Mon Nov 2 08:44:04 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA12017 for fwtk-users-outgoing; Mon, 2 Nov 1998 08:39:32 -0500 (EST) Message-Id: <199811021339.IAA12017@portal.ex.tis.com> Date: Mon, 2 Nov 1998 05:48:31 -0500 (EST) From: owner-fwtk-users@ex.tis.com To: owner-fwtk-users@tis.com Subject: BOUNCE fwtk-users@portal.ex.tis.com: Non-member submission from [Ted_Rule@flextech.co.uk] Sender: owner-fwtk-users@portal.ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] >From majordomo-owner Mon Nov 2 05:48:25 1998 Received: from homer.flextech.co.uk (homer.flextech.co.uk [195.188.171.98]) by portal.ex.tis.com (8.9.1/8.9.1) with ESMTP id FAA11509 for ; Mon, 2 Nov 1998 05:48:21 -0500 (EST) From: Ted_Rule@flextech.co.uk Received: from flextech.co.uk (ns.flextech.co.uk [195.188.171.2]) by homer.flextech.co.uk (8.9.1/8.9.1) with ESMTP id LAA26637 for ; Mon, 2 Nov 1998 11:08:05 GMT Received: by firewall.flextech.co.uk via suspension id <131714>; Mon, 2 Nov 1998 11:07:44 +0000 Received: from fttvgpslnhub1.flextech.co.uk ([172.17.12.59]) by firewall.flextech.co.uk with SMTP id <131713>; Mon, 2 Nov 1998 11:07:29 +0000 Received: by fttvgpslnhub1.flextech.co.uk(Lotus SMTP MTA Internal build v4.6.2 (651.2 6-10-1998)) id 802566B0.003D1F09 ; Mon, 2 Nov 1998 11:07:36 +0000 X-Lotus-FromDomain: FLEXTECH To: fwtk-users@ex.tis.com, Tom Fitzgerald cc: Phil_Packer@flextech.co.uk Message-ID: <802566B0.003D1D09.00@fttvgpslnhub1.flextech.co.uk> Date: Mon, 2 Nov 1998 11:07:19 +0000 Subject: UDPrelay compile problems in Linux Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Before I start wandering off down blind alleys.... I've recently had an issue which seems to demand the use of UDPrelay. I'm mailing both Mr Fitzgerald whose name appears in the source and the TIS users because it seems likely that other TIS users may have had cause to use UDPrelay and might be interested in the answers to the following, and/or might already have a working solution. Problem one. The udprelay-0.2 source contains references to the poll.h headers and poll() routine, which appear to be part of, ( or more likely just require ) the threads library. This is available on Solaris, which presumably it was originally written for, but not in libc5 under Linux. Later glibc libraries within RedHat 5.1 for instance, support threads and hence poll(), so this doesn't appear to be a great problem. Problem two: The udprelay.c I have contains if (ioctl (sock, FIONBIO, &one) < 0) syslog (LOG_ERR, "ioctl (%d, FIONBIO, %d), %m", sock, one); /* If error, continue anyway.... */ And the ioctl FIONBIO operation is not apparently supported in Linux - only in Solaris. However, there may well be another better way... >From Linux fcntl man page, we have: F_SETFL Set the descriptor's flags to the value specified by arg. Only O_APPEND and O_NONBLOCK may be set. The flags are shared between copies (made with dup etc.) of the same file descriptor. The flags and their semantics are described in open(2). ..... CONFORMING TO SVr4, SVID, POSIX, X/OPEN, BSD 4.3. Only the operations F_DUPFD, F_GETFD, F_SETFD, F_GETFL, F_SETFL, F_GETLK, F_SETLK and F_SETLKW are specified in POSIX.1; F_GETOWN and F_SETOWN are BSDisms not supported in SVr4. The flags legal for F_GETFL/F_SETFL are those supported by open(2) and vary between these systems; O_APPEND, O_NONBLOCK, O_RDONLY, and O_RDWR are specified in POSIX.1. SVr4 sup- ports several other options and flags not documented here. ..... >From Linux open man page, we have: O_NONBLOCK or O_NDELAY The file is opened in non-blocking mode. Neither the open nor any subsequent operations on the file descriptor which is returned will cause the calling process to wait. ...... So the presumption is that replacing that ioctl with an equivalent fcntl(sock, F_SETFL , O_NONBLOCK ) on the socket id will make things come good. Moreover, since O_NONBLOCK is Posix supported, this seems to be a more future proof way of implementing the functionality in the code anyway. Has anyone tried this before? Ted Rule, Flextech Television From owner-fwtk-users Mon Nov 2 10:32:13 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA13029 for fwtk-users-outgoing; Mon, 2 Nov 1998 10:28:38 -0500 (EST) Date: Mon, 2 Nov 1998 10:28:38 -0500 (EST) From: owner-fwtk-users@ex.tis.com Message-Id: <199811021528.KAA13029@portal.ex.tis.com> (V2.1) id xma009573; Mon, 2 Nov 98 10:24:21 -0500 1998 10:24:00 -0500 (EST) Date: Mon, 2 Nov 1998 10:24:00 -0500 (EST) From: "Ross E. Bergman" To: fwtk-users@ex.tis.com Subject: peername() and redundant mail hosts Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@portal.ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] We had a problem this weekend when mail incoming from a host with more than one IP address registered for the associated hostname was rejected and the remote server decided to try to resend the message once per second! Now, aside from the fact that this is poor configuration of their SMTP server, the fact that they've got more than one IP address associated with a registered domain name is legitimate. However peername() doesn't respect this. Does anyone have a good workaround? We're using FWTK 2.1 with the anti-spam patches installed in SMAP. I'd prefer something more robust and self-managing than adding LOTS of 'broken-from' entries in netperm-table every time one of these events occurs. Thank you. (Please respond via email as I read FWTK-USERS in digest form irregularly.) ------------------------------------------------------------------------------- Ross E. Bergman Information Systems Manager rbergman@vividusa.com Vivid Technologies, Inc. ------------------------------------------------------------------------------- From owner-fwtk-users Mon Nov 2 11:21:49 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA13811 for fwtk-users-outgoing; Mon, 2 Nov 1998 11:19:03 -0500 (EST) Message-ID: <19981102163823.16857.qmail@hotmail.com> X-Originating-IP: [207.38.130.10] From: "Chique XXXXX" To: ltk@cvm.com, Antonio.Tovar@cma.junta-andalucia.es, fwtk-users@ex.tis.com, john.adams@florsheim.com Subject: firewall...pizza Content-Type: text/plain Date: Mon, 02 Nov 1998 08:38:22 PST Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Could someone please send me copy of their working netperm-table, you can use fictitious ip-addresses....I just need to see where I'm going wrong......... Chique ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Mon Nov 2 13:41:37 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA15986 for fwtk-users-outgoing; Mon, 2 Nov 1998 13:37:45 -0500 (EST) Message-Id: <9811021902.AA02657@relay2.cospo.osis.gov> From: Joseph S D Yao Subject: Re: squid or http-gw? To: mattes@azu.informatik.uni-stuttgart.de (Eberhard Mattes) Date: Mon, 2 Nov 1998 13:56:19 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <199811010005.BAA21769@azu.informatik.uni-stuttgart.de> from "Eberhard Mattes" at Nov 1, 98 01:05:59 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > > That's the easiest way to do it. E.g., in Navigator's no-proxy list, > > just enter "informatik.uni-stuttgart.de", or "uni-stuttgart.de", > > depending on where your firewall is. > > Now you know why you shouldn't do this. Only enter the WWW servers > (and harden them). ;-/ If I interpret your oracular utterings correctly, you are concerned about people "accidentally" accessing Web services within your firewall other than those to which you want to give them access. This assumes a distrust of the community within your firewall. It also is a very weak protection mechanism, since it is entirely within the purview of the user to change it. If this is your concern, I would suggest something like TCP wrappers or even a packet filter of some sort to allow only "trusted" users through. This is assuming that you don't trust the Apache password mechanism or an HTTPS connection. >From my point of view, the various domains and demesnes behind my firewall are perfectly welcome to put up whatever Web resources they want, wherever they want; and all users behind the firewall are welcome to use whatever lets them use it. If we were to require them to have just the Web servers in their list, then every time somebody puts a pointer to a new internal Web site up, we'd have several thousand users descending upon us demanding to know why we broke their network. And that would only be the first day. There are a few clueless users who only have their local Web site in their no-proxy list. This is perfectly fine as long as that's all they need to use. But then, when they have to access another area behind the firewall, their browser goes to the firewall, and some confusion may occur. Sometimes there are routing errors when the browser tries to bounce off a firewall ... And it always takes a bite out of the raw processing power available. I find fewer problems by asking the users to list all domains that are behind the firewall. If enough people choose to join the jobless lines by abusing this, we may have to re-think this. In a university setting, this is a consideration. But it has not yet caused a problem here. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Mon Nov 2 14:45:52 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA17714 for fwtk-users-outgoing; Mon, 2 Nov 1998 14:42:41 -0500 (EST) Date: Mon, 2 Nov 1998 11:49:57 -0800 From: Mike Batchelor Subject: SSH 1.2.x vulnerability To: fwtk-users@tis.com X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <3.0.5.32.19981029192200.00866c80@fw.itm-inst.com> <3.0.5.32.19981030202114.00869a50@fw.itm-inst.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Seeing all the posts about ssh-gw here, I thought you may all want to know that a CERT advisory is out on ssh v1.2.x, due to a buffer overrun vulnerability in the logging functions. You can disable logging with sshd -q until you can apply patches published at www.rootshell.com to fix the problem (which was, apparently, broken into by exploiting this vulnerability). You can get the details at http://www.rootshell.com/mailinglist-archive/ - it was published in bulletin #25, article #1. Another analysis by the SSH developers is at http://www.ssh.fi/sshprotocols2/rootshell.html SSH v2.0.x is said to not be vulnerable to this exploit. _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/02/98 11:49:57 From owner-fwtk-users Mon Nov 2 15:10:00 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA18417 for fwtk-users-outgoing; Mon, 2 Nov 1998 15:08:25 -0500 (EST) From: "Michael C. Ibarra" Message-Id: <199811022026.PAA02187@imsi.com> Subject: Re: firewall...pizza To: tessielle@hotmail.com (Chique XXXXX) Date: Mon, 2 Nov 98 15:26:28 EST Cc: ltk@cvm.com, Antonio.Tovar@cma.junta-andalucia.es, fwtk-users@ex.tis.com, john.adams@florsheim.com In-Reply-To: <19981102163823.16857.qmail@hotmail.com>; from "Chique XXXXX" at Nov 2, 98 8:38 am Organization: Investment Management Services, Inc Internet: ibarra@imsi.com Voice: (212)339-2712 Fax: (212)339-2854 icbm: Tower 49 X-Mailer: ELM [version 2.3 PL11] Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Someone named Chique XXXXX allegedly wrote... > >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > > >Could someone please send me copy of their working netperm-table, you >can use fictitious ip-addresses....I just need to see where I'm going >wrong......... > > >Chique That's not how it works, send us yours and let us know what is worong with yours, ie: telnet in from the outside doesn't work, or better yet, look at the examples section. Lastly, there is of course a man page for this. -mike +------------------------------------------+ | Michael C. Ibarra, Systems Administrator | | | | ibarra@imsi.com | +------------------------------------------+ From owner-fwtk-users Mon Nov 2 16:53:17 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA21469 for fwtk-users-outgoing; Mon, 2 Nov 1998 16:48:47 -0500 (EST) From: Eberhard Mattes Date: Mon, 2 Nov 1998 23:06:34 +0100 (MET) Message-Id: <199811022206.XAA03805@azu.informatik.uni-stuttgart.de> To: jsdy@cospo.osis.gov CC: fwtk-users@tis.com In-reply-to: <9811021902.AA02657@relay2.cospo.osis.gov> (message from Joseph S D Yao on Mon, 2 Nov 1998 13:56:19 -0500 (EST)) Subject: Re: squid or http-gw? Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > If I interpret your oracular utterings correctly, you are concerned > about people "accidentally" accessing Web services within your firewall > other than those to which you want to give them access. > > This assumes a distrust of the community within your firewall. I was talking about bad guys on the Internet producing HTML pages which cause your bastion host or your workstations to make TCP connections to arbitrary machines and ports on your internal net. Consider this HTML code: Note that an attacker can use DNS cache poisoning to increase the chance of one of your web surfers hitting his evil page. The first problem (Squid on the bastion host making the connection) can be solved by moving Squid to a machine in the DMZ. The second problem (browsers making the connection) can be solved by configuring the browsers to use the proxy for your internal web server(s) only -- not your entire net. This leaves your internal web servers open to attacks of the above form, but no other machines. Another solution is to let the HTTP proxy remove all references (HREF etc.) to your internal machines from the HTML code. Again, DNS cache poisoning is a problem here. (I plan to add yet another feature to squid-gw which will permit you to avoid the DNS cache poisoning issue.) -- Eberhard Mattes From owner-fwtk-users Mon Nov 2 16:53:21 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA21541 for fwtk-users-outgoing; Mon, 2 Nov 1998 16:49:48 -0500 (EST) Message-ID: <363E2D4E.C5C38C92@fscinternet.com> Date: Mon, 02 Nov 1998 17:08:14 -0500 From: Richard Reiner Organization: FSC Internet Corp. X-Mailer: Mozilla 4.5 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Batchelor CC: fwtk-users@tis.com Subject: Re: SSH 1.2.x vulnerability References: <3.0.5.32.19981029192200.00866c80@fw.itm-inst.com> <3.0.5.32.19981030202114.00869a50@fw.itm-inst.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Mike Batchelor wrote: > Seeing all the posts about ssh-gw here, I thought you may all want to > know that a CERT advisory is out on ssh v1.2.x, due to a buffer > overrun vulnerability in the logging functions. This is incorrect. There is no such CERT advisory, and according to the IBM-ERS as well as the SSH team, this has been a false alarm. Please see the PGP-signed statement from IBM, at http://www.ssh.fi/sshprotocols2/ibmers_message.txt as well as the statements from the SSH team, at http://www.ssh.fi/sshprotocols2/rootshell.html From owner-fwtk-users Mon Nov 2 17:08:39 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA22030 for fwtk-users-outgoing; Mon, 2 Nov 1998 17:05:45 -0500 (EST) Date: Mon, 2 Nov 1998 14:18:08 -0800 From: Mike Batchelor Subject: Re: SSH 1.2.x vulnerability To: Richard Reiner Cc: fwtk-users@tis.com X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <3.0.5.32.19981029192200.00866c80@fw.itm-inst.com> <3.0.5.32.19981030202114.00869a50@fw.itm-inst.com> <363E2D4E.C5C38C92@fscinternet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Well my face is red. I won't trust rootshell announcements so blindly anymore, that's for sure. My apologies. ------------------------ From: Richard Reiner Subject: Re: SSH 1.2.x vulnerability Date: Mon, 02 Nov 1998 17:08:14 -0500 To: Mike Batchelor Cc: fwtk-users@tis.com > Mike Batchelor wrote: > > > Seeing all the posts about ssh-gw here, I thought you may all want to > > know that a CERT advisory is out on ssh v1.2.x, due to a buffer > > overrun vulnerability in the logging functions. > > This is incorrect. There is no such CERT advisory, and according to the > IBM-ERS as well as the SSH team, this has been a false alarm. Please see > the PGP-signed statement from IBM, at > > http://www.ssh.fi/sshprotocols2/ibmers_message.txt > > as well as the statements from the SSH team, at > > http://www.ssh.fi/sshprotocols2/rootshell.html ---------------End of Original Message----------------- _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/02/98 14:18:08 From owner-fwtk-users Mon Nov 2 18:05:04 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA23860 for fwtk-users-outgoing; Mon, 2 Nov 1998 18:01:23 -0500 (EST) Date: Mon, 2 Nov 1998 18:15:15 -0500 (EST) From: David B Swann To: fwtk-users@ex.tis.com Subject: Transparency for FreeBSD? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I wanted to add transparency to FWTK version 2.1 on a FreeBSD box. I loaded the base system yesterday. The transparency patch will not compile because the "ip_nat.h" file is not on my system It appears as though this may be part of Darren Reed's Nat filter program. Is this correct? If so, where do I get this application? What is it's "real" name? __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- From owner-fwtk-users Mon Nov 2 21:50:02 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA02604 for fwtk-users-outgoing; Mon, 2 Nov 1998 21:45:47 -0500 (EST) Message-Id: <3.0.5.32.19981102220416.0088b7c0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 02 Nov 1998 22:04:16 -0500 To: fwtk-users@tis.com From: Rick Murphy Subject: Re: http-gw and anonftpd Cc: lewst@yahoo.com In-Reply-To: <199811021340.IAA12024@portal.ex.tis.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=====================_910080256==_" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] --=====================_910080256==_ Content-Type: text/plain; charset="us-ascii" >Is anyone else having trouble viewing pages on an >anonftpd server from behind http-gw? > >For example, see the qmail homepage: >ftp://koobera.math.uic.edu/www/qmail.html > >I can access it ok directly, but from behind http-gw, >I get this error: > > FTP Error- 230 > > 230 Hi. No need to log in; I'm an anonymous ftp server. > >Any ideas how I can get http-gw to co-exist with >these type of pages? The http-gw protocol for ftp logins expects to get a password prompt all the time. This problem is easy to fix (ftp.c/ftp_setup() should be fixed to permit the "230 Hi." response). See the patch below. By the way, my Netscape 4.04 can't connect to this site either - probably the same problem; that's what you get when you try to be cute :-) -Rick --=====================_910080256==_ Content-Type: text/plain; charset="us-ascii" Content-Disposition: attachment; filename="ftp.patch" *** ftp.c 1997/01/18 20:17:39 1.7 --- ftp.c 1998/11/03 02:15:25 *************** *** 216,221 **** --- 216,222 ---- int ftp_setup(sockfd, rfd, ftp_listen) int sockfd, rfd, *ftp_listen; { int siteinfo = ftp_siteinfo; + int reply; ftp_siteinfo = -1; if( get_ftp_reply(rfd) != '2') *************** *** 225,244 **** say(rfd,"USER anonymous"); else say(rfd, ftp_user); ! if( get_ftp_reply(rfd) != '3') ! goto broken; ! ! if( ftp_pass[0] == '\0') ! sprintf(ftp_reply_buf,"PASS http-gw@%s", ourname); ! else ! strcpy(ftp_reply_buf, ftp_pass); ! say(rfd, ftp_reply_buf); ! ! ftp_siteinfo = siteinfo; ! ! if( get_ftp_reply(rfd) != '2') ! goto broken; ! if( ftp_repcnt > 2){ ftp_gensitedir = 1; } --- 226,249 ---- say(rfd,"USER anonymous"); else say(rfd, ftp_user); ! reply = get_ftp_reply(rfd); ! if( reply != '2') { ! if( reply != '3') ! goto broken; ! ! if( ftp_pass[0] == '\0') ! sprintf(ftp_reply_buf,"PASS http-gw@%s", ourname); ! else ! strcpy(ftp_reply_buf, ftp_pass); ! say(rfd, ftp_reply_buf); ! ! ftp_siteinfo = siteinfo; ! ! if( get_ftp_reply(rfd) != '2') ! goto broken; ! } else { ! ftp_siteinfo = siteinfo; ! } if( ftp_repcnt > 2){ ftp_gensitedir = 1; } --=====================_910080256==_-- From owner-fwtk-users Tue Nov 3 05:56:58 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id FAA19551 for fwtk-users-outgoing; Tue, 3 Nov 1998 05:51:45 -0500 (EST) Message-Id: <3.0.1.32.19981103120951.00e45f48@pethost.fyrplus.se> X-Sender: petos@pethost.fyrplus.se X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Tue, 03 Nov 1998 12:09:51 +0100 To: fwtk-users@tis.com From: Petter =?iso-8859-1?Q?=D6sterlund?= Subject: What is this: https://user:pass@host.dom/../.. Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Charset: ISO_8859-1 X-Char-Esc: 29 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi! One of my users are trying to access a site with an url like this: https://user:pass@host.dom/../ The URL is via a homepage from his bank to pay bills, so I guess they know what they are doing. Is this supposed to work? I guess so but does fwtk suport it? I'm using fwtk 2.0 + patches. What happens is that http-gw thinks "user:pass@host.dom" is the name of the host to contact. This what the log file looks like (changed actual host/password data): Nov 3 11:29:22 gate http-gw[29857]: log host=xxxxx/yyyyy protocol=HTTP cmd=get dest=sune:passw@hembanken3.oeb.se path=/betal/startbild.cfm Nov 3 11:29:23 gate http-gw[29857]: failed to connect to http server sune:passwd@hembanken3.oeb.se (80) regards /Petter From owner-fwtk-users Tue Nov 3 08:56:31 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA21270 for fwtk-users-outgoing; Tue, 3 Nov 1998 08:43:43 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: Petter =?iso-8859-1?Q?=D6sterlund?= cc: fwtk-users@tis.com Message-ID: <852566B1.004CE59A.00@ttcmta1-7.ttc.com> Date: Tue, 3 Nov 1998 09:01:04 -0500 Subject: Re: What is this: https://user:pass@host.dom/../.. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > One of my users are trying to access a site with an url like > this: > https://user:pass@host.dom/../ Petter, This is answered in the FWTK FAQ: 5.4.14: URLs like "http://user:password@www.site.com" don't work... http://www.erols.com/avenger/running.html#5.4.14 --Keith -youngk@ttc.com From owner-fwtk-users Tue Nov 3 09:08:17 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA21551 for fwtk-users-outgoing; Tue, 3 Nov 1998 09:06:45 -0500 (EST) X-Sender: farone@mail.gvillesun.com Message-Id: In-Reply-To: <363E2D4E.C5C38C92@fscinternet.com> References: <3.0.5.32.19981029192200.00866c80@fw.itm-inst.com> <3.0.5.32.19981030202114.00869a50@fw.itm-inst.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 3 Nov 1998 09:24:55 -0500 To: fwtk-users@tis.com From: Mark C Farone Subject: Re: SSH 1.2.x vulnerability Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 5:08 PM -0500 11/2/98, Richard Reiner wrote: > >Mike Batchelor wrote: > >> Seeing all the posts about ssh-gw here, I thought you may all want to >> know that a CERT advisory is out on ssh v1.2.x, due to a buffer >> overrun vulnerability in the logging functions. > >This is incorrect. There is no such CERT advisory, and according to the >IBM-ERS as well as the SSH team, this has been a false alarm. Please see >the PGP-signed statement from IBM, at > > http://www.ssh.fi/sshprotocols2/ibmers_message.txt > >as well as the statements from the SSH team, at > > http://www.ssh.fi/sshprotocols2/rootshell.html Or, to say it another way, it currently appears that rootshell.com was hacked using a known valid ssh 1.2.26 user account and was not exploited through sshd. You may once again sleep easy....well, easier. -- Mark C. Farone "In the future, Systems Analyst, Gainesville Sun everything will work." -schwa From owner-fwtk-users Tue Nov 3 09:15:56 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA21655 for fwtk-users-outgoing; Tue, 3 Nov 1998 09:14:24 -0500 (EST) Message-ID: <007401be0736$a275a540$2b10a8c0@rpet.quaestor.hu> From: "_PTR_" To: Subject: squid with modifications vs. FWTK Date: Tue, 3 Nov 1998 15:31:03 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0071_01BE073E.F7E99600" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This is a multi-part message in MIME format. ------=_NextPart_000_0071_01BE073E.F7E99600 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable HI, I've a question on squid &http-gw or squid-gw. I use two squid-caches. One inside,and one on the bastion. The Bastion = cache is a parent of the internal, and the bastion-cache runs with = no-proxy option. I've heard that it is not adviced running squid on the = bastion. But there's a problem, I 've some local modifications in the = squid source, and if I use http-gw this modifications will be unusable. = what's the matter with the squid-gw? Or should I hack the source of = squid-gw. This modification applies on the PUBLIC or PRIVATE = declarations in advantage of caching private sites, or sites that using = authorization. Can I find these in http-gw.c, or should I get squid-gw? = In the squid-gw http.c source I could't find these.. Can anyone help me, please? Thanks in advance... Peter Ratkai ------=_NextPart_000_0071_01BE073E.F7E99600 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
HI,
 
I've a question on squid = &http-gw or=20 squid-gw.
I use two squid-caches. One = inside,and one on=20 the bastion. The Bastion cache is a parent of the internal, and the=20 bastion-cache runs with no-proxy option. I've heard that it is not = adviced=20 running squid on the bastion. But there's a problem, I 've some local=20 modifications in the squid source, and if I use http-gw this = modifications will=20 be unusable. what's the matter with the squid-gw? Or should I hack the = source of=20 squid-gw. This modification applies on the PUBLIC or PRIVATE = declarations in=20 advantage of caching private sites, or sites that using authorization. = Can I=20 find these in http-gw.c, or should I get squid-gw? In the squid-gw = http.c source=20 I could't find these..
Can anyone help me, = please?
Thanks in advance...
 
Peter Ratkai
------=_NextPart_000_0071_01BE073E.F7E99600-- From owner-fwtk-users Tue Nov 3 09:26:25 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA21905 for fwtk-users-outgoing; Tue, 3 Nov 1998 09:24:47 -0500 (EST) Date: Tue, 3 Nov 1998 09:24:47 -0500 (EST) From: owner-fwtk-users@ex.tis.com Message-Id: <199811031424.JAA21905@portal.ex.tis.com> [192.94.214.100]) by portal.ex.tis.com (8.9.1/8.9.1) with ESMTP id RAA22133 for ; Mon, 2 Nov 1998 17:08:42 -0500 (EST) From: James Rippas Message-Id: <199811022226.AA29861@waltz.rahul.net> Subject: 500 Illegal PORT Command To: fwtk-users@tis.com Date: Mon, 2 Nov 1998 14:26:17 -0800 (PST) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@portal.ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, I'm running the ftwk ver 2.1 on Openbsd 2.3. I concistently receive the "500 Illegal PORT Command" message when trying to ftp files via http-gw. When using ftp-gw, NLST requests hang to the clients. If Ibypass the ftp-gw and use ftp from the firewall host it works fine. I've checked the FAQ/archives and found lots of references to this problem but no solutions. Does anyone have a solution to this? Thanks in advance, -jim From owner-fwtk-users Tue Nov 3 09:34:23 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA22132 for fwtk-users-outgoing; Tue, 3 Nov 1998 09:32:48 -0500 (EST) X-Sender: farone@mail.gvillesun.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 3 Nov 1998 09:54:27 -0500 To: fwtk-users@tis.com From: Mark C Farone Subject: Overlooked security issues and fwtk Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] The SSH post to the list and a recent attack on one of my DNS servers made me think about security. The FAQ mostly talks about (unless I foolishly overlooked something) how firewalls improve security & generic types of attacks. It makes me wonder what are some common security oversights are regarding the installation and maintenance of fwtk? Or to say it another way, what are some good examples of how *not* to setup fwtk? I'm thinking more about the security of the firewall host itself as it relates to the configuration of fwtk and related utilities--not necessarily the internal network or a bastion network. I guess I'm thinking about things I haven't found referenced anywhere: where to chroot, ownership of files, which user should run the gateway applications, running sendmail as a daemon, running an old versions of bind, javascript, etc. -- Mark C. Farone "In the future, Systems Analyst, Gainesville Sun everything will work." -schwa From owner-fwtk-users Tue Nov 3 10:26:36 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA22738 for fwtk-users-outgoing; Tue, 3 Nov 1998 10:20:41 -0500 (EST) Message-ID: <363F313C.4A3CF79@ticketking.com> Date: Tue, 03 Nov 1998 10:37:16 -0600 From: Scott Klein Organization: TicketKing X-Mailer: Mozilla 4.06 [en] (WinNT; I) MIME-Version: 1.0 To: pmac@pobox.com CC: fwtk-users@ex.tis.com Subject: Re: basic tn-gw service on Redhat 5.1 References: <3637558E.2A7@mediaone.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Perry Macdonald wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi all! > > I am having a problem getting any service working with fwtk. I have a > new installation of RH5.1 with fwtk 2.1 and skey 2.2. My netperm-table > is > > in.telnetd: permit-hosts * -exec /usr/local/etc/tn-gw > tn-gw: permit-hosts * -auth > authsrv: permit-hosts localhost 777 > authsrv: database /usr/local/etc/fw-authdb > > my /etc/inetd.conf is > > telnet stream tcp nowait root /usr/local/etc/netacl in.telnetd > > my /etc/services file is > > telnet 23/tcp > authsrv 7777/tcp ident > > I start authsrv with > > /usr/local/etc/authsrv -daemon 7777 > > and try telnet, I get > > telnet localhost > Trying 127.0.0.1... > Connected to localhost > Escape character is '^]'. > Connection closed by foreign host. > > I then have these messages in /var/log/messages > > ... authsrv[8799]: Starting daemon mode on port 7777 > ... netacl[8804] deny=localhost/127.0.0.1s service=in.telnetd > > can anybody help? is PAM involved in anyway? > > Thanks in advance > > Perry Macdonald > pmac@pobox.com Hi Was this ever answered ? I am interested as well. If so could you please re-post Thanks Scott Klein From owner-fwtk-users Tue Nov 3 11:52:25 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA23785 for fwtk-users-outgoing; Tue, 3 Nov 1998 11:48:48 -0500 (EST) Date: Tue, 3 Nov 1998 11:05:18 -0600 (EST) From: Mark Wilkie X-Sender: mark@miles To: Petter =?iso-8859-1?Q?=D6sterlund?= cc: fwtk-users@tis.com Subject: Re: What is this: https://user:pass@host.dom/../.. In-Reply-To: <3.0.1.32.19981103120951.00e45f48@pethost.fyrplus.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by portal.ex.tis.com id LAA23782 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] You can enter a url like this in a browser's location window to authenticate to a http, or ftp server. with this domain you won't get the auth window and such... Kinda nice how the password is readable by anyone walking by... M On Tue, 3 Nov 1998, Petter [iso-8859-1] Österlund wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > > Hi! > > One of my users are trying to access a site with an url like > this: > > https://user:pass@host.dom/../ > > The URL is via a homepage from his bank to pay bills, so I guess they > know what they are doing. > > Is this supposed to work? I guess so but does fwtk suport it? > I'm using fwtk 2.0 + patches. What happens is that http-gw thinks > "user:pass@host.dom" is the name of the host to contact. > > This what the log file looks like (changed actual host/password data): > > Nov 3 11:29:22 gate http-gw[29857]: log host=xxxxx/yyyyy protocol=HTTP > cmd=get dest=sune:passw@hembanken3.oeb.se path=/betal/startbild.cfm > Nov 3 11:29:23 gate http-gw[29857]: failed to connect to http server sune:passwd@hembanken3.oeb.se (80) > > > regards > /Petter > > From owner-fwtk-users Tue Nov 3 12:31:21 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA24357 for fwtk-users-outgoing; Tue, 3 Nov 1998 12:28:46 -0500 (EST) Message-ID: <19981103174722.17490.qmail@hotmail.com> X-Originating-IP: [204.117.176.103] From: "Chique XXXXX" To: fwtk-users@tis.com Subject: Ip forwarding ....firewall....ip masquerading MIME-Version: 1.0 Content-Type: text/plain Date: Tue, 03 Nov 1998 09:47:22 PST Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On my Linux firewall/proxy server (TIS FWTK) .Do I need ip masquerading enabled for it to work? Chique ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Tue Nov 3 12:43:25 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA24512 for fwtk-users-outgoing; Tue, 3 Nov 1998 12:41:47 -0500 (EST) Message-Id: <3.0.5.32.19981103104813.00c3e750@dreamwvr.com> X-Sender: dreamwvr@dreamwvr.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Tue, 03 Nov 1998 10:48:13 -0700 To: Petter =?iso-8859-1?Q?Österlund?= , fwtk-users@tis.com From: dreamwvr Subject: Re: What is this: https://user:pass@host.dom/../.. In-Reply-To: <3.0.1.32.19981103120951.00e45f48@pethost.fyrplus.se> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id MAA24509 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hi, looks to me like a attempted access to s-http rather than https... Regards, dreamwvr@dreamwvr.com At 12:09 PM 11/3/98 +0100, Petter Österlund wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > > >Hi! > >One of my users are trying to access a site with an url like >this: > > https://user:pass@host.dom/../ > >The URL is via a homepage from his bank to pay bills, so I guess they >know what they are doing. > >Is this supposed to work? I guess so but does fwtk suport it? >I'm using fwtk 2.0 + patches. What happens is that http-gw thinks >"user:pass@host.dom" is the name of the host to contact. > >This what the log file looks like (changed actual host/password data): > >Nov 3 11:29:22 gate http-gw[29857]: log host=xxxxx/yyyyy protocol=HTTP > cmd=get dest=sune:passw@hembanken3.oeb.se path=/betal/startbild.cfm >Nov 3 11:29:23 gate http-gw[29857]: failed to connect to http server sune:passwd@hembanken3.oeb.se (80) > > >regards >/Petter > > > Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. Featuring Website Development and Web Strategies of a TOP Developer "As Unique as the Company You Keep." "===0 PGP Key Available ________________________________________________________________________ From owner-fwtk-users Tue Nov 3 13:23:02 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA25010 for fwtk-users-outgoing; Tue, 3 Nov 1998 13:19:48 -0500 (EST) From: raver@box.dust.ml.org Message-ID: <19981103194016.A698@RaVER.duck.org> Date: Tue, 3 Nov 1998 19:40:16 +0100 To: fwtk-users@tis.com Subject: reaching a caching proxyserver outside firewall Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91i X-Class: Fast Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello! This may be off topic here - sorry - but here is my question: We have a local net (20 or som pc's) connected to Internet using a dual ISDN connection. We've also got several machines behind a firewall (linux running fwtk). Now I plan to set up an apache server running as a caching proxyserver on the localnet so that we can keep traffic down on ISDN link. If it's at all possible - how can I let the pc's behind the wall use the caching proxyserver outside the wall? Any risks involved? Another one - just for safety we are considering protecting all our local net with fwtk. Could this work? That is - traffic from behind one wall onto the apache proxy and then at last crossing the outer wall? Any suggestions is greatly appreciated! Sture L. From owner-fwtk-users Tue Nov 3 14:01:27 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA25461 for fwtk-users-outgoing; Tue, 3 Nov 1998 13:58:49 -0500 (EST) Message-Id: <9811031923.AA10230@relay2.cospo.osis.gov> From: Joseph S D Yao Subject: Re: SSH 1.2.x vulnerability To: farone@gvillesun.com (Mark C Farone) Date: Tue, 3 Nov 1998 14:17:12 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: from "Mark C Farone" at Nov 3, 98 09:24:55 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > Or, to say it another way, it currently appears that rootshell.com was > hacked using a known valid ssh 1.2.26 user account and was not exploited > through sshd. You may once again sleep easy....well, easier. I'd rather throw oil on water than on fire; but rootshell claims that ssh's claims aren't valid. ;-( -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Tue Nov 3 16:51:12 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA28745 for fwtk-users-outgoing; Tue, 3 Nov 1998 16:46:58 -0500 (EST) Message-Id: <199811032205.RAA23638@jekyll.piermont.com> To: Mike Batchelor cc: fwtk-users@tis.com Subject: Re: SSH 1.2.x vulnerability In-reply-to: Your message of "Mon, 02 Nov 1998 11:49:57 PST." Reply-To: perry@piermont.com X-Reposting-Policy: redistribute only with permission Mime-Version: 1.0 (generated by tm-edit 7.108) Content-Type: text/plain; charset=US-ASCII Date: Tue, 03 Nov 1998 17:05:21 -0500 From: "Perry E. Metzger" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Mike Batchelor writes: > Seeing all the posts about ssh-gw here, I thought you may all want to > know that a CERT advisory is out on ssh v1.2.x, due to a buffer > overrun vulnerability in the logging functions. This isn't true at all. 1) There has been no CERT advisory. 2) According to Tatu Ylonen, there are no known buffer overruns. 3) The so-called evidence the rootshell people presented of a problem is based on an IBM report that was never public and which turned out to be false. Perry From owner-fwtk-users Tue Nov 3 17:13:47 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA29272 for fwtk-users-outgoing; Tue, 3 Nov 1998 17:12:10 -0500 (EST) Message-Id: <3.0.5.32.19981103172934.008764f0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 03 Nov 1998 17:29:34 -0500 To: Scott Klein From: Rick Murphy Subject: Re: basic tn-gw service on Redhat 5.1 Cc: pmac@pobox.com, fwtk-users@ex.tis.com In-Reply-To: <363F313C.4A3CF79@ticketking.com> References: <3637558E.2A7@mediaone.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 10:37 AM 11/3/98 -0600, Scott Klein wrote: >Perry Macdonald wrote: >> I am having a problem getting any service working with fwtk. I have a >> new installation of RH5.1 with fwtk 2.1 and skey 2.2. My netperm-table >> is >> >> in.telnetd: permit-hosts * -exec /usr/local/etc/tn-gw >> tn-gw: permit-hosts * -auth >> authsrv: permit-hosts localhost 777 >> authsrv: database /usr/local/etc/fw-authdb You're running netacl on the telnet port but you're not permitting it. Change the first line to "netacl-telnetd: permit-hosts *" ... and run netacl on the telnet port with /usr/local/etc/netacl -daemon telnet telnetd the last argument (telnetd) gets tacked onto "netacl-" when netacl starts. Your log indicates that "netacl" is denying you, thus you don't have the service name argument (telnetd). -Rick From owner-fwtk-users Tue Nov 3 17:14:27 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA29291 for fwtk-users-outgoing; Tue, 3 Nov 1998 17:13:01 -0500 (EST) Message-Id: <3.0.5.32.19981103172430.00869240@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 03 Nov 1998 17:24:30 -0500 To: Petter =?iso-8859-1?Q?=D6sterlund?= From: Rick Murphy Subject: Re: What is this: https://user:pass@host.dom/../.. Cc: fwtk-users@tis.com In-Reply-To: <3.0.1.32.19981103120951.00e45f48@pethost.fyrplus.se> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id RAA29287 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 12:09 PM 11/3/98 +0100, Petter Österlund wrote: > https://user:pass@host.dom/../ Sounds pretty strange to me. What happens if you leave off the "user:pass@" part? Anything like this - using SSL security - really should be using client certificates rather than passwords. In any case, I'd expect the browser to handle whatever interaction is necessary if you have your security proxy set - if it's handing "connect user:pass@host" to the proxy, it's not working as I would expect. (One really interesting problem is that it's actually doing a HTTP connect - port 80, unencrypted - in order to send the password. I would have expected the connection to go through port 443 since it's https:// The log messages don't indicate that; whomever designed this may not realize the exposure they have. -Rick From owner-fwtk-users Tue Nov 3 17:38:56 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA29838 for fwtk-users-outgoing; Tue, 3 Nov 1998 17:37:02 -0500 (EST) Message-ID: <002201be0718$d3887ea0$0d0310ac@chris> From: "Chris Duagn" To: Subject: Final piece Date: Tue, 3 Nov 1998 04:58:01 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Well its almost complete. Got FWTK up and running with NP. Plus i added the sock5 package to shut up the AOL (instant messenger) people here at work (irc is nice to have also...). Now my last hurdle as firewall ADMIN is to get Quake2 up and running :-). Now i know somebody has got it working....... right? Specifically does it use tcp (prob easy with plug-gw) or UDP(eeeh udprelay nitemares)... Of course ant advice would be greatly appreciated!!!!! TIA chris From owner-fwtk-users Wed Nov 4 03:02:36 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA24478 for fwtk-users-outgoing; Wed, 4 Nov 1998 02:58:30 -0500 (EST) Message-ID: From: "Petry Roman, ORG/DV" To: "'fwtk-users@ex.tis.com'" Subject: TIS and YEAR 2000 ?? Date: Wed, 4 Nov 1998 09:17:48 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, My question is very simple. Is FWTK Year 2000 compilant ??? Thanks in advance... Roman Petry From owner-fwtk-users Wed Nov 4 05:51:02 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id FAA27359 for fwtk-users-outgoing; Wed, 4 Nov 1998 05:47:55 -0500 (EST) Mime-Version: 1.0 Date: Wed, 4 Nov 1998 11:07:54 +0000 Message-ID: <640359c0@camcable.co.uk> From: Spencer_Marshall@camcable.co.uk (Spencer Marshall) Subject: s/key and Redhat To: fwtk-users@ex.tis.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Has anyone successfully got s/key to compile and work with fwtk on RedHat 5.1 please. The version of s/key I have is very incomplete and full of errors. Many thanks, Spencer From owner-fwtk-users Wed Nov 4 05:53:36 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id FAA27420 for fwtk-users-outgoing; Wed, 4 Nov 1998 05:51:49 -0500 (EST) From: "Michael C. Ibarra" Message-Id: <199811041110.GAA02828@imsi.com> Subject: Re: TIS and YEAR 2000 ?? To: Roman.Petry@dillinger.de (Petry Roman, ORG/DV) Date: Wed, 4 Nov 98 6:10:13 EST Cc: fwtk-users@ex.tis.com In-Reply-To: ; from "Petry Roman, ORG/DV" at Nov 4, 98 9:17 am Organization: Investment Management Services, Inc Internet: ibarra@imsi.com Voice: (212)339-2712 Fax: (212)339-2854 icbm: Tower 49 X-Mailer: ELM [version 2.3 PL11] Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Someone named Petry Roman, ORG/DV allegedly wrote... > >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >Hello, > >My question is very simple. Is FWTK Year 2000 compilant ??? > >Thanks in advance... > > >Roman Petry >From the FAQ http://www.erols.com/avenger/running.html#5.1.11 -mike From owner-fwtk-users Wed Nov 4 07:00:34 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA28193 for fwtk-users-outgoing; Wed, 4 Nov 1998 06:57:12 -0500 (EST) From: ark@eltex.ru Date: Wed, 4 Nov 1998 15:19:43 +0300 Message-Id: <199811041219.PAA08767@paranoid.eltex.spb.ru> In-Reply-To: <002201be0718$d3887ea0$0d0310ac@chris> from ""Chris Duagn" " Organization: "Klingon Imperial Intelligence Service" Subject: Re: Final piece To: chris@www.mmg-nash.com Cc: fwtk-users@tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Protocol is udp-based but it won't work with udprelay. There are serveral Quake-related things. If you run original Quake protocol, you may try "qudproxy". Don't know if the problem with multiple connections originating from single IP to one server was resolved. There is a thingie called "F.A.Q quake proxy". F.A.Q. is finnish team that makes proxy for linux in binary form and does not respond to email. Bleh. ("What is it good for? For sucking, i think" B&B) Quakeworld is a bit different protocol although it is as brain-dead as anything network-related made by ID software (HATE!) "Chris Duagn" said : > Well its almost complete. Got FWTK up and running with NP. Plus i added the > sock5 package to shut up the AOL (instant messenger) people here at work > (irc is nice to have also...). Now my last hurdle as firewall ADMIN is to > get Quake2 up and running :-). Now i know somebody has got it working....... > right? > > Specifically does it use tcp (prob easy with plug-gw) or UDP(eeeh udprelay > nitemares)... > > Of course ant advice would be greatly appreciated!!!!! _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkBGXaH/mIJW9LeBAQFEzAQAi8Y+M4HwJTd6VtF/t6KjYpAP7VNQhAgT VIQbh+jwAnd/CiXV943QO+wB4AM7ww2dQW6L5qCu4IcpOX3m+USf/odtHSej8xQd NoxP+tRdR3riM4/jRudcKrsJmJx226BL87quZNWWIYcnvEDbf3fBEUAakYcURBn3 ogOY0EzP/cs= =U5Tk -----END PGP SIGNATURE----- From owner-fwtk-users Wed Nov 4 08:26:15 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA29100 for fwtk-users-outgoing; Wed, 4 Nov 1998 08:23:10 -0500 (EST) Message-Id: <199811041341.HAA14288@stone.gargoyle.net> Subject: Re: SSH 1.2.x vulnerability To: jsdy@cospo.osis.gov (Joseph S D Yao) Date: Wed, 4 Nov 1998 07:41:50 -0600 (CST) From: "Alister Sparhawk" Cc: farone@gvillesun.com, fwtk-users@tis.com In-Reply-To: <9811031923.AA10230@relay2.cospo.osis.gov> from "Joseph S D Yao" at Nov 3, 98 02:17:12 pm X-Mailer: ELM [version 2.4 PL25 PGP6-MF] Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I'd rather throw oil on water than on fire; but rootshell claims that > ssh's claims aren't valid. ;-( Rootshell is in fact incorrect and its a known fact on their part as well as others that ssh was not the vulnerable access that allowed their site to be compromised. The simple fact is that the entry machine which is used to ssh to rootshell was compromised. So says a rep from Secure Computing whom knows the guy over at rootshell. The simple fact is that yes it was ssh that was used to gain entry but not in the way everyone thinks. Supposedly ssh on the remote machine was compromised, a password to rootshell was gain using a compromised version of ssh on the remote machine and entry to rootshell was gained shortly afterwards. The supposed fix that rootshell is using to cover their backside is bs.. Don't use it and don't even think its worth your effort.. There is no overflow in the logging of ssh to be exploited. Your best bet is to take the time to upgrade to ssh 2.0.10 in combination with 1.2.26 for compatibility mode sakes, and be done with this entire ordeal.. Rootshell does not wish people to think their incompetent and unfortunatly its far to late for that.. Robert Andrews Twilight Limited Communications CEO / Sr. Systems Admin Asst. Systems Admin - The MedServe Link Inc. Twin Cities, MN From owner-fwtk-users Wed Nov 4 08:36:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA29429 for fwtk-users-outgoing; Wed, 4 Nov 1998 08:36:11 -0500 (EST) Date: Wed, 4 Nov 1998 08:36:11 -0500 (EST) From: owner-fwtk-users@ex.tis.com Message-Id: <199811041336.IAA29429@portal.ex.tis.com> [192.94.214.100]) by portal.ex.tis.com (8.9.1/8.9.1) with ESMTP id EAA26423 for ; Wed, 4 Nov 1998 04:41:06 -0500 (EST) (4.1) id xma003507; Wed, 4 Nov 98 05:05:00 -0500 BAA08334 for ; Wed, 4 Nov 1998 01:59:25 -0800 (PST) BAA29056 for ; Wed, 4 Nov 1998 01:59:23 -0800 (PST) id KAA19404 for ; Wed, 4 Nov 1998 10:59:00 +0100 (MET) To: fwtk-users@tis.com Subject: Re: What is this: https://user:pass@host.dom/../.. References: <3.0.5.32.19981103172430.00869240@fw.itm-inst.com> Mime-Version: 1.0 (generated by tm-edit 7.93) Content-Type: text/plain; charset=ISO-8859-1 From: Leif Nixon Date: 04 Nov 1998 10:59:17 +0100 In-Reply-To: Rick Murphy's message of Tue, 03 Nov 1998 17:24:30 -0500 Message-ID: Lines: 24 X-Mailer: Gnus v5.3/Emacs 19.34 X-MIME-Autoconverted: from 8bit to quoted-printable by mailhub.rational.com id BAA29056 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id EAA26424 Sender: owner-fwtk-users@portal.ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Rick Murphy writes: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > At 12:09 PM 11/3/98 +0100, Petter Österlund wrote: > > https://user:pass@host.dom/../ > Sounds pretty strange to me. What happens if you leave off the "user:pass@" > part? Anything like this - using SSL security - really should be using client > certificates rather than passwords. This is a bit tangential, but since I'm a customer of the involved bank, I can shed some light on at least this part; this username and password are just used to gain access to the *real* login page, where you use a one-time password from a bank-supplied calculator-like thingie to log in to the actual bank service. -- Leif Nixon Rational SoftLab ------------------------------------------------- E-mail: leif@rational.com Phone: +46 13 23 57 61 ------------------------------------------------- From owner-fwtk-users Wed Nov 4 08:38:36 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA29509 for fwtk-users-outgoing; Wed, 4 Nov 1998 08:38:09 -0500 (EST) Message-Id: <3.0.5.32.19981104134237.00899b00@asterix.ing.unibs.it> X-Sender: conti@asterix.ing.unibs.it X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 04 Nov 1998 13:42:37 +0100 To: fwtk-users@ex.tis.com From: Cristiano Conti Subject: authsrv with DES encrypted I/O support Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] How can I enable DES encrypted communications between client (I'm especially interested in authmgr) and authsrv and how should I configure the netperm-table file? I couldn't find any help in detail neither in man pages nor in documentation. The problem is outlined in "Configuration and administration" (admin_guide.ps) page 9. They say support for the encryption functionality is optional ... Where can I find the module to replace? Is there an international version of DES for non U.S. citizen and then an associated kit version? If not, how can I protect the communications over a MAN? May I use SSH or something similar? I'm still using FWTK 2.0. TIA, criX ---------------------------------------------------------------------------- Cristiano Conti PGP key available on http://keyserver.unibs.it ---------------------------------------------------------------------------- From owner-fwtk-users Wed Nov 4 09:43:48 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA29831 for fwtk-users-outgoing; Wed, 4 Nov 1998 09:29:29 -0500 (EST) From: "Marcel de Reuver" Organization: Apparatenfabriek Helpman Groningen To: fwtk-users@tis.com Date: Wed, 4 Nov 1998 15:27:57 +0100 (MET) MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: SNK Client software (was: telnet/ftp to bastion? ) Message-ID: <2272ABA4C08@helpman.nl> Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > > Well, you should use some kind of non-reusable passwords. S/Key works > okay. If you have a PalmPilot, you can use SNK004 with SecurePilot > (http://www.securepilot.com), which saves you having to get an SNK > token. (See also pilOTP, which generates S/Key "passwords" the same > way that "key" does, except only one at a time. It's at > http://astro.uchicago.edu/home/web/valdes/pilot/.) > Is there also M$-Windoze client software for S/Key or SNK? From owner-fwtk-users Wed Nov 4 11:13:57 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA01026 for fwtk-users-outgoing; Wed, 4 Nov 1998 11:11:17 -0500 (EST) Message-Id: <199811041629.LAA03864@fw1.osis.gov> From: Joseph S D Yao Subject: Re: SSH 1.2.x vulnerability To: root@stone.gargoyle.net (Alister Sparhawk) Date: Wed, 4 Nov 1998 11:30:17 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <199811041341.HAA14288@stone.gargoyle.net> from "Alister Sparhawk" at Nov 4, 98 07:41:50 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > > I'd rather throw oil on water than on fire; but rootshell claims that > > ssh's claims aren't valid. ;-( > > Rootshell is in fact incorrect and its a known fact on their part as well as others that ssh was not the > vulnerable access that allowed their site to be compromised. ... > There is no overflow in the logging of ssh to be exploited. ... I am willing to accept the facts that you state [and let the opinions go for what they're worth], subject to verification [or otherwise] from other sources. But the sentence above needs to be broken down into two statements. ISTM that the Linux Audit team HAS found potential buffer overflows in ssh, but also that they HAVE NOT found exploits using them. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Wed Nov 4 11:53:28 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA01824 for fwtk-users-outgoing; Wed, 4 Nov 1998 11:52:22 -0500 (EST) Message-ID: <19981104171040.29925.qmail@hotmail.com> X-Originating-IP: [207.38.130.10] From: "Chique XXXXX" To: fwtk-users@tis.com Subject: netperm-table....................... MIME-Version: 1.0 Content-Type: text/plain Date: Wed, 04 Nov 1998 09:10:39 PST Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At what point is the netperm-table called on a TIS firewall proxy....which file calls it? Chique ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Wed Nov 4 12:03:18 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA02023 for fwtk-users-outgoing; Wed, 4 Nov 1998 12:02:54 -0500 (EST) Date: Wed, 4 Nov 1998 12:16:41 -0500 (EST) From: David B Swann To: fwtk-users@ex.tis.com Subject: Transparency for FreeBSD Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I'm attempting to get transparency working on a FreeBSD box. I downloaded the IP filter program from Darren Reed and it appeared to instal OK. At least the module loads into the kernel. Anyway... the transparency patches require the "ip_nat.h" include files. So, I took the ip_nat.h from the IP Filter files and placed it into /usr/local and modified hnam.c to expect it there. I tried to compile hnam.c, but it has trouble with the ip_nat.h file. Is there a specific version of this file for FreeBSD? Are there specific instructions on how to get transparency working? The FWTK doesn't include very detailed directions. Thanks for any help. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- From owner-fwtk-users Wed Nov 4 12:10:55 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA02169 for fwtk-users-outgoing; Wed, 4 Nov 1998 12:10:22 -0500 (EST) Message-ID: <36408D84.543A1F00@icdc.caissedesdepots.fr> Date: Wed, 04 Nov 1998 18:23:16 +0100 From: Jean Chambard Organization: Informatique CDC X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: fwtk-users@tis.com Subject: fwtk2.0 and securID 3.3 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id MAA02166 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello all I am trying to compile fwtk 2.0 on solaris 2.6 with securID option in authserv I have defined the securID lib as sdiclient.a when I compile securid.c from fwtk/auth/securid.c, I got an error from gcc pointing to an unknown symbol tis_sd_init in securid.c, line 125 I looked in every lib I knew of, and I found no reference to this function. The only one that is known is sd_init, which is defined in sdiclient.a. So I changed tis_sd_init to sd_init, and everything went good (compilation and so on). I installed the sdconf.rec in /var/ace and test the auth againt tn-gw. Everything seems to work ok. Even the new pin mode seems to work almost perfectly. I just got a strange message from tn-gw (too many failed login) but the pin was changed. Do anyone knows what tis_sd_init is for ? Can I safely use sd_init instead ? TIA for your answers. Jean Chambard -- ------------------------------------------------------------------------ - The opinions expressed here are my own. - Jean CHAMBARD - Informatique CDC - Groupe Caisse des Dépots - mailto:jean.chambard@icdc.caissedesdepots.fr - Tel : 33 (0)1 40 49 18 41 Fax : 33 (0)1 40 49 96 57 ------------------------------------------------------------------------ From owner-fwtk-users Wed Nov 4 12:28:34 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA02470 for fwtk-users-outgoing; Wed, 4 Nov 1998 12:25:52 -0500 (EST) Date: Wed, 4 Nov 1998 17:42:03 +0000 (GMT) From: Chuck Young Reply-To: Chuck Young To: fwtk-users@ex.tis.com Subject: FAQ URL tag line? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] The constant resurgence of very simple questions with answers contained in the FAQ presses me to ask what became of the notion to put a tag line somewhere in the body of mail sent out to the list pointing users to the FAQ URL? Is someone working on this or was a decision made in the other direction? I saw a few suggestions about where it should be placed. I would append it to the unsubscribe tag line. Such as: [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com. Also, please check the URL http://www.erols.com/avenger/ for information on running the FWTK] It was such a good idea, I hate to see it overlooked. Anyone? Chuck Young GTE Internetworking From owner-fwtk-users Wed Nov 4 12:28:51 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA02545 for fwtk-users-outgoing; Wed, 4 Nov 1998 12:28:22 -0500 (EST) From: ark@eltex.ru Date: Wed, 4 Nov 1998 20:23:54 +0300 Message-Id: <199811041723.UAA09757@paranoid.eltex.spb.ru> In-Reply-To: <199811041341.HAA14288@stone.gargoyle.net> from ""Alister Sparhawk" " Organization: "Klingon Imperial Intelligence Service" Subject: Re: SSH 1.2.x vulnerability To: root@stone.gargoyle.net Cc: jsdy@cospo.osis.gov, (Joseph,S,D,Yao), farone@gvillesun.com, fwtk-users@tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Questionable.. "Alister Sparhawk" said : > There is no overflow in the logging of ssh to be exploited. Your best bet is to take the time to upgrade > to ssh 2.0.10 in combination with 1.2.26 for compatibility mode sakes, and be done with this entire > ordeal.. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkCNqaH/mIJW9LeBAQGLLwQAosItUvxu2oits1+qRE43WdPrmiknEF6i ECVDFgZDg/8flzy10aKgllBHa1QAqFM0DdxknfcJZMqlaeusswDbWDwugdaV7ksZ /07ux0ylZsEDxIpA0lfhpR9ibhRFeO+YkzdhtSXi1mML0p3RsALb93kp/UtInkbP cZuptY0KY4k= =QMZb -----END PGP SIGNATURE----- From owner-fwtk-users Wed Nov 4 14:11:43 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA04485 for fwtk-users-outgoing; Wed, 4 Nov 1998 14:08:32 -0500 (EST) Message-Id: <3.0.5.32.19981104121638.009b2580@dreamwvr.com> X-Sender: dreamwvr@dreamwvr.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 04 Nov 1998 12:16:38 -0700 To: Spencer_Marshall@camcable.co.uk (Spencer Marshall), fwtk-users@ex.tis.com From: dreamwvr Subject: Re: s/key and Redhat In-Reply-To: <640359c0@camcable.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hi, if mem serves the bell core s/key has problems periods...TAIK on this setup. I would normally say why ! just use sshd but i will hesitate for now...:) @ least until the mud slinging has finished and the dust has settled. If in doubt upgrade...2 2;'] Regards, dreamwvr@dreamwvr.com At 11:07 AM 11/4/98 +0000, Spencer Marshall wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > > > Has anyone successfully got s/key to compile and work with fwtk on > RedHat 5.1 please. The version of s/key I have is very incomplete and > full of errors. > > Many thanks, > > Spencer > > Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. Featuring Website Development and Web Strategies of a TOP Developer "As Unique as the Company You Keep." "===0 PGP Key Available ________________________________________________________________________ From owner-fwtk-users Wed Nov 4 15:32:12 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA06744 for fwtk-users-outgoing; Wed, 4 Nov 1998 15:30:18 -0500 (EST) Date: Wed, 4 Nov 1998 12:49:45 -0800 (PST) From: inTEXT Communications To: "Petry Roman, ORG/DV" cc: "'fwtk-users@ex.tis.com'" Subject: Re: TIS and YEAR 2000 ?? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Is unix/ linux/ bsd Y2k ok ? YES...untill 2036 On Wed, 4 Nov 1998, Petry Roman, ORG/DV wrote: > Date: Wed, 4 Nov 1998 09:17:48 +0100 > From: "Petry Roman, ORG/DV" > To: "'fwtk-users@ex.tis.com'" > Subject: TIS and YEAR 2000 ?? > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hello, > > My question is very simple. Is FWTK Year 2000 compilant ??? > > Thanks in advance... > > > Roman Petry > ********************************************** inTEXT Communications Vancouver BC Canada Corporate Intranet & Internet Security System Administration - FireWall Systems Linux Bsd FreeBSD Programming Perl / c / c++ www.intextonline.com | glenn@intextonline.com From owner-fwtk-users Wed Nov 4 15:32:12 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA06728 for fwtk-users-outgoing; Wed, 4 Nov 1998 15:29:59 -0500 (EST) Date: Wed, 4 Nov 1998 12:28:49 -0800 From: Mike Batchelor Subject: Re: What is this: https://user:pass@host.dom/../.. To: FWTK Users X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <3.0.1.32.19981103120951.00e45f48@pethost.fyrplus.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] RFC1738 paragraph 3.3 explicitly states that HTTP URLs may not contain a username or password. Not sure if this also applies to HTTPS URLs, but that protocol is supposed to use certificates for authentication, not username/password. Some browsers can interpret such URLs and "do the right thing" - strip the username/password from the URL, and convert them into HTTP basic auth info in the request headers. That's why illegal URLs like this seem to work when your user is on a direct connection. I'm guessing that your user can access his bank page from home, but not from work. Is he using the same browser at work as at home? It may be that setting up a proxy server in the browser at work bypasses the "smart" processing of the URL he types. But the bottom line is, http-gw also does the right thing by NOT supporting this. :) ------------------------ From: Petter =?iso-8859-1?Q?=D6sterlund?= Subject: What is this: https://user:pass@host.dom/../.. Date: Tue, 03 Nov 1998 12:09:51 +0100 To: fwtk-users@tis.com > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > > Hi! > > One of my users are trying to access a site with an url like > this: > > https://user:pass@host.dom/../ > > The URL is via a homepage from his bank to pay bills, so I guess they > know what they are doing. > > Is this supposed to work? I guess so but does fwtk suport it? > I'm using fwtk 2.0 + patches. What happens is that http-gw thinks > "user:pass@host.dom" is the name of the host to contact. > > This what the log file looks like (changed actual host/password data): > > Nov 3 11:29:22 gate http-gw[29857]: log host=xxxxx/yyyyy protocol=HTTP > cmd=get dest=sune:passw@hembanken3.oeb.se path=/betal/startbild.cfm > Nov 3 11:29:23 gate http-gw[29857]: failed to connect to http server sune:passwd@hembanken3.oeb.se (80) > > > regards > /Petter > ---------------End of Original Message----------------- _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/04/98 12:28:50 From owner-fwtk-users Wed Nov 4 17:49:25 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA10919 for fwtk-users-outgoing; Wed, 4 Nov 1998 17:46:32 -0500 (EST) Reply-To: From: "L. Tobias Klauder" To: Subject: FTP ? Date: Wed, 4 Nov 1998 16:45:33 -0500 Message-ID: <002d01be083c$741d74a0$5b02a8c0@tklauder.sterling-usa.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2232.26 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I am getting this message when trying to do a quote via TIS ftp-gw to an AS400. Any ideas on this one, or do any patches/hacks exist to alleviate this error. If this user logs directly into the RH Linux box running TIS, and then does a direct FTP from there, this quote command seems to work with no problem. thanks.. Toby Klauder ltk@cvm.com ftp> quote (command line to send) rcmd sbmjob cmd(call tgm(amphdstnet/loadss)) jobq(qdistba t) jobpty(5) job(spectra1) 500 command not understood ftp> ? From owner-fwtk-users Wed Nov 4 17:49:45 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA11055 for fwtk-users-outgoing; Wed, 4 Nov 1998 17:49:04 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: Jean Chambard cc: fwtk-users@tis.com Message-ID: <852566B2.00694DC7.00@ttcmta1-7.ttc.com> Date: Wed, 4 Nov 1998 14:11:34 -0500 Subject: Re: fwtk2.0 and securID 3.3 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > Do anyone knows what tis_sd_init is for ? > Can I safely use sd_init instead ? This is answered in the FWTK FAQ: 5.2.2: How do I use SecureID/Skey with the toolkit? http://www.erols.com/avenger/running.html#5.2.2 --Keith -youngk@ttc.com From owner-fwtk-users Wed Nov 4 17:49:48 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA11068 for fwtk-users-outgoing; Wed, 4 Nov 1998 17:49:08 -0500 (EST) Message-Id: <199811041853.NAA13182@fw1.osis.gov> From: Joseph S D Yao Subject: Re: SNK Client software (was: telnet/ftp to bastion? ) To: M.de.Reuver@helpman.nl (Marcel de Reuver) Date: Wed, 4 Nov 1998 13:53:59 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <2272ABA4C08@helpman.nl> from "Marcel de Reuver" at Nov 4, 98 03:27:57 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > Is there also M$-Windoze client software for S/Key or SNK? For MS Wind 3.1, I used something called "OTP". For MSW'95, I had to go with something called "WinKey". Both should be available at fine software archives near you. ;-/ Both are just calculators. We folded it into our Chameleon dial-up networking software; but that product is no longer available. ;-( -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Wed Nov 4 17:49:55 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA11062 for fwtk-users-outgoing; Wed, 4 Nov 1998 17:49:05 -0500 (EST) Message-Id: <199811041910.OAA14231@fw1.osis.gov> From: Joseph S D Yao Subject: Re: netperm-table....................... To: tessielle@hotmail.com (Chique XXXXX) Date: Wed, 4 Nov 1998 14:11:21 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <19981104171040.29925.qmail@hotmail.com> from "Chique XXXXX" at Nov 4, 98 09:10:39 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > At what point is the netperm-table called on a TIS firewall > proxy....which file calls it? The file "netperm-table" is an object, not a process. It is read by the configuration routines in the library, q.v. Most programs seem to call these library routines somewhere very near the start. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Wed Nov 4 18:41:04 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA12227 for fwtk-users-outgoing; Wed, 4 Nov 1998 18:40:20 -0500 (EST) Date: Wed, 4 Nov 1998 15:59:56 -0800 (PST) From: Duncan Sharp To: "L. Tobias Klauder" cc: fwtk-users@tis.com Subject: Re: FTP ? In-Reply-To: <002d01be083c$741d74a0$5b02a8c0@tklauder.sterling-usa.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Wed, 4 Nov 1998, L. Tobias Klauder wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > I am getting this message when trying to do a quote via TIS ftp-gw to an > AS400. Any ideas on this one, or do any patches/hacks exist to alleviate > this error. If this user logs directly into the RH Linux box running TIS, > and then does a direct FTP from there, this quote command seems to work with > no problem. So is 'QUO' supported/permitted by fwtk? Duncan Sharp > > thanks.. > > Toby Klauder > ltk@cvm.com > > > ftp> quote > (command line to send) rcmd sbmjob cmd(call tgm(amphdstnet/loadss)) > jobq(qdistba > t) jobpty(5) job(spectra1) > 500 command not understood > ftp> ? > > From owner-fwtk-users Wed Nov 4 20:51:42 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA16008 for fwtk-users-outgoing; Wed, 4 Nov 1998 20:49:00 -0500 (EST) Message-Id: <3.0.5.32.19981104205448.0088a560@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 04 Nov 1998 20:54:48 -0500 To: Cristiano Conti From: Rick Murphy Subject: Re: authsrv with DES encrypted I/O support Cc: fwtk-users@ex.tis.com In-Reply-To: <3.0.5.32.19981104134237.00899b00@asterix.ing.unibs.it> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 01:42 PM 11/4/98 +0100, Cristiano Conti wrote: >How can I enable DES encrypted communications between client (I'm >especially interested in authmgr) and authsrv and how should I configure >the netperm-table file? Don't bother. The code as originally written was flawed (it permitted replay attacks.) The corrected code was removed from FWTK 2.1 because an individual in Australia that downloaded the "export controlled" parts of FWTK used that as an example of how easy it was to get crypto past simple domain-based blocks. This led to all usage of cryptographic functions to be removed from FWTK. Besides, if you're using one-time passwords with FWTK, who cares if the authsrv traffic is sniffed? If you're using reusable passwords, shame on you :-) -Rick From owner-fwtk-users Wed Nov 4 20:51:42 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA16070 for fwtk-users-outgoing; Wed, 4 Nov 1998 20:50:18 -0500 (EST) Message-Id: <3.0.5.32.19981104210143.0084daf0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 04 Nov 1998 21:01:43 -0500 To: Jean Chambard From: Rick Murphy Subject: Re: fwtk2.0 and securID 3.3 Cc: fwtk-users@tis.com In-Reply-To: <36408D84.543A1F00@icdc.caissedesdepots.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 06:23 PM 11/4/98 +0100, Jean Chambard wrote: >I am trying to compile fwtk 2.0 on solaris 2.6 with securID option in >authserv Don't use 2.0, use 2.1. >So I changed tis_sd_init to sd_init, and everything went good >(compilation and so on). That's the fix. >Do anyone knows what tis_sd_init is for ? >Can I safely use sd_init instead ? Yes, subject to the bug that the "tis_" version fixes (the SecurID software won't work properly on multi-homed hosts. This is because the messages sent to the ACE server contain the IP address of the requesting host; the IP address that's used happens to be whatever you get by translating the local hostname to an IP address - 50% of the time it'll be wrong on a dual-homed host. For Gauntlet, I modified the SecurID libraries to permit passing the correct IP address to the sd_init function - that's what tis_sd_init() is. Since you probably don't have source, use the 'normal' function. -Rick From owner-fwtk-users Wed Nov 4 20:56:49 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA16388 for fwtk-users-outgoing; Wed, 4 Nov 1998 20:56:29 -0500 (EST) Message-Id: <3.0.5.32.19981104211614.008999b0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 04 Nov 1998 21:16:14 -0500 To: Chuck Young From: Rick Murphy Subject: Re: FAQ URL tag line? Cc: fwtk-users@ex.tis.com In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 05:42 PM 11/4/98 +0000, Chuck Young wrote: >The constant resurgence of very simple questions with answers contained in >the FAQ presses me to ask what became of the notion to put a tag line >somewhere in the body of mail sent out to the list pointing users to the >FAQ URL? I don't know if anyone at NAI who can control the list is listening; you probably should send a suggestion to 'postmaster@tis.com' and see if they can implement the change (not that I think it'll help; people who don't bother to read the README probably aren't going to read the header....) -Rick From owner-fwtk-users Wed Nov 4 20:58:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA16494 for fwtk-users-outgoing; Wed, 4 Nov 1998 20:58:20 -0500 (EST) Message-Id: <3.0.5.32.19981104211244.00895410@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 04 Nov 1998 21:12:44 -0500 To: From: Rick Murphy Subject: Re: FTP ? Cc: In-Reply-To: <002d01be083c$741d74a0$5b02a8c0@tklauder.sterling-usa.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 04:45 PM 11/4/98 -0500, L. Tobias Klauder wrote: >I am getting this message when trying to do a quote via TIS ftp-gw to an >AS400. Any ideas on this one, or do any patches/hacks exist to alleviate >this error. If this user logs directly into the RH Linux box running TIS, >and then does a direct FTP from there, this quote command seems to work with >no problem. If I understand this correctly, "QUOTE" is a FTP client command. What it does is to accept the rest of the command and sends it on to the remote host. The QUOTE things I've seen in the past are all of the form "QUOTE SITE ..." and those do work - you could try doing a "QUOTE SITE rcmd ...." and if that fails, add "rcmd" to the FtpOp table in ftp-gw.c (duplicate the "site" entry.) -Rick From owner-fwtk-users Wed Nov 4 21:02:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA16655 for fwtk-users-outgoing; Wed, 4 Nov 1998 21:02:13 -0500 (EST) From: robert@nda-eng.co.nz Message-Id: Date: Thu, 5 Nov 1998 15:19:31 +0000 To: fwtk-users@ex.tis.com Subject: RE Squid or Http-gw Receipt-Requested-To: robert@nda-eng.co.nz MIME-version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Mailer: TFS Gateway /310000000/300105395/300102283/310420301/ X-Engine: "TFS Engine Release 3.12 Build 152e" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id VAA16651 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I have been following this discussion with some interest, but am perplexed as to how much of an issue the following tag really is. As all this is doing is redirecting the internal protected users browser to an internal url which may or may not exist. Assuming you are generally not concerned about where internal users travel and assuming you have sufficient levels of internal access security to all the places that internal users should not be going to, I can only assume this is relatively harmless. I assume that once the redirection occurs the browser will cease to communicate with the original site. Assuming all this (I know this is a lot of assumptions) The only way I can see the URL being a problem would be if the malicious site was running some sort of special server that would force the browser to secretly install some activeX, Java or some other hidden components which in turn would broadcast back to the server what the browser was viewing? Is this right or is this wrong, what have I missed? Cheers Robert J. From owner-fwtk-users Thu Nov 5 02:02:48 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA27022 for fwtk-users-outgoing; Thu, 5 Nov 1998 02:00:14 -0500 (EST) Message-Id: <3.0.1.32.19981105081840.0101ecd0@pethost.fyrplus.se> X-Sender: petos@pethost.fyrplus.se X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Thu, 05 Nov 1998 08:18:40 +0100 To: fwtk-users@tis.com From: Petter =?iso-8859-1?Q?=D6sterlund?= Subject: Re: solved: What is this: https://user:pass@host.dom/../.. In-Reply-To: References: <3.0.1.32.19981103120951.00e45f48@pethost.fyrplus.se> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Charset: ISO_8859-1 X-Char-Esc: 29 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi! I can now let you all know that the bank that used this URL has changed it by simply removing the "user:pass@" part of the URL and it now works without problems through http-gw. /Petter >> >> One of my users are trying to access a site with an url like >> this: >> >> https://user:pass@host.dom/../ >> ... From owner-fwtk-users Thu Nov 5 02:46:59 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA27823 for fwtk-users-outgoing; Thu, 5 Nov 1998 02:46:19 -0500 (EST) Message-ID: <36415B36.B5515320@emis.com.au> Date: Thu, 05 Nov 1998 19:00:54 +1100 From: Vasil Vasiliades X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: fwtk Subject: corrupt file? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-MDaemon-Deliver-To: fwtk-users@ex.tis.com X-Return-Path: Vasil@emis.com.au Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, This is my first attempt at using the "fwtk" and by the way the first time i have written to this group, my questtion could be totally unrelated, but i have scoured every area I could find to no avail. So I am using this list as my last resort I am running linux Slackware 2.0.34 i downloded the fwtk2.1.tar.Z and the docs and the README(yes I read that too). My problem begins when i try to uncompress both the docs and the FWTK. with this command. and I have tried some other variations as well. I seem to get only errrors. Linux:/usr/src/fwtk2.1# "tar -xpvf fwtk2.1.tar.Z" tar: Hmm, this doesn't look like a tar archive tar:Skipping to next file header tar: Only read 10008 bytes from archive fwtk2.1.tar.Z tar: Error is not recoverable: exiting now I have tried gzip, and uncompress and they all give me errors. Is it something that I am doing wrong or the files might be corrupt.( I downloaded them twice) made absolutley no difference. TIA Vasil From owner-fwtk-users Thu Nov 5 03:52:59 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id DAA28828 for fwtk-users-outgoing; Thu, 5 Nov 1998 03:50:16 -0500 (EST) Message-ID: <364169FA.3E646B55@icdc.caissedesdepots.fr> Date: Thu, 05 Nov 1998 10:03:54 +0100 From: Jean Chambard Organization: Informatique CDC X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: youngk@ttc.com CC: fwtk-users@tis.com Subject: Re: fwtk2.0 and securID 3.3 References: <852566B2.00694DC7.00@ttcmta1-7.ttc.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id DAA28825 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Thanks for ypour answer I suppose my question was then an already-answered one. But I overlooked the subjet in the FAQ, since I looked for the string "securid" instead of secureid (with an e). The correct name is SecurID (without an e). Could that be corrected in the FAQ ? That would probably save some other questions. Best Regards Jean youngk@ttc.com wrote: > > Do anyone knows what tis_sd_init is for ? > > Can I safely use sd_init instead ? > > This is answered in the FWTK FAQ: > 5.2.2: How do I use SecureID/Skey with the toolkit? > http://www.erols.com/avenger/running.html#5.2.2 > > --Keith > -youngk@ttc.com -- ------------------------------------------------------------------------ - The opinions expressed here are my own. - Jean CHAMBARD - Informatique CDC - Groupe Caisse des Dépots - mailto:jean.chambard@icdc.caissedesdepots.fr - Tel : 33 (0)1 40 49 18 41 Fax : 33 (0)1 40 49 96 57 ------------------------------------------------------------------------ From owner-fwtk-users Thu Nov 5 05:42:26 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id FAA00241 for fwtk-users-outgoing; Thu, 5 Nov 1998 05:40:32 -0500 (EST) From: Espen Sand Reply-To: espen.sand@neo.no To: fwtk-users@ex.tis.com Subject: Re: corrupt file? Date: Thu, 5 Nov 1998 11:56:32 +0100 X-Mailer: KMail [version 0.7.9] Content-Type: text/plain References: <36415B36.B5515320@emis.com.au> MIME-Version: 1.0 Message-Id: <98110512001100.00995@venus.neo.no> Content-Transfer-Encoding: 8bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Thu, 05 Nov 1998, you wrote: > >I am running linux Slackware 2.0.34 i downloded the fwtk2.1.tar.Z and >the docs and the README(yes I read that too). My problem begins when i >try to uncompress both the docs and the FWTK. with this command. and I >have tried some other variations as well. I seem to get only errrors. > >Linux:/usr/src/fwtk2.1# "tar -xpvf fwtk2.1.tar.Z" > Hmm.., you must at least use "tar -xpzvf fwtk2.1.tar.Z" Try "tar tzf " first. Espen Sand, Research Scientist ----- Norsk Elektro Optikk A/S Work: mailto:espen.sand@neo.no Solheimveien 62A Home: mailto:espensa@online.no P.O.Box 384 Phone +47 67 91 11 54 (Direct) N-1471 Skarer Phone +47 67 97 47 00 Norway. Fax: +47 67 97 49 00 ----- From owner-fwtk-users Thu Nov 5 05:44:37 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id FAA00292 for fwtk-users-outgoing; Thu, 5 Nov 1998 05:44:14 -0500 (EST) X-Authentication-Warning: firewall.strathom.com: nouser set sender to using -f Message-ID: <005601be08ab$99232640$0b00a8c0@poste13.strathom.com> From: "Fred LB" To: Subject: Analyze the traffic through a firewall Date: Thu, 5 Nov 1998 12:01:10 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I've been looking around for a tool that would help me to analyze the traffic through my firewall, probably base on the logs FWTK produces. Unfortunately, i couldn't find anything that might help ... If anyone heard about / wrote such a tool, i'd be glad to hear from him Thanks in advance, Fred LB - Sysadmin Strathom Informatique From owner-fwtk-users Thu Nov 5 07:13:44 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id HAA01132 for fwtk-users-outgoing; Thu, 5 Nov 1998 07:09:55 -0500 (EST) Message-ID: <3641992F.E465CE68@emis.com.au> Date: Thu, 05 Nov 1998 23:25:19 +1100 From: Vasil Vasiliades X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: fwtk Subject: Corrupt file ? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-MDaemon-Deliver-To: fwtk-users@ex.tis.com X-Return-Path: Vasil@emis.com.au Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Thanks to all who helped. It was because I ftp'd it in ASCII not Binary Thanks for you prompt replies and help, this is one that I will not forget in a hurray Regards Vasil From owner-fwtk-users Thu Nov 5 07:33:07 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id HAA01365 for fwtk-users-outgoing; Thu, 5 Nov 1998 07:32:30 -0500 (EST) From: ark@eltex.ru Date: Thu, 5 Nov 1998 15:55:11 +0300 Message-Id: <199811051255.PAA13583@paranoid.eltex.spb.ru> In-Reply-To: <3.0.5.32.19981104205448.0088a560@fw.itm-inst.com> from "Rick Murphy " Organization: "Klingon Imperial Intelligence Service" Subject: Re: authsrv with DES encrypted I/O support To: rmurphy@itm-inst.com Cc: cristiano.conti@unibs.it, fwtk-users@ex.tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Rick Murphy said : > At 01:42 PM 11/4/98 +0100, Cristiano Conti wrote: > >How can I enable DES encrypted communications between client (I'm > >especially interested in authmgr) and authsrv and how should I configure > >the netperm-table file? > > Don't bother. The code as originally written was flawed (it permitted > replay attacks.) > > The corrected code was removed from FWTK 2.1 because an individual in > Australia that downloaded the "export controlled" parts of FWTK used that > as an example > of how easy it was to get crypto past simple domain-based blocks. This led to > all usage of cryptographic functions to be removed from FWTK. Why? Why not just remove cryptographic functions itself and link it with so-so-standard crypto libraries (available, say, from ftp.funet.fi ;)? What was the last version that _did_ contain it? Will try to get ;) > > Besides, if you're using one-time passwords with FWTK, who cares if the > authsrv traffic is sniffed? If you're using reusable passwords, shame on > you :-) > -Rick > It does matter if you _change_ password. I always wonder why authsrv does not support "secure" way to do this like s/key and opie utilities do. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkGgLaH/mIJW9LeBAQFwMgP/XA9CLOqtA3UAuc+ueFFH4ZfrJFPDa+oT RLpHT5Xel/8RNULN31jGLx2Aar+um1gKmrpdoezVKHUUhXixztEdqTizpOn0HzmV H3AbTs3GUU7UFVKWKB7GR5Q1ERtiaH6RD97ga0EX8WRovUjFgsm71XD8RZJlZCRW O8s6EELqXgk= =zsdz -----END PGP SIGNATURE----- From owner-fwtk-users Thu Nov 5 08:27:08 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA01998 for fwtk-users-outgoing; Thu, 5 Nov 1998 08:25:20 -0500 (EST) Message-Id: <4.1.19981105084228.009d0100@pop3.clark.net> X-Sender: avolio@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Thu, 05 Nov 1998 08:43:05 -0500 To: "Fred LB" , From: Frederick M Avolio Subject: Re: Analyze the traffic through a firewall In-Reply-To: <005601be08ab$99232640$0b00a8c0@poste13.strathom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I've seen WebTrack advertised. Looks like it will do it, though maybe just for Gauntlet. Fred At 12:01 PM 11/5/98 +0100, Fred LB wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > > I've been looking around for a tool that would help me to analyze the >traffic through my firewall, probably base on the logs FWTK produces. >Unfortunately, i couldn't find anything that might help ... > > If anyone heard about / wrote such a tool, i'd be glad to hear from him > > Thanks in advance, > >Fred LB - Sysadmin >Strathom Informatique From owner-fwtk-users Thu Nov 5 08:29:45 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA02092 for fwtk-users-outgoing; Thu, 5 Nov 1998 08:29:21 -0500 (EST) From: ark@eltex.ru Date: Thu, 5 Nov 1998 16:52:14 +0300 Message-Id: <199811051352.QAA13723@paranoid.eltex.spb.ru> In-Reply-To: <005601be08ab$99232640$0b00a8c0@poste13.strathom.com> from ""Fred LB" " Organization: "Klingon Imperial Intelligence Service" Subject: Re: Analyze the traffic through a firewall To: flb@strathom.com Cc: fwtk-users@tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, See perl syslog summary script from FAQ. "Fred LB" said : > I've been looking around for a tool that would help me to analyze the > traffic through my firewall, probably base on the logs FWTK produces. > Unfortunately, i couldn't find anything that might help ... > > If anyone heard about / wrote such a tool, i'd be glad to hear from him > > Thanks in advance, > > Fred LB - Sysadmin > Strathom Informatique > _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkGtiaH/mIJW9LeBAQG7bgP/SLpDZ492D2zFqIut8vjrP0B2xTckZ8HP yjoS3+8Z7Ez0oO7g9jMSxbE3Rup1wwGvil7AmTs3zDBl6OOVt0+TyUYg4R5bn8C+ 6xl7wbqSY0VA1NjjsNeumNEz4JWDUr/CkjBxlZfZgBNVE9g+46SOQLNKCMNye/4F NXaCqoOptlw= =plnT -----END PGP SIGNATURE----- From owner-fwtk-users Thu Nov 5 09:35:01 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA03123 for fwtk-users-outgoing; Thu, 5 Nov 1998 09:31:00 -0500 (EST) X-Authentication-Warning: spider.usrconsult.be: mail set sender to using -f Message-ID: <3641BB37.352@usrconsult.be> Date: Thu, 05 Nov 1998 15:50:31 +0100 From: Michel Bardiaux Organization: UsrConsult X-Mailer: Mozilla 3.0Gold (X11; I; IRIX 6.2 IP22) MIME-Version: 1.0 To: fwtk-users@ex.tis.com Subject: Re: RE Squid or Http-gw References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] robert@nda-eng.co.nz wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > I have been following this discussion with some interest, but am perplexed as to how much of an issue the following tag really is. > > > > As all this is doing is redirecting the internal protected users browser to an internal url which may or may not exist. > Assuming you are generally not concerned about where internal users travel and assuming you have sufficient levels of internal access security to all the places that internal users should not be going to, I can only assume this is relatively harmless. > > I assume that once the redirection occurs the browser will cease to communicate with the original site. Assuming all this (I know this is a lot of assumptions) The only way I can see the URL being a problem would be if the malicious site was running some sort of special server that would force the browser to secretly install some activeX, Java or some other hidden components which in turn would broadcast back to the server what the browser was viewing? > > Is this right or is this wrong, what have I missed? > > Cheers > > Robert J. The point is, *your* browser will attempt a connection to a non-HTTP port; in this example, 137 is reserved for "NETBIOS Name Service", part of the Windows networked file system - which some consider flaky and/or insecure. Whether the target host is internal, or an unprotected one somewhere on the 'net, everything will look like an attack coming from *you*. -- Michel Bardiaux UsrConsult S.P.R.L. Rue Margot, 37 B-1457 Nil St Vincent Tel : +32 10 65.44.15 Fax : +32 10 65.44.10 From owner-fwtk-users Thu Nov 5 10:24:50 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA03642 for fwtk-users-outgoing; Thu, 5 Nov 1998 10:18:10 -0500 (EST) Message-Id: <199811051512.KAA15045@pop02.globecomm.net> Date: Thu, 5 Nov 1998 10:10:36 -0500 x-mailer: Claris Emailer 2.0v3, January 22, 1998 From: Andrew Feigenson To: Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] subscribe From owner-fwtk-users Thu Nov 5 10:24:51 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA03623 for fwtk-users-outgoing; Thu, 5 Nov 1998 10:14:46 -0500 (EST) Message-Id: <199811051534.KAA04036@pop01.globecomm.net> Subject: IP filtering Date: Thu, 5 Nov 1998 10:33:03 -0500 x-mailer: Claris Emailer 2.0v3, January 22, 1998 From: Andrew Feigenson To: Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] There aren't any good examples in the ipfwadm man page so I was hoping someone on the list can help me out. I have several filters already set up (by someone that knew what they were doing) and I want to make some additions. for example, I've got this command in a startup script: ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 where x.x.x.x is the IP of the address I want others outside the firewall to see. This allows all people outside the firewall to see that address (more specifically, port 80) Fine, I understand that. However, what I want to do is limit the addresses able to get to that IP. When I put something like 129.21.221.* in place of 0.0.0.0/0 it doesn't do anything different and still lets in everyone. Suggestions? Thanks, A *-------------------------------------------------* Andrew P. Feigenson *-------------------------------------------------* From owner-fwtk-users Thu Nov 5 10:56:23 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA04146 for fwtk-users-outgoing; Thu, 5 Nov 1998 10:51:35 -0500 (EST) Message-Id: <199811051611.LAA00188@fw1.osis.gov> From: Joseph S D Yao Subject: Re: RE Squid or Http-gw To: robert@nda-eng.co.nz Date: Thu, 5 Nov 1998 11:12:00 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: from "robert@nda-eng.co.nz" at Nov 5, 98 03:19:31 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I have been following this discussion with some interest, but am perplexed as to how much of an issue the following tag really is. > > As all this is doing is redirecting the internal protected users browser to an internal url which may or may not exist. ... I believe that the original author stated that this would crash an MSW-NT system. Quite believable, but I haven't bothered to try it. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Thu Nov 5 10:58:21 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA04204 for fwtk-users-outgoing; Thu, 5 Nov 1998 10:55:19 -0500 (EST) Message-ID: <312154075E4AD211B6A30000F843CD62031047@exchange.pdv.de> From: "Dirk.Nerling" To: "Firewall Toolkit (M-list)" Subject: FWTK version 2 and smap directories ... Date: Thu, 5 Nov 1998 17:14:16 +0100 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, what are the xma???? files in the smap directorie ??? I ask so dumb because all seems to be working fine altough I have sometimes these xma* files. Bad files are directed to my bad directorie ... Anyone an idea? best regards Dirk -- Milky Way - Sol System - Earth - Europe - Germany - Thuringia - Erfurt http://wall.pdv.de/~nerle From owner-fwtk-users Thu Nov 5 11:28:15 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA04693 for fwtk-users-outgoing; Thu, 5 Nov 1998 11:23:19 -0500 (EST) Message-Id: <3641CF85.EF826985@newbridge.com> Date: Thu, 05 Nov 1998 11:17:11 -0500 From: David P Law Reply-To: davidl@newbridge.com Organization: Newbridge Networks Corporation X-Mailer: Mozilla 4.5 (Macintosh; U; PPC) X-Accept-Language: English, en, ja MIME-Version: 1.0 CC: fwtk-users@ex.tis.com Subject: Re: RE Squid or Http-gw References: <3641BB37.352@usrconsult.be> Content-Type: multipart/mixed; boundary="------------A0E54EC55692B1924C920A5F" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This is a multi-part message in MIME format. --------------A0E54EC55692B1924C920A5F Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Michel Bardiaux wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > robert@nda-eng.co.nz wrote: > > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > I have been following this discussion with some interest, but am perplexed as to how much of an issue the following tag really is. > > > > > > > > As all this is doing is redirecting the internal protected users browser to an internal url which may or may not exist. > > Assuming you are generally not concerned about where internal users travel and assuming you have sufficient levels of internal access security to all the places that internal users should not be going to, I can only assume this is relatively harmless. > > > > I assume that once the redirection occurs the browser will cease to communicate with the original site. Assuming all this (I know this is a lot of assumptions) The only way I can see the URL being a problem would be if the malicious site was running some sort of special server that would force the browser to secretly install some activeX, Java or some other hidden components which in turn would broadcast back to the server what the browser was viewing? > > > > Is this right or is this wrong, what have I missed? > > > > Cheers > > > > Robert J. > > The point is, *your* browser will attempt a connection to a non-HTTP > port; in this example, 137 is reserved for "NETBIOS Name Service", part > of the Windows networked file system - which some consider flaky and/or > insecure. Whether the target host is internal, or an unprotected one > somewhere on the 'net, everything will look like an attack coming from > *you*. > Basically, this example implements a standard NT OOB attack (service patch 3 for NT addresses this particular problem) but the point is, as Robert pointed out, that the attack "originates" from you..... --------------A0E54EC55692B1924C920A5F Content-Type: text/x-vcard; charset=us-ascii; name="davidl.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David P Law Content-Disposition: attachment; filename="davidl.vcf" begin:vcard adr;dom:;;;Kanata;ON;K2K 2E6; adr:;;;Kanata;ON;K2K 2E6; n:Law;David P tel;fax:+1 613 599-3696 tel;work:+1 613 591-3600 X6815 x-mozilla-html:FALSE org:Newbridge Networks Corporation; version:2.1 email;internet:davidl@newbridge.com x-mozilla-cpt:;3 fn:David P Law end:vcard --------------A0E54EC55692B1924C920A5F-- From owner-fwtk-users Thu Nov 5 11:41:44 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA05109 for fwtk-users-outgoing; Thu, 5 Nov 1998 11:41:06 -0500 (EST) Message-Id: <3.0.5.32.19981105085915.01190660@207.194.87.254> X-Sender: devin@207.194.87.254 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 05 Nov 1998 08:59:15 -0800 To: Andrew Feigenson , From: Devin Redlich Subject: Re: IP filtering In-Reply-To: <199811051534.KAA04036@pop01.globecomm.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] >for example, I've got this command in a startup script: > >ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 > >where x.x.x.x is the IP of the address I want others outside the firewall >to see. This allows all people outside the firewall to see that address >(more specifically, port 80) Fine, I understand that. However, what I >want to do is limit the addresses able to get to that IP. When I put >something like 129.21.221.* in place of 0.0.0.0/0 it doesn't do anything >different and still lets in everyone. I suspect you left a number of other ipfwadm commands out of your post that are also in your startup script. If not, I wouldn't really consider what you have to be a firewall. Anyway, ipfwadm -F -a m -b -P tcp -S 129.21.221.0/24 1024:65535 -D x.x.x.x/32 80 ipfwadm -F -a d -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 will forward and masquarade any traffic with source 129.21.221.* destined for x.x.x.x port 80, and deny traffic not from 129.21.221.* from being forwarded to x.x.x.x port 80. Hope that's what you were looking for. I also don't know why you've got the -b in there. You might want to take it out. __ Devin Redlich devin@pctc.com From owner-fwtk-users Thu Nov 5 11:59:23 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA05377 for fwtk-users-outgoing; Thu, 5 Nov 1998 11:57:49 -0500 (EST) Message-Id: <199811051715.MAA04291@fw1.osis.gov> From: Joseph S D Yao Subject: Re: IP filtering To: andrewf@technologist.com (Andrew Feigenson) Date: Thu, 5 Nov 1998 12:15:29 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: <199811051534.KAA04036@pop01.globecomm.net> from "Andrew Feigenson" at Nov 5, 98 10:33:03 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > something like 129.21.221.* in place of 0.0.0.0/0 it doesn't do anything > different and still lets in everyone. I haven't looked at ipfwadm yet, but ISTM that you should replace something like "0.0.0.0/0" with something like "129.21.221.0/24". Make sense? OK, now I've looked at it. [That was remarkably easy. I recommend it.] It looks like the above is OK, and that either or both of 129.21.221.0:225.225.225.0 or 129.21.221.0/225.225.225.0 is or are allowed. The documentation for the file says to use the former; the documentation for the command line says to use the latter. I would read the source. No, I'm not going to do it for you; must leave SOMETHING to make it worth your while, eh? Or just go with my original suggestion. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Thu Nov 5 11:59:24 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA05382 for fwtk-users-outgoing; Thu, 5 Nov 1998 11:57:54 -0500 (EST) Message-Id: <199811051717.MAA04412@fw1.osis.gov> From: Joseph S D Yao Subject: Re: your mail To: andrewf@technologist.com (Andrew Feigenson) Date: Thu, 5 Nov 1998 12:17:42 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: <199811051512.KAA15045@pop02.globecomm.net> from "Andrew Feigenson" at Nov 5, 98 10:10:36 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > subscribe > Y'know, if you unsubscribe by following the above header, you might have guessed how to subscribe. Hint: one NEVER, EVER, EVER subscribes or unsubscribes to a mailing list by sending an e-mail to the posting address, guaranteeing that ALL of the readers of the list will see it and get frustrated because they can't do a single thing about it. Joe From owner-fwtk-users Thu Nov 5 12:43:45 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA06163 for fwtk-users-outgoing; Thu, 5 Nov 1998 12:42:51 -0500 (EST) Message-ID: <3641E859.C8B844DE@insync.net> Date: Thu, 05 Nov 1998 18:03:05 +0000 From: Miles Lott X-Mailer: Mozilla 4.5 [en] (X11; U; Linux 2.1.126 i586) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Feigenson CC: fwtk-users@ex.tis.com Subject: Re: IP filtering References: <199811051534.KAA04036@pop01.globecomm.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] The rule you listed is a masquerading rule. This one should be modified to limt only those you wish to masqerade for. For a more complete script, try mine at http://houtex.dyn.ml.org/pub/rc.fw.txt or http://www.insync.net/~milos/pub/rc.fw/txt Andrew Feigenson wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > There aren't any good examples in the ipfwadm man page so I was hoping > someone on the list can help me out. > > I have several filters already set up (by someone that knew what they > were doing) and I want to make some additions. > > for example, I've got this command in a startup script: > > ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 > > where x.x.x.x is the IP of the address I want others outside the firewall > to see. This allows all people outside the firewall to see that address > (more specifically, port 80) Fine, I understand that. However, what I > want to do is limit the addresses able to get to that IP. When I put > something like 129.21.221.* in place of 0.0.0.0/0 it doesn't do anything > different and still lets in everyone. > > Suggestions? Thanks, > A > > *-------------------------------------------------* > Andrew P. Feigenson > *-------------------------------------------------* From owner-fwtk-users Thu Nov 5 13:09:42 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA06807 for fwtk-users-outgoing; Thu, 5 Nov 1998 13:07:50 -0500 (EST) Date: Thu, 5 Nov 1998 13:21:49 -0500 (EST) From: David B Swann To: fwtk-users@ex.tis.com Subject: Transparency with FreeBSD Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I'm having problems getting transparency for FreeBSD working. I downloaded the IP Filter program to get the ip_nat.h header file, but have had to modify the hnam.c file to get it to compile. Although I finally got it to compile, the proxies are not working. Has anyone gotten transparency to work for FreeBSD? I downloaded FWTK 2.1 and the transparency patch recently, but they don't appear to work together straight from the source. I have IP Filter 3.2.9 as well. Did anyone else modify hnam.c and get it working? If so, can you send a copy of your hnam.c? Also, I have several Linux and one FreeBSD box in my lab. Are one of these platforms BETTER supported for the FWTK? Thanks. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- From owner-fwtk-users Thu Nov 5 14:17:52 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA10081 for fwtk-users-outgoing; Thu, 5 Nov 1998 14:15:31 -0500 (EST) Message-Id: <199811051933.OAA13129@fw1.osis.gov> From: Joseph S D Yao Subject: Re: IP filtering To: andrewf@technologist.com (Andrew Feigenson) Date: Thu, 5 Nov 1998 14:34:25 -0500 (EST) Cc: devin@pctc.com, mpc@star.sr.bham.ac.uk, fwtk-users@tis.com In-Reply-To: <199811051727.MAA00525@pop01.globecomm.net> from "Andrew Feigenson" at Nov 5, 98 12:25:29 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > Let me first say thank you for your very speed response. (and sorry > about that subscribe mail sent to the list) > > On 11/5/98 11:59 AM, Devin Redlich was rumored to have said: > > >I suspect you left a number of other ipfwadm commands out of your post that > >are also in your startup script. If not, I wouldn't really consider what > >you have to be a firewall. Anyway, > > Heh, give me some credit. :> > > >ipfwadm -F -a m -b -P tcp -S 129.21.221.0/24 1024:65535 -D x.x.x.x/32 80 > >ipfwadm -F -a d -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 > > > >will forward and masquarade any traffic with source 129.21.221.* destined > >for x.x.x.x port 80, and deny traffic not from 129.21.221.* from being > >forwarded to x.x.x.x port 80. Hope that's what you were looking for. > > Cool, the .0 thing makes sense. Only I'm curious why it's necessary to > use two commands to accomplish this. If the former is only allowing > 129.21.221.0/24 why is it necessary to explicitly block all other IPs in > the latter? Plus, won't the latter just override the former? > > >I also don't know why you've got the -b in there. You might want to take > >it out. > > That's the way it was set up. I'm not sure. Anyone know why it would be > in there? > > Thanks, > A The "-b" makes access bidirectional. The "-a" appends rules to a chain of rules. So, first it will check whether the 129.21.221.0 rule matches. If not, it will go to the next rule - which above blocks it. If you didn't have this kind of a rule - and it seems that you didn't - the default rule applies. Which was the problem you had been seeing. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Thu Nov 5 17:22:04 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA19827 for fwtk-users-outgoing; Thu, 5 Nov 1998 17:17:33 -0500 (EST) Message-Id: <3.0.5.32.19981105173637.00846890@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 05 Nov 1998 17:36:37 -0500 To: David B Swann From: Rick Murphy Subject: Re: Transparency with FreeBSD Cc: fwtk-users@ex.tis.com In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 01:21 PM 11/5/98 -0500, David B Swann wrote: >Has anyone gotten transparency to work for FreeBSD? The person who wrote the transparency hacks reads fwtk-users - if it was something simple I'd expect him to answer. I've never tested the patches so can't say if they work or not - given the lack of other response it would seem that not many others have been successful. (This *IS* an attempt to produce some help :-) >Also, I have several Linux and one FreeBSD box in my lab. Are one of >these platforms BETTER supported for the FWTK? Not really. Linux is harder to get working because of the wide variations of what gets included and what doesn't; otherwise, it's pretty much a wash. (At least for the basic toolkit itself.) -Rick From owner-fwtk-users Thu Nov 5 17:30:08 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA20590 for fwtk-users-outgoing; Thu, 5 Nov 1998 17:29:16 -0500 (EST) Message-Id: <3.0.5.32.19981105174356.0083d6e0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 05 Nov 1998 17:43:56 -0500 To: "Dirk.Nerling" From: Rick Murphy Subject: Re: FWTK version 2 and smap directories ... Cc: "Firewall Toolkit (M-list)" In-Reply-To: <312154075E4AD211B6A30000F843CD62031047@exchange.pdv.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 05:14 PM 11/5/98 +0100, Dirk.Nerling wrote: >what are the xma???? files in the smap directorie ??? I ask so dumb >because all >seems to be working fine altough I have sometimes these xma* files. Bad >files are >directed to my bad directorie ... Anyone an idea? Hmm. "xma*" files shouldn't be sticking around unless something unusual is happening. When a mail message arrives, it's written to a temporary xmaNNNNNN file. When the message is ready to be delivered, smap renames it to "smaNNNNNN" to let smapd process it. Most exit paths through smap will delete the dummy files; a core dumping smap won't remove them, for example. If you are running FWTK 2.1 and they're sticking around, you need to investigate why. If you're running something older, upgrading to current software may fix it. Is anyone else seeing dangling xma files? -Rick From owner-fwtk-users Fri Nov 6 02:20:08 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA21341 for fwtk-users-outgoing; Fri, 6 Nov 1998 02:16:50 -0500 (EST) X-Authentication-Warning: i5-09.iem.rwth-aachen.de: obrecht owned process doing -bs Date: Fri, 6 Nov 1998 08:36:26 +0100 (CET) From: Rolf Obrecht To: Rick Murphy cc: "Dirk.Nerling" , "Firewall Toolkit (M-list)" Subject: Re: FWTK version 2 and smap directories ... In-Reply-To: <3.0.5.32.19981105174356.0083d6e0@fw.itm-inst.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Thu, 5 Nov 1998, Rick Murphy wrote: > Is anyone else seeing dangling xma files? Yes, me, under V2.0. Yours Rolf Rolf Obrecht RWTH Aachen Tel. +49 241 807646 Institut fuer Elektrische Maschinen Fax +49 241 8888270 Schinkelstrasse 4, D-52056 Aachen "Ceterum censeo Redmondem esse delendam." From owner-fwtk-users Fri Nov 6 04:59:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id EAA24813 for fwtk-users-outgoing; Fri, 6 Nov 1998 04:56:34 -0500 (EST) Message-ID: <501937796866D211B5E00080C86AFA4F01228E@cel-ex1.compedge.co.nz> From: Aaron Knauf To: "'fwtk-users@tis.com'" Subject: RE: Transparency with FreeBSD Date: Fri, 6 Nov 1998 23:15:16 +1300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > -----Original Message----- > From: Rick Murphy [mailto:rmurphy@itm-inst.com] > Sent: Friday, 6 November 1998 11:37 > To: David B Swann > Cc: fwtk-users@ex.tis.com > Subject: Re: Transparency with FreeBSD > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > At 01:21 PM 11/5/98 -0500, David B Swann wrote: > >Has anyone gotten transparency to work for FreeBSD? > The person who wrote the transparency hacks reads fwtk-users - if it > was something simple I'd expect him to answer. I've never tested the > patches so can't say if they work or not - given the lack of other > response it would seem that not many others have been successful. > (This *IS* an attempt to produce some help :-) I haven't experimented much with transparency, but I had the plug-gw working transparently in less than 30 minutes (including kernel compilation) on linux 2.0.35 on my one and only foray into this area. Does that sound easy enough? > >Also, I have several Linux and one FreeBSD box in my lab. Are one of > >these platforms BETTER supported for the FWTK? > Not really. Linux is harder to get working because of the > wide variations The firewall-howto for linux gives excellent instructions on getting fwtk working with linux. From owner-fwtk-users Fri Nov 6 05:05:56 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id FAA24954 for fwtk-users-outgoing; Fri, 6 Nov 1998 05:05:33 -0500 (EST) Message-ID: <501937796866D211B5E00080C86AFA4F01228F@cel-ex1.compedge.co.nz> From: Aaron Knauf To: "'fwtk-users@tis.com'" Subject: RE: TIS and YEAR 2000 ?? Date: Fri, 6 Nov 1998 23:25:04 +1300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Is unix/ linux/ bsd Y2k ok ? > YES...untill 2036 -- At which point (40 years from now), anyone left running 32 bit systems will be considered a very, very sad individual. > > > > > Hello, > > > > My question is very simple. Is FWTK Year 2000 compilant ??? > > > > Thanks in advance... > > > > > > Roman Petry > > From owner-fwtk-users Fri Nov 6 06:34:03 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA25846 for fwtk-users-outgoing; Fri, 6 Nov 1998 06:30:11 -0500 (EST) Message-ID: <312154075E4AD211B6A30000F843CD6203105E@exchange.pdv.de> From: "Dirk.Nerling" To: "Firewall Toolkit (M-list)" Subject: Re: FWTK version 2 and smap directories ... Date: Fri, 6 Nov 1998 12:49:34 +0100 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, after go suggested something seems to go wrong with me xma..... files I tested it. All mails sended by blat (a WIN NT command mail tool) will not be deleted. Could anyone confirm my result and does someone has a solution? best regards Dirk -- Milky Way - Sol System - Earth - Europe - Germany - Thuringia - Erfurt http://wall.pdv.de/~nerle From owner-fwtk-users Fri Nov 6 07:00:05 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA26117 for fwtk-users-outgoing; Fri, 6 Nov 1998 06:59:44 -0500 (EST) From: ark@eltex.ru Date: Fri, 6 Nov 1998 15:23:55 +0300 Message-Id: <199811061223.PAA17999@paranoid.eltex.spb.ru> In-Reply-To: <3.0.5.32.19981105173637.00846890@fw.itm-inst.com> from "Rick Murphy " Organization: "Klingon Imperial Intelligence Service" Subject: Re: Transparency with FreeBSD To: rmurphy@itm-inst.com Cc: swann@nosc.mil, fwtk-users@ex.tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Patches _do_ work. I even wrote my own proxy that uses the same technique for transparency (pop3-gw, i could not avoid transparency or hard-plugging to make APOP work). Maybe the original poster forgot to recompile and install the kernel with IPFilter support ;)? Rick Murphy said : > >Has anyone gotten transparency to work for FreeBSD? > The person who wrote the transparency hacks reads fwtk-users - if it > was something simple I'd expect him to answer. I've never tested the > patches so can't say if they work or not - given the lack of other > response it would seem that not many others have been successful. > (This *IS* an attempt to produce some help :-) _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkLqWqH/mIJW9LeBAQGXOQQAlvYUY0qowV+idbDINWSraInlk8g9GKbV V4PGSBgHlsi/d5tebDfOTqBOyw6FQ8NQXDvROIK9VxYwpIOp6Mj6dB5ryUFFdD3K cuF6tlShrRgqZG17odwQ9x+L5V8W92J955dgA4KWDQDh9FKNWaidzIQjFoQAKj8F 3DIvMxYHT44= =EFc8 -----END PGP SIGNATURE----- From owner-fwtk-users Fri Nov 6 07:11:14 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id HAA26247 for fwtk-users-outgoing; Fri, 6 Nov 1998 07:10:34 -0500 (EST) Date: Fri, 6 Nov 1998 04:28:29 -0800 (PST) From: inTEXT Communications To: Aaron Knauf cc: "'fwtk-users@tis.com'" Subject: RE: TIS and YEAR 2000 ?? In-Reply-To: <501937796866D211B5E00080C86AFA4F01228F@cel-ex1.compedge.co.nz > Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Sorry..But I have to laugh along with you guys once in a while ;-\ Isn't UNIX a wonderful thing ;-) On Fri, 6 Nov 1998, Aaron Knauf wrote: > Date: Fri, 6 Nov 1998 23:25:04 +1300 > From: Aaron Knauf > To: "'fwtk-users@tis.com'" > Subject: RE: TIS and YEAR 2000 ?? > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > > > > > > [To be removed from this list send the message "unsubscribe > > fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Is unix/ linux/ bsd Y2k ok ? > > YES...untill 2036 > > -- At which point (40 years from now), anyone left running 32 bit > systems will be considered a very, very sad individual. > > > > > > > > > Hello, > > > > > > My question is very simple. Is FWTK Year 2000 compilant ??? > > > > > > Thanks in advance... > > > > > > > > > Roman Petry > > > > ********************************************** inTEXT Communications Vancouver BC Canada Corporate Intranet & Internet Security System Administration - FireWall Systems Linux Bsd FreeBSD Programming Perl / c / c++ www.intextonline.com | glenn@intextonline.com From owner-fwtk-users Fri Nov 6 08:40:56 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA27319 for fwtk-users-outgoing; Fri, 6 Nov 1998 08:37:31 -0500 (EST) From: arc@twinds.com Message-Id: <199811061356.IAA22750@fh106.infi.net> To: "'fwtk-users@tis.com'" , Aaron Knauf Date: Fri, 6 Nov 1998 09:59:06 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: TIS and YEAR 2000 ?? In-reply-to: <501937796866D211B5E00080C86AFA4F01228F@cel-ex1.compedge.co.nz> X-mailer: Pegasus Mail for Win32 (v3.01b) Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > > Is unix/ linux/ bsd Y2k ok ? > > YES...untill 2036 > > -- At which point (40 years from now), anyone left running 32 bit > systems will be considered a very, very sad individual. > You know, that is the same thing my Grandpa said about the the year 2000 when he was programming mainframes in cobol 40 years ago. Cheers: -arc Arley Carter arc@twinds.com Tradewinds Technologies, Inc. www.twinds.com Network Engineering & Security Winston-Salem, NC USA From owner-fwtk-users Fri Nov 6 09:40:36 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA28059 for fwtk-users-outgoing; Fri, 6 Nov 1998 09:36:43 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: Rick Murphy cc: "Firewall Toolkit (M-list)" Message-ID: <852566B4.004FB498.00@ttcmta1-7.ttc.com> Date: Fri, 6 Nov 1998 09:55:16 -0500 Subject: Re: FWTK version 2 and smap directories ... Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > If you are running FWTK 2.1 and they're sticking around, you need > to investigate why. If you're running something older, upgrading to > current software may fix it. > > Is anyone else seeing dangling xma files? Yes, I get them too... running FWTK 2.1 on Solaris 2.5.1 (w/ Joe's anti-spam patch)... Usually, I get about 10 different xma* from the same host containing the same message. I haven't had time to track down the problem yet, but for some reason it seems like the cause is a timeout in the mail connection that smap doesn't recover from. The files contain the same information, but are different sizes due to the server not completing the download at different places in the mail. The xma* files are never from an internal host, so maybe it is broken mailer programs on the Internet causing the problem. Rick, if I get a chance (and can reproduce), I'll give you more info. --Keith -youngk@ttc.com From owner-fwtk-users Fri Nov 6 10:18:11 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA28680 for fwtk-users-outgoing; Fri, 6 Nov 1998 10:16:32 -0500 (EST) Date: Fri, 6 Nov 1998 10:16:32 -0500 (EST) From: owner-fwtk-users@ex.tis.com Message-Id: <199811061516.KAA28680@portal.ex.tis.com> (V2.1) id xma000022; Thu, 5 Nov 98 21:13:42 -0600 Message-ID: <005001be0933$75439ce0$29a2eecf@stcostaras.chaven.com> From: "Stephen Costaras" To: "Dirk.Nerling" , "Rick Murphy" Cc: "Firewall Toolkit (M-list)" Subject: Re: FWTK version 2 and smap directories ... Date: Thu, 5 Nov 1998 21:13:41 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@portal.ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Thought I'd chip in. I'm running v2.1 on a Solaris 2.6 machine here and am seeing the xma* files stick around as well. Have not really been able to trace it down yet. At first I thought it was a memory (ie swap et al problem). But I show that I have around 60mb free swap left on that machine that I'm not touching. The box it's on is fairly generic with no real modifications except basic security model turned on for audit logging purposes. Steve -----Original Message----- From: Rick Murphy To: Dirk.Nerling Cc: Firewall Toolkit (M-list) Date: Thursday, November 05, 1998 6:30 PM Subject: Re: FWTK version 2 and smap directories ... >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >At 05:14 PM 11/5/98 +0100, Dirk.Nerling wrote: >>what are the xma???? files in the smap directorie ??? I ask so dumb >>because all >>seems to be working fine altough I have sometimes these xma* files. Bad >>files are >>directed to my bad directorie ... Anyone an idea? > >Hmm. "xma*" files shouldn't be sticking around unless something >unusual is happening. When a mail message arrives, it's written to >a temporary xmaNNNNNN file. When the message is ready to be delivered, >smap renames it to "smaNNNNNN" to let smapd process it. Most exit >paths through smap will delete the dummy files; a core dumping smap >won't remove them, for example. > >If you are running FWTK 2.1 and they're sticking around, you need >to investigate why. If you're running something older, upgrading to >current software may fix it. > >Is anyone else seeing dangling xma files? > -Rick > > From owner-fwtk-users Fri Nov 6 10:33:11 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA29120 for fwtk-users-outgoing; Fri, 6 Nov 1998 10:29:31 -0500 (EST) Date: 6 Nov 1998 08:58:10 +0100 Message-ID: <19981106075810.17265.qmail@brandenburg-gmbh.de> From: Dirk Alboth To: andrewf@technologist.com CC: fwtk-users@ex.tis.com In-reply-to: <199811051534.KAA04036@pop01.globecomm.net> (message from Andrew Feigenson on Thu, 5 Nov 1998 10:33:03 -0500) Subject: Re: IP filtering Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > for example, I've got this command in a startup script: > > ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 > > where x.x.x.x is the IP of the address I want others outside the > firewall to see. This allows all people outside the firewall to see > that address (more specifically, port 80) Fine, I understand that. > However, what I want to do is limit the addresses able to get to > that IP. When I put something like 129.21.221.* in place of > 0.0.0.0/0 it doesn't do anything different and still lets in > everyone. Try to do 129.21.221.0/24 instead. If there isn't any really important reason, I wouldn't masquerade connections from the outside, just forward. Unless you log masquerading activity you would not be able to tell what the originating host of a connection is. Every http connection will be logged as to originate from your firewall. So you would have to cross-check with your masquerade logs, which isn't that nice. Dirk From owner-fwtk-users Fri Nov 6 10:44:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA29451 for fwtk-users-outgoing; Fri, 6 Nov 1998 10:42:33 -0500 (EST) Message-ID: <59706945956AD2119562006094B9C0020953@bach.jda.cl> From: Gonzalo Diethelm To: "'fwtk-users@tis.com'" Subject: Id in subject field? Date: Fri, 6 Nov 1998 13:05:25 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, It would be very nice if all of the messages coming from this mailing list had some kind of identification on the Subject field. That way, it would be easy to filter the list's messages to a separate folder. Something like: Subject: [FWTK] How do I block yoyodyne? Who should be contacted for this? Thanks, Gonzalo Diethelm From owner-fwtk-users Fri Nov 6 10:46:53 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA29502 for fwtk-users-outgoing; Fri, 6 Nov 1998 10:45:32 -0500 (EST) Date: Fri, 6 Nov 1998 09:01:33 -0700 (MST) From: "Joshua T. McKee" X-Sender: jtmckee@diablo To: fwtk-users@tis.com Subject: Telnet Problem Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I'm attempting to setup FWTK to do telnet proxying. I'm having difficulty when I attempt to login to the system acting as the proxy. my "netacl" has the following entry: netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/sbin/in.telnetd When I type "open localhost", netacl runs the in.telnetd daemon and I am asked to logon. After typing in a (valid) username, the system disconnects. Any ideas? Josh From owner-fwtk-users Fri Nov 6 10:59:45 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA29699 for fwtk-users-outgoing; Fri, 6 Nov 1998 10:56:43 -0500 (EST) Message-Id: <199811061616.LAA01015@pop02.globecomm.net> Subject: Re: IP filtering Date: Fri, 6 Nov 1998 11:14:59 -0500 x-mailer: Claris Emailer 2.0v3, January 22, 1998 From: Andrew Feigenson To: "Dirk Alboth" cc: Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Is forwarding just as secure as masquerading? I ask because I have to assume it was set up this way for a reason. I am interested in getting more detailed logs on the server side but I can't have it be at the expense of security. If so, how would the statement below be modified to forward? Thanks, A On 11/6/98 2:58 AM, Dirk Alboth was rumored to have said: >> for example, I've got this command in a startup script: >> >> ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 >> >> where x.x.x.x is the IP of the address I want others outside the >> firewall to see. This allows all people outside the firewall to see >> that address (more specifically, port 80) Fine, I understand that. >> However, what I want to do is limit the addresses able to get to >> that IP. When I put something like 129.21.221.* in place of >> 0.0.0.0/0 it doesn't do anything different and still lets in >> everyone. > >Try to do 129.21.221.0/24 instead. > >If there isn't any really important reason, I wouldn't masquerade >connections from the outside, just forward. Unless you log >masquerading activity you would not be able to tell what the >originating host of a connection is. Every http connection will be >logged as to originate from your firewall. So you would have to >cross-check with your masquerade logs, which isn't that nice. > >Dirk *-------------------------------------------------* Andrew P. Feigenson *-------------------------------------------------* From owner-fwtk-users Fri Nov 6 11:10:05 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA29922 for fwtk-users-outgoing; Fri, 6 Nov 1998 11:08:43 -0500 (EST) From: Louis Twomey Message-Id: <199811061630.QAA12865@mail.kerna.ie> X-Authentication-Warning: mail.kerna.ie: localhost [127.0.0.1] didn't use HELO protocol To: rmurphy@itm-inst.com cc: fwtk-users@ex.tis.com Subject: Re: FWTK version 2 and smap directories ... In-reply-to: Your message of "Fri, 06 Nov 98 09:55:16 EST." <852566B4.004FB498.00@ttcmta1-7.ttc.com> Date: Fri, 06 Nov 98 16:30:28 +0000 X-Mts: smtp Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, > Is anyone else seeing dangling xma files? Yes, I get them on a Digital Unix 4.0a box running FWTK 2.1. Mails coming from remote servers and from local mail clients often end up "dangling". The messages do actually get delivered (so presumably the files are copied to sma files), but the xma files stay put. Regards, Louis Twomey, Kerna Communications Ltd. From owner-fwtk-users Fri Nov 6 11:11:57 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA29973 for fwtk-users-outgoing; Fri, 6 Nov 1998 11:10:36 -0500 (EST) Message-ID: <3643242A.F656CE41@noho.co.uk> Date: Fri, 06 Nov 1998 16:30:34 +0000 From: Richard Ayres Organization: NoHo Digital X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: fwtk-users@tis.com Subject: Re: TIS and YEAR 2000 ?? References: <501937796866D211B5E00080C86AFA4F01228F@cel-ex1.compedge.co.nz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Aaron Knauf wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > > > > [To be removed from this list send the message "unsubscribe > > fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Is unix/ linux/ bsd Y2k ok ? > > YES...untill 2036 > > -- At which point (40 years from now), anyone left running 32 bit > systems will be considered a very, very sad individual. > Like cash machines, central heating systems, future webtop refrigerators, palmtop computers?, routers and/or anything the future may bring us. Don't knock the stupidity of some people, it can be quite stunning. Rich. -- FORTH TYNE WEST OR NORTHWEST 4 OR 5, OCCASIONALLY 6 AT FIRST. SHOWERS. GOOD From owner-fwtk-users Fri Nov 6 17:26:25 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00649 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:18:47 -0500 (EST) Message-ID: <36434749.167E@beaver.golden.csc.com> Date: Fri, 06 Nov 1998 12:00:25 -0700 From: Ian Duplisse Organization: Computer Sciences Corporation X-Mailer: Mozilla 3.01 (X11; I; AIX 2) MIME-Version: 1.0 To: fwtk-users@tis.com Subject: Re: Id in subject field? References: <59706945956AD2119562006094B9C0020953@bach.jda.cl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] If you can have the ability to filter on the To: header, you can base your rule on fwtk-users@tis.com or some subset of that. elm filters can definitely do this, with a rule such as if (to "fwtk-users") ? save "fwtk-users" Ian Duplisse Gonzalo Diethelm wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hello, > > It would be very nice if all of the messages coming > from this mailing list had some kind of identification > on the Subject field. That way, it would be easy to filter > the list's messages to a separate folder. Something like: > > Subject: [FWTK] How do I block yoyodyne? > > Who should be contacted for this? > > Thanks, > > Gonzalo Diethelm From owner-fwtk-users Fri Nov 6 17:26:27 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00515 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:11:24 -0500 (EST) Date: Fri, 6 Nov 1998 10:33:14 -0800 From: Mike Batchelor Subject: Re: Id in subject field? To: "'fwtk-users@tis.com'" , Gonzalo Diethelm X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <59706945956AD2119562006094B9C0020953@bach.jda.cl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Probably the best person to contact is the vendor of your mail client. Ask for a more capable filtering mechanism, or switch to a client that has better filters. I have no trouble filtering mail either To: fwtk-users, Cc: fwtk-users, or Sender: owner-fwtk-users. Works for everything sent from the list. Perhaps a more recent version of Outlook is in your future... :) ------------------------ From: Gonzalo Diethelm Subject: Id in subject field? Date: Fri, 6 Nov 1998 13:05:25 -0400 To: "'fwtk-users@tis.com'" > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hello, > > It would be very nice if all of the messages coming > from this mailing list had some kind of identification > on the Subject field. That way, it would be easy to filter > the list's messages to a separate folder. Something like: > > Subject: [FWTK] How do I block yoyodyne? > > Who should be contacted for this? > > Thanks, > > Gonzalo Diethelm ---------------End of Original Message----------------- _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/06/98 10:33:14 From owner-fwtk-users Fri Nov 6 17:26:27 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00617 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:14:48 -0500 (EST) Message-ID: <36432ACA.41C6@beaver.golden.csc.com> Date: Fri, 06 Nov 1998 09:58:50 -0700 From: Ian Duplisse Organization: Computer Sciences Corporation X-Mailer: Mozilla 3.01 (X11; I; AIX 2) MIME-Version: 1.0 To: fwtk-users@ex.tis.com Subject: Re: FWTK version 2 and smap directories ... References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] My smap directory is clean, but my mqueue directory has an ever growing list of xf* files with the message: 554 savemail: cannot save rejected email anywhere: No such file or directory They appear to be bounces to sender addresses that are themselves invalid. How do I prevent these from accumulating (rather than have a cron job just blast 'em)? TIA, Ian Duplisse Rolf Obrecht wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > On Thu, 5 Nov 1998, Rick Murphy wrote: > > > Is anyone else seeing dangling xma files? > > Yes, me, under V2.0. > Yours Rolf > > Rolf Obrecht RWTH Aachen > Tel. +49 241 807646 Institut fuer Elektrische Maschinen > Fax +49 241 8888270 Schinkelstrasse 4, D-52056 Aachen > > "Ceterum censeo Redmondem esse delendam." From owner-fwtk-users Fri Nov 6 17:26:26 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00342 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:10:33 -0500 (EST) Date: Fri, 6 Nov 1998 12:22:36 -0500 (EST) From: Ted Keller To: Rolf Obrecht cc: Rick Murphy , "Dirk.Nerling" , "Firewall Toolkit (M-list)" Subject: Re: FWTK version 2 and smap directories ... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] There are a lot of places which v2.0 leaves dangling xma files. I've cleaned them up a lot on my system (and my patches are getting big). I still have a few left which I can't explain. It appears that the connection goes away in the cruchdata routine - and somehow, smap exits without cleaning up. Probably still a bug I haven't traced down.... One of the key areas I discovered were the RSET functions and the timeout functions. In certain circumstances, the RSET will recreate a xma file with a smaopen, later, if the code sees another DATA command, it creates a second xma file. There are several examples of this throughout the smap process. I haven't looked at the 2.1 version yet to see if these problems have been cleaned up. Ted Keller - bfg.com On Fri, 6 Nov 1998, Rolf Obrecht wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > On Thu, 5 Nov 1998, Rick Murphy wrote: > > > Is anyone else seeing dangling xma files? > > Yes, me, under V2.0. > Yours Rolf > > Rolf Obrecht RWTH Aachen > Tel. +49 241 807646 Institut fuer Elektrische Maschinen > Fax +49 241 8888270 Schinkelstrasse 4, D-52056 Aachen > > "Ceterum censeo Redmondem esse delendam." > From owner-fwtk-users Fri Nov 6 17:26:27 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00593 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:13:48 -0500 (EST) Message-Id: <3.0.5.32.19981106104902.00ab2df0@guardian.hartwellcorp.com> X-Sender: rowl@guardian.hartwellcorp.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 06 Nov 1998 10:49:02 -0800 To: fwtk-users@ex.tis.com From: "Michael St. Laurent" Subject: Could someone please explain this? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] The documentation for smapd says at the end of the third paragraph of the man page that "It then calls the configured message transfer agent (usually sendmail in delivery mode) for final delivery." If this is correct then why do we need the mqueue script? Obviously there is a good reason for it or it wouldn't be there. Would someone be kind enough to clear this up? -------------------- Michael St. Laurent Hartwell Corporation "The software said to use with Windows95 or better, so I installed Linux." From owner-fwtk-users Fri Nov 6 17:26:28 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00512 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:11:22 -0500 (EST) From: ark@eltex.ru Date: Fri, 6 Nov 1998 22:09:46 +0300 Message-Id: <199811061909.WAA19391@paranoid.eltex.spb.ru> In-Reply-To: <59706945956AD2119562006094B9C0020953@bach.jda.cl> from "Gonzalo Diethelm " Organization: "Klingon Imperial Intelligence Service" Subject: Re: Id in subject field? To: Gonzalo.Diethelm@jda.cl Cc: fwtk-users@tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, procmail handles them perfectly as is.. Gonzalo Diethelm said : > It would be very nice if all of the messages coming > from this mailing list had some kind of identification > on the Subject field. That way, it would be easy to filter > the list's messages to a separate folder. Something like: > > Subject: [FWTK] How do I block yoyodyne? > > Who should be contacted for this? _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkNJeKH/mIJW9LeBAQFNFQP8DQvMWk8d5RbYo+3pkh/hh4nopQ6RwJvv zzTJXgB1NeCVTJSbPhCvSGLen04CF5OW3NMu+Gr8i66MIoXwmGJgKYZGmUyRTE5R /pnft/Y5SzGx8QGGG+PWe84Nxu1FmGqS1smF0c5+iZqox7IvUOJ8qSoQlsB47qgT m+3Ces0eVTs= =apev -----END PGP SIGNATURE----- From owner-fwtk-users Fri Nov 6 17:26:30 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00569 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:11:40 -0500 (EST) Message-Id: <199811061706.MAA29796@fw1.osis.gov> From: Joseph S D Yao Subject: Re: TIS and YEAR 2000 ?? To: Aaron@compedge.co.nz (Aaron Knauf) Date: Fri, 6 Nov 1998 12:06:43 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <501937796866D211B5E00080C86AFA4F01228F@cel-ex1.compedge.co.nz> from "Aaron Knauf" at Nov 6, 98 11:25:04 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > -- At which point (40 years from now), anyone left running 32 bit > systems will be considered a very, very sad individual. Ah, but what about EMBEDDED *X SYSTEMS? -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 6 17:26:29 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00472 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:11:12 -0500 (EST) Date: Fri, 6 Nov 1998 15:06:06 -0500 (EST) From: David B Swann To: arc@twinds.com cc: "'fwtk-users@tis.com'" , Aaron Knauf Subject: RE: TIS and YEAR 2000 ?? In-Reply-To: <199811061356.IAA22750@fh106.infi.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Lots of UNIX users are laughing at PCs and their Y2K problems. Although the UNIX kernel IS Y2K compliant, the utilities written for the system may not be. Just look at all the patches for HP, SUN, and other commercial versions of UNIX. I've tried to get info about Linux and Y2K. There is almost no data available. Everyone is saving the same thing...the kernel is Y2K compliant. I configured a few system to year 2000 in a lab and letting them run, just in case. I know that BSDi has at least one patch to make the system Y2K compliant. Since it shares lots of code with other BSD OSs, I wonder if they share the same problem. Since the FWTK doesn't seem to rely on the date for critical functions, I would guess that it is OK, as long as the OS it depends doesn't smoke. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Fri, 6 Nov 1998 arc@twinds.com wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > > > > Is unix/ linux/ bsd Y2k ok ? > > > YES...untill 2036 > > > > -- At which point (40 years from now), anyone left running 32 bit > > systems will be considered a very, very sad individual. > > > You know, that is the same thing my Grandpa said about the the > year 2000 when he was programming mainframes in cobol 40 > years ago. > > Cheers: > -arc > > > Arley Carter arc@twinds.com > Tradewinds Technologies, Inc. www.twinds.com > Network Engineering & Security > Winston-Salem, NC USA > From owner-fwtk-users Fri Nov 6 17:26:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00531 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:11:26 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: "Joshua T. McKee" cc: fwtk-users@tis.com Message-ID: <852566B4.006349CA.00@ttcmta1-7.ttc.com> Date: Fri, 6 Nov 1998 13:13:52 -0500 Subject: Re: Telnet Problem Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > When I type "open localhost", netacl runs the in.telnetd daemon and I am > asked to logon. After typing in a (valid) username, the system > disconnects. As soon as you get the login prompt, the FWTK is "out of the loop". You never mentioned your OS, so here are some things to try: 1) Solaris: look at LOGIN in your /etc/default/login file 2) Linux: check /etc/securettys 3) if you are running it, look at your TCP Wrappers ACL. --Keith -youngk@ttc.com From owner-fwtk-users Fri Nov 6 17:26:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00457 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:11:08 -0500 (EST) Message-ID: <36434E10.C04FD8C4@manton.com> Date: Fri, 06 Nov 1998 13:29:20 -0600 From: Ganesan Venkatasubramanian Organization: Manton Communications Corp. X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: fwtk-users@tis.com Subject: General Protection on http-gw in Linux 2.0.35 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I am running the http-gw on this machine which is our firewall. It runs RedHat 5.1 with a 2.0.35 kernel. Every few days I see in the log: Nov 5 19:53:27 datalife kernel: general protection: 0000 Nov 5 19:53:27 datalife kernel: CPU: 0 Nov 5 19:53:27 datalife kernel: EIP: 0010:[tcp_close+201/536] Nov 5 19:53:27 datalife kernel: EFLAGS: 00010087 Nov 5 19:53:27 datalife kernel: eax: 0063f208 ebx: 00d36414 ecx: 00000206 edx: 44494e4f Nov 5 19:53:27 datalife kernel: esi: 00d364d4 edi: 00000000 ebp: 00000001 esp: 01509f24 Nov 5 19:53:27 datalife kernel: ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018 Nov 5 19:53:27 datalife kernel: Process http-gw (pid: 26412, process nr: 22, stackpage=01509000) Nov 5 19:53:27 datalife kernel: Stack: 00d36414 02274690 02274690 0014d9d9 00d36414 00000000 02274600 00000000 Nov 5 19:53:27 datalife kernel: 001359d8 02274690 00000000 02274600 02274600 02274600 00000001 00135c11 Nov 5 19:53:27 datalife kernel: 02274690 038a9cc0 00123154 02274600 038a9cc0 00000000 038a9cc0 001231c4 Nov 5 19:53:27 datalife kernel: Call Trace: [inet_release+97/108] [sock_release+92/156] [sock_close+37/44] [__fput+28/64] [close_fp+76/92] [do_exit+292/508] [sys_exit+14/16] Nov 5 19:53:27 datalife kernel: [system_call+85/124] Nov 5 19:53:27 datalife kernel: Code: 89 72 04 89 93 c0 00 00 00 c7 00 00 00 00 00 c7 40 04 00 00 Sooner or later the entire machine crashes and has to be restarted. The last time even the keyboard did not respond. It usually happens 4-5 days after a restart. Needless to say this is extremely annoying at the very least! Any help would be appreciated. Thanks, Venkat From owner-fwtk-users Fri Nov 6 17:26:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00548 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:11:31 -0500 (EST) Message-ID: <364331EA.1ECC25A5@whiteoaknet.com> Date: Fri, 06 Nov 1998 12:29:14 -0500 From: Jeffrey Fulmer X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: FWTK Users Subject: http-gw Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, Sorry if this has been hashed out before but I'm having trouble finding the answer. I'm running http-gw as a daemon monitoring a defined port other than 80. I want to use it as a http proxy server. My rules are: http-gw: directory /a/directory http-gw: permit-hosts 111.111.111.* -log{read write ftp} http-gw: deny-hosts * when an internal web user attempts to proxy to an external host they get: ERROR - 404 reason: hostname unknown However, my dns server appears to be functioning fine. The same user who was denied can ping the destination host by dns entry name. So I looked in the syslog and I found: http-gw[5718]: permit host=computer.domain.com http-gw[5718]: syslog: fopen on /dev/null failed, errno 2 Any input would be appreciated. If this has all been answered before, then I'd appreciate if you could just direct me to the appropriate resource. Thanks, Jeff From owner-fwtk-users Fri Nov 6 17:28:59 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00724 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:27:08 -0500 (EST) Message-ID: <003e01be09d7$9bef9160$600106c0@prj002.dr.com.br> Reply-To: "Gustavo Tavares" From: "Gustavo Tavares" To: Subject: =?iso-8859-1?Q?Newbie_Question_-_Plug-gw_can=B4t_forward_packets?= Date: Fri, 6 Nov 1998 19:48:38 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] The first observation : My english is not very good ! Hi, im working in a Linux black box to be used as a Internet Gateway and i´m in trouble. I have two nets : The Internet and my local network. I´m using the linux ip masquerading feature to work as a transparent proxy server and it´s ok, but.... My Web Server, SMTP Server and POP Server are in my local network and i need to foward the packages to this services. I´m using the FWTK to do this, explicity i´m using just the plug-gw to foward the packages. I download the software, compile, install, make changes in the /etc/services file, make changes in the /etc/inetd.conf, make changes in the /usr/local/fwtk/netperm.table and everything is right (I think !), but when someone send an e-mail to my account located on my internal mailserver, the message can´t be delivered, and a log entry is created on my linux machine like that : 'plug-gw[598]: deny host=/ service=smtp' The entries in my netperm.table is : 'plug-gw: port 80 www *.*.*.* -plug-to -port 85 www' 'plug-gw: port 25 smtp *.*.*.* -plug-to -port 25 smtp' 'plug-gw: port 110 pop-3 *.*.*.* -plug-to -port 110 pop-3' And my inetd.conf file have this lines : 'smtp stream tcp nowait root /usr/local/fwtk/plug-gw plug-gw smtp' 'pop-3 stream tcp nowait root /usr/local/fwtk/plug-gw plug-gw pop-3' I check if the services are listed on my /etc/services and it´s ok ! This problem it´s simple (I think !). Just a parameter i forget to set (or don´t see in documentation) and i ask for your help. If someone can help me... []´s from Goiania - Goias - Brasil Gustavo Roberto Silva Tavares -- to Contact me --------------------------------------------- | Web : | Personal e-mail : | Business e-mail : | ICQ : 11024838 ------------------------------------------------------------- Ask for my PGP Public Key ! From owner-fwtk-users Fri Nov 6 17:32:31 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00821 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:30:49 -0500 (EST) Message-Id: <199811061924.OAA06584@jekyll.piermont.com> To: Louis Twomey cc: rmurphy@itm-inst.com, fwtk-users@ex.tis.com Subject: Re: FWTK version 2 and smap directories ... In-reply-to: Your message of "Fri, 06 Nov 1998 16:30:28 GMT." <199811061630.QAA12865@mail.kerna.ie> Reply-To: perry@piermont.com X-Reposting-Policy: redistribute only with permission Mime-Version: 1.0 (generated by tm-edit 7.108) Content-Type: text/plain; charset=US-ASCII Date: Fri, 06 Nov 1998 14:24:04 -0500 From: "Perry E. Metzger" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Louis Twomey writes: > [To be removed from this list send the message "unsubscribe fwtk-users" in th e > BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > > Is anyone else seeing dangling xma files? > Yes, I get them on a Digital Unix 4.0a box running FWTK 2.1. > Mails coming from remote servers and from local mail clients often end > up "dangling". The messages do actually get delivered (so presumably the > files are copied to sma files), but the xma files stay put. There are lots of bugs in the way smap deals with files when it dies unexpectedly. I have some extensive patches for this.... Perry From owner-fwtk-users Fri Nov 6 17:37:49 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA00863 for fwtk-users-outgoing; Fri, 6 Nov 1998 17:36:08 -0500 (EST) Date: Fri, 6 Nov 1998 14:54:20 -0500 (EST) From: David B Swann To: ark@eltex.ru cc: rmurphy@itm-inst.com, fwtk-users@ex.tis.com Subject: Re: Transparency with FreeBSD In-Reply-To: <199811061223.PAA17999@paranoid.eltex.spb.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I downloade FWTK 2.1 and IP Filter 3.2.9. IP Filter appears to have installed with NO problem. I downloaded the transparency patches and they modified the source code with NO problem. The file hnam.c in the lib directory would no build. There were several problems with FreeBSD. First, the patched hnam.c required ip_nat.h. This library was not installed as part of the IP Filter install. I copied the ip_nat.h file to /usr/local. Next, the data types used in ip_nat.h were not supported by FreeBSD. Darren Reed told me to also install the ip_compat.h header from IP Filter into the include directory and add it to the include list in hnam.c. I also had to add the fcntl.h, ioctl.h, and ip_fil.h to the include list in hnam.c. Finally, hnam.c compiles!!! My happiness was short lived. The NEW proxies do not work correctly. Transparency does not work and , although I can connect to the proxy directly, it does not allow me to connect to the final destination :( Can anyone list their working transparency hnam.c file for FreeBSD? __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Fri, 6 Nov 1998 ark@eltex.ru wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > nuqneH, > > Patches _do_ work. I even wrote my own proxy that uses the same > technique for transparency (pop3-gw, i could not avoid transparency > or hard-plugging to make APOP work). > Maybe the original poster forgot to recompile and install the kernel > with IPFilter support ;)? > > Rick Murphy said : > > > >Has anyone gotten transparency to work for FreeBSD? > > The person who wrote the transparency hacks reads fwtk-users - if it > > was something simple I'd expect him to answer. I've never tested the > > patches so can't say if they work or not - given the lack of other > > response it would seem that not many others have been successful. > > (This *IS* an attempt to produce some help :-) > > _ _ _ _ _ _ _ > {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ > (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| > [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQCVAwUBNkLqWqH/mIJW9LeBAQGXOQQAlvYUY0qowV+idbDINWSraInlk8g9GKbV > V4PGSBgHlsi/d5tebDfOTqBOyw6FQ8NQXDvROIK9VxYwpIOp6Mj6dB5ryUFFdD3K > cuF6tlShrRgqZG17odwQ9x+L5V8W92J955dgA4KWDQDh9FKNWaidzIQjFoQAKj8F > 3DIvMxYHT44= > =EFc8 > -----END PGP SIGNATURE----- > From owner-fwtk-users Fri Nov 6 18:06:20 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA01082 for fwtk-users-outgoing; Fri, 6 Nov 1998 18:04:29 -0500 (EST) Message-Id: <199811061807.NAA19683@pop02.globecomm.net> Subject: Re: IP filtering Date: Fri, 6 Nov 1998 13:05:16 -0500 x-mailer: Claris Emailer 2.0v3, January 22, 1998 From: Andrew Feigenson To: "Dirk Alboth" cc: Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] OK, I understand now, thanks. ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 What would need to be done to the above statement to make it forward instead of masquerade? Thanks, A On 11/6/98 12:43 PM, Dirk Alboth was rumored to have said: >> Is forwarding just as secure as masquerading? I ask because I have >> to assume it was set up this way for a reason. I am interested in >> getting more detailed logs on the server side but I can't have it be >> at the expense of security. If so, how would the statement below be >> modified to forward? > >It depends upon from which side you are looking at masquerading. > >Basically masquerading _is_ forwarding with a modification of the >source part of the IP packet (source IP and port). > >Now, if you do masquerading for outgoing packets (= packets of >connections originating from your secured network) then masquerading >is quite secure (provided some further conditions are met). In >particular if you have private IP addresses in your secure network. >(Of course all well-known aspects of the configuration of packet >filters apply here, too.) > >But if you look at masquerading incoming packets there is the main >draw back that all packets arriving at the internal host seem to >originate from the packet filter. (Note that this is just the >behavior you intend for outgoing connections.) So you cannot treat >them distinctly whether they come from the untrusted network or from >the trusted one. Plus logging will become harder. IMO masquerading >incoming connections is a lot less secure than just forwarding them. > >Dirk > >PS: The aspects of having an internal host as web server for the outside >have been discussed here only some weeks ago. So we need not repeat >that. *-------------------------------------------------* Andrew P. Feigenson *-------------------------------------------------* From owner-fwtk-users Fri Nov 6 19:02:29 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA01215 for fwtk-users-outgoing; Fri, 6 Nov 1998 18:59:48 -0500 (EST) Message-ID: <501937796866D211B5E00080C86AFA4F012290@cel-ex1.compedge.co.nz> From: Aaron Knauf To: "'Gonzalo Diethelm'" Cc: "'fwtk-users@tis.com'" Subject: RE: Id in subject field? Date: Sat, 7 Nov 1998 13:18:46 +1300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I filter the mail into a separate folder by looking for *fwtk* in the recipient fields - that works fine for me. Just about any mail client will let you do that. ADK > -----Original Message----- > From: Gonzalo Diethelm [mailto:Gonzalo.Diethelm@jda.cl] > Sent: Saturday, 7 November 1998 06:05 > To: 'fwtk-users@tis.com' > Subject: Id in subject field? > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hello, > > It would be very nice if all of the messages coming > from this mailing list had some kind of identification > on the Subject field. That way, it would be easy to filter > the list's messages to a separate folder. Something like: > > Subject: [FWTK] How do I block yoyodyne? > > Who should be contacted for this? > > Thanks, > > Gonzalo Diethelm > From owner-fwtk-users Fri Nov 6 19:05:31 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA01254 for fwtk-users-outgoing; Fri, 6 Nov 1998 19:03:50 -0500 (EST) Message-ID: <501937796866D211B5E00080C86AFA4F012291@cel-ex1.compedge.co.nz> From: Aaron Knauf To: "'Joshua T. McKee'" Cc: "'fwtk-users@tis.com'" Subject: RE: Telnet Problem Date: Sat, 7 Nov 1998 13:22:55 +1300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Perhaps you are attempting to log on as root? Not a good idea, really. But this is how you allow it. /etc/securetty ttyp0 ADK > -----Original Message----- > From: Joshua T. McKee [mailto:jtmckee@rmac.net] > Sent: Saturday, 7 November 1998 05:02 > To: fwtk-users@tis.com > Subject: Telnet Problem > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > I'm attempting to setup FWTK to do telnet proxying. I'm > having difficulty > when I attempt to login to the system acting as the proxy. my "netacl" > has the following entry: > > netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/sbin/in.telnetd > > When I type "open localhost", netacl runs the in.telnetd > daemon and I am > asked to logon. After typing in a (valid) username, the system > disconnects. > > Any ideas? > > Josh > From owner-fwtk-users Fri Nov 6 19:19:35 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA01289 for fwtk-users-outgoing; Fri, 6 Nov 1998 19:17:54 -0500 (EST) Message-ID: <501937796866D211B5E00080C86AFA4F012293@cel-ex1.compedge.co.nz> From: Aaron Knauf To: "'fwtk-users@tis.com'" Subject: FW: IP filtering Date: Sat, 7 Nov 1998 13:37:33 +1300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] There are two reasons for masquerading, rather than forwarding. 1) You dont want the outside to learn the topology of your network. (Security by obfuscation is not good enough by itself, by it's an advantage that I'll take wherever I can.) 2) You may be using RFC 1918 reserved IP addresses inside you network. (i.e. 10.0.0.0/8, 172.16.0.0/16 - 172.31.0.0/16, 192.168.0.0/16) These have to be masqueraded, as they won't route across the 'net. If you are not concerned about either of these issues, then I can't see any reason not to forward - anyone else? ADK > -----Original Message----- > From: Andrew Feigenson [mailto:andrewf@technologist.com] > Sent: Saturday, 7 November 1998 05:15 > To: Dirk Alboth > Cc: fwtk-users@ex.tis.com > Subject: Re: IP filtering > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Is forwarding just as secure as masquerading? I ask because > I have to > assume it was set up this way for a reason. I am interested > in getting > more detailed logs on the server side but I can't have it be at the > expense of security. If so, how would the statement below be > modified to > forward? > > Thanks, > A > > On 11/6/98 2:58 AM, Dirk Alboth was rumored to have said: > > >> for example, I've got this command in a startup script: > >> > >> ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 The m switch is the one that switches on masquerading. man ipfwadm will give you the exact syntax. ;-> > >> > >> where x.x.x.x is the IP of the address I want others outside the > >> firewall to see. This allows all people outside the > firewall to see > >> that address (more specifically, port 80) Fine, I understand that. > >> However, what I want to do is limit the addresses able to get to > >> that IP. When I put something like 129.21.221.* in place of > >> 0.0.0.0/0 it doesn't do anything different and still lets in > >> everyone. > > > >Try to do 129.21.221.0/24 instead. > > > >If there isn't any really important reason, I wouldn't masquerade > >connections from the outside, just forward. Unless you log > >masquerading activity you would not be able to tell what the > >originating host of a connection is. Every http connection will be > >logged as to originate from your firewall. So you would have to > >cross-check with your masquerade logs, which isn't that nice. > > > >Dirk > > > *-------------------------------------------------* > Andrew P. Feigenson > *-------------------------------------------------* > From owner-fwtk-users Fri Nov 6 20:04:00 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA01408 for fwtk-users-outgoing; Fri, 6 Nov 1998 20:01:54 -0500 (EST) Message-ID: <501937796866D211B5E00080C86AFA4F012294@cel-ex1.compedge.co.nz> From: Aaron Knauf To: "'Jeffrey Fulmer'" Cc: "'fwtk-users@tis.com'" Subject: RE: http-gw Date: Sat, 7 Nov 1998 14:20:45 +1300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Whether or not the user in question can ping the web server he's after is a moot point. It's the proxy server that needs to be able to resolve the name. Is your /etc/resolv.conf set up correctly? As to the /dev/null stuff - anyone else want to have a go? ADK > -----Original Message----- > From: Jeffrey Fulmer [mailto:jfulmer@mail.whiteoaknet.com] > Sent: Saturday, 7 November 1998 06:29 > To: FWTK Users > Subject: http-gw > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > > Sorry if this has been hashed out before but I'm having > trouble finding > the answer. > I'm running http-gw as a daemon monitoring a defined port other than > 80. I want to use it as a http proxy server. > > My rules are: > http-gw: directory /a/directory > http-gw: permit-hosts 111.111.111.* -log{read > write ftp} > http-gw: deny-hosts * > > when an internal web user attempts to proxy to an external host they > get: > ERROR - 404 > reason: hostname unknown > > However, my dns server appears to be functioning fine. The same user > who was denied can ping the destination host by dns entry name. > > So I looked in the syslog and I found: > http-gw[5718]: permit host=computer.domain.com > http-gw[5718]: syslog: fopen on /dev/null failed, errno 2 > > Any input would be appreciated. > If this has all been answered before, then I'd appreciate if you could > just direct me to the appropriate resource. > > Thanks, > Jeff > > > From owner-fwtk-users Fri Nov 6 20:11:11 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA01470 for fwtk-users-outgoing; Fri, 6 Nov 1998 20:09:21 -0500 (EST) Message-Id: <3.0.5.32.19981106202128.0080fc30@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 06 Nov 1998 20:21:28 -0500 To: Ted Keller From: Rick Murphy Subject: Re: FWTK version 2 and smap directories ... Cc: Rolf Obrecht , "Dirk.Nerling" , "Firewall Toolkit (M-list)" In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 12:22 PM 11/6/98 -0500, Ted Keller wrote: >There are a lot of places which v2.0 leaves dangling xma files. ... >I haven't looked at the 2.1 version yet to see if these problems have been >cleaned up. Many causes of dangling files are cleaned up in 2.1. I almost never see any any more. -Rick From owner-fwtk-users Fri Nov 6 20:11:12 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA01471 for fwtk-users-outgoing; Fri, 6 Nov 1998 20:09:22 -0500 (EST) Message-Id: <3.0.5.32.19981106201939.00843100@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 06 Nov 1998 20:19:39 -0500 To: "Michael St. Laurent" From: Rick Murphy Subject: Re: Could someone please explain this? Cc: fwtk-users@ex.tis.com In-Reply-To: <3.0.5.32.19981106104902.00ab2df0@guardian.hartwellcorp.com > Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 10:49 AM 11/6/98 -0800, Michael St. Laurent wrote: >The documentation for smapd says at the end of the third paragraph of the >man page that "It then calls the configured message transfer agent (usually >sendmail in delivery mode) for final delivery." If this is correct then >why do we need the mqueue script? Obviously there is a good reason for it >or it wouldn't be there. Would someone be kind enough to clear this up? Sendmail attempts delivery; if it's unsuccessful, the message is left in the sendmail spool directory. The mqueue script occasionally tries to deliver these deferred mails. Often, mqueue has nothing to do - that depends on how reliable your connection is and how reliable the connection to the intended recipients is. If you don't run something to clear up the queue, any mail that can't be immediately delivered will NEVER get delivered, with no error response returned. -Rick From owner-fwtk-users Fri Nov 6 20:13:00 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA01492 for fwtk-users-outgoing; Fri, 6 Nov 1998 20:11:05 -0500 (EST) Message-Id: <3.0.5.32.19981106202335.00846ce0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 06 Nov 1998 20:23:35 -0500 To: Jeffrey Fulmer From: Rick Murphy Subject: Re: http-gw Cc: FWTK Users In-Reply-To: <364331EA.1ECC25A5@whiteoaknet.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 12:29 PM 11/6/98 -0500, Jeffrey Fulmer wrote: >My rules are: >http-gw: directory /a/directory ... >http-gw[5718]: permit host=computer.domain.com >http-gw[5718]: syslog: fopen on /dev/null failed, errno 2 Any time you use the "directory" specification to chroot a proxy, you've got to put enough information in that directory tree to permit the proxy to work. For example, you'll need at least /a/directory/etc/resolv.conf; maybe several other files. -Rick From owner-fwtk-users Fri Nov 6 20:13:00 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA01491 for fwtk-users-outgoing; Fri, 6 Nov 1998 20:11:04 -0500 (EST) Message-Id: <3.0.5.32.19981106202546.0080dbc0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 06 Nov 1998 20:25:46 -0500 To: Gonzalo Diethelm From: Rick Murphy Subject: Re: Id in subject field? Cc: "'fwtk-users@tis.com'" In-Reply-To: <59706945956AD2119562006094B9C0020953@bach.jda.cl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 01:05 PM 11/6/98 -0400, Gonzalo Diethelm wrote: >It would be very nice if all of the messages coming >from this mailing list had some kind of identification >on the Subject field. I filter on the "sender" field. -Rick From owner-fwtk-users Fri Nov 6 20:43:52 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA01668 for fwtk-users-outgoing; Fri, 6 Nov 1998 20:41:51 -0500 (EST) Message-Id: From: linux@consultix.wa.com (Tim Maher) Subject: Re: General Protection on http-gw in Linux 2.0.35 To: venkat@manton.com (Ganesan Venkatasubramanian) Date: Fri, 6 Nov 1998 19:02:12 -0800 (PST) Cc: fwtk-users@tis.com In-Reply-To: <36434E10.C04FD8C4@manton.com> from "Ganesan Venkatasubramanian" at Nov 6, 98 01:29:20 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] According to Ganesan Venkatasubramanian: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > I am running the http-gw on this machine which is our firewall. It runs > RedHat 5.1 with a 2.0.35 kernel. Every few days I see in the log: > > Nov 5 19:53:27 datalife kernel: general protection: 0000 > Nov 5 19:53:27 datalife kernel: CPU: 0 > Nov 5 19:53:27 datalife kernel: EIP: 0010:[tcp_close+201/536] > Nov 5 19:53:27 datalife kernel: EFLAGS: 00010087 > Nov 5 19:53:27 datalife kernel: eax: 0063f208 ebx: 00d36414 ecx: > 00000206 edx: 44494e4f > Nov 5 19:53:27 datalife kernel: esi: 00d364d4 edi: 00000000 ebp: > 00000001 esp: 01509f24 > Nov 5 19:53:27 datalife kernel: ds: 0018 es: 0018 fs: 002b gs: > 002b ss: 0018 > Nov 5 19:53:27 datalife kernel: Process http-gw (pid: 26412, process > nr: 22, stackpage=01509000) > Nov 5 19:53:27 datalife kernel: Stack: 00d36414 02274690 02274690 > 0014d9d9 00d36414 00000000 02274600 00000000 > Nov 5 19:53:27 datalife kernel: 001359d8 02274690 00000000 > 02274600 02274600 02274600 00000001 00135c11 > Nov 5 19:53:27 datalife kernel: 02274690 038a9cc0 00123154 > 02274600 038a9cc0 00000000 038a9cc0 001231c4 > Nov 5 19:53:27 datalife kernel: Call Trace: [inet_release+97/108] > [sock_release+92/156] [sock_close+37/44] [__fput+28/64] [close_fp+76/92] > [do_exit+292/508] [sys_exit+14/16] > Nov 5 19:53:27 datalife kernel: [system_call+85/124] > Nov 5 19:53:27 datalife kernel: Code: 89 72 04 89 93 c0 00 00 00 c7 00 > 00 00 00 00 c7 40 04 00 00 > > Sooner or later the entire machine crashes and has to be restarted. The > last time even the keyboard did not respond. It usually happens 4-5 days > after a restart. Needless to say this is extremely annoying at the very > least! > > Any help would be appreciated. > > Thanks, > Venkat > > On three separate machines, none of which is running http-gw, I have the same kind of problem with 2.0.35, which may be triggered by date, sendmail, grep, ls, you name it. I fixed the problem on all three boxes by going back to 2.0.33. +================================================================+ | Tim Maher, Ph.D. Tel/Fax: (206) 781-UNIX/8649 | | Head UNIX Guru, CONSULTIX Email: tim@consultix.wa.com | | "The UNIX Training Experts" http://www.consultix.wa.com/yumpy | | Seattle Perl Users Group: http://www.halcyon.com/spug | +================================================================+ From owner-fwtk-users Fri Nov 6 20:52:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA01699 for fwtk-users-outgoing; Fri, 6 Nov 1998 20:50:51 -0500 (EST) Date: Fri, 6 Nov 1998 18:03:02 -0800 (PST) From: David Lang X-Sender: dlang@dlang To: Aaron Knauf cc: "'fwtk-users@tis.com'" Subject: Re: FW: IP filtering In-Reply-To: <501937796866D211B5E00080C86AFA4F012293@cel-ex1.compedge.co.nz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- masquerading does add some security in that connections cannot be established from the outside to the inside. Even if they do figure out the topology of your network, they cannot get to it. David Lang On Sat, 7 Nov 1998, Aaron Knauf wrote: > Date: Sat, 7 Nov 1998 13:37:33 +1300 > From: Aaron Knauf > To: "'fwtk-users@tis.com'" > Subject: FW: IP filtering > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > There are two reasons for masquerading, rather than forwarding. > > 1) You dont want the outside to learn the topology of your network. > (Security by obfuscation is not good enough by itself, by it's an > advantage that I'll take wherever I can.) > > 2) You may be using RFC 1918 reserved IP addresses inside you network. > (i.e. 10.0.0.0/8, 172.16.0.0/16 - 172.31.0.0/16, 192.168.0.0/16) These > have to be masqueraded, as they won't route across the 'net. > > If you are not concerned about either of these issues, then I can't see > any reason not to forward - anyone else? > > ADK > > > -----Original Message----- > > From: Andrew Feigenson [mailto:andrewf@technologist.com] > > Sent: Saturday, 7 November 1998 05:15 > > To: Dirk Alboth > > Cc: fwtk-users@ex.tis.com > > Subject: Re: IP filtering > > > > > > [To be removed from this list send the message "unsubscribe > > fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Is forwarding just as secure as masquerading? I ask because > > I have to > > assume it was set up this way for a reason. I am interested > > in getting > > more detailed logs on the server side but I can't have it be at the > > expense of security. If so, how would the statement below be > > modified to > > forward? > > > > Thanks, > > A > > > > On 11/6/98 2:58 AM, Dirk Alboth was rumored to have said: > > > > >> for example, I've got this command in a startup script: > > >> > > >> ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 > > The m switch is the one that switches on masquerading. man ipfwadm will > give you the exact syntax. ;-> > > > >> > > >> where x.x.x.x is the IP of the address I want others outside the > > >> firewall to see. This allows all people outside the > > firewall to see > > >> that address (more specifically, port 80) Fine, I understand that. > > >> However, what I want to do is limit the addresses able to get to > > >> that IP. When I put something like 129.21.221.* in place of > > >> 0.0.0.0/0 it doesn't do anything different and still lets in > > >> everyone. > > > > > >Try to do 129.21.221.0/24 instead. > > > > > >If there isn't any really important reason, I wouldn't masquerade > > >connections from the outside, just forward. Unless you log > > >masquerading activity you would not be able to tell what the > > >originating host of a connection is. Every http connection will be > > >logged as to originate from your firewall. So you would have to > > >cross-check with your masquerade logs, which isn't that nice. > > > > > >Dirk > > > > > > *-------------------------------------------------* > > Andrew P. Feigenson > > *-------------------------------------------------* > > > -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNkOqWD7msCGEppcbAQEtEQf/ekB9qvfCLrV65+wYaDZ9zqsZbwDaHd6w z2kcVPhksNzeOLFmTZO7Y2vbdZJCf3JeEgRAvcRVvAZa/tsYf8ElFLeaxVgA24yF hVXsdRHi8lCaS74pQH0nGbE1ioKpMra7f8tDckfOmIznlVGxz/CxCaNYNwqgGfco NwCd+Ds/SImw4ep6tZEnPNyc8mWc0J40tG14BEhfUZU+XAwZTkfjsN26EMTO+CHX 62xVbMhvAyhANnrRcG5nBSd+ApGLyMs6x6itCJj/ByfX1YR2KvZLD2bupdWq7Fw9 mXKvG3u2H/bm8rUCHEOoFb2oyTBOTUaagdYMr4e4PqG5iAF59QVBlA== =ozkK -----END PGP SIGNATURE----- From owner-fwtk-users Fri Nov 6 23:34:12 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id XAA01951 for fwtk-users-outgoing; Fri, 6 Nov 1998 23:30:51 -0500 (EST) Message-ID: <501937796866D211B5E00080C86AFA4F012296@cel-ex1.compedge.co.nz> From: Aaron Knauf To: "'fwtk-users@tis.com'" Subject: FW: FW: IP filtering Date: Sat, 7 Nov 1998 17:50:18 +1300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----Original Message----- From: Aaron Knauf Sent: Saturday, 7 November 1998 17:50 To: 'David Lang' Subject: RE: FW: IP filtering > -----Original Message----- > From: David Lang [mailto:dlang@diginsite.com] > Sent: Saturday, 7 November 1998 15:03 > To: Aaron Knauf > Cc: 'fwtk-users@tis.com' > Subject: Re: FW: IP filtering > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > -----BEGIN PGP SIGNED MESSAGE----- > > masquerading does add some security in that connections cannot be > established from the outside to the inside. Even if they do > figure out the > topology of your network, they cannot get to it. Ah, except the ones you're letting into your internal mail/web/whatever servers. At which point you're back to forwarding, no? How does forwarding, with appropriate filter rules and statefull inspection (like ipfwadm does) differ from masquerading from a _security_ viewpoint? ADK > On Sat, 7 Nov 1998, Aaron Knauf wrote: > > > Date: Sat, 7 Nov 1998 13:37:33 +1300 > > From: Aaron Knauf > > To: "'fwtk-users@tis.com'" > > Subject: FW: IP filtering > > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > There are two reasons for masquerading, rather than forwarding. > > > > 1) You dont want the outside to learn the topology of your network. > > (Security by obfuscation is not good enough by itself, by it's an > > advantage that I'll take wherever I can.) > > > > 2) You may be using RFC 1918 reserved IP addresses inside > you network. > > (i.e. 10.0.0.0/8, 172.16.0.0/16 - 172.31.0.0/16, > 192.168.0.0/16) These > > have to be masqueraded, as they won't route across the 'net. > > > > If you are not concerned about either of these issues, then > I can't see > > any reason not to forward - anyone else? > > > > ADK > > > > > -----Original Message----- > > > From: Andrew Feigenson [mailto:andrewf@technologist.com] > > > Sent: Saturday, 7 November 1998 05:15 > > > To: Dirk Alboth > > > Cc: fwtk-users@ex.tis.com > > > Subject: Re: IP filtering > > > > > > > > > [To be removed from this list send the message "unsubscribe > > > fwtk-users" in the > > > BODY of a mail message to majordomo@ex.tis.com.] > > > > > > Is forwarding just as secure as masquerading? I ask because > > > I have to > > > assume it was set up this way for a reason. I am interested > > > in getting > > > more detailed logs on the server side but I can't have it > be at the > > > expense of security. If so, how would the statement below be > > > modified to > > > forward? > > > > > > Thanks, > > > A > > > > > > On 11/6/98 2:58 AM, Dirk Alboth was rumored to have said: > > > > > > >> for example, I've got this command in a startup script: > > > >> > > > >> ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D > x.x.x.x/32 80 > > > > The m switch is the one that switches on masquerading. man > ipfwadm will > > give you the exact syntax. ;-> > > > > > >> > > > >> where x.x.x.x is the IP of the address I want others > outside the > > > >> firewall to see. This allows all people outside the > > > firewall to see > > > >> that address (more specifically, port 80) Fine, I > understand that. > > > >> However, what I want to do is limit the addresses able > to get to > > > >> that IP. When I put something like 129.21.221.* in place of > > > >> 0.0.0.0/0 it doesn't do anything different and still lets in > > > >> everyone. > > > > > > > >Try to do 129.21.221.0/24 instead. > > > > > > > >If there isn't any really important reason, I wouldn't masquerade > > > >connections from the outside, just forward. Unless you log > > > >masquerading activity you would not be able to tell what the > > > >originating host of a connection is. Every http > connection will be > > > >logged as to originate from your firewall. So you would have to > > > >cross-check with your masquerade logs, which isn't that nice. > > > > > > > >Dirk > > > > > > > > > *-------------------------------------------------* > > > Andrew P. Feigenson > > > *-------------------------------------------------* > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP for Personal Privacy 5.0 > Charset: noconv > > iQEVAwUBNkOqWD7msCGEppcbAQEtEQf/ekB9qvfCLrV65+wYaDZ9zqsZbwDaHd6w > z2kcVPhksNzeOLFmTZO7Y2vbdZJCf3JeEgRAvcRVvAZa/tsYf8ElFLeaxVgA24yF > hVXsdRHi8lCaS74pQH0nGbE1ioKpMra7f8tDckfOmIznlVGxz/CxCaNYNwqgGfco > NwCd+Ds/SImw4ep6tZEnPNyc8mWc0J40tG14BEhfUZU+XAwZTkfjsN26EMTO+CHX > 62xVbMhvAyhANnrRcG5nBSd+ApGLyMs6x6itCJj/ByfX1YR2KvZLD2bupdWq7Fw9 > mXKvG3u2H/bm8rUCHEOoFb2oyTBOTUaagdYMr4e4PqG5iAF59QVBlA== > =ozkK > -----END PGP SIGNATURE----- > From owner-fwtk-users Sat Nov 7 19:40:56 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA04191 for fwtk-users-outgoing; Sat, 7 Nov 1998 19:28:40 -0500 (EST) Message-ID: <3644EA17.62922E42@kos-fhbw.de> Date: Sun, 08 Nov 1998 01:47:20 +0100 From: Roland Frick X-Mailer: Mozilla 4.05 [de] (WinNT; I) MIME-Version: 1.0 To: "Michael St. Laurent" CC: fwtk-users@ex.tis.com Subject: Re: Could someone please explain this? References: <3.0.5.32.19981106104902.00ab2df0@guardian.hartwellcorp.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Michael St. Laurent schrieb: > The documentation for smapd says at the end of the third paragraph of the > man page that "It then calls the configured message transfer agent (usually > sendmail in delivery mode) for final delivery." If this is correct then > why do we need the mqueue script? Obviously there is a good reason for it > or it wouldn't be there. Would someone be kind enough to clear this up? > On a typical firewall running smap and sampd sendmail isn'nt runnig in q mode as a daemon but is only called by smapd (running in a sandbox) to deliver a certain mail once. If for any temporary reason (router problems, host shut down ...) the mail is undeliverable at the time smapd calls sendmail it would stay in mqueue forever without anyone noticing it. So running the mqueue script is a way to try to deliver mails which failed the first delivery with an error that indicates a further try might be succesfull. So long Roland From owner-fwtk-users Sat Nov 7 21:05:46 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA04443 for fwtk-users-outgoing; Sat, 7 Nov 1998 21:00:51 -0500 (EST) Message-Id: <199811080218.VAA09348@jekyll.piermont.com> To: Gonzalo Diethelm cc: "'fwtk-users@tis.com'" Subject: Re: Id in subject field? In-reply-to: Your message of "Fri, 06 Nov 1998 13:05:25 -0400." <59706945956AD2119562006094B9C0020953@bach.jda.cl> Reply-To: perry@piermont.com X-Reposting-Policy: redistribute only with permission Mime-Version: 1.0 (generated by tm-edit 7.108) Content-Type: text/plain; charset=US-ASCII Date: Sat, 07 Nov 1998 21:18:18 -0500 From: "Perry E. Metzger" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Gonzalo Diethelm writes: > It would be very nice if all of the messages coming > from this mailing list had some kind of identification > on the Subject field. That way, it would be easy to filter > the list's messages to a separate folder. Isn't the Return-Path, To: and Cc: information far more than enough for that? .pm From owner-fwtk-users Sat Nov 7 21:29:41 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA04496 for fwtk-users-outgoing; Sat, 7 Nov 1998 21:26:54 -0500 (EST) Message-ID: <36450661.1006417B@visualizetech.com> Date: Sat, 07 Nov 1998 19:48:01 -0700 From: Gordon Chamberlin X-Mailer: Mozilla 4.5 [en] (X11; U; Linux 2.0.33 i586) X-Accept-Language: en MIME-Version: 1.0 To: fwtk-users@tis.com Subject: NEWBIE: IP Filtering Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I'm new to firewalls and I am trying to learn. This question doesn't pertain to the TIS fwtk. Apologies in advance... How do I use IP filtering, in a Linux kernel, to let me telnet out but to prevent the Internet at large from telneting in? Is it possible to do without IP masqurading? I have an internal network and a linux box as a router. The internal network has real IP addresses. I placed the following rules in the fw chain: ip -F -a a -b -P tcp -S 0.0.0.0/0 23 -D x.x.x.x/27 1024:65535 ip -F -a a -b -P tcp -S x.x.x.x/27 23 -D 0.0.0.0/0 1024:65535 These let me telnet out and let any machine telnet in. Thanks for answering a newbie question... -Gordon -- Gordon Chamberlin Visualize, Inc. http://www.visualizetech.com (602) 861-0999 ext. 14 glac@visualizetech.com From owner-fwtk-users Sun Nov 8 07:14:26 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id HAA05236 for fwtk-users-outgoing; Sun, 8 Nov 1998 07:07:17 -0500 (EST) From: pam@polynet.lviv.ua Date: 8 Nov 1998 14:26:55 +0200 Date: Sun, 8 Nov 1998 14:26:55 +0200 (EET) X-Sender: pam@NetSurfer.lp.lviv.ua To: David B Swann cc: fwtk-users@ex.tis.com Subject: RE: Transparency with FreeBSD Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-405596548-910528015=:26638" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-405596548-910528015=:26638 Content-Type: TEXT/PLAIN; charset=US-ASCII Hello, I'm successfuly running FWTK 2.1 with transparency under FreeBSD 2.2.x and 3.0. As I've made some serious changes in the FWTK code, I can't send you entire patch for transparency support. I want to consolidate/unify some functions in the code and add date/time-based ACLs to netperm-table BTW, please take look at function ifwithipaddr() (thanks to Julian Elischer for sample code and directions) - it allows to distinguish whenever user tries to connect to outside host (transparency on) or firewall itself (transparency off). Please don't hesitate in contacting me for additional info. Adrian Pavlykevych email: System Administrator phone/fax: +380 (322) 742041 State University "Lvivska Polytechnica" --0-405596548-910528015=:26638 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="hnam.c" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: hnam.c with IPFilter transparency patch for FreeBSD Content-Disposition: attachment; filename="hnam.c" LyotDQogKiBDb3B5cmlnaHQgKGMpIDE5OTMsIDE5OTYsIFRydXN0ZWQgSW5m b3JtYXRpb24gU3lzdGVtcywgSW5jb3Jwb3JhdGVkDQogKiBBbGwgcmlnaHRz IHJlc2VydmVkLg0KICoNCiAqIFJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgYXJl IGdvdmVybmVkIGJ5IHRoZSB0ZXJtcyBkZXRhaWxlZCBpbiB0aGUNCiAqIGxp Y2Vuc2UgZG9jdW1lbnQgKCJMSUNFTlNFIikgaW5jbHVkZWQgd2l0aCB0aGUg dG9vbGtpdC4NCiAqLw0KDQovKg0KICoJQXV0aG9yOiBNYXJjdXMgSi4gUmFu dW0sIFRydXN0ZWQgSW5mb3JtYXRpb24gU3lzdGVtcywgSW5jLg0KICovDQpz dGF0aWMJY2hhcglSY3NJZFtdID0gIiRIZWFkZXI6IC91c3IvaG9tZS9yaWNr L2Z3dGsyLjAvZnd0ay9saWIvUkNTL2huYW0uYyx2IDEuMiAxOTk2LzEyLzEw IDE4OjA4OjQyIHJpY2sgRXhwICQiOw0KDQojZGVmaW5lIERFQlVHDQoNCiNp bmNsdWRlCTxzeXMvdHlwZXMuaD4NCg0KI2lmZGVmIERFQlVHDQojaW5jbHVk ZSAgICAgICAgPHN5cy9lcnJuby5oPg0KI2VuZGlmDQojaW5jbHVkZQk8c3lz L3NvY2tldC5oPg0KI2luY2x1ZGUJPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRl CTxuZXRkYi5oPg0KI2luY2x1ZGUJPHN5c2xvZy5oPg0KI2luY2x1ZGUJPGN0 eXBlLmg+DQoNCmV4dGVybgljaGFyCSppbmV0X250b2EoKTsNCg0KI2lmIGRl ZmluZWQoVVNFX0lQX0ZJTFRFUikNCiNpbmNsdWRlICAgICAgPG5ldC9pZi5o Pg0KI2lmbmRlZiBMSU5VWA0KI2luY2x1ZGUgICAgICAiaXBfY29tcGF0Lmgi DQojaW5jbHVkZSAgICAgICJpcF9maWwuaCINCiNpbmNsdWRlICAgICAgImlw X25hdC5oIg0KI2VuZGlmDQojaWZkZWYgX19GcmVlQlNEX18NCiNpbmNsdWRl IDxzeXMvc3RhdC5oPg0KI2luY2x1ZGUgPG5ldC9pZi5oPg0KI2luY2x1ZGUg PG5ldC9pZl9kbC5oPg0KI2luY2x1ZGUgPHN5cy9zb2NraW8uaD4NCg0KDQoj ZW5kaWYNCiNpZiBkZWZpbmVkKFNPTEFSSVMpDQojaW5jbHVkZSA8c3lzL3N0 YXQuaD4NCiNpbmNsdWRlIDxmY250bC5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5o Pg0KI2luY2x1ZGUgPHN5cy9pb2Njb20uaD4NCiNlbmRpZg0KI2VuZGlmIC8q IElQX0ZJTFRFUiAqLw0KDQojaW5jbHVkZQkiZmlyZXdhbGwuaCINCg0KDQpj aGFyCSoNCm1hcGhvc3RuYW1lKG5hbWUpDQpjaGFyCSpuYW1lOw0Kew0KCXN0 cnVjdAlob3N0ZW50CQkqaHA7DQoJc3RydWN0CXNvY2thZGRyX2luCXNpbjsN CgljaGFyCQkJKnA7DQoNCglwID0gbmFtZTsNCgl3aGlsZSgqcCAhPSAnXDAn ICYmICgqcCA9PSAnLicgfHwgKnAgPT0gJyonIHx8IGlzZGlnaXQoKnApKSkN CgkJcCsrOw0KDQoJaWYoKnAgPT0gJ1wwJykNCgkJcmV0dXJuKG5hbWUpOw0K DQoJaWYoKGhwID0gZ2V0aG9zdGJ5bmFtZShuYW1lKSkgPT0gKHN0cnVjdCBo b3N0ZW50ICopMCkNCgkJcmV0dXJuKG5hbWUpOw0KDQoJaWYgKGhwLT5oX2xl bmd0aCA+IHNpemVvZihzaW4uc2luX2FkZHIuc19hZGRyKSkgew0KCQlzeXNs b2coTExFViwic2VjdXJpdHlhbGVydDogaW52YWxpZCBob3N0IGFkZHJlc3Mg bGVuZ3RoICglZCkgaG9zdG5hbWUgJS4xMjhzIiwgaHAtPmhfbGVuZ3RoLCBu YW1lKTsNCgkJbmFtZSA9ICJpbnZhbGlkIjsNCgkJcmV0dXJuIChuYW1lKTsN Cgl9DQoJYmNvcHkoaHAtPmhfYWRkciwmc2luLnNpbl9hZGRyLGhwLT5oX2xl bmd0aCk7DQoJcmV0dXJuKGluZXRfbnRvYShzaW4uc2luX2FkZHIpKTsNCn0N Cg0KDQoNCiNpZmRlZiBVU0VfSVBfRklMVEVSDQojaWZkZWYgX19GcmVlQlNE X18NCi8qIENoZWNrIHdoZW5ldmVyIGdpdmVuIElQIGlzIGxvY2FsIHRvIHRo aXMgaG9zdCAqLw0KaW50IGlmd2l0aGlwYWRkcihzdHJ1Y3Qgc29ja2FkZHJf aW4gKmlwc2EpDQp7DQogICAgc3RydWN0IGlmY29uZiAgICAgICBpZmM7DQog ICAgc3RydWN0IGlmcmVxICAgICAgICBpZnJzWyA2NCBdLCAqaWZyLCAqbmV4 dGlmcjsNCiAgICBzdHJ1Y3QgaW50ZXJmYWNlICAgICppZmFjZSwgKm5pZmFj ZTsNCiAgICBpbnQgICAgICAgICAgICAgICAgIHM7DQogICAgc3RydWN0IHNv Y2thZGRyICAgICAqc2FfcDsNCiAgICBpbnQgaWZyc2l6ZSA9IDA7DQoNCiAg ICBiemVybygmaWZjLHNpemVvZihzdHJ1Y3QgaWZjb25mKSk7DQogICAgYnpl cm8oaWZycyxzaXplb2Yoc3RydWN0IGlmcmVxKSAqIDY0KTsNCiAgICBpZiAo KCBzID0gc29ja2V0KCBBRl9JTkVULCBTT0NLX0RHUkFNLCAwICkpIDwgMCAp IHsNCiAgICAgICAgc3lzbG9nKExMRVYsICJzb2NrZXQoKSBmYWlsZWQ6ICVt IiApOw0KICAgICAgICBleGl0KCAxICk7DQogICAgfQ0KDQogICAgaWZjLmlm Y19sZW4gPSBzaXplb2YoIGlmcnMgKTsNCiAgICBpZmMuaWZjX2J1ZiA9IChj YWRkcl90KWlmcnM7DQogICAgaWYgKCBpb2N0bCggcywgU0lPQ0dJRkNPTkYs ICZpZmMgKSA8IDAgKSB7DQogICAgICAgIHN5c2xvZyhMTEVWLCAiZ2V0aWZj b25mIGZhaWxlZDogJW0iICk7DQogICAgICAgIGV4aXQoIDEgKTsNCiAgICB9 DQoNCiAgICBmb3IgKCBpZnIgPSBpZmMuaWZjX3JlcTsgaWZjLmlmY19sZW4g Pj0gc2l6ZW9mKCBzdHJ1Y3QgaWZyZXEgKTsNCiAgICAgICAgICAgICAgICAg ICAgICAgIGlmciA9IG5leHRpZnIsIGlmYy5pZmNfbGVuIC09IGlmcnNpemUp IHsNCiAgICAgICAgLyoNCiAgICAgICAgICogaW4gQlNENC40LCB0aGlzIHJl dHVybnMgYW4gZW50cnkgZm9yIGV2ZXJ5IGFkZHJlc3MNCiAgICAgICAgICog QXNzb2NpYXRlZCB3aXRoIHRoZSBpZi4gaW5jbHVkaW5nIHBoeXNpY2FsLi4g dGhleQ0KICAgICAgICAgKiBpbmNsdWRlIGEgc29ja2FkZHIgd2hpY2ggaXMg VkFSSUFCTEUgTEVOR1RIIQ0KICAgICAgICAgKiANCiAgICAgICAgICogQ2Fs Y3VsYXRlIHRoZSBsZW5ndGggb2YgdGhpcyBlbnRyeS4NCiAgICAgICAgICov DQogICAgICAgIHNhX3AgPSAmKGlmci0+aWZyX2FkZHIpOw0KCWlmIChzYV9w LT5zYV9mYW1pbHkgPT0gQUZfSU5FVCkNCgkJaWYgKCgoc3RydWN0IHNvY2th ZGRyX2luICopc2FfcCktPnNpbl9hZGRyLnNfYWRkciA9PSBpcHNhLT5zaW5f YWRkci5zX2FkZHIpDQoJCQlyZXR1cm4oMSk7DQoJaWZyc2l6ZSA9ICBJRk5B TVNJWiArIHNhX3AtPnNhX2xlbjsNCiAgICAgICAJbmV4dGlmciA9IChzdHJ1 Y3QgaWZyZXEgKikoKGNhZGRyX3QpaWZyICsgaWZyc2l6ZSk7DQogICAgICAg IA0KICAgIH0NCiAgICBpZiAoIGlmYy5pZmNfbGVuICE9IDAgKSB7DQogICAg ICAgIHN5c2xvZyhMTEVWLCAiZnVua3kgZ2V0aWZjb25mIG91dHB1dCIpOyAN CiAgICAgICAgZXhpdCggMSApOw0KICAgIH0NCg0KICAgICh2b2lkKWNsb3Nl KCBzICk7DQogICAgcmV0dXJuKDApOw0KfQ0KI2VuZGlmDQoNCmNoYXIgKmdl dGRzdGhvc3QoZmQsIHB0cikNCiAgaW50IGZkOw0KaW50ICpwdHI7DQp7DQog IHN0cnVjdCBzb2NrYWRkcl9pbiBzaW4sIHJlYWxhZGRyOw0KICBzdHJ1Y3Qg aG9zdGVudCAqaHA7DQogIGludCBzbD1zaXplb2Yoc3RydWN0IHNvY2thZGRy X2luKSwgZXJyPTAsIGxvY2FsX2g9MCwgaT0wOw0KICBzdGF0aWMgY2hhciBi dWZbMjU1XSwgaG9zdGJ1ZlsyNTVdOw0KI2lmIGRlZmluZWQoX19GcmVlQlNE X18pIHx8IGRlZmluZWQoU09MQVJJUykNCiAgc3RydWN0IHNvY2thZGRyX2lu IHJzaW47DQogIHN0cnVjdCBuYXRsb29rdXAgbmF0bG9va3VwOw0KICBpbnQg bmF0ZmQ7DQojZW5kaWYNCiAgDQojaWZkZWYgbGludXgNCiAgLyogVGhpcyBz aG91bGQgYWxzbyB3b3JrIGZvciBVRFAuIFVuZm9ydHVuYXRlbHksIGl0IGRv ZXNuJ3QuDQogICAgIE1heWJlIHdoZW4gdGhlIExpbnV4IFVEUCBwcm94eSBj b2RlIGdldHMgYSBsaXR0bGUgY2xlYW5lci4NCiAgICAgKi8NCiAgaWYoIShl cnI9Z2V0c29ja25hbWUoMCwmc2luLCZzbCkpKSB7DQogICAgaWYocHRyKSAq cHRyPW50b2hzKHNpbi5zaW5fcG9ydCk7DQogICAgc3ByaW50ZihidWYsIiVz IixpbmV0X250b2Eoc2luLnNpbl9hZGRyKSk7DQogICAgZ2V0aG9zdG5hbWUo aG9zdGJ1ZiwyNTQpOw0KICAgIGhwPWdldGhvc3RieW5hbWUoaG9zdGJ1Zik7 DQogICAgd2hpbGUoaHAtPmhfYWRkcl9saXN0W2ldKSB7DQogICAgICBiemVy bygmc2luLCZzbCk7DQogICAgICBtZW1jcHkoJnNpbi5zaW5fYWRkcixocC0+ aF9hZGRyX2xpc3RbaSsrXSxzaXplb2YoaHAtPmhfYWRkcl9saXN0W2krK10p KTsNCiAgICAgIGlmKCFzdHJjbXAoYnVmLGluZXRfbnRvYShzaW4uc2luX2Fk ZHIpKSkgbG9jYWxfaCsrOw0KICAgIH0NCiAgICBpZihsb2NhbF9oKSB7IC8q IHN5c2xvZyhMTEVWLCJERUJVRzogaG5hbS5jOiBub24tdHJhbnNwYXJlbnQu Iik7ICovIHJldHVybihOVUxMKTsgfQ0KICAgIGVsc2UgeyByZXR1cm4oYnVm KTsgfQ0KICB9DQojZW5kaWYNCiAgDQojaWYgZGVmaW5lZChfX0ZyZWVCU0Rf XykNCiAgLyogVGhlIGJhc2lzIGZvciB0aGlzIGJsb2NrIG9mIGNvZGUgaXMg RGFycmVuIFJlZWQncw0KICAgICBwYXRjaGVzIHRvIHRoZSBUSVMgZnR3aydz IGZ0cC1ndy4NCiAgICAgKi8NCiAgYnplcm8oKGNoYXIqKSZzaW4sc2l6ZW9m KHNpbikpOw0KICBiemVybygoY2hhciopJnJzaW4sc2l6ZW9mKHJzaW4pKTsN CiAgYnplcm8oKGNoYXIqKSZyZWFsYWRkcixzaXplb2YocmVhbGFkZHIpKTsN CiAgaWYoZ2V0c29ja25hbWUoZmQsKHN0cnVjdCBzb2NrYWRkciopJnNpbiwm c2wpPDApIHsNCiAgICBzeXNsb2coTExFViwgImdldHNvY2tuYW1lKCkgZmFp bGVkOiAlbVxuIik7DQogICAgcmV0dXJuIE5VTEw7DQogIH0NCiAgc2w9c2l6 ZW9mKHJzaW4pOw0KICBpZihnZXRwZWVybmFtZShmZCwoc3RydWN0IHNvY2th ZGRyKikmcnNpbiwmc2wpPDApIHsNCiAgICBzeXNsb2coTExFViwgImdldHBl ZXJuYW1lKCkgZmFpbGVkOiAlbVxuIik7DQogICAgcmV0dXJuIE5VTEw7DQog IH0NCiAgbmF0bG9va3VwLm5sX2lucG9ydD1zaW4uc2luX3BvcnQ7DQogIG5h dGxvb2t1cC5ubF9vdXRwb3J0PXJzaW4uc2luX3BvcnQ7DQogIG5hdGxvb2t1 cC5ubF9pbmlwPXNpbi5zaW5fYWRkcjsNCiAgbmF0bG9va3VwLm5sX291dGlw PXJzaW4uc2luX2FkZHI7DQogIG5hdGxvb2t1cC5ubF9mbGFncyA9IElQTl9U Q1A7DQogIGlmKChuYXRmZD1vcGVuKElQTF9OQVQsT19SRE9OTFkpKTwwKSB7 DQogICAgc3lzbG9nKExMRVYsICJvcGVuIC9kZXYvaWZfaXBsIGZhaWxlZDog JW1cbiIpOw0KICAgIHJldHVybihOVUxMKTsNCiAgfQ0KICBpZihpb2N0bChu YXRmZCxTSU9DR05BVEwsJm5hdGxvb2t1cCk9PSgtMSkpIHsNCiNpZmRlZiBE RUJVRw0KICAgIHN5c2xvZyhMTEVWLCAiU0lPQ0dOQVRMIGZhaWxlZDogJW1c biIpOw0KI2VuZGlmDQogICAgcmV0dXJuKE5VTEwpOw0KICB9DQogIGNsb3Nl KG5hdGZkKTsNCiAgcmVhbGFkZHIuc2luX2xlbj0xNjsNCiAgcmVhbGFkZHIu c2luX2ZhbWlseT1BRl9JTkVUOw0KICByZWFsYWRkci5zaW5fYWRkcj1uYXRs b29rdXAubmxfcmVhbGlwOw0KICByZWFsYWRkci5zaW5fcG9ydD1uYXRsb29r dXAubmxfcmVhbHBvcnQ7ICANCiAgaWYocHRyKSAqcHRyPW50b2hzKG5hdGxv b2t1cC5ubF9yZWFscG9ydCk7DQojaWZkZWYgREVCVUcNCiAgc3lzbG9nKExM RVYsIkRFQlVHOiBnb3QgZGVzdGluYXRpb24gJXM6JWkiLCBpbmV0X250b2Eo bmF0bG9va3VwLm5sX3JlYWxpcCksIG50b2hzKG5hdGxvb2t1cC5ubF9yZWFs cG9ydCkgKTsNCiNlbmRpZg0KICBpZihpZndpdGhpcGFkZHIoJnJlYWxhZGRy KSkgew0KI2lmZGVmIERFQlVHDQoJc3lzbG9nKExMRVYsIkRFQlVHOiBkZXN0 aW5hdGlvbiBpcyBsb2NhbCIpOw0KI2VuZGlmDQogIAlyZXR1cm4oTlVMTCk7 DQogIH0gCSAgIA0KICBzcHJpbnRmKGJ1ZiwiJXMiLGluZXRfbnRvYShuYXRs b29rdXAubmxfcmVhbGlwKSk7DQogIHJldHVybihidWYpOw0KI2VuZGlmDQoN CiNpZiBkZWZpbmVkKFNPTEFSSVMpIC8qIGZvciBTb2xhcmlzICovDQogIC8q IFRoZSBiYXNpcyBmb3IgdGhpcyBibG9jayBvZiBjb2RlIGlzIERhcnJlbiBS ZWVkJ3MNCiAgICogcGF0Y2hlcyB0byB0aGUgVElTIGZ0d2sncyBmdHAtZ3cu DQogICAqIG1vZGlmaWVkIGZvciBTb2xhcmlzIGZyb20gTWljaGFlbCBLdXR6 bmVyLCBNaWNoYWVsLkt1dHpuZXJAcGFkZXJsaW54LmRlDQogICAqLw0KICBt ZW1zZXQoKGNoYXIqKSZzaW4sICAwLCBzaXplb2Yoc2luKSk7DQogIG1lbXNl dCgoY2hhciopJnJzaW4sIDAsIHNpemVvZihyc2luKSk7DQoNCiAgaWYoZ2V0 c29ja25hbWUoZmQsKHN0cnVjdCBzb2NrYWRkciopJnNpbiwmc2wpPDApIHsN CiAgICByZXR1cm4gTlVMTDsNCiAgfQ0KICBzbD1zaXplb2YocnNpbik7DQog IGlmKGdldHBlZXJuYW1lKGZkLChzdHJ1Y3Qgc29ja2FkZHIqKSZyc2luLCZz bCk8MCkgew0KICAgIHJldHVybiBOVUxMOw0KICB9DQogIG5hdGxvb2t1cC5u bF9pbnBvcnQ9c2luLnNpbl9wb3J0Ow0KICBuYXRsb29rdXAubmxfb3V0cG9y dD1yc2luLnNpbl9wb3J0Ow0KICBuYXRsb29rdXAubmxfaW5pcD1zaW4uc2lu X2FkZHI7DQogIG5hdGxvb2t1cC5ubF9vdXRpcD1yc2luLnNpbl9hZGRyOw0K ICBuYXRsb29rdXAubmxfZmxhZ3MgPSBJUE5fVENQOw0KICBpZiggKG5hdGZk PW9wZW4oIi9kZXYvaXBsIixPX1JET05MWSkpIDwgMCkgew0KICAgIHJldHVy bihOVUxMKTsNCiAgfQ0KICBpZihpb2N0bChuYXRmZCwgU0lPQ0dOQVRMLCAm bmF0bG9va3VwKSA9PSAtMSkgew0KICAgIHJldHVybihOVUxMKTsNCiAgfQ0K ICBjbG9zZShuYXRmZCk7DQogIGlmKHB0cikgKnB0cj1udG9ocyhuYXRsb29r dXAubmxfcmVhbHBvcnQpOw0KICBzcHJpbnRmKGJ1ZiwiJXMiLGluZXRfbnRv YShuYXRsb29rdXAubmxfcmVhbGlwKSk7DQogIHJldHVybihidWYpOw0KI2Vu ZGlmDQogIA0KICAvKiBObyB0cmFuc3BhcmVudCBwcm94eSBzdXBwb3J0ICov DQogIHJldHVybihOVUxMKTsNCn0NCiNlbmRpZiAvKiBVU0VfSVBfRklMVEVS ICovDQo= --0-405596548-910528015=:26638-- From owner-fwtk-users Mon Nov 9 10:08:47 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA08446 for fwtk-users-outgoing; Mon, 9 Nov 1998 09:49:47 -0500 (EST) Date: 6 Nov 1998 18:43:55 +0100 Message-ID: <19981106174355.25788.qmail@brandenburg-gmbh.de> From: Dirk Alboth To: andrewf@technologist.com CC: fwtk-users@ex.tis.com In-reply-to: <199811061616.LAA01015@pop02.globecomm.net> (message from Andrew Feigenson on Fri, 6 Nov 1998 11:14:59 -0500) Subject: Re: IP filtering Reply-to: alboth@brandenburg-gmbh.de Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > Is forwarding just as secure as masquerading? I ask because I have > to assume it was set up this way for a reason. I am interested in > getting more detailed logs on the server side but I can't have it be > at the expense of security. If so, how would the statement below be > modified to forward? It depends upon from which side you are looking at masquerading. Basically masquerading _is_ forwarding with a modification of the source part of the IP packet (source IP and port). Now, if you do masquerading for outgoing packets (= packets of connections originating from your secured network) then masquerading is quite secure (provided some further conditions are met). In particular if you have private IP addresses in your secure network. (Of course all well-known aspects of the configuration of packet filters apply here, too.) But if you look at masquerading incoming packets there is the main draw back that all packets arriving at the internal host seem to originate from the packet filter. (Note that this is just the behavior you intend for outgoing connections.) So you cannot treat them distinctly whether they come from the untrusted network or from the trusted one. Plus logging will become harder. IMO masquerading incoming connections is a lot less secure than just forwarding them. Dirk PS: The aspects of having an internal host as web server for the outside have been discussed here only some weeks ago. So we need not repeat that. From owner-fwtk-users Mon Nov 9 10:08:47 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA08454 for fwtk-users-outgoing; Mon, 9 Nov 1998 09:49:49 -0500 (EST) Date: 9 Nov 1998 09:50:37 +0100 Message-ID: <19981109085037.27007.qmail@brandenburg-gmbh.de> From: Dirk Alboth To: Aaron@compedge.co.nz CC: fwtk-users@tis.com In-reply-to: <501937796866D211B5E00080C86AFA4F012296@cel-ex1.compedge.co.nz> (message from Aaron Knauf on Sat, 7 Nov 1998 17:50:18 +1300) Subject: Re: FW: FW: IP filtering Reply-to: alboth@brandenburg-gmbh.de Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > -----Original Message----- > From: Aaron Knauf > Sent: Saturday, 7 November 1998 17:50 > > > -----Original Message----- > > From: David Lang [mailto:dlang@diginsite.com] > > Sent: Saturday, 7 November 1998 15:03 > > > > masquerading does add some security in that connections cannot be > > established from the outside to the inside. Even if they do figure > > out the topology of your network, they cannot get to it. > > Ah, except the ones you're letting into your internal > mail/web/whatever servers. At which point you're back to > forwarding, no? How does forwarding, with appropriate filter rules > and statefull inspection (like ipfwadm does) differ from > masquerading from a _security_ viewpoint? I'm not sure whether we all are talking about the same kind of masquerading. The original poster asked about masquerading outside to inside addresses. At least David seems to be talking about masquerading inside to outside addresses. About the latter kind of masquerading: IMO masquerading does add security: There is no obvious way to route arbitrary packets from the outside to the protected network. This assumes, of course, that you masquerade all connections and deny any forwarding of outside packets to the inside. In this situation the only packets that (if everything works as supposed, of course) are allowed to traverse the filter outside in are packets belonging to an existing connection that originated from an internal host. A nice thing with Linux/ipfw is that you may also define input rules depending on the network interface a packet arrived at. So simply deny all packets that arrive via the "outside network card claiming they were coming from an internal host (ie. packets with faked source addresses) and setup forwarding/masquerading as before. One certainly should also disable source routing and defragment packets at the filter. This setup assumes that you don't need any service outside in, not even mail. Now what you can do is to run proxies/relays for certain services on the filter itself, if those are available. If you need mail, you could run qmail on the filter that simply forwards all mail to your internal mailer. So if mail is the only protocol you need outside in you arrive at a rather secure setup, as I see it. With other services it will be harder. If one needs these I can't see any available solution as to install a protocol level firewall. Of course, there is one point that is lacking in the above discussion: to prevent your filter to be compromised itself. But this another topic and not related to forwarding/masquerading. Dirk From owner-fwtk-users Mon Nov 9 10:13:47 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA08542 for fwtk-users-outgoing; Mon, 9 Nov 1998 10:11:46 -0500 (EST) Date: 9 Nov 1998 10:15:00 +0100 Message-ID: <19981109091500.27143.qmail@brandenburg-gmbh.de> From: Dirk Alboth To: andrewf@technologist.com CC: fwtk-users@ex.tis.com In-reply-to: <199811061807.NAA19683@pop02.globecomm.net> (message from Andrew Feigenson on Fri, 6 Nov 1998 13:05:16 -0500) Subject: Re: IP filtering Reply-to: alboth@brandenburg-gmbh.de Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > > On 11/6/98 2:58 AM, Dirk Alboth was rumored to have said: > > > > >> for example, I've got this command in a startup script: > > >> > > >> ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 > > The m switch is the one that switches on masquerading. man ipfwadm > will give you the exact syntax. ;-> Seems like the "-a m" option is no longer documented in the manpage (but rather in the sources...) it is equivalent to "-a accept -m" Dirk From owner-fwtk-users Mon Nov 9 10:14:35 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA08550 for fwtk-users-outgoing; Mon, 9 Nov 1998 10:12:45 -0500 (EST) Date: Mon, 9 Nov 1998 13:37:09 +0100 (CET) From: Peter RATKAI To: fwtk-users@ex.tis.com Subject: plug-gw Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi FWTK users! I'd like to plug incoming mail connections with FWTK plug-gw, but I got the following in syslog: Nov 9 14:05:29 gateway plug-gw[31262]: connect host=goliat.eik.bme.hu/152.66.250.2 destination=mail.quaestor.hu/25 Nov 9 14:08:54 gateway plug-gw[31262]: disconnect host=goliat.eik.bme.hu/152.66.250.2 destination=mail.quaestor.hu/25 in=527 out=420 duration=205 Which I think is ok. but the mailer daemon send the messages back to sender: "... loop detection: maximum hop count exceeded" my netperm table is: smap, smapd: userid 6 smap, smapd: directory /var/spool/smap smapd: executable /usr/local/etc/smapd smapd: sendmail /usr/sbin/smail smap: timeout 3600 netacl-smtp-gw: permit-hosts * smtp-gw: port smtp-gw * -plug-to mail.quaestor.hu -port 25 pop-gw: port pop-gw * -plug-to mail.quaestor.hu -port 110 /etc/services: smtp-gw 25/tcp # FWTK smtp-gw pop-gw 110/tcp # FWTK pop-gw inetd.conf: pop-gw stream tcp nowait root /usr/local/etc/plug-gw pop-gw smtp-gw stream tcp nowait root /usr/local/etc/plug-gw smtp-gw If anyone knows this problem, please help. Thanks in advance... -- Peter RATKAI Windows is Shutting down... -- From owner-fwtk-users Tue Nov 10 06:22:56 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA12776 for fwtk-users-outgoing; Tue, 10 Nov 1998 06:15:57 -0500 (EST) From: ark@eltex.ru Date: Tue, 10 Nov 1998 14:37:52 +0300 Message-Id: <199811101137.OAA00688@paranoid.eltex.spb.ru> In-Reply-To: <199811061924.OAA06584@jekyll.piermont.com> from ""Perry E. Metzger" " Organization: "Klingon Imperial Intelligence Service" Subject: Re: FWTK version 2 and smap directories ... To: perry@piermont.com Cc: louis@kerna.ie, rmurphy@itm-inst.com, fwtk-users@ex.tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Why not let us have a look ;)? "Perry E. Metzger" said : > > Hi, > > > Is anyone else seeing dangling xma files? > > Yes, I get them on a Digital Unix 4.0a box running FWTK 2.1. > > Mails coming from remote servers and from local mail clients often end > > up "dangling". The messages do actually get delivered (so presumably the > > files are copied to sma files), but the xma files stay put. > > There are lots of bugs in the way smap deals with files when it dies > unexpectedly. I have some extensive patches for this.... > > Perry > _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkglj6H/mIJW9LeBAQF0cAP8D+97BPwJosajUnqX6+l8C2bmn8JdBtWH Y+1F9hcz1jHz57rKz0ZyYiAM8sAqt1+1r3HGPzwfu0AKGFECYT5Mw0YhdjkGY6+4 aexWCBguy36EBCm97r/PaXBMIxs41ED1HYu5NgrCCjbA8B5JevAOlIGcmvjl9thI 1BELiKyMbeI= =dxgt -----END PGP SIGNATURE----- From owner-fwtk-users Tue Nov 10 08:16:01 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA13097 for fwtk-users-outgoing; Tue, 10 Nov 1998 08:12:01 -0500 (EST) From: ark@eltex.ru Date: Tue, 10 Nov 1998 16:36:46 +0300 Message-Id: <199811101336.QAA01022@paranoid.eltex.spb.ru> In-Reply-To: from "David B Swann " Organization: "Klingon Imperial Intelligence Service" Subject: Re: Transparency with FreeBSD To: swann@nosc.mil Cc: ark@eltex.ru, rmurphy@itm-inst.com, fwtk-users@ex.tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, David B Swann said : > I downloade FWTK 2.1 and IP Filter 3.2.9. IP Filter appears to have > installed with NO problem. I downloaded the transparency patches and they > modified the source code with NO problem. The file hnam.c in the lib > directory would no build. > > There were several problems with FreeBSD. First, the patched hnam.c > required ip_nat.h. This library was not installed as part of the IP > Filter install. I copied the ip_nat.h file to /usr/local. Next, the > data types used in ip_nat.h were not supported by FreeBSD. Darren > Reed told me to also install the ip_compat.h header from IP Filter > into the include directory and add it to the include list in hnam.c. > > I also had to add the fcntl.h, ioctl.h, and ip_fil.h to the include list > in hnam.c. Finally, hnam.c compiles!!! Sure, it was mandatory. > > My happiness was short lived. The NEW proxies do not work correctly. > Transparency does not work and , although I can connect to the proxy > directly, it does not allow me to connect to the final destination :( > > Can anyone list their working transparency hnam.c file for FreeBSD? Are your RDR ipnat rules ok? _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkhBbaH/mIJW9LeBAQHqIQP/XGz6fyjjL03cCsN6fuq9m76XJ3rX8Wsr mx4EVQjQsBQw2Li6k63iqcYn/459gG6EQyn095zWYvqJsmZVGvq/oljEWgvIcDVp x3kzQyzQddmtEqGHfAB3wsEm06bqcGIywOU0XQPW4KOIQIIbuRQie1YMaSVLuLAf qdc/VAzFlkE= =Y0sN -----END PGP SIGNATURE----- From owner-fwtk-users Tue Nov 10 08:58:05 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA13540 for fwtk-users-outgoing; Tue, 10 Nov 1998 08:56:59 -0500 (EST) Date: Tue, 10 Nov 1998 09:11:00 -0500 (EST) From: David B Swann To: ark@eltex.ru cc: fwtk-users@ex.tis.com Subject: Re: Transparency with FreeBSD In-Reply-To: <199811101336.QAA01022@paranoid.eltex.spb.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I added comments below. On Tue, 10 Nov 1998 ark@eltex.ru wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > nuqneH, > > David B Swann said : > > > I downloade FWTK 2.1 and IP Filter 3.2.9. IP Filter appears to have > > installed with NO problem. I downloaded the transparency patches and they > > modified the source code with NO problem. The file hnam.c in the lib > > directory would no build. > > > > There were several problems with FreeBSD. First, the patched hnam.c > > required ip_nat.h. This library was not installed as part of the IP > > Filter install. I copied the ip_nat.h file to /usr/local. Next, the > > data types used in ip_nat.h were not supported by FreeBSD. Darren > > Reed told me to also install the ip_compat.h header from IP Filter > > into the include directory and add it to the include list in hnam.c. > > > > I also had to add the fcntl.h, ioctl.h, and ip_fil.h to the include list > > in hnam.c. Finally, hnam.c compiles!!! > > Sure, it was mandatory. > > > > > My happiness was short lived. The NEW proxies do not work correctly. > > Transparency does not work and , although I can connect to the proxy > > directly, it does not allow me to connect to the final destination :( > > > > Can anyone list their working transparency hnam.c file for FreeBSD? > > Are your RDR ipnat rules ok? Ahh...what ipnat rules? All I did was to install the IP Filter into the kernel and compile the NEW proxies and install them. There was no mention of additional configuration for transparency. Can you give me a clue? The system are in a lab environment, but I do want to set them up correctly. I have a single Class C behind the firewall. BTW, I was expecting to get some type of logged error message if something was not configured correctly, but I don't get anything except "permit" messages from the NEW proxies. Thanks for any help. _ _ _ _ _ _ _ > {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ > (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| > [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQCVAwUBNkhBbaH/mIJW9LeBAQHqIQP/XGz6fyjjL03cCsN6fuq9m76XJ3rX8Wsr > mx4EVQjQsBQw2Li6k63iqcYn/459gG6EQyn095zWYvqJsmZVGvq/oljEWgvIcDVp > x3kzQyzQddmtEqGHfAB3wsEm06bqcGIywOU0XQPW4KOIQIIbuRQie1YMaSVLuLAf > qdc/VAzFlkE= > =Y0sN > -----END PGP SIGNATURE----- > From owner-fwtk-users Tue Nov 10 09:04:33 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA13592 for fwtk-users-outgoing; Tue, 10 Nov 1998 09:03:54 -0500 (EST) From: ark@eltex.ru Date: Tue, 10 Nov 1998 17:28:37 +0300 Message-Id: <199811101428.RAA01158@paranoid.eltex.spb.ru> In-Reply-To: from "David B Swann " Organization: "Klingon Imperial Intelligence Service" Subject: Re: Transparency with FreeBSD To: swann@nosc.mil Cc: ark@eltex.ru, fwtk-users@ex.tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Heh. That's simple. How transparency works: 1) You _redirect_ outgoing tcp connections to a local port on firewall using RDR rules (man ipnat) 2) a proxy that runs on that port performs RDR table lookup via ipfilter api (trasparency patch adds this functionality), gets "real" destination and then does standard proxy functions. David B Swann said : > > Are your RDR ipnat rules ok? > > Ahh...what ipnat rules? > > All I did was to install the IP Filter into the kernel and compile the NEW > proxies and install them. There was no mention of additional > configuration for transparency. Can you give me a clue? > > The system are in a lab environment, but I do want to set them up > correctly. I have a single Class C behind the firewall. > > BTW, I was expecting to get some type of logged error message if something > was not configured correctly, but I don't get anything except "permit" > messages from the NEW proxies. > > Thanks for any help. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkhNk6H/mIJW9LeBAQEYrAQAs7+M5+c8V3SFumoB+vGWGjo4SypSJ+1C hmFzOQ6e/7GSpdSgQZDHc5KDEjwG0shI8mIifjmYuGGrecbG9zVZ2MHmyBT4QwdT MJ+AjBdL6o3eWCGJ9m+BGqiWOqOuReSr1ajJHqEI26iHmW/wjZ5SfLJMa+OLTiBH m41Qe0xq36Y= =DCI0 -----END PGP SIGNATURE----- From owner-fwtk-users Tue Nov 10 11:52:21 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA14340 for fwtk-users-outgoing; Tue, 10 Nov 1998 11:41:55 -0500 (EST) Message-Id: <3.0.5.32.19981110080410.00aa8660@guardian.hartwellcorp.com> X-Sender: rowl@guardian.hartwellcorp.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Tue, 10 Nov 1998 08:04:10 -0800 To: fwtk-users@ex.tis.com From: "Michael St. Laurent" Subject: Testing the mail relay deny patches Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I've applied the anti-relay patches to FWTK 2.1 that are mentioned in the FAQ and changed the configuration files accordingly. Could someone give me a pointer on how I could test it to make sure I've got it working? I'd rather not wait until someone complains that our domain is a major source of spam to find out I screwed it up! -------------------- Michael St. Laurent Hartwell Corporation "The software said to use with Windows95 or better, so I installed Linux." From owner-fwtk-users Tue Nov 10 12:26:55 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA14515 for fwtk-users-outgoing; Tue, 10 Nov 1998 12:25:55 -0500 (EST) Message-Id: <3.0.5.32.19981110094724.00e54210@207.194.87.254> X-Sender: devin@207.194.87.254 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 10 Nov 1998 09:47:24 -0800 To: "Michael St. Laurent" , fwtk-users@ex.tis.com From: Devin Redlich Subject: Re: Testing the mail relay deny patches In-Reply-To: <3.0.5.32.19981110080410.00aa8660@guardian.hartwellcorp.com > Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 08:04 AM 11/10/98 -0800, Michael St. Laurent wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >I've applied the anti-relay patches to FWTK 2.1 that are mentioned in the >FAQ and changed the configuration files accordingly. Could someone give me >a pointer on how I could test it to make sure I've got it working? I'd >rather not wait until someone complains that our domain is a major source >of spam to find out I screwed it up! You could try the test utility that Vixie has online: http://maps.vix.com/tsi/ar-test.html __ Devin Redlich devin@pctc.com From owner-fwtk-users Tue Nov 10 12:41:15 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA14592 for fwtk-users-outgoing; Tue, 10 Nov 1998 12:40:42 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: "Michael St. Laurent" cc: fwtk-users@ex.tis.com Message-ID: <852566B8.0062B4E1.00@ttcmta1-7.ttc.com> Date: Tue, 10 Nov 1998 12:59:17 -0500 Subject: Re: Testing the mail relay deny patches Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I've applied the anti-relay patches to FWTK 2.1 that are mentioned in the > FAQ and changed the configuration files accordingly. Could someone give me > a pointer on how I could test it to make sure I've got it working? Run Anti-Relay Test: http://maps.vix.com/tsi/ar-test.html --Keith Young -youngk@ttc.com From owner-fwtk-users Tue Nov 10 14:39:23 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA15142 for fwtk-users-outgoing; Tue, 10 Nov 1998 14:37:00 -0500 (EST) Message-ID: <19981110195536.25238.qmail@hotmail.com> X-Originating-IP: [204.117.176.168] From: "Chique XXXXX" To: Gonzalo.Diethelm@jda.cl, perry@piermont.com Cc: fwtk-users@tis.com Subject: FWTK logging.................. MIME-Version: 1.0 Content-Type: text/plain Date: Tue, 10 Nov 1998 11:55:35 PST Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] By any chance ...could any one say where FWTK logs for eg. Internet requests,web sites visited,time spent online etc..... Chique ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Tue Nov 10 15:25:36 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA15281 for fwtk-users-outgoing; Tue, 10 Nov 1998 15:24:25 -0500 (EST) Message-Id: <199811102044.PAA15301@fw1.osis.gov> From: Joseph S D Yao Subject: Re: Testing the mail relay deny patches To: rowl@earthlink.net (Michael St. Laurent) Date: Tue, 10 Nov 1998 15:45:18 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: <3.0.5.32.19981110080410.00aa8660@guardian.hartwellcorp.com> from "Michael St. Laurent" at Nov 10, 98 08:04:10 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I've applied the anti-relay patches to FWTK 2.1 that are mentioned in the > FAQ and changed the configuration files accordingly. Could someone give me > a pointer on how I could test it to make sure I've got it working? I'd > rather not wait until someone complains that our domain is a major source > of spam to find out I screwed it up! manual anti-relay test: from OUTSIDE your network: telnet bastion.host.your.domain smtp helo the.host.from.which.you're.telnetting mail from: anybody@outside.your.domain rcpt to: anybody-else@other.outside.your.domain See if you get an error message! If not, add: data random message . [^ NOTE THE PERIOD BY ITSELF] See if you get an error message! End with a: quit -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Tue Nov 10 15:46:14 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA15383 for fwtk-users-outgoing; Tue, 10 Nov 1998 15:44:01 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: "Chique XXXXX" cc: fwtk-users@tis.com Message-ID: <852566B8.007338EC.00@ttcmta1-7.ttc.com> Date: Tue, 10 Nov 1998 16:01:59 -0500 Subject: Re: FWTK logging.................. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] It is logged to syslog using the settings from your "firewall.h" file: ================= /* Choose a system logging level for the firewall toolkit. All components of the toolkit will use this value for logging entries. */ #ifndef LLEV #define LLEV LOG_NOTICE #endif /* Choose a system logging facility for the firewall toolkit. */ #ifndef LFAC #define LFAC LOG_DAEMON #endif ================== If you want, configure your syslog to separate the log entries into different log files for each proxy. Help on this is in the FAQ: http://www.erols.com/avenger/running.html#5.8.1 and http://www.erols.com/avenger/running.html#5.8.2 --Keith -youngk@ttc.com "Chique XXXXX" on 11/10/98 02:55:35 PM To: Gonzalo.Diethelm@jda.cl, perry@piermont.com cc: fwtk-users@tis.com Subject: FWTK logging.................. [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] By any chance ...could any one say where FWTK logs for eg. Internet requests,web sites visited,time spent online etc..... Chique ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Tue Nov 10 16:04:05 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA15506 for fwtk-users-outgoing; Tue, 10 Nov 1998 16:03:09 -0500 (EST) Message-ID: <3648AEAF.2993F70F@aeronix.com> Date: Tue, 10 Nov 1998 16:22:55 -0500 From: Ron Heise Organization: Aeronix, Inc. X-Mailer: Mozilla 4.5 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "Michael St. Laurent" CC: fwtk-users@ex.tis.com Subject: Re: Testing the mail relay deny patches References: <3.0.5.32.19981110080410.00aa8660@guardian.hartwellcorp.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Try this: http://www.ciac.org/ciac/ToolsTestEmail.html#test -Ron "Michael St. Laurent" wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > I've applied the anti-relay patches to FWTK 2.1 that are mentioned in the > FAQ and changed the configuration files accordingly. Could someone give me > a pointer on how I could test it to make sure I've got it working? I'd > rather not wait until someone complains that our domain is a major source > of spam to find out I screwed it up! > > -------------------- > Michael St. Laurent > Hartwell Corporation > > "The software said to use with Windows95 or better, > so I installed Linux." From owner-fwtk-users Tue Nov 10 16:42:58 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA15622 for fwtk-users-outgoing; Tue, 10 Nov 1998 16:41:38 -0500 (EST) Message-ID: From: "Adams, John" To: "'Michael St. Laurent'" , fwtk-users@ex.tis.com Subject: RE: Testing the mail relay deny patches Date: Tue, 10 Nov 1998 16:01:42 -0600 X-Priority: 3 X-Mailer: Internet Mail Service (5.0.1458.49) Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] http://maps.vix.com Paul Vixie's MAPS (Mail Abuse Prevention Something-or-other) has a "test" page. Used it myself when I upgraded from Sendmail 8.6 to 8.9.1. -----Original Message----- From: Michael St. Laurent [mailto:rowl@earthlink.net] Sent: Tuesday, November 10, 1998 10:04 AM To: fwtk-users@ex.tis.com Subject: Testing the mail relay deny patches [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I've applied the anti-relay patches to FWTK 2.1 that are mentioned in the FAQ and changed the configuration files accordingly. Could someone give me a pointer on how I could test it to make sure I've got it working? I'd rather not wait until someone complains that our domain is a major source of spam to find out I screwed it up! -------------------- Michael St. Laurent Hartwell Corporation "The software said to use with Windows95 or better, so I installed Linux." From owner-fwtk-users Wed Nov 11 01:03:06 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id AAA16892 for fwtk-users-outgoing; Wed, 11 Nov 1998 00:57:03 -0500 (EST) Message-ID: <36492B37.A651EBD1@jps.net> Date: Tue, 10 Nov 1998 22:14:15 -0800 From: bob phung X-Mailer: Mozilla 4.5 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: fwtk-users@ex.tis.com Subject: plug-gw and userid Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello I am running plug-gw to proxy my ssh server. My question is that How do I find out that my plug-gw is running with userid 2011. I start my plug-gw for ssh from a script in /etc/rc2.d. /usr/local/etc/plug-gw -daemon 22 In my netperm-table, I have the following. plug-gw: userid 2011 plug-gw: port 22 * -plug-to 192.168.1.1 -port 22 The above configuration works fine. But the plug-gw process is owned by root which is exactly what I try to avoid. From the man page for plug-gw, It specifies that plug-gw can be run through a different user. Am I missing something? How does it work? Again, my question is how can I run plug-gw through a non-root user? Or how can I find out whether plug-gw is running through a different(non-root) user? Thanks in advance. Bob From owner-fwtk-users Wed Nov 11 10:38:41 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA18688 for fwtk-users-outgoing; Wed, 11 Nov 1998 10:30:04 -0500 (EST) Message-ID: <19981111154844.4535.qmail@hotmail.com> X-Originating-IP: [204.117.176.172] From: "Chique XXXXX" To: tessielle@hotmail.com, youngk@ttc.com Cc: fwtk-users@tis.com Subject: Re: FWTK logging.................. MIME-Version: 1.0 Content-Type: text/plain Date: Wed, 11 Nov 1998 07:48:43 PST Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I have a RH5.0 machine with TIS FWTK configured on it but I'm having several problems. 1) I can't ping myself on the machin itself....none of the two network cards. 2) Using this machine as a proxy server, my machines on the LAN can see only as far as the ISP's web server which is on the inside of their firewall but nothing on the internet. Help Chique ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Wed Nov 11 11:25:22 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA18930 for fwtk-users-outgoing; Wed, 11 Nov 1998 11:23:01 -0500 (EST) Date: Wed, 11 Nov 1998 11:23:01 -0500 (EST) From: owner-fwtk-users@ex.tis.com Message-Id: <199811111623.LAA18930@portal.ex.tis.com> [192.94.214.100]) by portal.ex.tis.com (8.9.1/8.9.1) with ESMTP id LAA18865 for ; Wed, 11 Nov 1998 11:06:59 -0500 (EST) (EST) (EST) farley.cisco.com (8.8.5-Cisco.1/8.6.5) with ESMTP id IAA03775; Wed, 11 Nov 1998 08:25:20 -0800 (PST) kiwi.cisco.com (8.8.5-Cisco.1/CISCO.WS.1.2) with SMTP id IAA09475; Wed, 11 Nov 1998 08:25:13 -0800 (PST) Message-Id: <4.0.2.19981111173215.00ff3980@flipper.cisco.com> X-Sender: fred@flipper.cisco.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2 Date: Wed, 11 Nov 1998 16:33:15 +0000 To: brianr@crudites.com From: Fred Baker Subject: Re: Off-topic postings Cc: poised@tis.com, scoya@ietf.org, peterd@bunyip.com In-Reply-To: <18294357800692@crucible.com> References: <4.0.2.19981110052931.032ebea0@flipper.cisco.com> <4.0.2.19981022125049.0104fdf0@flipper.cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@portal.ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 10:38 AM 11/10/98 +00-07, Brian Raney wrote: >ietf-moderation@alvestrand.no where >several suggestions of this type have been made? Peterd@bunyip.com is >supposedly collecting them into some sort of framework. I have tried to subscribe to that twice, and have yet to receive a mailgram from it. I think I'll wait to be included in the discussion before I contribute to it. From owner-fwtk-users Wed Nov 11 13:05:59 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA19212 for fwtk-users-outgoing; Wed, 11 Nov 1998 12:54:06 -0500 (EST) Date: Wed, 11 Nov 1998 14:36:44 -0300 (SAT) From: Adrian Grebin To: fwtk-users@ex.tis.com Subject: http-gw error Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi you all... I've just added an ip to my netperm-table to allow a machine (on a remote private network) the use of my proxy... Something that usualy does not make me more problems than adding its ip number to /etc/hosts and adding it to netperm-table... But this time i can see him connecting, being allowed to use, opening connection to remote web site.. but all the pages returns to him empty... Looking in the logs, http-gw reports the following error: Network error: net_flags[4] set (read) Does any of you knows what the hell does it means? Thanks in advance. ./++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\. +----------------------------------------------------------------------------+ | Adrian Grebin (NixE S.R.L.) -SysAdmin- | | grebin@nixe.com | +----------------------------------------------------------------------------+ From owner-fwtk-users Wed Nov 11 14:38:17 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA19632 for fwtk-users-outgoing; Wed, 11 Nov 1998 14:35:34 -0500 (EST) Date: Wed, 11 Nov 1998 14:49:28 -0500 (EST) From: David B Swann Reply-To: David B Swann To: ark@eltex.ru cc: fwtk-users@ex.tis.com Subject: Re: Transparency with FreeBSD In-Reply-To: <199811101428.RAA01158@paranoid.eltex.spb.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I'm having trouble getting the ipnat rules right. The man pages are not very helpful either. I don't care to have any network translating going on, but it does not matter. My internal network is 10.1.3.0/24 interface vx1, my firewall's outside address is 10.1.2.0/24 vx0. I have the following rule: rdr vx1 0/0 port 23 -> 127.0.0.1 port 23 When I first telnet to the firewall, I am getting the tn-gw> prompt. When I try to go to the next system, I am getting an error in its logs saying ttloop: pier died: incomplete or Invalid multibyte or wide character. On the client telnet box I simplt get the Connect message and nothing else. When I try to use transparency, and telnet directly to the outside server I get the tn-gw> prompt. I can send you the ipnat -ls output, but I'm not sure how to interpret it just yet. Is my rule invalid or wrong? Are there additional logs to get more answers? I see nothing but permits in the message log. Thanks. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Tue, 10 Nov 1998 ark@eltex.ru wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > -----BEGIN PGP SIGNED MESSAGE----- > > nuqneH, > > Heh. That's simple. > How transparency works: > 1) You _redirect_ outgoing tcp connections to a local port on firewall using > RDR rules (man ipnat) > 2) a proxy that runs on that port performs RDR table lookup via ipfilter > api (trasparency patch adds this functionality), gets "real" destination > and then does standard proxy functions. > > David B Swann said : > > > > Are your RDR ipnat rules ok? > > > > Ahh...what ipnat rules? > > > > All I did was to install the IP Filter into the kernel and compile the NEW > > proxies and install them. There was no mention of additional > > configuration for transparency. Can you give me a clue? > > > > The system are in a lab environment, but I do want to set them up > > correctly. I have a single Class C behind the firewall. > > > > BTW, I was expecting to get some type of logged error message if something > > was not configured correctly, but I don't get anything except "permit" > > messages from the NEW proxies. > > > > Thanks for any help. > > > _ _ _ _ _ _ _ > {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ > (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| > [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQCVAwUBNkhNk6H/mIJW9LeBAQEYrAQAs7+M5+c8V3SFumoB+vGWGjo4SypSJ+1C > hmFzOQ6e/7GSpdSgQZDHc5KDEjwG0shI8mIifjmYuGGrecbG9zVZ2MHmyBT4QwdT > MJ+AjBdL6o3eWCGJ9m+BGqiWOqOuReSr1ajJHqEI26iHmW/wjZ5SfLJMa+OLTiBH > m41Qe0xq36Y= > =DCI0 > -----END PGP SIGNATURE----- > From owner-fwtk-users Wed Nov 11 15:31:45 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA19766 for fwtk-users-outgoing; Wed, 11 Nov 1998 15:29:38 -0500 (EST) To: fwtk-users@ex.tis.com Path: not-for-mail From: howard@wdsec.com Newsgroups: local.mailinglist.fwtk Subject: Re: FWTK logging.................. Date: Wed, 11 Nov 98 15:48:04 EDT Organization: W&D Securities Lines: 11 Message-Id: References: <19981111154844.4535.qmail@hotmail.com> Nntp-Posting-Host: howardnt.wdsec.com Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Newsreader: NEWTNews & Chameleon -- TCP/IP for MS Windows from NetManage Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] In Article<19981111154844.4535.qmail@hotmail.com>, writes: > I have a RH5.0 machine with TIS FWTK configured on it but I'm having > several problems. > 1) I can't ping myself on the machin itself....none of the two network > cards. This has nothing to do with FWTK. There is something wrong with your OS/Network setup From owner-fwtk-users Wed Nov 11 18:55:01 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA20516 for fwtk-users-outgoing; Wed, 11 Nov 1998 18:50:14 -0500 (EST) Date: Wed, 11 Nov 1998 16:03:46 -0800 From: Mike Batchelor Subject: Authsrv plugin for NES or Apache? To: FWTK Users X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Does anybody know of a plug-in/module for either Netscape Enterprise Server 3.5.x or Apache 1.3.x which will allow the web server to authenticate users against a TIS authsrv? Simple question I think.... :) _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/11/98 16:03:47 From owner-fwtk-users Thu Nov 12 14:42:39 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA24409 for fwtk-users-outgoing; Thu, 12 Nov 1998 14:31:24 -0500 (EST) To: fwtk-users@ex.tis.com Path: not-for-mail From: howard@wdsec.com Newsgroups: local.mailinglist.fwtk Subject: Re: http-gw error Date: Thu, 12 Nov 98 14:50:12 EDT Organization: W&D Securities Lines: 16 Message-Id: References: Nntp-Posting-Host: howardnt.wdsec.com Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Newsreader: NEWTNews & Chameleon -- TCP/IP for MS Windows from NetManage Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] In Article, > Hi you all... I've just added an ip to my netperm-table to allow a > machine (on a remote private network) the use of my proxy... > > Something that usualy does not make me more problems than adding its ip > number to /etc/hosts and adding it to netperm-table... > > But this time i can see him connecting, being allowed to use, opening > connection to remote web site.. but all the pages returns to him empty... > > Looking in the logs, http-gw reports the following error: > Network error: net_flags[4] set (read) Is this only one web site or all web sites? From owner-fwtk-users Thu Nov 12 14:42:39 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA24403 for fwtk-users-outgoing; Thu, 12 Nov 1998 14:31:03 -0500 (EST) Date: Thu, 12 Nov 1998 20:54:45 +0100 (CET) From: Peter RATKAI To: fwtk-users@ex.tis.com Subject: pop-gw problem Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] HI all, I'm stucked! After compiling configuring pop-gw ( em-gw.tar.gz ), everythinkg looks fine but does not accept may password. This one is a free-mail service, I've made an account just for testing. No matter of the pass etc.. bash-2.01$ telnet mailgw.quaestor.hu 2009 Trying 195.228.56.254... Connected to mailgw.quaestor.hu. Escape character is '^]'. +OK <23991.910899646@freemail.c3.hu> ### ok. it's plugged!#### user lapd +OK pass lapd55 -ERR authorization failed #### Why????######### Connection closed by foreign host. You have mail in /var/spool/mail/rpet bash-2.01$ settings: pop-gw: permit-hosts 195.228.56.* pop-gw: server freemail.c3.hu pop-gw 2009/tcp # FWTK pop-gw pop-gw stream tcp nowait root /usr/local/etc/pop-gw pop-gw 2009 FWTK2.1 Debian HAMM 0.35 Does anybody know what's this? The win* klient does the same! Thanks^2... -- Peter RATKAI Windows is Shutting down... -- From owner-fwtk-users Thu Nov 12 21:08:43 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA25758 for fwtk-users-outgoing; Thu, 12 Nov 1998 21:04:27 -0500 (EST) Message-Id: <3.0.5.32.19981112212430.0089c1f0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 12 Nov 1998 21:24:30 -0500 To: Mike Batchelor From: Rick Murphy Subject: Re: Authsrv plugin for NES or Apache? Cc: fwtk-users@ex.tis.com Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] >Does anybody know of a plug-in/module for either Netscape Enterprise Server >3.5.x or Apache 1.3.x which will allow the web server to authenticate users >against a TIS authsrv? > >Simple question I think.... :) No, it's actually pretty hard to do. Especially when challenge-response tokens are in use - you need to get the challenge to the user and accept the response. You've got to maintain a connection between the browser and the authentication plug-in in order to ensure that the authentication is valid. Each time the user clicks ahead or stops loading the page, the browser drops the connection. That means that you've got to re-authenticate all over again. Anything less than this means that you're accepting replayed authentication data. -Rick From owner-fwtk-users Fri Nov 13 06:45:11 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA27188 for fwtk-users-outgoing; Fri, 13 Nov 1998 06:39:27 -0500 (EST) Date: Fri, 13 Nov 1998 08:14:27 -0300 (SAT) From: Adrian Grebin To: howard@wdsec.com Cc: fwtk-users@ex.tis.com Subject: Re: http-gw error In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] El 12 xxx -1 howard@wdsec.com escribio: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > > In Article, > > Hi you all... I've just added an ip to my netperm-table to allow a > > machine (on a remote private network) the use of my proxy... > > > > Something that usualy does not make me more problems than adding its ip > > number to /etc/hosts and adding it to netperm-table... > > > > But this time i can see him connecting, being allowed to use, opening > > connection to remote web site.. but all the pages returns to him empty... > > > > Looking in the logs, http-gw reports the following error: > > Network error: net_flags[4] set (read) > > Is this only one web site or all web sites? > It is variable... random... i know realize that it happends (sometimes) with all the machines on the remote network (wich are linked via sattellite, with MICOM -puaj!- routers...). I have traced the code, but it seems that it can't read (or sometimes write) to the socket... it is not a timeout. It's weird to me, can't explain this. ./++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\. +----------------------------------------------------------------------------+ | Adrian Grebin (NixE S.R.L.) -SysAdmin- | | grebin@nixe.com | +----------------------------------------------------------------------------+ From owner-fwtk-users Fri Nov 13 07:35:57 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id HAA27442 for fwtk-users-outgoing; Fri, 13 Nov 1998 07:33:57 -0500 (EST) From: "Andreas Weigand" To: fwtk-users@ex.tis.com Date: Fri, 13 Nov 1998 13:54:02 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: http-gw and ftp Reply-to: andreas.weigand@vectron.net Message-ID: <8482EA46BE5@entwicklung.vectron.net> Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I've installed TIS FWTK and most of the services are working fine. Now I want to do a ftp-connect to the Internet on a Win based PC with Netscape 4.0. In Netscape-Prefences I set the ftp-proxy to the port of http-gw of the Firewall. The documentation of TIS say's, that http-gw does the translation for any ftp connects. When I want to connect any ftp-server on the Internet I get the Error-Message: FTP Error - 500 500 Illegal PORT Command Can anyone help me ? Why can't I connect to a ftp-server with http-gw ? Thank's for your help. Andreas Weigand andreas.weigand@vectron.net ----------------------------- Vectron Elektronik GmbH Dipl.-Ing. Andreas Weigand Entwicklung Europark Fichtenhain A6 47807 Krefeld Tel.: 02151-83 96 35 Fax.: 02151-83 96 99 E-Mail: Andreas.Weigand@Vectron.Net From owner-fwtk-users Fri Nov 13 07:58:41 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id HAA27536 for fwtk-users-outgoing; Fri, 13 Nov 1998 07:57:15 -0500 (EST) From: ark@eltex.ru Date: Fri, 13 Nov 1998 15:18:32 +0300 Message-Id: <199811131218.PAA13723@paranoid.eltex.spb.ru> In-Reply-To: <3.0.5.32.19981112212430.0089c1f0@fw.itm-inst.com> from "Rick Murphy " Organization: "Klingon Imperial Intelligence Service" Subject: Re: Authsrv plugin for NES or Apache? To: rmurphy@itm-inst.com Cc: mbatchelor@citysearch.com, fwtk-users@ex.tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, How is it implemented in Gauntlet? Rick Murphy said : > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > >Does anybody know of a plug-in/module for either Netscape Enterprise Server > >3.5.x or Apache 1.3.x which will allow the web server to authenticate users > >against a TIS authsrv? > > > >Simple question I think.... :) > > No, it's actually pretty hard to do. Especially when challenge-response > tokens are in use - you need to get the challenge to the user and > accept the response. You've got to maintain a connection between the > browser and the authentication plug-in in order to ensure that the > authentication is valid. Each time the user clicks ahead or stops > loading the page, the browser drops the connection. That means that > you've got to re-authenticate all over again. > Anything less than this means that you're accepting replayed authentication > data. > -Rick > _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkwjk6H/mIJW9LeBAQEaYwQAnd25Y56cmtVoYKaHnqI22b775ejkHvL1 TXP2Daol70Zin434sdLOrnJIZLJZAr36eNx5v/jEmPX7GychuKfCmZEiMWGA1xor HYoKVAf/Af/jJ8rR7tYJBp3VSJmcv6d1ZAPqkebNXTwdPfj4QQUjfXCUK6wa8Uil t6JqUW2wwKs= =qzPG -----END PGP SIGNATURE----- From owner-fwtk-users Fri Nov 13 08:32:49 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA27731 for fwtk-users-outgoing; Fri, 13 Nov 1998 08:32:15 -0500 (EST) Date: Fri, 13 Nov 1998 00:28:55 +0100 (CET) From: Peter RATKAI To: fwtk-users@ex.tis.com Subject: nntp-gw only one news-server?? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi again, I've just compiled nntp-gw, it works fine. BUT, we need to read 4 different news server, and it seems that nntp-gw can handle only one. The Client is Win*, so no authentication can be done, so I could choose a server by username,. Am I right? I hope NMO. Can I use more servers without modifiing the netperm-table? Thanks a lot for everyone.. Cheers.. -- Peter RATKAI Windows is Shutting down... -- ------------- End Forwarded Message ------------- From owner-fwtk-users Fri Nov 13 10:19:35 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA28247 for fwtk-users-outgoing; Fri, 13 Nov 1998 10:17:41 -0500 (EST) Message-Id: <19981113103724.28107@fcmc.com> Date: Fri, 13 Nov 1998 10:37:24 -0500 From: James Rippas To: andreas.weigand@vectron.net Cc: fwtk-users@ex.tis.com Subject: Re: http-gw and ftp References: <8482EA46BE5@entwicklung.vectron.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.89.1 In-Reply-To: <8482EA46BE5@entwicklung.vectron.net>; from Andreas Weigand on Fri, Nov 13, 1998 at 01:54:02PM +0000 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I had the same problem which was solved by applying the patch for PASV ftp support in http-gw. Its in the FAQ. http://www.erols.com/avenger/patches/gopu.tar.gz -jim On Fri, Nov 13, 1998 at 01:54:02PM +0000, Andreas Weigand wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > > I've installed TIS FWTK and most of the services are working fine. Now > I want to do a ftp-connect to the Internet on a Win based PC with > Netscape 4.0. In Netscape-Prefences I set the ftp-proxy to the port of > http-gw of the Firewall. The documentation of TIS say's, that http-gw > does the translation for any ftp connects. When I want to connect any > ftp-server on the Internet I get the Error-Message: > > FTP Error - 500 > > 500 Illegal PORT Command > > Can anyone help me ? Why can't I connect to a ftp-server with > http-gw ? > > Thank's for your help. > > > Andreas Weigand > andreas.weigand@vectron.net > > ----------------------------- > Vectron Elektronik GmbH > > Dipl.-Ing. Andreas Weigand > Entwicklung > > Europark Fichtenhain A6 > 47807 Krefeld > Tel.: 02151-83 96 35 > Fax.: 02151-83 96 99 > E-Mail: Andreas.Weigand@Vectron.Net From owner-fwtk-users Fri Nov 13 10:50:26 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA28355 for fwtk-users-outgoing; Fri, 13 Nov 1998 10:48:30 -0500 (EST) X-Authentication-Warning: firewall.strathom.com: nouser set sender to using -f Message-ID: <007301be0f1f$71e52cc0$0b00a8c0@poste13.strathom.com> From: "Fred LB" To: Subject: Problems applying smpax.pch Date: Fri, 13 Nov 1998 17:05:33 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi there, I 've downloaded the smapx.pch file to avoid 3rd party relaying with smap, and i just can't apply the patch to my source code. I copied smapx.pch i smap's source dir, then i just $ patch < smapx.pch and i just get like 17 Hunks failed At this point my smap.c source code remains the same after the patch, and my site still accepts 3rd party relaying, which I dislike. I don't know what i am doing wrong, can anyone help ? Thanks in advance Fred Fred LB - Sysadmin flb@strathom.com STRATHOM Informatique From owner-fwtk-users Fri Nov 13 10:59:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA28398 for fwtk-users-outgoing; Fri, 13 Nov 1998 10:59:19 -0500 (EST) Message-ID: <01BE0EE6.EC9FB8B0@SAMPSELB-NT> From: "Bryan S. Sampsel" To: "'Peter RATKAI'" , "fwtk-users@ex.tis.com" Subject: RE: nntp-gw only one news-server?? Date: Fri, 13 Nov 1998 09:20:57 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id KAA28395 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] try a different IP port for each server. In THEORY, since i haven't had to do so yet, you could set up plug-gw on 4 diff IP ports and point to 4 specific servers. Sorry, but that's still better than Borderware...where the only news is done by running NNTP from the firewall box. If I'm wrong, many people will correct me, I'm sure. That's why I like this list...find out the mistakes before I make them. good luck Peter, Bryan ==================================== Bryan S. Sampsel Network Administrator Horizon Interactive, Inc. ==================================== -----Original Message----- From: Peter RATKAI [SMTP:rpet@quaestor.hu] Sent: Thursday, November 12, 1998 4:29 PM To: fwtk-users@ex.tis.com Subject: nntp-gw only one news-server?? [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi again, I've just compiled nntp-gw, it works fine. BUT, we need to read 4 different news server, and it seems that nntp-gw can handle only one. The Client is Win*, so no authentication can be done, so I could choose a server by username,. Am I right? I hope NMO. Can I use more servers without modifiing the netperm-table? Thanks a lot for everyone.. Cheers.. -- Peter RATKAI Windows is Shutting down... -- ------------- End Forwarded Message ------------- From owner-fwtk-users Fri Nov 13 11:11:04 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA28493 for fwtk-users-outgoing; Fri, 13 Nov 1998 11:10:45 -0500 (EST) From: ark@eltex.ru Date: Fri, 13 Nov 1998 19:34:51 +0300 Message-Id: <199811131634.TAA14429@paranoid.eltex.spb.ru> In-Reply-To: from "Peter RATKAI " Organization: "Klingon Imperial Intelligence Service" Subject: Re: nntp-gw only one news-server?? To: rpet@quaestor.hu Cc: fwtk-users@ex.tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, You may try running a local nntpcache and pointing your nntp-gw to it.. Peter RATKAI said : > Hi again, > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > different news server, and it seems that nntp-gw can handle only one. The > Client is Win*, so no authentication can be done, so I could choose a > server by username,. Am I right? I hope NMO. Can I use more servers > without modifiing the netperm-table? > _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkxfqaH/mIJW9LeBAQEbRwP/cuk+WDj07qP9YdLIdBrICeBe2j4LvqZM fqwlrY8UW1/TudN+ze6Gw+hHDES9lrFEWnYA4N+1jcq3h8G5qfNd2a8jTNJHuhzT Aux5OnbbqN16Saw6dX6t4Rv8y6x5BSUPpx0P9LdVRKvV7RBNeUYN9QpRWJu4tj5e pzKzK0PxB3o= =j8FX -----END PGP SIGNATURE----- From owner-fwtk-users Fri Nov 13 11:26:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA28591 for fwtk-users-outgoing; Fri, 13 Nov 1998 11:25:21 -0500 (EST) Message-Id: <199811131645.LAA22022@fw1.osis.gov> From: Joseph S D Yao Subject: Re: nntp-gw only one news-server?? To: rpet@quaestor.hu (Peter RATKAI) Date: Fri, 13 Nov 1998 11:46:26 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: from "Peter RATKAI" at Nov 13, 98 00:28:55 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > different news server, and it seems that nntp-gw can handle only one. The > Client is Win*, so no authentication can be done, so I could choose a > server by username,. Am I right? I hope NMO. Can I use more servers > without modifiing the netperm-table? If your users are using four different news servers directly, they're used to directing their news readers to different places. If you mean you have four different news feeds to one internal news server, that's even easier [and much more reasonable]. In both cases, you would just have the nntp-gw addressed by different internal ports, and have four separate invocations, each addressing a separate external news server/feed. The news readers / internal news server would then treat the firewall host with each of the four different ports as the four different news servers. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 13 11:31:16 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA28620 for fwtk-users-outgoing; Fri, 13 Nov 1998 11:30:56 -0500 (EST) Date: Fri, 13 Nov 1998 11:49:52 -0500 (EST) From: Ted Keller To: "Bryan S. Sampsel" cc: "'Peter RATKAI'" , "fwtk-users@ex.tis.com" Subject: RE: nntp-gw only one news-server?? In-Reply-To: <01BE0EE6.EC9FB8B0@SAMPSELB-NT> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] That's exactly what I do ... except I'm still using plug-gw for this function. ted keller - bfg.com On Fri, 13 Nov 1998, Bryan S. Sampsel wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > try a different IP port for each server. In THEORY, since i haven't had to do so yet, you could set up plug-gw on 4 diff IP ports and point to 4 specific servers. > > Sorry, but that's still better than Borderware...where the only news is done by running NNTP from the firewall box. > > If I'm wrong, many people will correct me, I'm sure. That's why I like this list...find out the mistakes before I make them. > > good luck Peter, > > Bryan > > ==================================== > Bryan S. Sampsel > Network Administrator > Horizon Interactive, Inc. > ==================================== > > -----Original Message----- > From: Peter RATKAI [SMTP:rpet@quaestor.hu] > Sent: Thursday, November 12, 1998 4:29 PM > To: fwtk-users@ex.tis.com > Subject: nntp-gw only one news-server?? > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi again, > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > different news server, and it seems that nntp-gw can handle only one. The > Client is Win*, so no authentication can be done, so I could choose a > server by username,. Am I right? I hope NMO. Can I use more servers > without modifiing the netperm-table? > > Thanks a lot for everyone.. > Cheers.. > > -- > Peter RATKAI > Windows is Shutting down... > -- > > > ------------- End Forwarded Message ------------- > > > From owner-fwtk-users Fri Nov 13 11:34:08 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA28646 for fwtk-users-outgoing; Fri, 13 Nov 1998 11:34:00 -0500 (EST) Message-ID: <952FAEB97E0AD111BB7000805F0D84F6010A93D9@eesusciexs3.eesus.jnj.com> From: "Drash, Jim [EESUS]" To: "Fwtk-Users (E-mail)" Subject: pop proxy available? Date: Fri, 13 Nov 1998 11:52:44 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I have downloaded and am use the SMAP/SMAPD proxy from the fwtk. Is there a POP equivalent available and if so how do I acquire it? Jim Drash Technology Management Ethicon Endo-Surgery, Inc. (513) 483-8840 From owner-fwtk-users Fri Nov 13 11:52:54 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA28730 for fwtk-users-outgoing; Fri, 13 Nov 1998 11:52:34 -0500 (EST) Message-Id: <199811131711.MAA23669@fw1.osis.gov> From: Joseph S D Yao Subject: Re: Problems applying smpax.pch To: flb@strathom.com (Fred LB) Date: Fri, 13 Nov 1998 12:12:29 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <007301be0f1f$71e52cc0$0b00a8c0@poste13.strathom.com> from "Fred LB" at Nov 13, 98 05:05:33 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I don't know what i am doing wrong, can anyone help ? Did you read , help on applying patches? Are you applying this patch to vanilla fwtk 2.1 smap? -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 13 12:00:51 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA28775 for fwtk-users-outgoing; Fri, 13 Nov 1998 12:00:32 -0500 (EST) Message-Id: <199811131720.MAA24237@fw1.osis.gov> From: Joseph S D Yao Subject: Re: pop proxy available? To: JDrash@EESUS.JNJ.com (Drash Jim [EESUS]) Date: Fri, 13 Nov 1998 12:21:40 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: <952FAEB97E0AD111BB7000805F0D84F6010A93D9@eesusciexs3.eesus.jnj.com> from "Drash, Jim [EESUS]" at Nov 13, 98 11:52:44 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I have downloaded and am use the SMAP/SMAPD proxy from the fwtk. Is there a > POP equivalent available and if so how do I acquire it? > > Jim Drash > Technology Management > Ethicon Endo-Surgery, Inc. > > (513) 483-8840 FAQs on POP: [old] -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 13 12:03:47 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA28795 for fwtk-users-outgoing; Fri, 13 Nov 1998 12:03:33 -0500 (EST) Date: Fri, 13 Nov 1998 18:40:18 +0100 (CET) From: Peter RATKAI To: "Bryan S. Sampsel" cc: "fwtk-users@ex.tis.com" Subject: RE: nntp-gw only one news-server?? In-Reply-To: <01BE0EE6.EC9FB8B0@SAMPSELB-NT> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, The README says that nntp-gw reads only the first server line, and if I set two servers in that line, fwtkcfgerr: only one ... I'm puzzled! --Peter On Fri, 13 Nov 1998, Bryan S. Sampsel wrote: > try a different IP port for each server. In THEORY, since i haven't had to do so yet, you could set up plug-gw on 4 diff IP ports and point to 4 specific servers. > > Sorry, but that's still better than Borderware...where the only news is done by running NNTP from the firewall box. > > If I'm wrong, many people will correct me, I'm sure. That's why I like this list...find out the mistakes before I make them. > > good luck Peter, > > Bryan > > ==================================== > Bryan S. Sampsel > Network Administrator > Horizon Interactive, Inc. > ==================================== > > -----Original Message----- > From: Peter RATKAI [SMTP:rpet@quaestor.hu] > Sent: Thursday, November 12, 1998 4:29 PM > To: fwtk-users@ex.tis.com > Subject: nntp-gw only one news-server?? > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi again, > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > different news server, and it seems that nntp-gw can handle only one. The > Client is Win*, so no authentication can be done, so I could choose a > server by username,. Am I right? I hope NMO. Can I use more servers > without modifiing the netperm-table? > > Thanks a lot for everyone.. > Cheers.. > > -- > Peter RATKAI > Windows is Shutting down... > -- > > > ------------- End Forwarded Message ------------- > > > > -- Peter RATKAI Windows is Shutting down... -- From owner-fwtk-users Fri Nov 13 12:05:43 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA28813 for fwtk-users-outgoing; Fri, 13 Nov 1998 12:05:35 -0500 (EST) Date: Fri, 13 Nov 1998 19:09:44 +0100 (CET) From: Peter RATKAI To: Ted Keller cc: "Bryan S. Sampsel" , "fwtk-users@ex.tis.com" Subject: RE: nntp-gw only one news-server?? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Yes! It works! Thank you! --Peter On Fri, 13 Nov 1998, Ted Keller wrote: > That's exactly what I do ... except I'm still using plug-gw for this > function. > > ted keller - bfg.com > > > On Fri, 13 Nov 1998, Bryan S. Sampsel wrote: > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > try a different IP port for each server. In THEORY, since i haven't had to do so yet, you could set up plug-gw on 4 diff IP ports and point to 4 specific servers. > > > > Sorry, but that's still better than Borderware...where the only news is done by running NNTP from the firewall box. > > > > If I'm wrong, many people will correct me, I'm sure. That's why I like this list...find out the mistakes before I make them. > > > > good luck Peter, > > > > Bryan > > > > ==================================== > > Bryan S. Sampsel > > Network Administrator > > Horizon Interactive, Inc. > > ==================================== > > > > -----Original Message----- > > From: Peter RATKAI [SMTP:rpet@quaestor.hu] > > Sent: Thursday, November 12, 1998 4:29 PM > > To: fwtk-users@ex.tis.com > > Subject: nntp-gw only one news-server?? > > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Hi again, > > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > > different news server, and it seems that nntp-gw can handle only one. The > > Client is Win*, so no authentication can be done, so I could choose a > > server by username,. Am I right? I hope NMO. Can I use more servers > > without modifiing the netperm-table? > > > > Thanks a lot for everyone.. > > Cheers.. > > > > -- > > Peter RATKAI > > Windows is Shutting down... > > -- > > > > > > ------------- End Forwarded Message ------------- > > > > > > > > -- Peter RATKAI Windows is Shutting down... -- From owner-fwtk-users Fri Nov 13 12:09:56 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA28837 for fwtk-users-outgoing; Fri, 13 Nov 1998 12:09:39 -0500 (EST) From: Fulko Hew To: fwtk-users@ex.tis.com Subject: RE: nntp-gw only one news-server?? Cc: rpet@quaestor.hu X-Mailer: ScoMail 3.0.Bd MIME-Version: 1.0 Date: Fri, 13 Nov 1998 12:31:47 -0500 (EST) Message-ID: <9811131231.aa13481@wecan.com> Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > try a different IP port for each server. In THEORY, since i haven't had > to do so yet, you could set up plug-gw on 4 diff IP ports and point to > 4 specific servers. Yes that is exactly what I do for my local new server, and access to the Mozilla server. My netperm-table has the following in it: plug-gw: port 119 *.*.* -plug-to nntp1.uunet.ca -port 119 plug-gw: port 2000 *.*.*.* -plug-to news.mozilla.org -port 119 and I have two entries in my browser (Netscape) that has 2 news hosts defined for my firewall on ports 119 and 2000 respectively. > -----Original Message----- > From: Peter RATKAI [SMTP:rpet@quaestor.hu] > Sent: Thursday, November 12, 1998 4:29 PM > To: fwtk-users@ex.tis.com > Subject: nntp-gw only one news-server?? > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi again, > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > different news server, and it seems that nntp-gw can handle only one. The > Client is Win*, so no authentication can be done, so I could choose a > server by username,. Am I right? I hope NMO. Can I use more servers > without modifiing the netperm-table? > > Thanks a lot for everyone.. > Cheers.. > > -- > Peter RATKAI > Windows is Shutting down... ------------------------------------------------------------------------------- Fulko Hew, Voice: 905-333-6000 x 6010 Senior Engineering Designer, Direct: 905-333-6010 Northrop Grumman-Canada, Ltd. Fax: 905-333-6050 777 Walkers Line, Home: fulko%fkhew@wecan.com Burlington, Ontario, Canada, L7N 2G1 Work: fulko@wecan.com From owner-fwtk-users Fri Nov 13 13:09:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA29078 for fwtk-users-outgoing; Fri, 13 Nov 1998 13:08:43 -0500 (EST) Message-ID: <01BE0EF8.F97F2450@SAMPSELB-NT> From: "Bryan S. Sampsel" To: "'Ted Keller'" Cc: "'Peter RATKAI'" , "fwtk-users@ex.tis.com" Subject: RE: nntp-gw only one news-server?? Date: Fri, 13 Nov 1998 11:30:09 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id NAA29075 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] uh...that's whatI thought I said. Plug-gw on 4 diff IP ports ... and then your news client would point to whichever port for whichever news feed. Glad to hear that I was right...sometimes logic and computers don't happen ;-) laters, Bryan ==================================== Bryan S. Sampsel Network Administrator Horizon Interactive, Inc. ==================================== -----Original Message----- From: Ted Keller [SMTP:keller@bfg.com] Sent: Friday, November 13, 1998 9:50 AM To: Bryan S. Sampsel Cc: 'Peter RATKAI'; fwtk-users@ex.tis.com Subject: RE: nntp-gw only one news-server?? That's exactly what I do ... except I'm still using plug-gw for this function. ted keller - bfg.com On Fri, 13 Nov 1998, Bryan S. Sampsel wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > try a different IP port for each server. In THEORY, since i haven't had to do so yet, you could set up plug-gw on 4 diff IP ports and point to 4 specific servers. > > Sorry, but that's still better than Borderware...where the only news is done by running NNTP from the firewall box. > > If I'm wrong, many people will correct me, I'm sure. That's why I like this list...find out the mistakes before I make them. > > good luck Peter, > > Bryan > > ==================================== > Bryan S. Sampsel > Network Administrator > Horizon Interactive, Inc. > ==================================== > > -----Original Message----- > From: Peter RATKAI [SMTP:rpet@quaestor.hu] > Sent: Thursday, November 12, 1998 4:29 PM > To: fwtk-users@ex.tis.com > Subject: nntp-gw only one news-server?? > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi again, > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > different news server, and it seems that nntp-gw can handle only one. The > Client is Win*, so no authentication can be done, so I could choose a > server by username,. Am I right? I hope NMO. Can I use more servers > without modifiing the netperm-table? > > Thanks a lot for everyone.. > Cheers.. > > -- > Peter RATKAI > Windows is Shutting down... > -- > > > ------------- End Forwarded Message ------------- > > > From owner-fwtk-users Fri Nov 13 13:53:19 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA29305 for fwtk-users-outgoing; Fri, 13 Nov 1998 13:52:41 -0500 (EST) Message-ID: <364C8424.605A212A@whiteoaknet.com> Date: Fri, 13 Nov 1998 14:10:28 -0500 From: Jeffrey Fulmer X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: "Drash, Jim [EESUS]" CC: FWTK Users Subject: Re: pop proxy available? References: <952FAEB97E0AD111BB7000805F0D84F6010A93D9@eesusciexs3.eesus.jnj.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi-- I haven't configured this, but I can't think of a reason why plug-gw could not be used as a POP3 proxy as long as all your clients are connecting to the same server. I would think that you do not want your clients sending passwords over the internet. Will they be encrytped? Is that mail sensitive? --Jeff "Drash, Jim [EESUS]" wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > I have downloaded and am use the SMAP/SMAPD proxy from the fwtk. Is there a > POP equivalent available and if so how do I acquire it? > > Jim Drash > Technology Management > Ethicon Endo-Surgery, Inc. > > (513) 483-8840 From owner-fwtk-users Fri Nov 13 14:01:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA29349 for fwtk-users-outgoing; Fri, 13 Nov 1998 14:00:44 -0500 (EST) Message-Id: <3.0.6.32.19981113191702.00a13b20@mail.lr.isla.pt> X-Sender: ngg@mail.lr.isla.pt X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Fri, 13 Nov 1998 19:17:02 +0000 To: "Fred LB" From: Nuno Guarda Subject: Re: Problems applying smpax.pch Cc: fwtk-users@tis.com In-Reply-To: <007301be0f1f$71e52cc0$0b00a8c0@poste13.strathom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 17:05 1998-11-13 +0100, you wrote: [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I've got the same problem and, after talking with another subcriber of this list, he told me to apply another patch; the one specified in section 6.2.2 point# 2 ("yao-smap.pch") at http://www.erols.com/avenger/patches/yao-smap.pch After applying the patch, all of the hunks failed (except one). So, I also don't know what am I doing wrong :-) > Hi there, > > I 've downloaded the smapx.pch file to avoid 3rd party relaying with >smap, and i just can't apply the patch to my source code. I copied smapx.pch >i smap's source dir, then i just >$ patch < smapx.pch >and i just get like 17 Hunks failed > At this point my smap.c source code remains the same after the patch, >and my site still accepts 3rd party relaying, which I dislike. > I don't know what i am doing wrong, can anyone help ? > > Thanks in advance > > Fred > >Fred LB - Sysadmin >flb@strathom.com >STRATHOM Informatique > > From owner-fwtk-users Fri Nov 13 16:12:12 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA29684 for fwtk-users-outgoing; Fri, 13 Nov 1998 16:03:42 -0500 (EST) Message-Id: <199811132122.QAA13087@www.vpplus.com> From: "Chris Hiner" Organization: Voice Processing Plus, Inc To: fwtk-users@ex.tis.com Date: Fri, 13 Nov 1998 16:22:21 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: nntp-gw only one news-server?? Reply-to: chiner@vpplus.com In-reply-to: <01BE0EF8.F97F2450@SAMPSELB-NT> X-mailer: Pegasus Mail for Win32 (v3.01d) Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] One program I used for a little while when I had access to a decent newserver, was called dnntpd. It appeared as a newsserver to clients, and forwarded requests to other newservers. It combined all the groups they had, so it looked like one server with all the groups people wanted. I think it was available in the contrib dir of inn. dnntpd.tar.gz should show up in a search... Chris Hiner > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > uh...that's whatI thought I said. > > Plug-gw on 4 diff IP ports ... > > and then your news client would point to whichever port for whichever news feed. > > Glad to hear that I was right...sometimes logic and computers don't happen ;-) > > laters, > > Bryan > > ==================================== > Bryan S. Sampsel > Network Administrator > Horizon Interactive, Inc. > ==================================== > > -----Original Message----- > From: Ted Keller [SMTP:keller@bfg.com] > Sent: Friday, November 13, 1998 9:50 AM > To: Bryan S. Sampsel > Cc: 'Peter RATKAI'; fwtk-users@ex.tis.com > Subject: RE: nntp-gw only one news-server?? > > That's exactly what I do ... except I'm still using plug-gw for this > function. > > ted keller - bfg.com > > > On Fri, 13 Nov 1998, Bryan S. Sampsel wrote: > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > try a different IP port for each server. In THEORY, since i haven't had to do so yet, you coul d set up plug-gw on 4 diff IP ports and point to 4 specific servers. > > > > Sorry, but that's still better than Borderware...where the only news is done by running NNTP fr om the firewall box. > > > > If I'm wrong, many people will correct me, I'm sure. That's why I like this list...find out th e mistakes before I make them. > > > > good luck Peter, > > > > Bryan > > > > ==================================== > > Bryan S. Sampsel > > Network Administrator > > Horizon Interactive, Inc. > > ==================================== > > > > -----Original Message----- > > From: Peter RATKAI [SMTP:rpet@quaestor.hu] > > Sent: Thursday, November 12, 1998 4:29 PM > > To: fwtk-users@ex.tis.com > > Subject: nntp-gw only one news-server?? > > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Hi again, > > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > > different news server, and it seems that nntp-gw can handle only one. The > > Client is Win*, so no authentication can be done, so I could choose a > > server by username,. Am I right? I hope NMO. Can I use more servers > > without modifiing the netperm-table? > > > > Thanks a lot for everyone.. > > Cheers.. > > > > -- > > Peter RATKAI > > Windows is Shutting down... > > -- > > > > > > ------------- End Forwarded Message ------------- > > > > > > > -- chiner@vpplus.com +1 248 737-9550 X660 Voice Processing Plus, Inc http://www.vpplus.com/ From owner-fwtk-users Fri Nov 13 16:18:14 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA29769 for fwtk-users-outgoing; Fri, 13 Nov 1998 16:17:54 -0500 (EST) Message-Id: <3.0.5.32.19981113162909.00844970@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 13 Nov 1998 16:29:09 -0500 To: ark@eltex.ru From: Rick Murphy Subject: Re: Authsrv plugin for NES or Apache? Cc: mbatchelor@citysearch.com, fwtk-users@ex.tis.com In-Reply-To: <199811131218.PAA13723@paranoid.eltex.spb.ru> References: <3.0.5.32.19981112212430.0089c1f0@fw.itm-inst.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 03:18 PM 11/13/98 +0300, ark@eltex.ru wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >nuqneH, > >How is it implemented in Gauntlet? "It" being authenticated HTTP. The Gauntlet 3.2 HTTP authentication was done by a separate proxy that performed the authentication and maintained a connection to the browser. It handled multiple browser connections per proxy, knew how to handle stuff like HTTP 0.9 (where there were no content-length headers, and you signaled end-of-file by dropping the connection. The ahttp proxy couldn't drop the connection so it had to stage all 0.9 content, figure out the content length, then send it onward.) It had a tunable authentication duration, permitting limited replay where "limited" could be tuned down to zero seconds. It used a backend http-gw to actually perform the HTTP request processing. It was without a doubt the hardest proxy to get working reliably. -Rick From owner-fwtk-users Fri Nov 13 17:28:35 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA29974 for fwtk-users-outgoing; Fri, 13 Nov 1998 17:26:05 -0500 (EST) X-Sender: farone@mail.gvillesun.com Message-Id: In-Reply-To: <3.0.5.32.19981106202128.0080fc30@fw.itm-inst.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 13 Nov 1998 17:51:22 -0500 To: "FWTK LIST" From: Mark C Farone Subject: Re: FWTK version 2 and smap directories ... Cc: Rolf Obrecht , "Dirk.Nerling" , Rick Murphy , Ted Keller Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 8:21 PM -0500 11/6/98, Rick Murphy wrote: >At 12:22 PM 11/6/98 -0500, Ted Keller wrote: >>There are a lot of places which v2.0 leaves dangling xma files. >... >>I haven't looked at the 2.1 version yet to see if these problems have been >>cleaned up. > >Many causes of dangling files are cleaned up in 2.1. I almost never see any >any more. I still get this problem occasionally using 2.1--have more causes for this been fixed by patches (I haven't had time to patch everything up-to-date in a while)? In fact, I had 4 sero-length xma files pile up on Tuesday. FWIW, It seems independent of the mailer which sent the messages. It appears to happen when the process isn't closed as expected--typically the xma file includes text up through and including the entire body of the message or has a 0 length. My internal mailer sometimes complains about smtp connections from the mailer invoked by smapd (sendmail) which timeout instead of being closed as expected by the internal mailer (quickmail pro). -- Mark C. Farone "In the future, Systems Analyst, Gainesville Sun everything will work." -schwa From owner-fwtk-users Sat Nov 14 20:19:21 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA02399 for fwtk-users-outgoing; Sat, 14 Nov 1998 20:06:37 -0500 (EST) Message-ID: <005101be1036$0f9edb20$0202a8c0@mordac> From: "Mason Ordac" To: Subject: irc-gw problems. Date: Sat, 14 Nov 1998 17:19:53 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_004E_01BE0FF2.FE66BA00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This is a multi-part message in MIME format. ------=_NextPart_000_004E_01BE0FF2.FE66BA00 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I'll start off this email by saying i've visited = http://www.erols.com/avenger/patches/index.html#6.3.10 And It didn't = answer my question.. I'm using irc-gw 1.0 beta 1 downloaded from the url above. I've implemented it without problems, except for one small thing. I can't get irc-gw to connect to a default server automatically when a = connection request is made by the internal network. The documentation for irc-gw states that: "netperm-table hosts options: -plug-to specify From owner-fwtk-users Sun Nov 15 16:34:05 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA03961 for fwtk-users-outgoing; Sun, 15 Nov 1998 16:31:38 -0500 (EST) Message-ID: <501937796866D211B5E00080C86AFA4F0122A3@cel-ex1.compedge.co.nz> From: Aaron Knauf To: "'fwtk-users@tis.com'" Subject: RE: BOUNCE fwtk-users@portal.ex.tis.com: Non-member submission from [Adam Laurie ] Date: Mon, 16 Nov 1998 10:51:33 +1300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Isn't there already a bind-to patch floating around somewhere? Could someone clarify what the difference is between this and the bind-to patch? ADK > -----Original Message----- > From: owner-fwtk-users@ex.tis.com [mailto:owner-fwtk-users@ex.tis.com] > Sent: Sunday, 15 November 1998 06:02 > To: owner-fwtk-users@tis.com > Subject: BOUNCE fwtk-users@portal.ex.tis.com: Non-member > submission from > [Adam Laurie ] > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > >From majordomo-owner Sat Nov 14 12:01:42 1998 > Received: from relay.hq.tis.com > (firewall-user@relay.hq.tis.com [192.94.214.100]) > by portal.ex.tis.com (8.9.1/8.9.1) with ESMTP id MAA01600 > for ; Sat, 14 Nov 1998 12:01:42 > -0500 (EST) > Received: by relay.hq.tis.com; id MAA12664; Sat, 14 Nov 1998 > 12:28:09 -0500 (EST) > Received: from clipper.hq.tis.com(10.33.1.2) by > relay.hq.tis.com via smap (4.1) > id xma012655; Sat, 14 Nov 98 12:27:17 -0500 > Received: from relay.hq.tis.com > (firewall-user@relay.hq.tis.com [10.33.1.1]) > by clipper.hq.tis.com (8.9.1/8.9.1) with ESMTP id MAA24418; > Sat, 14 Nov 1998 12:18:33 -0500 (EST) > Received: by relay.hq.tis.com; id MAA12649; Sat, 14 Nov 1998 > 12:27:09 -0500 (EST) > Received: from > eastwood.aldigital.algroup.co.uk(194.128.162.193) by > relay.hq.tis.com via smap (4.1) > id xma012644; Sat, 14 Nov 98 12:26:19 -0500 > Received: from algroup.co.uk (socks.aldigital.co.uk > [194.128.162.10]) by eastwood.aldigital.algroup.co.uk > (8.8.8/8.6.12) with ESMTP id RAA21423; Sat, 14 Nov 1998 17:20:02 GMT > Message-ID: <364DBBC3.23674550@algroup.co.uk> > Date: Sat, 14 Nov 1998 17:20:03 +0000 > From: Adam Laurie > X-Mailer: Mozilla 4.05 [en] (WinNT; I) > MIME-Version: 1.0 > To: fwtk-support@tis.com, Adam Laurie , > fwtk-users@tis.com > Subject: patches for fwtk-2.10 (openbsd & general) > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > Hi, > > I don't know what your policies are on patches, but here are some for > you, FWTW... > > If you need/want to reply, please do so direct as I am not > subscribed to > any of these lists. > > Please note that I have only tested the actual functionality > of ftp-gw, > which works fine, and > apologies for varying layouts... > > cheers, > Adam > > Patch to set daemons to only listen on specified interface address - > long term, it would > be nice if this was a command-line option, but life's (currently) too > short.. :) > > -- start patch -- > > --- firewall.h- Sat Nov 14 15:57:49 1998 > +++ firewall.h Sat Nov 14 16:30:02 1998 > @@ -198,6 +198,21 @@ > #endif /* SYSV */ > > /* > +If this is set to non-zero, daemons will only listen on the > +specified network address. Useful if you wish to run other > +daemons on different interfaces, or wish to restrict daemons > +to only listen on the inward facing interface of your firewall. > + > +Set to hex notation for your interface. > + > +For example, to listen on 192.168.2.1, set value to: > + > +0xC0A80201 > +*/ > + > +#define DAEMON_LISTEN_ADDR 0x00000000 > + > +/* > ----------------End Configuration Section---------------- > */ > > --- lib/daemon.c- Sat Nov 14 16:37:52 1998 > +++ lib/daemon.c Sat Nov 14 16:38:04 1998 > @@ -113,7 +113,7 @@ > (void) close(devnull); > } > sa.sin_family = AF_INET; > - bzero( (char *)&sa.sin_addr, sizeof(sa.sin_addr)); > + sa.sin_addr.s_addr = htonl(DAEMON_LISTEN_ADDR); > sa.sin_port = htons(port); > sock = socket(AF_INET, SOCK_STREAM, 0); > if( sock < 0){ > > -- end patch -- > > Makefile for OpenBSD (2.3): > > -- start patch -- > > --- Makefile.config Sat Nov 14 13:51:10 1998 > +++ Makefile.config.OpenBSD Sat Nov 14 10:29:14 1998 > @@ -83,12 +83,12 @@ > > > # Location of X libraries for X-gw > -XLIBDIR=/usr/X11/lib > +XLIBDIR=/usr/X11R6/lib > #XLIBDIR=/usr/local/X11R5/lib > > # X Libraries > # For BSD: > -XLIBS= -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lSM -lICE -lipc > +XLIBS= -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lSM -lICE > #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 > # for Linux: > #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lc > @@ -98,7 +98,7 @@ > #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 > > # Location of X include files > -XINCLUDE=/usr/X11/include > +XINCLUDE=/usr/X11R6/include > #XINCLUDE=/usr/local/X11R5/include > > # Objects to include in libfwall for SYSV > > -- end patch -- > > and here is a patch to make fwtk-2.10 compile clean on OpenBSD (2.3): > > -- start patch -- > > --- fwtk-2.1/fwtk/auth.h Fri Nov 4 23:31:26 1994 > +++ fwtk-2.1.OpenBSD/fwtk/auth.h Sat Nov 14 10:06:48 1998 > @@ -16,6 +16,8 @@ > interface for authentication server internal routines. > */ > > +#include > + > #ifndef _INCL_AUTH_H > /* default shut account off after this many bad tries */ > #define AUTH_MAXBAD 5 > @@ -90,7 +92,7 @@ > int flgs; > int bcnt; /* bad attempt count */ > char atyp; /* type of auth to use */ > - long last; /* last login */ > + time_t last; /* last login */ > char pw[AUTH_PWSIZ]; /* passwrd (or other > key stuff) > */ > char gp[AUTH_GSIZ]; /* group */ > char ln[AUTH_LNSIZ]; /* long name */ > > --- fwtk-2.1/fwtk/smap/smap.c Tue Jan 13 22:56:14 1998 > +++ fwtk-2.1.OpenBSD/fwtk/smap/smap.c Sat Nov 14 10:12:15 1998 > @@ -401,7 +401,7 @@ > > if(!strcasecmp(p,"DATA")) { > struct towho *tp; > - long now; > + time_t now; > > curbytes = 0; > currecip = 0; > > -- end patch -- > > -- > Adam Laurie Tel: +44 (181) 742 0755 > A.L. Digital Ltd. Fax: +44 (181) 742 5995 > Voysey House > Barley Mow Passage http://www.aldigital.co.uk > London W4 4GB mailto:adam@algroup.co.uk > UNITED KINGDOM PGP key on keyservers > From owner-fwtk-users Sun Nov 15 18:59:42 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA04186 for fwtk-users-outgoing; Sun, 15 Nov 1998 18:56:39 -0500 (EST) Message-Id: <3.0.5.32.19981115190802.0084beb0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sun, 15 Nov 1998 19:08:02 -0500 To: Aaron Knauf From: Rick Murphy Subject: RE: BOUNCE fwtk-users@portal.ex.tis.com: Non-member submission from [Adam Laurie ] Cc: "'fwtk-users@tis.com'" In-Reply-To: <501937796866D211B5E00080C86AFA4F0122A3@cel-ex1.compedge.co .nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 10:51 AM 11/16/98 +1300, Aaron Knauf wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >Isn't there already a bind-to patch floating around somewhere? Could >someone clarify what the difference is between this and the bind-to >patch? This patch duplicates the bind-to effort but is less convenient (you've got to translate the IP address to hex), and covers less proxies. -Rick From owner-fwtk-users Mon Nov 16 06:48:58 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA05861 for fwtk-users-outgoing; Mon, 16 Nov 1998 06:32:34 -0500 (EST) From: ark@eltex.ru Date: Mon, 16 Nov 1998 14:57:10 +0300 Message-Id: <199811161157.OAA15230@paranoid.eltex.spb.ru> In-Reply-To: <005101be1036$0f9edb20$0202a8c0@mordac> from ""Mason Ordac" " Organization: "Klingon Imperial Intelligence Service" Subject: Re: irc-gw problems. To: MORDAC@prodigy.net Cc: fwtk-users@ex.tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, "Mason Ordac" said : > I'll start off this email by saying i've visited = > http://www.erols.com/avenger/patches/index.html#6.3.10 And It didn't = > answer my question.. > > I'm using irc-gw 1.0 beta 1 downloaded from the url above. > I've implemented it without problems, except for one small thing. > > I can't get irc-gw to connect to a default server automatically when a = > connection request is made by the internal network. > The documentation for irc-gw states that: > > "netperm-table hosts options: ^^^^^ > -plug-to specify pre-defined server" > > so, my netperm-table looks like: > # irc gateway rules: > irc-gw: -plug-to irc.mindspring.com > irc-gw: default-port: 6667 > irc-gw: timout 90 > irc-gw: permit-hosts 192.168.2.* > irc-gw: deny-hosts unknown > irc-gw: -bogus-host Mason You should use irc-gw: permit-hosts 192.168.2.* -plug-to irc.mindspring.com -bogus-host Mason > > However, when a connection request is made, irc-gw doesn't automatically = > connect to irc.mindspring.com. > Instead, it gives me the irc Jumperbot: > -192.168.2.1- *** Welcome to IRC Jumperbot- Your in the temperal limbo = > that requires you connect to a real server > - > -192.168.2.1- type /quote conn [server] to connect > > The whole point of -plug-to is to bypass the jumperbot, I think, and it = > isn't working. Does anyone use this irc-gw and know how to get it to = > bypass the jumperbot and connect automatically to a default server? > > Sorry for the length of this message, i wanted to be as specific as = > possible. > > > Mason Ordac.=20 > > ------=_NextPart_000_004E_01BE0FF2.FE66BA00 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > > > http-equiv=3DContent-Type> > > > >
I'll start off this email by saying = > i've visited=20 > href=3D"http://www.erols.com/avenger/patches/index.html#6.3.10">http://ww= > w.erols.com/avenger/patches/index.html#6.3.10=20 > And It didn't answer my question..
>
 
>
I'm using irc-gw 1.0 beta 1 = > downloaded from the=20 > url above.
>
I've implemented it without = > problems, except for=20 > one small thing.
>
 
>
I can't get irc-gw to connect to a = > default=20 > server automatically when a connection request is made by the internal=20 > network.
>
The documentation for irc-gw states=20 > that:
>
 
>
"netperm-table hosts = > options:
>
-plug-to=20 > <server>         specify=20 > pre-defined server"
>
 
>
so, my netperm-table looks = > like:
>
# irc gateway rules:
irc-gw: = > -plug-to=20 > irc.mindspring.com
irc-gw: default-port: 6667
irc-gw: timout = > 90
irc-gw:=20 > permit-hosts 192.168.2.*
irc-gw: deny-hosts unknown
irc-gw: = > -bogus-host=20 > Mason
>
However, when a connection request = > is made,=20 > irc-gw doesn't automatically connect to irc.mindspring.com.
>
Instead, it gives me the irc=20 > Jumperbot:
>
-192.168.2.1- *** Welcome to IRC = > Jumperbot- Your=20 > in the temperal limbo that requires you connect to a real=20 > server
-
-192.168.2.1- type /quote conn [server] <port> to=20 > connect
>
The whole point of -plug-to is to = > bypass the=20 > jumperbot, I think, and it isn't working. Does anyone use this irc-gw = > and know=20 > how to get it to bypass the jumperbot and connect automatically to a = > default=20 > server?
>
 
>
Sorry for the length of this = > message, i wanted=20 > to be as specific as possible.
>
 
>
 
>
Mason Ordac. = >
> > ------=_NextPart_000_004E_01BE0FF2.FE66BA00-- > _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNlATFaH/mIJW9LeBAQHEJgP/Xtkuaxs307Pq2gQY7hfIjHouN6NSKtMu ymnslhdr+7GhrwPX57VTVJCaLx/Qlvj00/scehe5dRK5dSQ758RV0qUE/86TMKoj rD+lDmPDSyCFf3FuYFFloep5/7xCAbRVcRCrs/yAfxF+WJnEsDtY/bmkrZMW4O95 9YQOw+dXuz8= =EBwA -----END PGP SIGNATURE----- From owner-fwtk-users Mon Nov 16 14:50:06 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA07823 for fwtk-users-outgoing; Mon, 16 Nov 1998 14:46:20 -0500 (EST) Date: Mon, 16 Nov 1998 11:58:20 -0800 From: Mike Batchelor Subject: RE: nntp-gw only one news-server?? To: fwtk-users@ex.tis.com X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <199811132122.QAA13087@www.vpplus.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I have also used dnntpd in the past. It should make an excellent NNTP proxy (since that's actually what it's designed for :), especially for the situation described by the originator of this thread, where you have multiple outside news sources. I'll see if I can find where I got it from and post a URL to the list. ------------------------ From: Chris Hiner Subject: RE: nntp-gw only one news-server?? Date: Fri, 13 Nov 1998 16:22:21 -0500 To: fwtk-users@ex.tis.com > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > One program I used for a little while when I had access to a decent > newserver, was called dnntpd. It appeared as a newsserver to > clients, and forwarded requests to other newservers. It combined > all the groups they had, so it looked like one server with all the > groups people wanted. I think it was available in the contrib dir of > inn. dnntpd.tar.gz should show up in a search... > > Chris Hiner > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > uh...that's whatI thought I said. > > > > Plug-gw on 4 diff IP ports ... > > > > and then your news client would point to whichever port for whichever news feed. > > > > Glad to hear that I was right...sometimes logic and computers don't happen ;-) > > > > laters, > > > > Bryan > > > > ==================================== > > Bryan S. Sampsel > > Network Administrator > > Horizon Interactive, Inc. > > ==================================== > > > > -----Original Message----- > > From: Ted Keller [SMTP:keller@bfg.com] > > Sent: Friday, November 13, 1998 9:50 AM > > To: Bryan S. Sampsel > > Cc: 'Peter RATKAI'; fwtk-users@ex.tis.com > > Subject: RE: nntp-gw only one news-server?? > > > > That's exactly what I do ... except I'm still using plug-gw for this > > function. > > > > ted keller - bfg.com > > > > > > On Fri, 13 Nov 1998, Bryan S. Sampsel wrote: > > > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > > BODY of a mail message to majordomo@ex.tis.com.] > > > > > > try a different IP port for each server. In THEORY, since i haven't had to do so yet, you coul > d set up plug-gw on 4 diff IP ports and point to 4 specific servers. > > > > > > Sorry, but that's still better than Borderware...where the only news is done by running NNTP fr > om the firewall box. > > > > > > If I'm wrong, many people will correct me, I'm sure. That's why I like this list...find out th > e mistakes before I make them. > > > > > > good luck Peter, > > > > > > Bryan > > > > > > ==================================== > > > Bryan S. Sampsel > > > Network Administrator > > > Horizon Interactive, Inc. > > > ==================================== > > > > > > -----Original Message----- > > > From: Peter RATKAI [SMTP:rpet@quaestor.hu] > > > Sent: Thursday, November 12, 1998 4:29 PM > > > To: fwtk-users@ex.tis.com > > > Subject: nntp-gw only one news-server?? > > > > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > > BODY of a mail message to majordomo@ex.tis.com.] > > > > > > Hi again, > > > I've just compiled nntp-gw, it works fine. BUT, we need to read 4 > > > different news server, and it seems that nntp-gw can handle only one. The > > > Client is Win*, so no authentication can be done, so I could choose a > > > server by username,. Am I right? I hope NMO. Can I use more servers > > > without modifiing the netperm-table? > > > > > > Thanks a lot for everyone.. > > > Cheers.. > > > > > > -- > > > Peter RATKAI > > > Windows is Shutting down... > > > -- > > > > > > > > > ------------- End Forwarded Message ------------- > > > > > > > > > > > > > > -- > chiner@vpplus.com +1 248 737-9550 X660 > Voice Processing Plus, Inc http://www.vpplus.com/ ---------------End of Original Message----------------- _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/16/98 11:58:20 From owner-fwtk-users Mon Nov 16 14:54:02 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA07853 for fwtk-users-outgoing; Mon, 16 Nov 1998 14:53:50 -0500 (EST) From: Eberhard Mattes Date: Mon, 16 Nov 1998 21:12:53 +0100 (MET) Message-Id: <199811162012.VAA06747@azu.informatik.uni-stuttgart.de> To: fwtk-users@tis.com Subject: New em-gw.tar.gz Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] A new version of em-gw.tar.gz is available from http://www.erols.com/avenger/patches/em-gw.tar.gz Changes: - The programs checks if snprintf() and vsnprintf() really obey the limit - nntp-gw supports the XHDR and XPAT commands - pop-gw supports multiple "user" lines in netperm-table - squid-gw no longer removes - squid-gw better copes with double quotes in comments - squid-gw accepts white space (not just SP) in - squid-gw no longer treats a Content-Type conflict as fatal error; it just keeps the first value - squid-gw adds "Content-Type: text/html" if the server doesn't send a Content-Type field. This solves the "Document contains no data" problem -- Eberhard Mattes From owner-fwtk-users Tue Nov 17 08:11:30 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id HAA10456 for fwtk-users-outgoing; Tue, 17 Nov 1998 07:57:47 -0500 (EST) Message-ID: <19981117131730.4289.qmail@hotmail.com> X-Originating-IP: [196.3.186.4] From: "Chique XXXXX" To: fwtk-users@ex.tis.com Subject: ftping through http-gw... MIME-Version: 1.0 Content-Type: text/plain Date: Tue, 17 Nov 1998 05:17:30 PST Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Thanks to everyone who have helped me so far, My proxy server(TIS FWTK) is now up and running. However I am having a slight problem in that I am able to browse using the http-gw but I'm not able to use the ftp protocol. i.e I am unable to connect to a ftp-server using the http-gw. The documentation said this was possible. Chique ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Tue Nov 17 08:15:46 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA10541 for fwtk-users-outgoing; Tue, 17 Nov 1998 08:15:33 -0500 (EST) From: "Andreas Weigand" To: "Sherine Brown" Date: Tue, 17 Nov 1998 14:35:24 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: ftping through http-gw. Reply-to: andreas.weigand@vectron.net CC: fwtk-users@ex.tis.com In-reply-to: Message-ID: <8A8E69C5F8E@entwicklung.vectron.net> Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello. > Hello andreas, could you please say if you have solved the problem of ftping to a remote ftp-server through http-gw? > > Sherine Yes I've solved the problem. The patch that James noticed takes the right thing. Now I can connect to any remote ftp-server in the Internet. I placed the new files (ftp.c, http-gw.c, hmain.c and http-gw.h) in the source-directory of http-gw and compiled again. Thats it. It run's ! :-)) Thanks for help. Andreas ----------------------------- Vectron Elektronik GmbH Dipl.-Ing. Andreas Weigand Entwicklung Europark Fichtenhain A6 47807 Krefeld Tel.: 02151-83 96 35 Fax.: 02151-83 96 99 E-Mail: Andreas.Weigand@Vectron.Net From owner-fwtk-users Tue Nov 17 09:18:07 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA10911 for fwtk-users-outgoing; Tue, 17 Nov 1998 09:15:52 -0500 (EST) From: andrewf@technologist.com MIME-Version: 1.0 Message-Id: <981117093427JB.00525@web01.iname.net> Date: Tue, 17 Nov 1998 09:34:27 -0500 (EST) Content-Type: Text/Plain Content-Transfer-Encoding: 7bit To: fwtk-users@tis.com Subject: Re: IP filtering Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I really appreciate everyone's help over the last couple of weeks. I now have a much better understanding of ipfwadm. Couple more questions though. I've got this statement (as we've discussed before): ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 It masquerades packets and makes the logs on my web server useless since it thinks all requests originate from the firewall. I got that. But does anyone know of a good way to run a shell script on the ipfw logs to analyze the web stats instead? Are these logs in a standard format that log analyzers can chew on? My second question is how to make the above statement *forward* packets instead of *masquerade* them. Thanks, A ----------------------------------------------------------- Get free personalized email at http://www.infospacemail.com From owner-fwtk-users Tue Nov 17 10:13:15 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA11187 for fwtk-users-outgoing; Tue, 17 Nov 1998 10:12:14 -0500 (EST) >Received: from leia.perimos.de by perimos.de (4.1/SMI-4.1) id AA18027; Tue, 17 Nov 98 16:07:52 +0100 Message-Id: <9811171507.AA18027@perimos.de> From: "Heiner Amthauer" Organization: Perimos To: fwtk-users@ex.tis.com Date: Tue, 17 Nov 1998 16:09:47 +0100 Mime-Version: 1.0 Content-Transfer-Encoding: 7BIT Subject: how to auth http ?? Reply-To: ha@perimos.de X-Mailer: Pegasus Mail for Win32 (v3.01b) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello ! I'm running fwtk on linux/isdn. Everything works fine, so far. However, I want my users to authenticate themselfes, before using http-gw. I understand, that the entry http-gw: permit-hosts xx.xx.xx.* -authall enables authentication for the http-gw. But, when connecting to the http-gw via MS-IE or Netscape, nothing happens and the browser says, that I'm not permitted to use the http-gw. How is the authentication done ? Using tn-gw, authentication does work fine. Btw. when using ftp from within the www-browser, some ftp-servers complain, that the e-mail address "unauth@server" is not valid. How do I set the ftp password with http-gw ? Here is my netperm-table ( xx.xx.xx.xx is ofcourse a real address in the original netperm-table ): http-gw: default-policy -safejava -safejavascript -noactivex http-gw: deny-hosts unknown http-gw: permit-hosts xx.xx.xx.xx -authall http-gw: timeout 120 netacl-in.ftpd: deny-hosts unknown netacl-in.ftpd: permit-hosts 127.0.0.1 -exec /usr/sbin/in.ftpd netacl-in.ftpd: permit-hosts xx.xx.xx.* -exec /usr/local/etc/ftp-gw ftp-gw: timeout 120 ftp-gw: permit hosts xx.xx.xx.* ftp-gw: deny-hosts unknown netacl-in.telnetd: deny-hosts unknown netacl-in.telnetd: permit-hosts 127.0.0.1 -exec /usr/sbin/in.telnetd netacl-in.telnetd: permit-hosts xx.xx.xx.* -exec /usr/local/etc/tn-gw tn-gw: timeout 240 tn-gw: permit-hosts xx.xx.xx.* -auth tn-gw: deny-hosts unknown authsrv: hosts 127.0.0.1 authsrv: database /usr/local/etc/fw-authdb authsrv: badsleep 20 authsrv: nobogus true *: authserver 127.0.0.1 7777 greetings ----------------------------------------- | Dipl. Ing. (FH) Heiner Amthauer | Perimos Elektronik, Tel. 0731 / 96877-34 | Fax 0731 / 96877-10 | email: ha@perimos.de | | Stupidity of mankind is beyond any imagination From owner-fwtk-users Tue Nov 17 10:46:09 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA11477 for fwtk-users-outgoing; Tue, 17 Nov 1998 10:43:48 -0500 (EST) Date: 17 Nov 1998 16:45:47 +0100 Message-ID: <19981117154547.10280.qmail@brandenburg-gmbh.de> From: Dirk Alboth To: andrewf@technologist.com CC: fwtk-users@tis.com In-reply-to: <981117093427JB.00525@web01.iname.net> (andrewf@technologist.com) Subject: Re: IP filtering Reply-to: alboth@brandenburg-gmbh.de Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > ipfwadm -F -a m -b -P tcp -S 0.0.0.0/0 1024:65535 -D x.x.x.x/32 80 > My second question is how to make the above statement *forward* > packets instead of *masquerade* them. As said before, "man ipfwadm" is a good source for syntax ;-) ("-a m" is old syntax for masquerading. The current syntax would be "-a accept -m" which is the one that is documented in the man page.) So "ipfwadm -F -a accept -b -P ..." does the magic. Dirk From owner-fwtk-users Tue Nov 17 13:45:09 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA12212 for fwtk-users-outgoing; Tue, 17 Nov 1998 13:40:49 -0500 (EST) Date: Tue, 17 Nov 1998 16:15:03 -0200 (EDT) From: Paulo Henrique Lyra To: fwtk-users@ex.tis.com Subject: Problem with multiples web servers Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello all, We have two web servers inside our firewall and would like to have fwtk select which one to gateway-forward based on target IP. I have installed and setup the ipbind-1.1 patch over fwtk-2.1 and had hopes it would be a simple matter of setting up ip-address:port pairs. However, each http-gw instance needs to bind port 80 on the same physical interface (packets will be coming from our outbound public interface), and thus only the first instance grabs the port, the second keeps sleeping forever waiting for a chance get port 80, too. The configuration used was something like the following: >From netperm-table... rule-proxy-1: forward /* -proto http -tohost www.internal1.com rule-proxy-1: permit-hosts * rule-proxy-2: forward /* -proto http -tohost www.internal2.com rule-proxy-2: permit-hosts * ...and I execute... http-gw -daemon www.external1.com:80 -name rule-proxy-1 http-gw -daemon www.external2.com:80 -name rule-proxy-2 The second http-gw writes "Cannot bind to port 80, sleeping for 2 minutes" to syslog and just keeps there. Question is, is ipbind capable of partitioning queries for both servers coming through the same interface? All references in the README make clear that it distinguishes things coming from disparate network interfaces, but nowhere it says it cannot do the same for a single interface (and indeed the way the examples are shown makes us believe it can). If that means we cannot have two http-gw instances running as stated above, what would be an alternative solution? Thanks for your time and attention, Paulo Lyra From owner-fwtk-users Tue Nov 17 13:49:16 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA12258 for fwtk-users-outgoing; Tue, 17 Nov 1998 13:47:51 -0500 (EST) Date: Tue, 17 Nov 1998 12:08:08 -0700 (MST) From: Mike Blatchley Reply-To: Mike Blatchley To: fwtk-users@ex.tis.com Subject: Some lib's needed in chrooted environment (anti-relay smap) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Sorry if this is slightly off-topic, but I am trying to get some of the anti-relay patches to work with smap. Even though I am statically linking smap (Linux machine, cc -g -static -o smap smap.o arpadate.o ../libfwall.a -lcrypt -lresolv), I still have unresolved symbols in the resulting executable (nm --undefined smap). Some of these are name service support functions. As a consequence, I am having to put a handful of libraries in /var/spool/smap/lib so they will be visible in the chroot'ed environment. When I upgrade a system, I'm not too fond of having to remember that I put an extra copy of certain lib's in some remote location. So is there anyone out there who has linker knowledge that can help me make a truly static, stand-alone binary. Thanks much, Mike mblatch@orci.com From owner-fwtk-users Tue Nov 17 16:23:05 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA12905 for fwtk-users-outgoing; Tue, 17 Nov 1998 16:19:38 -0500 (EST) From: Len Message-Id: <199811172139.OAA12684@isdi.com> Subject: ICQ through firewall? To: fwtk-users@ex.tis.com Date: Tue, 17 Nov 1998 14:39:56 -0700 (MST) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Has anyone got ICQ going through udprealy??? len From owner-fwtk-users Tue Nov 17 19:09:15 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA13487 for fwtk-users-outgoing; Tue, 17 Nov 1998 19:05:58 -0500 (EST) Date: Tue, 17 Nov 1998 16:15:11 -0800 From: Mike Batchelor Subject: Re: ICQ through firewall? To: fwtk-users@ex.tis.com X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <199811172139.OAA12684@isdi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] You just need this in udprelay.conf: relay 1.2.3.0 mask 255.255.255.0 * 4000 icq.mirabilis.com 4000 any Then configure ICQ to use your proxy's inside address as the ICQ server. Client-client file transfers do not work in this situation. Use your own network numbers, of course. :) Lather, Rinse, Repeat as necessary to cover your addresses. ------------------------ From: Len Subject: ICQ through firewall? Date: Tue, 17 Nov 1998 14:39:56 -0700 (MST) To: fwtk-users@ex.tis.com > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Has anyone got ICQ going through udprealy??? > > len ---------------End of Original Message----------------- _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/17/98 16:15:11 From owner-fwtk-users Tue Nov 17 19:12:44 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA13513 for fwtk-users-outgoing; Tue, 17 Nov 1998 19:11:21 -0500 (EST) Message-ID: <19981118003059.23475.qmail@hotmail.com> X-Originating-IP: [196.3.186.4] From: "Chique XXXXX" To: fwtk-users@ex.tis.com Subject: Re: ftping through http-gw... MIME-Version: 1.0 Content-Type: text/plain Date: Tue, 17 Nov 1998 16:30:59 PST Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Let me send this to the list: When I using the http-gw to connect to a ftp server I get the following error "Cannot be fetched" "Failed to connect to ftp server ftp.books.com (21)" Even though I had specified in the browser preference the port to use is 80. This is the eg. I used. "ftp://ftp.books.com" ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Wed Nov 18 02:16:24 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA14451 for fwtk-users-outgoing; Wed, 18 Nov 1998 02:13:07 -0500 (EST) >Received: from leia.perimos.de by perimos.de (4.1/SMI-4.1) id AA02202; Wed, 18 Nov 98 08:20:04 +0100 Message-Id: <9811180720.AA02202@perimos.de> From: "Heiner Amthauer" Organization: Perimos To: fwtk-users@ex.tis.com Date: Wed, 18 Nov 1998 08:21:57 +0100 Mime-Version: 1.0 Content-Transfer-Encoding: 7BIT Subject: www.erols.com dead ? Reply-To: ha@perimos.de X-Mailer: Pegasus Mail for Win32 (v3.01b) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi ! Is www.erols.com dead ? I can't get any response from it. greets ----------------------------------------- | Dipl. Ing. (FH) Heiner Amthauer | Perimos Elektronik, Tel. 0731 / 96877-34 | Fax 0731 / 96877-10 | email: ha@perimos.de | | Stupidity of mankind is beyond any imagination From owner-fwtk-users Wed Nov 18 02:54:51 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA14580 for fwtk-users-outgoing; Wed, 18 Nov 1998 02:53:12 -0500 (EST) From: "Andreas Weigand" To: fwtk-users@ex.tis.com Date: Wed, 18 Nov 1998 09:01:05 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: ftping through http-gw. Reply-to: andreas.weigand@vectron.net Message-ID: <8BB555E0B01@entwicklung.vectron.net> Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi Sherine, did you set your ftp-proxy-adress of your browser to the adress of http-proxy with the same port ? It's nessessary to do so. The http-gw does the translation. The only thing I've done is to replace the original files in the sourcedirectory fwtk/http-gw with the new files of the patch. These are ftp.c, http-gw.c, http-gw.h and hmain.c. After replacing these files I've compiled the source with no errors but still a few warnings and replace the original http-gw against the new one. The test with a ftp to a remote host completed successfully. So, what does http-gw say to you ? Is it the same errormessage that I get ? Andreas > Hi again Andreas, > I used the files from the patch , compiled but I'm still unable to ftp using http-gw... :-( ----------------------------- Vectron Elektronik GmbH Dipl.-Ing. Andreas Weigand Entwicklung Europark Fichtenhain A6 47807 Krefeld Tel.: 02151-83 96 35 Fax.: 02151-83 96 99 E-Mail: Andreas.Weigand@Vectron.Net From owner-fwtk-users Wed Nov 18 04:42:06 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id EAA14811 for fwtk-users-outgoing; Wed, 18 Nov 1998 04:38:07 -0500 (EST) >Received: from leia.perimos.de by perimos.de (4.1/SMI-4.1) id AA09818; Wed, 18 Nov 98 10:53:36 +0100 Message-Id: <9811180953.AA09818@perimos.de> From: "Heiner Amthauer" Organization: Perimos To: fwtk-users@ex.tis.com Date: Wed, 18 Nov 1998 10:55:29 +0100 Mime-Version: 1.0 Content-Transfer-Encoding: 7BIT Subject: www.erols.com dead ? ( was: Re: how to auth http ?? ) Reply-To: ha@perimos.de X-Mailer: Pegasus Mail for Win32 (v3.01b) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hey there ! > > I'm running fwtk on linux/isdn. Everything works fine, so far. > > However, I want my users to authenticate themselfes, before using > > http-gw. > > http://www.erols.com/avenger/running.html#5.4.3 > > > when using ftp from within the www-browser, some ftp-servers > > complain, that the e-mail address "unauth@server" is not valid. > > How do I set the ftp password with http-gw ? > > http://www.erols.com/avenger/running.html#5.4.10 Setting up a gw seems to be a very dragging proccess. All the neccessary information is spread world wide on slow newsgroups and dead www-servers. Now, is any1 here, who can tell me, if www.erols.com is online some times, or who can send me the above mentioned FAQs ? It would really help me to get things done. thanx. Heiner ----------------------------------------- | Dipl. Ing. (FH) Heiner Amthauer | Perimos Elektronik, Tel. 0731 / 96877-34 | Fax 0731 / 96877-10 | email: ha@perimos.de | | Stupidity of mankind is beyond any imagination From owner-fwtk-users Wed Nov 18 05:29:54 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id FAA14911 for fwtk-users-outgoing; Wed, 18 Nov 1998 05:26:15 -0500 (EST) From: "Michael C. Ibarra" Message-Id: <199811181045.FAA00994@imsi.com> Subject: Re: www.erols.com dead ? To: ha@perimos.de Date: Wed, 18 Nov 98 5:45:57 EST Cc: fwtk-users@ex.tis.com In-Reply-To: <9811180720.AA02202@perimos.de>; from "Heiner Amthauer" at Nov 18, 98 8:21 am Organization: Investment Management Services, Inc Internet: ibarra@imsi.com Voice: (212)339-2712 Fax: (212)339-2854 icbm: Tower 49 X-Mailer: ELM [version 2.3 PL11] Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Someone named Heiner Amthauer allegedly wrote... > >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >Hi ! > >Is www.erols.com dead ? I can't get any response from it. > >greets > > > ----------------------------------------- >| Dipl. Ing. (FH) Heiner Amthauer >| Perimos Elektronik, Tel. 0731 / 96877-34 >| Fax 0731 / 96877-10 >| email: ha@perimos.de >| >| Stupidity of mankind is beyond any imagination Seems fine to me. -mi From owner-fwtk-users Wed Nov 18 08:45:25 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA15405 for fwtk-users-outgoing; Wed, 18 Nov 1998 08:33:26 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: ha@perimos.de cc: fwtk-users@ex.tis.com Message-ID: <852566C0.004B9817.00@ttcmta1-7.ttc.com> Date: Wed, 18 Nov 1998 08:52:38 -0500 Subject: Re: www.erols.com dead ? ( was: Re: how to auth http ?? ) Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > Now, is any1 here, who can tell me, if www.erols.com is online some > times, or who can send me the above mentioned FAQs ? Erols is a fairly large ISP on the east coast here in the US with (I think) close to 400,000 subscribers. I don't think that their www server has any kind of limited access time... If you want, myself or someone from the list can send you the FAQ via e-mail. Or, if you can finally get through, you can get it from < http://www.erols.com/avenger/fwtk-faq.zip > BTW, I have only had one problem with Erols in the 4 years that I have been with them, which is why I picked them to host the FAQ... --Keith -youngk@ttc.com "Heiner Amthauer" on 11/18/98 04:55:29 AM Please respond to ha@perimos.de To: fwtk-users@ex.tis.com cc: Subject: www.erols.com dead ? ( was: Re: how to auth http ?? ) [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hey there ! > > I'm running fwtk on linux/isdn. Everything works fine, so far. > > However, I want my users to authenticate themselfes, before using > > http-gw. > > http://www.erols.com/avenger/running.html#5.4.3 > > > when using ftp from within the www-browser, some ftp-servers > > complain, that the e-mail address "unauth@server" is not valid. > > How do I set the ftp password with http-gw ? > > http://www.erols.com/avenger/running.html#5.4.10 Setting up a gw seems to be a very dragging proccess. All the neccessary information is spread world wide on slow newsgroups and dead www-servers. Now, is any1 here, who can tell me, if www.erols.com is online some times, or who can send me the above mentioned FAQs ? It would really help me to get things done. thanx. Heiner ----------------------------------------- | Dipl. Ing. (FH) Heiner Amthauer | Perimos Elektronik, Tel. 0731 / 96877-34 | Fax 0731 / 96877-10 | email: ha@perimos.de | | Stupidity of mankind is beyond any imagination From owner-fwtk-users Wed Nov 18 08:50:51 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA15465 for fwtk-users-outgoing; Wed, 18 Nov 1998 08:48:02 -0500 (EST) Message-ID: From: Martin Portmann To: fwtk-users@ex.tis.com Subject: www.erols.com dead ? ( was: Re: how to auth http ?? ) Date: Wed, 18 Nov 1998 15:09:01 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Heiner Amthauer wrote: > Setting up a gw seems to be a very dragging proccess. > All the neccessary information is spread world wide > on slow newsgroups and dead www-servers. Now, is > any1 here, who can tell me, if www.erols.com is > online some times, or who can send me the above mentioned > FAQs ? It would really help me to get things done. > ----------------------------------------- > | Dipl. Ing. (FH) Heiner Amthauer > | Perimos Elektronik, Tel. 0731 / 96877-34 > | Fax 0731 / 96877-10 > | email: ha@perimos.de > | > | Stupidity of mankind is beyond any imagination I like this signature about stupidity ... ----------------------------------------------------- Martin Portmann Mobile +41 79 330 60 12 Software Department Phone +41 62 896 42 40 Graph-Tech AG, Switzerland map@graph-tech.ch "Computer work, people think" - Thomas Watson From owner-fwtk-users Wed Nov 18 09:10:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA15576 for fwtk-users-outgoing; Wed, 18 Nov 1998 09:09:09 -0500 (EST) Message-ID: <01BE12D6.897FADA0@scirocco.Dynabrade.COM> From: Bill Earle To: "fwtk-users@ex.tis.com" , "'ha@perimos.de'" Subject: RE: www.erols.com dead ? ( was: Re: how to auth http ?? ) Date: Wed, 18 Nov 1998 09:33:43 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Heiner, Not sure what is going on, I am able to access the URL's listed below 09:25 EST from the US. Do you have a machine on the outside, connected to the Internet, that you could run a traceroute on to see how far you get. Make sure you can resolve the hostname also. Sorry I can't tell you which server I connected to either, you could try each by IP address until you get a response. ex. http://207.172.3.92/avenger/running.html#5.4.3 (this one worked for me also) > nslookup www.erols.com Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: www.erols.com Addresses: 207.172.3.92, 207.172.3.93, 207.172.3.94, 207.172.3.90 207.172.3.91 I would be happy to e-mail the HTML document to you if you are still unable to get through now. Later, Bill ---------- From: Heiner Amthauer[SMTP:ha@perimos.de] Sent: Wednesday, November 18, 1998 4:55 AM To: fwtk-users@ex.tis.com Subject: www.erols.com dead ? ( was: Re: how to auth http ?? ) [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hey there ! > > I'm running fwtk on linux/isdn. Everything works fine, so far. > > However, I want my users to authenticate themselfes, before using > > http-gw. > > http://www.erols.com/avenger/running.html#5.4.3 > > > when using ftp from within the www-browser, some ftp-servers > > complain, that the e-mail address "unauth@server" is not valid. > > How do I set the ftp password with http-gw ? > > http://www.erols.com/avenger/running.html#5.4.10 Setting up a gw seems to be a very dragging proccess. All the neccessary information is spread world wide on slow newsgroups and dead www-servers. Now, is any1 here, who can tell me, if www.erols.com is online some times, or who can send me the above mentioned FAQs ? It would really help me to get things done. thanx. Heiner ----------------------------------------- | Dipl. Ing. (FH) Heiner Amthauer | Perimos Elektronik, Tel. 0731 / 96877-34 | Fax 0731 / 96877-10 | email: ha@perimos.de | | Stupidity of mankind is beyond any imagination From owner-fwtk-users Thu Nov 19 02:42:03 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA21019 for fwtk-users-outgoing; Thu, 19 Nov 1998 02:37:56 -0500 (EST) >Received: from leia.perimos.de by perimos.de (4.1/SMI-4.1) id AA11955; Thu, 19 Nov 98 08:34:43 +0100 Message-Id: <9811190734.AA11955@perimos.de> From: "Heiner Amthauer" Organization: Perimos To: fwtk-users@ex.tis.com Date: Thu, 19 Nov 1998 08:36:36 +0100 Mime-Version: 1.0 Content-Transfer-Encoding: 7BIT Subject: Re: www.erols.com dead ? ( was: Re: how to auth http ?? ) Reply-To: ha@perimos.de In-Reply-To: <199811181634.LAA04039@ouareau.INRS-Telecom.UQuebec.CA> References: <9811180953.AA09818@perimos.de> from "Heiner Amthauer" at Nov 18, 98 10:55:29 am X-Mailer: Pegasus Mail for Win32 (v3.01b) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi ! Thanks, for that many replys. Some of you have been kind enough to send me the FAQs. I also discovered, that I can connect to www.erols.com through my ISPs proxy. I'm not shure, what the matter is. Possibly, I have some firewall rules, which lock myself out. However, ping and traceroute to any other host works fine. greets Heiner ----------------------------------------- | Dipl. Ing. (FH) Heiner Amthauer | Perimos Elektronik, Tel. 0731 / 96877-34 | Fax 0731 / 96877-10 | email: ha@perimos.de | | Stupidity of mankind is beyond any imagination From owner-fwtk-users Thu Nov 19 04:32:54 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id EAA21427 for fwtk-users-outgoing; Thu, 19 Nov 1998 04:27:27 -0500 (EST) Subject: Re: www.erols.com dead ? ( was: Re: how to auth http ?? ) To: youngk@ttc.com Date: Thu, 19 Nov 1998 11:51:23 +0200 (SAT) Cc: fwtk-users@ex.tis.com In-Reply-To: <852566C0.004B9817.00@ttcmta1-7.ttc.com> from "youngk@ttc.com" at "Nov 18, 98 08:52:38 am" From: siviwe@rhodes.ac.za (Siviwe Kwatsha) Reply-to: siviwe@rhodes.ac.za (Siviwe Kwatsha) Disclaimer: ALL views mine. X-Mailer: ELM [version 2.4ME+ PL15 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] youngk@ttc.com wrote: % BTW, I have only had one problem with Erols in the 4 years that I have been % with them, which is why I picked them to host the FAQ... Erols may be very reliable, but has anyone thought of mirroring the FAQ elsewhere too ? I think it'd be cool to have something like the qmail mirror (a mirror in most countries, updated everyday) for the FAQ. After all, it's accessed a lot. I for one would be quite keen to host a mirror (easier access and all that :) Just a thought. Siviwe -- Siviwe Kwatsha Sysadmin, short tempered, impolite, deaf From owner-fwtk-users Thu Nov 19 09:36:23 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA22540 for fwtk-users-outgoing; Thu, 19 Nov 1998 09:24:21 -0500 (EST) Message-Id: <3.0.5.32.19981118153138.00aaf2d0@mail.hartwellcorp.com> X-Sender: rowl@mail.hartwellcorp.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 18 Nov 1998 15:31:38 -0800 To: fwtk-users@ex.tis.com From: "Michael St. Laurent" Subject: Split DNS and reverse lookups Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I've set up the split DNS mentioned in the tutorials and normal lookups work great. If the request is for an external address it is forwarded to the firewall and resolved. Reverse lookups are another matter though. If I point the resolv.conf file to go straight to the firewall they work. If I use the split DNS and try sending the request to the internal DNS server first it fails. Please examine the sample nslookup session below: guardian:/var/named# nslookup Default Server: hartwell-eng2.hartwellcorp.com Address: 10.11.10.10 > ftp.microsoft.com Server: hartwell-eng2.hartwellcorp.com Address: 10.11.10.10 Non-authoritative answer: Name: ftp.microsoft.com Address: 198.105.232.1 > 198.105.232.1 Server: hartwell-eng2.hartwellcorp.com Address: 10.11.10.10 *** hartwell-eng2.hartwellcorp.com can't find 198.105.232.1: Non-existent host/domain > server guardian Default Server: guardian.hartwellcorp.com Address: 209.223.127.178 > 198.105.232.1 Server: guardian.hartwellcorp.com Address: 209.223.127.178 Name: ftp.microsoft.com Address: 198.105.232.1 Any help that you could lend would be very greatly appreciated. -------------------- Michael St. Laurent Hartwell Corporation "The software said to use with Windows95 or better, so I installed Linux." From owner-fwtk-users Thu Nov 19 12:00:19 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA23476 for fwtk-users-outgoing; Thu, 19 Nov 1998 11:56:45 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: siviwe@rhodes.ac.za (Siviwe Kwatsha) cc: fwtk-users@ex.tis.com Message-ID: <852566C1.005DDFE7.00@ttcmta1-7.ttc.com> Date: Thu, 19 Nov 1998 12:15:28 -0500 Subject: Re: www.erols.com dead ? ( was: Re: how to auth http ?? ) Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I think it'd be cool to have something like the qmail mirror (a mirror in > most countries, updated everyday) for the FAQ. After all, it's accessed a > lot. > > I for one would be quite keen to host a mirror (easier access and all that :) > > Just a thought. I would really like to see (with TIS's permission, of course :-) our own domain name for the FWTK. Of couse, the downloads would still be monitored by TIS, but a server which had FWTK info, the FAQ, FWTK news, etc. would be great. I have been looking for a provider which will donate to us ~10MB of space, cgi-bin access, and let us have our own domain name, but I haven't found one yet. I am also trying to figure out how to raise the $100.00 Internic fee too.. . :-( Yes, having this all mirrored on "www.us.fwtk.org", "www.uk.fwtk.org", etc. (like Qmail and Apache) would be great... I just checked and the fwtk.org domain is still available... Can anyone out there help with this? --Keith -youngk@ttc.com From owner-fwtk-users Thu Nov 19 13:47:03 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA24062 for fwtk-users-outgoing; Thu, 19 Nov 1998 13:43:57 -0500 (EST) Message-Id: <199811191904.OAA04718@fw1.osis.gov> From: Joseph S D Yao Subject: Re: Split DNS and reverse lookups To: rowl@earthlink.net (Michael St. Laurent) Date: Thu, 19 Nov 1998 14:05:36 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: <3.0.5.32.19981118153138.00aaf2d0@mail.hartwellcorp.com> from "Michael St. Laurent" at Nov 18, 98 03:31:38 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I've set up the split DNS mentioned in the tutorials and normal lookups > work great. If the request is for an external address it is forwarded to > the firewall and resolved. Reverse lookups are another matter though. If > I point the resolv.conf file to go straight to the firewall they work. If > I use the split DNS and try sending the request to the internal DNS server > first it fails. > > Please examine the sample nslookup session below: > ... > > 198.105.232.1 > Server: hartwell-eng2.hartwellcorp.com > Address: 10.11.10.10 > > *** hartwell-eng2.hartwellcorp.com can't find 198.105.232.1: Non-existent > host/domain Setting aside questions like "why would you want to" ... Try setting type to "ptr" or "any" and asking for "1.232.105.198.in-addr.arpa.". > set type=ptr > 1.232.105.198.in-addr.arpa. Non-authoritative answer: 1.232.105.198.in-addr.arpa name = ftp.microsoft.com Just tested what you did, works for me. So does what I suggested. The cricket book suggests that the first form is for older DNS, so may not work for some non-traditional versions. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Thu Nov 19 14:13:42 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA24256 for fwtk-users-outgoing; Thu, 19 Nov 1998 14:13:11 -0500 (EST) Message-ID: <01BE13C9.EE78C900@scirocco.Dynabrade.COM> From: Bill Earle To: "'youngk@ttc.com'" Cc: "fwtk-users@ex.tis.com" Subject: money for nothing ( was: Re: www.erols.com dead ? ) Date: Thu, 19 Nov 1998 14:36:01 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] How many of us are there on the list? If there where 50 of us we could kick in $2.00US each and be done with it. Now we just need TIS to give us their blessing. :) Just my two bucks ...er two cents, Bill Keith You wrote: ... figure out how to raise the $100.00 Internic fee too.. . :-( From owner-fwtk-users Thu Nov 19 14:41:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA24393 for fwtk-users-outgoing; Thu, 19 Nov 1998 14:40:42 -0500 (EST) Date: Thu, 19 Nov 1998 20:59:21 +0100 (CET) From: Peter RATKAI To: fwtk-users@ex.tis.com Subject: 'cannot get peer name' Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I'm puzzled! I have one machine, that canot connect to any gateway on my firewall. Tis machine is mapped statically into the NAT-system on Cisco4500. The firewall writes the internal addres of this machine, like this: tn-gw[1705]: fwtksyserr: cannot get peer name: Transport endpoint is not connected tn-gw[1706]: getpeername failed: Transport endpoint is not connected tcplogd: tn-gw connection attempt from postmaster.quaestor.hu [192.168.16.5] I've read about netacl makes this in case of ** but I have one machine that cannot connect to it, all the others CAN. I know it' not realy an FWTK problem, but it's very near. The configuration is just the same, I'm sure. I've tried to "tn-gw: permit-hosts 192.168.* -noauth" but no success. Even to add a line in /etc/hosts, ditto... Of course on linux 2.00.35 (Debian) Does anyone heard about a problem like this? Thanks for attention, best regards: -- Peter RATKAI Windows is Shutting down... -- From owner-fwtk-users Thu Nov 19 16:04:15 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA24817 for fwtk-users-outgoing; Thu, 19 Nov 1998 16:02:45 -0500 (EST) Message-Id: <3.0.5.32.19981119131017.00ab9950@mail.hartwellcorp.com> X-Sender: rowl@mail.hartwellcorp.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 19 Nov 1998 13:10:17 -0800 To: Joseph S D Yao From: "Michael St. Laurent" Subject: Re: Split DNS and reverse lookups Cc: fwtk-users@ex.tis.com In-Reply-To: <199811191904.OAA04718@fw1.osis.gov> References: <3.0.5.32.19981118153138.00aaf2d0@mail.hartwellcorp.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 02:05 PM 11/19/98 -0500, Joseph S D Yao wrote: >> I've set up the split DNS mentioned in the tutorials and normal lookups >> work great. If the request is for an external address it is forwarded to >> the firewall and resolved. Reverse lookups are another matter though. If >> I point the resolv.conf file to go straight to the firewall they work. If >> I use the split DNS and try sending the request to the internal DNS server >> first it fails. > >Setting aside questions like "why would you want to" ... Try setting I thought I was just following instructions! ;-) Doesn't the split DNS tutorial say to set things up this way? >type to "ptr" or "any" and asking for "1.232.105.198.in-addr.arpa.". > > > set type=ptr > > 1.232.105.198.in-addr.arpa. > Non-authoritative answer: > 1.232.105.198.in-addr.arpa name = ftp.microsoft.com > >Just tested what you did, works for me. So does what I suggested. The >cricket book suggests that the first form is for older DNS, so may not >work for some non-traditional versions. Both forms give me the "Non-existent host/domain" message. I don't know if it matters but the internal DNS is being resolved by an NT server. -------------------- Michael St. Laurent Hartwell Corporation "The software said to use with Windows95 or better, so I installed Linux." ------------- End Forwarded Message ------------- From owner-fwtk-users Thu Nov 19 16:40:53 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA24986 for fwtk-users-outgoing; Thu, 19 Nov 1998 16:40:28 -0500 (EST) Message-Id: <3.0.5.32.19981119144810.009dd630@dreamwvr.com> X-Sender: dreamwvr@dreamwvr.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 19 Nov 1998 14:48:10 -0700 To: Bill Earle , "'youngk@ttc.com'" From: dreamwvr Subject: Re: money for nothing ( was: Re: www.erols.com dead ? ) Cc: "fwtk-users@ex.tis.com" In-Reply-To: <01BE13C9.EE78C900@scirocco.Dynabrade.COM> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hi all, i am game as well... but please advise on what we need to do... as i missed the first part of the conversation. :() Regards, dreamwvr@dreamwvr.com Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. Featuring Website Development and Web Strategies of a TOP Developer "As Unique as the Company You Keep." "===0 PGP Key Available ________________________________________________________________________ From owner-fwtk-users Thu Nov 19 16:45:30 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA25017 for fwtk-users-outgoing; Thu, 19 Nov 1998 16:45:23 -0500 (EST) Date: Thu, 19 Nov 1998 13:58:52 -0800 From: Mike Batchelor Subject: Re: money for nothing ( was: Re: www.erols.com dead ? ) To: "fwtk-users@ex.tis.com" X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <01BE13C9.EE78C900@scirocco.Dynabrade.COM> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] It's US$70.00, not $100. $35/year. ------------------------ From: Bill Earle Subject: money for nothing ( was: Re: www.erols.com dead ? ) Date: Thu, 19 Nov 1998 14:36:01 -0500 To: "'youngk@ttc.com'" Cc: "fwtk-users@ex.tis.com" > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > How many of us are there on the list? If there where 50 of us > we could kick in $2.00US each and be done with it. Now we > just need TIS to give us their blessing. :) > > Just my two bucks ...er two cents, > Bill > > Keith You wrote: > > ... figure out how to raise the $100.00 Internic fee too.. . :-( > ---------------End of Original Message----------------- _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/19/98 13:58:53 From owner-fwtk-users Thu Nov 19 16:55:29 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA25105 for fwtk-users-outgoing; Thu, 19 Nov 1998 16:55:13 -0500 (EST) Message-Id: <199811192215.RAA16997@fw1.osis.gov> From: Joseph S D Yao Subject: Re: Split DNS and reverse lookups To: rowl@earthlink.net (Michael St. Laurent) Date: Thu, 19 Nov 1998 17:16:55 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: <3.0.5.32.19981119131017.00ab9950@mail.hartwellcorp.com> from "Michael St. Laurent" at Nov 19, 98 01:10:17 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > >Setting aside questions like "why would you want to" ... Try setting > > I thought I was just following instructions! ;-) Doesn't the split DNS > tutorial say to set things up this way? Sorry, that w a s ambiguous. I meant why "ftp.microsoft.com". Look at your own signature file. ;-/ > >type to "ptr" or "any" and asking for "1.232.105.198.in-addr.arpa.". > > > > > set type=ptr > > > 1.232.105.198.in-addr.arpa. > > Non-authoritative answer: > > 1.232.105.198.in-addr.arpa name = ftp.microsoft.com > > > >Just tested what you did, works for me. So does what I suggested. The > >cricket book suggests that the first form is for older DNS, so may not > >work for some non-traditional versions. > > Both forms give me the "Non-existent host/domain" message. I don't know if > it matters but the internal DNS is being resolved by an NT server. MSW-NT DNS is reportedly a "roll-your-own" version from MS, and may have all the normal problems when someone tries to do a well-established task with proprietary code. Have you tried running BIND on the MSW-NT machine instead? Try those requests from your firewall machine, and from the DNS machine. See where it gets lost. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Thu Nov 19 17:25:12 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA25248 for fwtk-users-outgoing; Thu, 19 Nov 1998 17:23:53 -0500 (EST) Message-ID: <01BE13E4.800476C0@scirocco.Dynabrade.COM> From: Bill Earle To: "'youngk@ttc.com'" , "'Bill Earle'" Cc: "fwtk-users@ex.tis.com" Subject: RE: money for nothing ( was: Re: www.erols.com dead ? ) Date: Thu, 19 Nov 1998 17:46:11 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Keith pointed out one main flaw in my suggestion "We still need to find an ISP to host the site" My suggestion would only cover the cost associated with registering a domain name for "fwtk.org" or whatever it would be called. Later, Bill ---------- From: Bill Earle[SMTP:Bill.Earle@Dynabrade.com] Sent: Thursday, November 19, 1998 2:36 PM To: 'youngk@ttc.com' Cc: fwtk-users@ex.tis.com Subject: money for nothing ( was: Re: www.erols.com dead ? ) [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] How many of us are there on the list? If there where 50 of us we could kick in $2.00US each and be done with it. Now we just need TIS to give us their blessing. :) Just my two bucks ...er two cents, Bill Keith You wrote: ... figure out how to raise the $100.00 Internic fee too.. . :-( From owner-fwtk-users Thu Nov 19 20:02:28 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id UAA25681 for fwtk-users-outgoing; Thu, 19 Nov 1998 20:00:02 -0500 (EST) Date: Thu, 19 Nov 1998 17:12:18 -0800 From: Mike Batchelor Subject: Re: Split DNS and reverse lookups To: fwtk-users@ex.tis.com X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <3.0.5.32.19981118153138.00aaf2d0@mail.hartwellcorp.com> <3.0.5.32.19981119131017.00ab9950@mail.hartwellcorp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > >Just tested what you did, works for me. So does what I suggested. The > >cricket book suggests that the first form is for older DNS, so may not > >work for some non-traditional versions. > > Both forms give me the "Non-existent host/domain" message. I don't know if > it matters but the internal DNS is being resolved by an NT server. There is a checkbox on the NT DNS control panel somewhere that says something to the effect of "create corresponding PTR records". You want to check it. I bet it's unchecked. If it's unchecked, you have set up in-addr domains and enter PTR records separately. _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/19/98 17:12:19 From owner-fwtk-users Fri Nov 20 00:09:32 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id AAA26199 for fwtk-users-outgoing; Fri, 20 Nov 1998 00:07:29 -0500 (EST) From: wizard01@impop.bellatlantic.net Message-Id: <199811200528.AAA09691@smtp-out1.bellatlantic.net> To: "fwtk-users@ex.tis.com" Date: Fri, 20 Nov 1998 00:25:02 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: money for nothing ( was: Re: www.erols.com dead ? ) In-reply-to: <01BE13E4.800476C0@scirocco.Dynabrade.COM> Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] The $ for the internic registration is frequently included with the package from many hosts. Before planning on definitely paying the internic fee find an ISP to host the site, they MAY even defray the fee (some DO do their own domain assignments)... > Keith pointed out one main flaw in my suggestion "We still > need to find an ISP to host the site" My suggestion would > only cover the cost associated with registering a domain name > for "fwtk.org" or whatever it would be called. > > Later, > Bill > > ---------- > From: Bill Earle[SMTP:Bill.Earle@Dynabrade.com] > Sent: Thursday, November 19, 1998 2:36 PM > To: 'youngk@ttc.com' > Cc: fwtk-users@ex.tis.com > Subject: money for nothing ( was: Re: www.erols.com dead ? ) > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > How many of us are there on the list? If there where 50 of us > we could kick in $2.00US each and be done with it. Now we > just need TIS to give us their blessing. :) > > Just my two bucks ...er two cents, > Bill > > Keith You wrote: > > ... figure out how to raise the $100.00 Internic fee too.. . :-( > > > > > From owner-fwtk-users Fri Nov 20 06:57:29 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA27178 for fwtk-users-outgoing; Fri, 20 Nov 1998 06:51:19 -0500 (EST) Subject: Re: www.erols.com dead ? ( was: Re: how to auth http ?? ) To: youngk@ttc.com Date: Fri, 20 Nov 1998 14:15:26 +0200 (SAT) Cc: fwtk-users@ex.tis.com In-Reply-To: <852566C1.005DDFE7.00@ttcmta1-7.ttc.com> from "youngk@ttc.com" at "Nov 19, 98 12:15:28 pm" From: siviwe@rhodes.ac.za (Siviwe Kwatsha) Reply-to: siviwe@rhodes.ac.za (Siviwe Kwatsha) Disclaimer: ALL views mine. X-Mailer: ELM [version 2.4ME+ PL15 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] youngk@ttc.com wrote: % I have been looking for a provider which will donate to us ~10MB of space, % cgi-bin access, and let us have our own domain name, but I haven't found one % yet. I am also trying to figure out how to raise the $100.00 Internic fee % too.. . :-( WHile I agree that something like a .fwtk.org would be great, something can be done about it now, while we debate who's coming up with the money etc etc. On the subject, there are projects like the Monolith project, which give away free domain names - that's if you don't mind fwtk.ml.org. My suggestion is that for the time being, while .ftwk.org is being organised, we register .fwtk.ml.org and referrence the mirrors that way. When the domain we're really after comes around, we can do a simple switch. I can offer > 10MB space on at least 2 servers and 2 (or more) DNS servers if anyone's game. I'm in South Africa, and for people here, it'll be closer than going to erols. I'm keen to mirror the FAQ etc now, if I'm allowed to. Suggestions/comments flames either to me directly : siviwe@rhodes.ac.za or via the list. Siviwe -- Siviwe Kwatsha Sysadmin, short tempered, impolite, deaf From owner-fwtk-users Fri Nov 20 09:43:33 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA28112 for fwtk-users-outgoing; Fri, 20 Nov 1998 09:30:40 -0500 (EST) From: DMyers6@aol.com Message-ID: <56d15c3.365581b2@aol.com> Date: Fri, 20 Nov 1998 09:50:26 EST To: fwtk-users@ex.tis.com Mime-Version: 1.0 Subject: Re: www.erols.com dead ? ( was: Re: how to auth http ?? ) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Mailer: AOL 3.0 for Windows 95 sub 62 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I'm fairly new to this list and coming in on the middle of this thread on a possible fwtk.org, but I own an ISP that provides hosting services and if someone is willing to fill me in on the requirements we may be able to donate hosting for this domain and pick up some/all of the registration. Doug Myers dmyers6@aol.com doug@documgmt.com From owner-fwtk-users Fri Nov 20 12:05:06 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA28727 for fwtk-users-outgoing; Fri, 20 Nov 1998 12:01:51 -0500 (EST) Date: Fri, 20 Nov 1998 17:52:18 +0100 Message-Id: <199811201652.RAA00379@bugatti> To: youngk@ttc.com Subject: Re: www.erols.com dead ? Cc: fwtk-users@ex.tis.com From: Webmaster@darkover.com (Darkover Group) X-Sun-Charset: US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi all, BTW, the nic fee is only $70 for first 2 years now. $35 annual thereafter. I am also looking for ISPs that may host us free. I am able to mirror the FAQ at darkover.com located in Washington if you like as temp. solution also. I have no control over dns-servers. youngk@ttc.com wrote: % I have been looking for a provider which will donate to us ~10MB of space, % cgi-bin access, and let us have our own domain name, but I haven't found one % yet. I am also trying to figure out how to raise the $100.00 Internic fee % too.. . :-( WHile I agree that something like a .fwtk.org would be great, something can be done about it now, while we debate who's coming up with the money etc etc. siviwe@rhodes.ac.za (Siviwe Kwatsha) wrote: >On the subject, there are projects like the Monolith project, which give away >free domain names - that's if you don't mind fwtk.ml.org. My experience with ml.org is that there service is not very reliable. Domainname queries often fail with time out. Regards Dieter Bergmeier -- Darkover Group Webmaster@darkover.com http://www.darkover.com/search/ From owner-fwtk-users Fri Nov 20 14:18:15 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA29437 for fwtk-users-outgoing; Fri, 20 Nov 1998 14:14:51 -0500 (EST) From: "Michael C. Ibarra" Message-Id: <199811201934.OAA02212@imsi.com> Subject: Re: www.erols.com dead ? To: Webmaster@darkover.com (Darkover Group) Date: Fri, 20 Nov 98 14:34:22 EST Cc: youngk@ttc.com, fwtk-users@ex.tis.com In-Reply-To: <199811201652.RAA00379@bugatti>; from "Darkover Group" at Nov 20, 98 5:52 pm Organization: Investment Management Services, Inc Internet: ibarra@imsi.com Voice: (212)339-2712 Fax: (212)339-2854 icbm: Tower 49 X-Mailer: ELM [version 2.3 PL11] Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Someone named Darkover Group allegedly wrote... > >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > > >Hi all, > >BTW, the nic fee is only $70 for first 2 years now. >$35 annual thereafter. Be advised that this is for .org only, not .com. -mike From owner-fwtk-users Fri Nov 20 14:44:31 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA00090 for fwtk-users-outgoing; Fri, 20 Nov 1998 14:42:53 -0500 (EST) Message-Id: <3.0.5.32.19981120125133.00a00300@dreamwvr.com> X-Sender: dreamwvr@dreamwvr.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 20 Nov 1998 12:51:33 -0700 To: siviwe@rhodes.ac.za (Siviwe Kwatsha), youngk@ttc.com From: dreamwvr Subject: Re: www.erols.com dead ? ( was: Re: how to auth http ?? ) Cc: fwtk-users@ex.tis.com In-Reply-To: References: <852566C1.005DDFE7.00@ttcmta1-7.ttc.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hi keith +, dreamwvr here:) been a while. i can probably mirror the errols site in north america...if we are in agreement and also enable the scripts mirrored of the same server i am on without too much trouble. That is if i have the scripts. This is a situation i suppose much like 'SSH FAQ' which i have rescued from ... oblivion. How much space does the current site take up? @ the very least as the FWTK group has allowed me to learn a great deal i would b able to manage the lion's share of the $100.00 Internic fee perhaps the entire fee:) as long as 'dreamwvr.com' was given credit somewhere for assistance. So if it is agreed email me the details so i can agree or disagree. Regards, dreamwvr@dreamwvr.com Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. Featuring Website Development and Web Strategies of a TOP Developer "As Unique as the Company You Keep." "===0 PGP Key Available ________________________________________________________________________ From owner-fwtk-users Fri Nov 20 14:54:14 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA00297 for fwtk-users-outgoing; Fri, 20 Nov 1998 14:52:38 -0500 (EST) Message-Id: <3.0.5.32.19981120121412.00a9cda0@207.194.87.254> X-Sender: devin@207.194.87.254 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 20 Nov 1998 12:14:12 -0800 To: "Michael C. Ibarra" From: Devin Redlich Subject: Re: www.erols.com dead ? Cc: fwtk-users@ex.tis.com In-Reply-To: <199811201934.OAA02212@imsi.com> References: <199811201652.RAA00379@bugatti> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] >>BTW, the nic fee is only $70 for first 2 years now. >>$35 annual thereafter. > >Be advised that this is for .org only, not .com. Where in the world did you get that idea? http://www.internic.net/fees/facts.html __ Devin Redlich devin@pctc.com From owner-fwtk-users Fri Nov 20 15:03:38 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA00437 for fwtk-users-outgoing; Fri, 20 Nov 1998 15:02:06 -0500 (EST) From: "Michael C. Ibarra" Message-Id: <199811202021.PAA02388@imsi.com> Subject: Re: www.erols.com dead ? To: devin@pctc.com (Devin Redlich) Date: Fri, 20 Nov 98 15:21:50 EST Cc: ibarra@imsi.com, fwtk-users@ex.tis.com In-Reply-To: <3.0.5.32.19981120121412.00a9cda0@207.194.87.254>; from "Devin Redlich" at Nov 20, 98 12:14 pm Organization: Investment Management Services, Inc Internet: ibarra@imsi.com Voice: (212)339-2712 Fax: (212)339-2854 icbm: Tower 49 X-Mailer: ELM [version 2.3 PL11] Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Someone named Devin Redlich allegedly wrote... > >>>BTW, the nic fee is only $70 for first 2 years now. >>>$35 annual thereafter. >> >>Be advised that this is for .org only, not .com. > >Where in the world did you get that idea? > >http://www.internic.net/fees/facts.html > >__ >Devin Redlich >devin@pctc.com Oops, I stand corrected. I was merely reflecting what I know I pay for my own domainname, which is a .com, and is more than what was stated above. FYI http://www.internic.net/faq/pay.html -mike From owner-fwtk-users Fri Nov 20 15:14:26 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA00569 for fwtk-users-outgoing; Fri, 20 Nov 1998 15:12:58 -0500 (EST) Date: Fri, 20 Nov 1998 21:25:12 +0100 Message-Id: <199811202025.VAA00646@bugatti> To: ibarra@imsi.com Subject: Re: www.erols.com dead ? Cc: youngk@ttc.com, fwtk-users@ex.tis.com From: Webmaster@darkover.com (Darkover Group) Reply-To: Webmaster@darkover.com X-Sun-Charset: US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Michael C. Ibarra wrote: >Someone named Darkover Group allegedly wrote... >> >> >>Hi all, >> >?BTW, the nic fee is only $70 for first 2 years now. >>$35 annual thereafter. > >Be advised that this is for .org only, not .com Michael, I am sorry but that's for com AND org ($70/35) see: http://www.internic.net/domain-info/fee-policy.html and: http://www.internic.net/cgi-bin/domain/ gov and edu is free :-( Dieter -- Darkover Group Webmaster@darkover.com http://www.darkover.com/search/ From owner-fwtk-users Sat Nov 21 03:38:24 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id DAA02452 for fwtk-users-outgoing; Sat, 21 Nov 1998 03:35:07 -0500 (EST) Subject: Re: www.erols.com dead ? To: Webmaster@darkover.com (Darkover Group) Date: Sat, 21 Nov 1998 10:59:53 +0200 (SAT) Cc: fwtk-users@ex.tis.com In-Reply-To: <199811201652.RAA00379@bugatti> from Darkover Group at "Nov 20, 98 05:52:18 pm" From: siviwe@rhodes.ac.za (Siviwe Kwatsha) Reply-to: siviwe@rhodes.ac.za (Siviwe Kwatsha) Disclaimer: ALL views mine. X-Mailer: ELM [version 2.4ME+ PL15 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Darkover Group wrote: % My experience with ml.org is that there service is not very reliable. % Domainname queries often fail with time out. That's true, I tried to get something off their webpage and even that's not really working properly. The point remains though that if you have enough DNS servers around the world authoritative for a domain, chances are you'll never need to go to root (ml.org) servers - so you'll have less timeouts. BTW: I only use the "siviwe@rhodes.ac.za" address for posting to this group. After I'd posted only once, I started receiving spam. I'm wondering if there's any way that arbitrary fools who are looking to grab our addresses and send us spam can be prevented from doing that. Anyone know of a program that will take source, destination and packet type parameters. It will write a packet of that type and send it. eg. arp reply packet from src to dest. I think it'd help a lot when trying to debug ipfwadm rules especially. If no one knows of one, is it worth my effort writing it ? Siviwe -- Siviwe Kwatsha Sysadmin, short tempered, impolite, deaf From owner-fwtk-users Sat Nov 21 10:28:03 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA03014 for fwtk-users-outgoing; Sat, 21 Nov 1998 10:14:43 -0500 (EST) Message-ID: <19981121153501.26799@midcoast.com> Date: Sat, 21 Nov 1998 15:35:01 +0000 From: Chock Griebel To: fwtk-users@ex.tis.com Subject: smap -daemon dies (Linux 1.2.13) Mail-Followup-To: fwtk-users@ex.tis.com Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.89.1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I have patched the 2.1 smap with the smapx.pch to prevent relaying. Added new smap rules per FAQ to netperm-table and all works great until I run "sendmail -q" at which point the ¨smap -daemon" process dies with following syslog message: Nov 21 10:05:13 [hostname] smap[12128]: fwtksyserr: Accept failed: Connection timed out At this point the server no longer accepts mail requests because smap -daemon is gone. Could this be related to the sendmail version (it's quite old)? I have tried starting smap from inetd but it just drops connections immediately. The inetd.conf line that I had looks like this: smtp stream tcp nowait root /usr/local/etc/smap smap (I verified that smap is in /usr/local/etc/) I have searched the archives to no avail (only saw the Solaris post). I would **greatly** appreciate some help. I've been struggling with this for a while now. Thanks. Chock From owner-fwtk-users Sat Nov 21 13:09:43 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA03260 for fwtk-users-outgoing; Sat, 21 Nov 1998 13:06:28 -0500 (EST) Message-ID: <19981121182649.45174@midcoast.com> Date: Sat, 21 Nov 1998 18:26:49 +0000 From: Chock Griebel To: fwtk-users@ex.tis.com Subject: Re: smap -daemon dies (Linux 1.2.13) Mail-Followup-To: fwtk-users@ex.tis.com References: <19981121153501.26799@midcoast.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.89.1 In-Reply-To: <19981121153501.26799@midcoast.com>; from Chock Griebel on Sat, Nov 21, 1998 at 03:35:01PM +0000 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Sat, Nov 21, 1998 at 03:35:01PM +0000, Chock Griebel wrote: > I have patched the 2.1 smap with the smapx.pch to prevent relaying. Added > new smap rules per FAQ to netperm-table and all works great until I run > "sendmail -q" at which point the ¨smap -daemon" process dies with following > syslog message: > > Nov 21 10:05:13 [hostname] smap[12128]: fwtksyserr: Accept failed: Connection timed > out > > At this point the server no longer accepts mail requests because smap -daemon > is gone. Sorry to reply to my own post but I have made the following modification (at end of message) to smap.c to temporarily solve my problem. I replaced the exit call after the accept() error with continue to prevent smap from exiting. This keeps smap running and logs all but EINTR accept failures. It seems to work ok so far. I've already seen a "Connection time out" error and smap stays running. I realize I could just test for ETIMEDOUT but I don't want smap to exit no matter what. If anyone can provide any insight on why I might be getting the "Connection timed out" error in the first place I'd like to hear it. And why should the daemon exit on such a failure anyway? Chock /* smap.c mod. */ ... while (1) { signal (SIGCHLD, waitwaitwait); sockl = accept (sock, (struct sockaddr *)0, (int *)0); if (sockl < 0) { if (errno == EINTR) continue; syslog(LLEV,"fwtksyserr: Accept failed: %m"); /* exit(1); */ /* added following line */ continue; } ... From owner-fwtk-users Sun Nov 22 10:05:41 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA05296 for fwtk-users-outgoing; Sun, 22 Nov 1998 10:00:34 -0500 (EST) From: fwtk-users@progressive-comp.com Date: Sun, 22 Nov 1998 10:16:02 -0500 Message-Id: <199811221516.KAA13314@www.progressive-comp.com> Reply-To: Hank Leininger X-Shameless-Plug: Check out http://www.progressive-comp.com/Lists/ X-Warning: This mail posted via a web gateway at www.progressive-comp.com X-Warning: Report any violation of list policy to abuse@progressive-comp.com X-Posted-By: Hank Leininger To: fwtk-users@ex.tis.com Subject: Re: Some lib's needed in chrooted environment (anti-relay smap) Cc: Mike Blatchley Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On 1998-11-17, Mike Blatchley wrote: > Even though I am statically > linking smap (Linux machine, cc -g -static -o smap smap.o arpadate.o > ../libfwall.a -lcrypt -lresolv), I still have unresolved symbols in the > resulting executable (nm --undefined smap). Some of these are name > service support functions. As a consequence, I am having to put a > handful of libraries in /var/spool/smap/lib so they will be visible in > the chroot'ed environment. Let me guess: you're on a RedHat 5.x or Debian 2.x box, which uses glibc? ...and the libs you need are libns[ls]* type stuff? I'm not sure how to solve that except "compile on a libc5 Linux box", as I've been sticking with libc5 exclusively on production boxes ;) Anyone else have better ideas? You might check out some of the redhat support lists, the linux-glibc list, and/or do some dejanews searching. This may be illuminating to get you started: http://www.progressive-comp.com/Lists/?l=linux-glibc&m=88998627204117&w=2 Hank Leininger From owner-fwtk-users Mon Nov 23 07:12:51 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA07965 for fwtk-users-outgoing; Mon, 23 Nov 1998 06:55:32 -0500 (EST) X-Authentication-Warning: 21st-century-comm.com: mail set sender to using -f From: "Todd Williams" To: Subject: Multiple copies of e-mails being delivered... Date: Mon, 23 Nov 1998 07:14:47 -0500 Message-ID: <00e501be16da$ddbe7240$8702a8c0@twilliams.tfcc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I wondered if anyone has experienced this problem, and if there is a solution for it? We're running the FWTK, using smap and smapd, and using the mqueue script. The problem is this: From time to time, various users have been experiencing multiple (sometimes 2, 3, 4, as many as 30) copies of the same e-mail message. It seems to happen most often when we're experiencing (or perhaps I should say when our ISP is having) problems with our PPP connection. We have our internal e-mail addresses aliased to their respective local addresses, which hasn't been a problem. For whatever reason, it would appear that the bastion machine is delivering multiple copies of the same message when it has connection problems. Does anyone have any thoughts? Thanks, Todd Williams Twenty First Century Communications, Inc. From owner-fwtk-users Mon Nov 23 10:52:16 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA09058 for fwtk-users-outgoing; Mon, 23 Nov 1998 10:47:52 -0500 (EST) Message-ID: <36598843.CDA5DB99@sabre.com> Date: Mon, 23 Nov 1998 10:07:31 -0600 From: Bob Bolduc Organization: The SABRE Group X-Mailer: Mozilla 4.5 [en]C-CCK-MCD (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: fwtk-users@ex.tis.com Subject: n2a errors from smap Content-Type: multipart/mixed; boundary="------------ADA523339C88E5941C54DCD5" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This is a multi-part message in MIME format. --------------ADA523339C88E5941C54DCD5 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I'm experiencing strange errors in my messages file coming from smap. We see about 200-300 per day. They look like: smap[4193]: n2a get_local_info: open to get interface configuration: No such file or directory I am running fwtk 2.1 with nospam added in to smap. This is on a sparc running Solaris 2.6. Has anyone else seen these errors and if so, do you know what causes them ? Thanks! -- Bob Bolduc The SABRE Group - Internet Services Principal Internet Engineer bob@sabre.com (817) 963-1495 --------------ADA523339C88E5941C54DCD5 Content-Type: text/x-vcard; charset=us-ascii; name="bob.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Bob Bolduc Content-Disposition: attachment; filename="bob.vcf" begin:vcard n:Bolduc;Bob tel;work:(817) 963-1495 x-mozilla-html:TRUE url:www.sabre.com org:The SABRE Group;Internet Services version:2.1 email;internet:bob@sabre.com title:Principal Internet Engineer adr;quoted-printable:version:2.1;;4200 Amon Carter Blvd=0D=0AMD 2512=0D=0ACP2 7N20;Fort Worth;TX;76155;USA fn:Bob Bolduc end:vcard --------------ADA523339C88E5941C54DCD5-- From owner-fwtk-users Mon Nov 23 11:15:39 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA09221 for fwtk-users-outgoing; Mon, 23 Nov 1998 11:14:00 -0500 (EST) From: youngk@ttc.com X-Lotus-FromDomain: TTC To: fwtk-users@tis.com Message-ID: <852566C5.00596C7D.00@ttcmta1-7.ttc.com> Date: Mon, 23 Nov 1998 11:31:35 -0500 Subject: TIS/NAI approval? Mime-Version: 1.0 Content-type: multipart/mixed; Boundary="0__=YdL3ZEnmbnJyEQxK1AsWyemgocOFCWnTKhqJ0oJp0Hx9cAS5pNcf4ZQM" Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] --0__=YdL3ZEnmbnJyEQxK1AsWyemgocOFCWnTKhqJ0oJp0Hx9cAS5pNcf4ZQM Content-type: text/plain; charset=us-ascii Content-Disposition: inline Is anyone at TIS/NAI still on this list? If so, please see below... --Keith -youngk@ttc.com P.S. Mike Ibarra has offered to donate the startup costs and at least 2 years of Internic fees for fwtk.org. If anyone has contacts in an ISP who would be willing to mirror/host the site, please let me know. Also, I have found a web design company who is willing to donate time to design the site... ---------------------- Forwarded by Keith Young/IS/TTC/US on 11/23/98 11:17 AM --------------------------- Mail Delivery Subsystem on 11/23/98 11:17:09 AM To: Keith Young/IS/TTC/US cc: Subject: Returned mail: User unknown The original message was received at Mon, 23 Nov 1998 11:17:06 -0500 (EST) from uucp@localhost ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... while talking to smtp.hq.tis.com: >>> RCPT To: <<< 550 ... User unknown 550 ... User unknown --0__=YdL3ZEnmbnJyEQxK1AsWyemgocOFCWnTKhqJ0oJp0Hx9cAS5pNcf4ZQM Content-type: application/octet-stream; name="att1.unk" Content-Disposition: attachment; filename="att1.unk" Content-transfer-encoding: base64 UmVwb3J0aW5nLU1UQTogZG5zOyByZWxheS5ocS50aXMuY29tDQpBcnJpdmFsLURhdGU6IE1vbiwg MjMgTm92IDE5OTggMTE6MTc6MDYgLTA1MDAgKEVTVCkNCg0KRmluYWwtUmVjaXBpZW50OiByZmM4 MjI7IGZ3dGstbGljZW5zZUB0aXMuY29tDQpBY3Rpb246IGZhaWxlZA0KU3RhdHVzOiA1LjEuMQ0K UmVtb3RlLU1UQTogZG5zOyBzbXRwLmhxLnRpcy5jb20NCkRpYWdub3N0aWMtQ29kZTogc210cDsg NTUwIDxmd3RrLWxpY2Vuc2VAdGlzLmNvbT4uLi4gVXNlciB1bmtub3duDQpMYXN0LUF0dGVtcHQt RGF0ZTogTW9uLCAyMyBOb3YgMTk5OCAxMToxNzowOSAtMDUwMCAoRVNUKQ0KDQo= --0__=YdL3ZEnmbnJyEQxK1AsWyemgocOFCWnTKhqJ0oJp0Hx9cAS5pNcf4ZQM Content-type: text/plain; charset=us-ascii Content-Disposition: inline I don't know if this is the proper address to check with or not, but I wanted to check with you to see if TIS/NAI will allow an "Official FWTK web site". It will be completely funded by the FWTK users and will not have any advertisements on it. We will also be following the FWTK license by not mirroring the toolkit on the server; they will still be required to send the e-mail to download the file. Is this okay? --Keith Young -youngk@ttc.com --0__=YdL3ZEnmbnJyEQxK1AsWyemgocOFCWnTKhqJ0oJp0Hx9cAS5pNcf4ZQM-- From owner-fwtk-users Mon Nov 23 11:33:23 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA09327 for fwtk-users-outgoing; Mon, 23 Nov 1998 11:31:48 -0500 (EST) Message-ID: <312154075E4AD211B6A30000F843CD6203F7D6@exchange.pdv.de> From: "Dirk.Nerling" To: "Firewall Toolkit (M-list)" Subject: SMAP allows mail relay Date: Mon, 23 Nov 1998 17:51:23 +0100 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, we do use fwtk 2.1 and I got today the mail from my provider that our mailserver allows spam through mail relay. Of course it's my sendmail 8.8.8 which allows the relay but are there any options for smap??? best reagards Dirk -- Milky Way - Sol System - Earth - Europe - Germany - Thuringia - Erfurt http://wall.pdv.de/~nerle From owner-fwtk-users Mon Nov 23 14:25:54 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA10125 for fwtk-users-outgoing; Mon, 23 Nov 1998 14:23:18 -0500 (EST) From: wizard01@impop.bellatlantic.net Message-Id: <199811231942.OAA00691@iconmail.bellatlantic.net> To: fwtk-users@ex.tis.com Date: Mon, 23 Nov 1998 14:39:07 +0100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Multiple copies of e-mails being delivered... In-reply-to: <00e501be16da$ddbe7240$8702a8c0@twilliams.tfcc.com> X-mailer: Pegasus Mail for Win32 (v3.01d) Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Sounds like the isp host isn't acknowleging the mail transfer. When your mail machine doesn't get the ack from the isp machine it resends the mail. What kind of connection do you have to your isp? > I wondered if anyone has experienced this problem, and if there is a > solution for it? > > We're running the FWTK, using smap and smapd, and using the mqueue script. > The problem is this: From time to time, various users have been > experiencing multiple (sometimes 2, 3, 4, as many as 30) copies of the same > e-mail message. It seems to happen most often when we're experiencing (or > perhaps I should say when our ISP is having) problems with our PPP > connection. We have our internal e-mail addresses aliased to their > respective local addresses, which hasn't been a problem. For whatever > reason, it would appear that the bastion machine is delivering multiple > copies of the same message when it has connection problems. > > Does anyone have any thoughts? > > Thanks, > > Todd Williams > Twenty First Century Communications, Inc. > From owner-fwtk-users Mon Nov 23 23:13:55 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id XAA12144 for fwtk-users-outgoing; Mon, 23 Nov 1998 23:10:01 -0500 (EST) Message-ID: <365A3670.AB0E0475@insync.net> Date: Tue, 24 Nov 1998 04:30:40 +0000 From: Miles Lott X-Mailer: Mozilla 4.5 [en] (X11; U; Linux 2.1.129 i586) X-Accept-Language: en MIME-Version: 1.0 To: Chock Griebel CC: fwtk-users@ex.tis.com Subject: Re: smap -daemon dies (Linux 1.2.13) References: <19981121153501.26799@midcoast.com> <19981121182649.45174@midcoast.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Pardon me for asking, but why are you using a 3 year old kernel? Chock Griebel wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > On Sat, Nov 21, 1998 at 03:35:01PM +0000, Chock Griebel wrote: From owner-fwtk-users Tue Nov 24 02:59:43 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA12845 for fwtk-users-outgoing; Tue, 24 Nov 1998 02:57:09 -0500 (EST) Mime-Version: 1.0 Date: Tue, 24 Nov 1998 08:17:27 +0000 Message-ID: <65a6ba80@camcable.co.uk> From: Spencer_Marshall@camcable.co.uk (Spencer Marshall) Subject: Re: SMAP allows mail relay To: fwtk-users@ex.tis.com, "Dirk.Nerling" Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] There is an anti relay patch, unfortunately, I can not remember where it is. Maybe someone can enlighten both of us. Alternatively, you could set up smap in the netperm-table to only accept e-mail from a) your service provider, and b) your internal mail server. Hope this helps, Spencer ______________________________ Reply Separator _________________________________ Subject: SMAP allows mail relay Author: "Dirk.Nerling" at Internet Date: 23/11/98 17:51 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, we do use fwtk 2.1 and I got today the mail from my provider that our mailserver allows spam through mail relay. Of course it's my sendmail 8.8.8 which allows the relay but are there any options for smap??? best reagards Dirk -- Milky Way - Sol System - Earth - Europe - Germany - Thuringia - Erfurt http://wall.pdv.de/~nerle From owner-fwtk-users Tue Nov 24 03:16:52 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id DAA12916 for fwtk-users-outgoing; Tue, 24 Nov 1998 03:16:33 -0500 (EST) Message-Id: <3.0.32.19981124093720.008e3c00@lda> X-Sender: pol@lda X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 24 Nov 1998 09:37:21 +0100 To: Spencer Marshall , fwtk-users@ex.tis.com, "Dirk.Nerling" From: Peter Olsson Subject: Re: SMAP allows mail relay Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id DAA12913 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Or change from smap to smtpd (www.obtuse.com if I remember right). I did that for anti-relay reasons, it works great. Peter Olsson pol@leissner.se 08:17 1998-11-24 +0000, Spencer Marshall wrote: >ÄTo be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.Ĺ > > > There is an anti relay patch, unfortunately, I can not remember where > it is. Maybe someone can enlighten both of us. > > Alternatively, you could set up smap in the netperm-table to only > accept e-mail from a) your service provider, and b) your internal mail > server. > > Hope this helps, > > Spencer > > >______________________________ Reply Separator _________________________________ >Subject: SMAP allows mail relay >Author: "Dirk.Nerling" at Internet >Date: 23/11/98 17:51 > > >ÄTo be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.Ĺ > >Hello, > >we do use fwtk 2.1 and I got today the mail from my provider that our >mailserver allows >spam through mail relay. Of course it's my sendmail 8.8.8 which allows >the relay but >are there any options for smap??? > >best reagards Dirk >-- >Milky Way - Sol System - Earth - Europe - Germany - Thuringia - Erfurt > http://wall.pdv.de/ünerle > > From owner-fwtk-users Tue Nov 24 06:02:13 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA13359 for fwtk-users-outgoing; Tue, 24 Nov 1998 06:00:35 -0500 (EST) X-Authentication-Warning: 21st-century-comm.com: mail set sender to using -f From: "Todd Williams" To: Cc: Subject: RE: Multiple copies of e-mails being delivered... Date: Tue, 24 Nov 1998 06:19:43 -0500 Message-ID: <010701be179c$56a4f1e0$8702a8c0@twilliams.tfcc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <199811231942.OAA00691@iconmail.bellatlantic.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I'm pretty certain that the problem is occurring after the mail has arrived on our machine. The mail is definitely sitting on our server, in queue for delivery on to our POP mail server. Our connection is a laughable 56K v.90 POTS connection. (Soon to be upgraded, very very soon.) Any ideas? Todd Williams Twenty First Century Communications > Sounds like the isp host isn't acknowleging the mail transfer. When > your mail machine doesn't get the ack from the isp machine it > resends the mail. > What kind of connection do you have to your isp? > > > I wondered if anyone has experienced this problem, and if there is a > > solution for it? > > > > We're running the FWTK, using smap and smapd, and using the > mqueue script. > > The problem is this: From time to time, various users have been > > experiencing multiple (sometimes 2, 3, 4, as many as 30) > copies of the same > > e-mail message. It seems to happen most often when we're > experiencing (or > > perhaps I should say when our ISP is having) problems with our PPP > > connection. We have our internal e-mail addresses aliased to their > > respective local addresses, which hasn't been a problem. > For whatever > > reason, it would appear that the bastion machine is > delivering multiple > > copies of the same message when it has connection problems. > > > > Does anyone have any thoughts? > > > > Thanks, > > > > Todd Williams > > Twenty First Century Communications, Inc. > > > > > From owner-fwtk-users Tue Nov 24 12:10:11 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA14954 for fwtk-users-outgoing; Tue, 24 Nov 1998 11:51:47 -0500 (EST) Message-Id: <199811241712.MAA23382@fw1.osis.gov> From: Joseph S D Yao Subject: Re: SMAP allows mail relay To: Spencer_Marshall@camcable.co.uk (Spencer Marshall) Date: Tue, 24 Nov 1998 12:13:40 -0500 (EST) Cc: fwtk-users@ex.tis.com, Dirk.Nerling@pdv.de In-Reply-To: <65a6ba80@camcable.co.uk> from "Spencer Marshall" at Nov 24, 98 08:17:27 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] ... > There is an anti relay patch, unfortunately, I can not remember where > it is. Maybe someone can enlighten both of us. > > Alternatively, you could set up smap in the netperm-table to only > accept e-mail from a) your service provider, and b) your internal mail > server. ... Per [which Keith was going to fix], both anti-relaying and anti-spam are addressed in , which is a compilation of and [I hope] improvement to several other patches to 'smap'. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "COSPO/OSIS Computer Support" mail to sys-adm@cospo.osis.gov ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Tue Nov 24 12:48:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA15254 for fwtk-users-outgoing; Tue, 24 Nov 1998 12:44:12 -0500 (EST) Message-Id: <3.0.5.32.19981124105258.00a5b230@dreamwvr.com> X-Sender: dreamwvr@dreamwvr.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Tue, 24 Nov 1998 10:52:58 -0700 To: fwtk-users@ex.tis.com From: dreamwvr Subject: status of fwtk.org ??? In-Reply-To: <65a6ba80@camcable.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hi all, has errols site been rescued? if ! i am willing to help... Regards, dreamwvr@dreamwvr.com Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. Featuring Website Development and Web Strategies of a TOP Developer "As Unique as the Company You Keep." "===0 PGP Key Available ________________________________________________________________________ From owner-fwtk-users Tue Nov 24 14:17:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA15575 for fwtk-users-outgoing; Tue, 24 Nov 1998 14:15:52 -0500 (EST) Message-ID: <19981124193548.24280.qmail@hotmail.com> X-Originating-IP: [196.3.0.9] From: "Chique XXXXX" To: fwtk-users@ex.tis.com Subject: Active Server Pages.... MIME-Version: 1.0 Content-Type: text/plain Date: Tue, 24 Nov 1998 11:35:48 PST Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] By any chance could anyone please say , which patch I need to add to the FWTK so that my browser can accept files that has an ".asp" ending Active Server Page Thanx Chique ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From owner-fwtk-users Tue Nov 24 15:40:07 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA15985 for fwtk-users-outgoing; Tue, 24 Nov 1998 15:37:33 -0500 (EST) From: "Michael C. Ibarra" Message-Id: <199811242056.PAA03728@imsi.com> Subject: Re: status of fwtk.org ??? To: dreamwvr@dreamwvr.com (dreamwvr) Date: Tue, 24 Nov 98 15:56:57 EST Cc: fwtk-users@ex.tis.com In-Reply-To: <3.0.5.32.19981124105258.00a5b230@dreamwvr.com>; from "dreamwvr" at Nov 24, 98 10:52 am Organization: Investment Management Services, Inc Internet: ibarra@imsi.com Voice: (212)339-2712 Fax: (212)339-2854 icbm: Tower 49 X-Mailer: ELM [version 2.3 PL11] Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Someone named dreamwvr allegedly wrote... > >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >hi all, > has errols site been rescued? if ! i am willing to help... > Regards, > dreamwvr@dreamwvr.com I never knew that it was in any trouble to begin with. As far as I know, Keith was not in any trouble with having the FAQ placed on erols, rather wanted a dedicated website devoted to the FWTK. I may be wrong, but this is what I've gathered from reading this thread the past week. -mike From owner-fwtk-users Tue Nov 24 17:54:00 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA16467 for fwtk-users-outgoing; Tue, 24 Nov 1998 17:52:26 -0500 (EST) Message-ID: <19981124231246.58559@midcoast.com> Date: Tue, 24 Nov 1998 23:12:46 +0000 From: Chock Griebel To: fwtk-users@ex.tis.com Subject: Re: smap -daemon dies (Linux 1.2.13) Mail-Followup-To: fwtk-users@ex.tis.com References: <19981121153501.26799@midcoast.com> <19981121182649.45174@midcoast.com> <365A3670.AB0E0475@insync.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.89.1 In-Reply-To: <365A3670.AB0E0475@insync.net>; from Miles Lott on Tue, Nov 24, 1998 at 04:30:40AM +0000 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Tue, Nov 24, 1998 at 04:30:40AM +0000, Miles Lott wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Pardon me for asking, but why are you using a 3 year old kernel? Good question. I've very recently been brought in to tighten up and administer an old FW implementation that no one knew what to do with because it wasn't NT. There's a replacement in the works. Until the new machine goes in, I thought it a nice idea to keep the spam relayers out. Anyway, it's been a long time since I've run a.out binaries, let alone 1.2.13. It's good for the soul ;). Now, how to convince the powers that be not to go w/ NT FW solution... Anyone have any good references that I can use in my 7 man on 1 (me) arguments against doing that? Seriously. W.r.t. my original posts, my modified smap is chugging along nicely now in daemon mode. Can someone please explain to me why the daemon mode is coded to exit on socket errors and the like? I must have missed something. If so, please tell me. Chock From owner-fwtk-users Tue Nov 24 18:35:54 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA16552 for fwtk-users-outgoing; Tue, 24 Nov 1998 18:34:07 -0500 (EST) Date: Wed, 25 Nov 1998 08:51:14 +0900 (JST) From: Chiaki Ishikawa Message-Id: <199811242351.IAA28678@sparc18.personal-media.co.jp> To: fwtk-users@ex.tis.com In-reply-to: <19981124231246.58559@midcoast.com> (chock@midcoast.com) Subject: Re: smap -daemon dies (Linux 1.2.13) Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] X-PMC-CI-e-mail-id: 9449 >Now, how to convince the powers that be not to go w/ NT FW solution... Anyone >have any good references that I can use in my 7 man on 1 (me) arguments against >doing that? Seriously. Why don't you read or rather let your co-workers and the powers that be read the following document and decide? http://www.unix-vs-nt.org/kirch/ If they decide to go with UNIX, then linux might be come the choice in the end. Well, I am using SunOS 4.1.4 and SunOS 5.x for firewall myself, but Linux is definitely better than NT IMHO. But please bear in mind that ANY OS or a piece of software of reasonable size has a bug or two. Only diligence and careful monitoring of known bugs keep firewall safe. The choice of OS is only a part, albeit major one, in building firewall. After saying all this, NT over my dead body :-) -- Ishikawa, Chiaki ishikawa@personal-media.co.jp.NoSpam or (family name, given name) Chiaki.Ishikawa@personal-media.co.jp.NoSpam Personal Media Corp. ** Remove .NoSpam at the end before use ** Shinagawa, Tokyo, Japan 142-0051 From owner-fwtk-users Tue Nov 24 19:11:34 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA16632 for fwtk-users-outgoing; Tue, 24 Nov 1998 19:10:16 -0500 (EST) From: "Joseph Judge" To: "Michael C. Ibarra" , "dreamwvr" Cc: Subject: RE: status of fwtk.org ??? Date: Tue, 24 Nov 1998 19:30:35 -0500 Message-ID: <000c01be180a$d19fc140$0601a8c0@poopy.judgefamily.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 In-Reply-To: <199811242056.PAA03728@imsi.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] FWTK folks - I've been talking with Keith about the FWTK.org and have poked some friends inside NAI for help in getting Keith to chat with the right folks. We should get some info/leads/answers soon. I'll let Keith send status reports :-) as info comes. - -joe > -----Original Message----- > From: owner-fwtk-users@ex.tis.com [mailto:owner-fwtk-users@ex.tis.com]On > Behalf Of Michael C. Ibarra > Sent: Tuesday, November 24, 1998 3:57 PM > To: dreamwvr > Cc: fwtk-users@ex.tis.com > Subject: Re: status of fwtk.org ??? > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Someone named dreamwvr allegedly wrote... > > > >[To be removed from this list send the message "unsubscribe > fwtk-users" in the > >BODY of a mail message to majordomo@ex.tis.com.] > > > >hi all, > > has errols site been rescued? if ! i am willing to help... > > Regards, > > > dreamwvr@dreamwvr.com > > I never knew that it was in any trouble to begin with. As > far as I know, Keith was not in any trouble with having the FAQ > placed on erols, rather wanted a dedicated website devoted to > the FWTK. I may be wrong, but this is what I've gathered from > reading this thread the past week. > > -mike > From owner-fwtk-users Tue Nov 24 21:20:13 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA17109 for fwtk-users-outgoing; Tue, 24 Nov 1998 21:18:45 -0500 (EST) From: sanjayk@ssdi.sony.com.sg X-Authentication-Warning: inetgw.sony.com.sg: uucp set sender to using -f X-Lotus-Fromdomain: SONYASIA To: fwtk-users@ex.tis.com Cc: sanjayk@ssdi.sony.com.sg Message-Id: <482566C7.000E4B96.00@ssdi-lns1.ssdi.sony.com.sg> Date: Wed, 25 Nov 1998 10:37:03 +0800 Subject: Y2K Patches on FWTK Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, We are using FWTK Version 1.3. Is this Y2K Compliant? This is running on Sun Sparc 1000 Server and Solaris 2.5.1. We are planning to apply Y2K Patches, any concerns/issues that I need to take care of? Thanks in advance. Sanjay From owner-fwtk-users Tue Nov 24 22:19:36 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id WAA17284 for fwtk-users-outgoing; Tue, 24 Nov 1998 22:18:29 -0500 (EST) From: mallik@wipsys.soft.net Message-Id: <199811251352.IAA02625@benz.wipsys.soft.net> Subject: Address lookup errors in Smap To: fwtk-users@tis.com Date: Wed, 25 Nov 1998 08:52:17 -0500 (GMT) Cc: mallik@benz.wipsys.soft.net () X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi There seems to be a major problem with my Mailing system. The smap Daemon running on my gateway server continously flashing these error messages. gatekeeper smap[1097]: connect host=unknown/164.164.128.17 gatekeeper smap[1095]: 202.54.63.129 host address lookup failed gatekeeper smap[418]: SMTP QUIT with no message unknown/206.103.12.89 Infact all my Internet links are choked and Mails are bouncing back. The log file size increasing at an alarming rate due to these errors. could someone through some light on this. TIA Regards mallik From owner-fwtk-users Tue Nov 24 22:20:47 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id WAA17300 for fwtk-users-outgoing; Tue, 24 Nov 1998 22:20:28 -0500 (EST) From: mallik@wipsys.soft.net Message-Id: <199811251352.IAA02625@benz.wipsys.soft.net> Subject: Address lookup errors in Smap To: fwtk-users@tis.com Date: Wed, 25 Nov 1998 08:52:17 -0500 (GMT) Cc: mallik@benz.wipsys.soft.net () X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi There seems to be a major problem with my Mailing system. The smap Daemon running on my gateway server continously flashing these error messages. gatekeeper smap[1097]: connect host=unknown/164.164.128.17 gatekeeper smap[1095]: 202.54.63.129 host address lookup failed gatekeeper smap[418]: SMTP QUIT with no message unknown/206.103.12.89 Infact all my Internet links are choked and Mails are bouncing back. The log file size increasing at an alarming rate due to these errors. could someone through some light on this. TIA Regards mallik From owner-fwtk-users Tue Nov 24 22:57:06 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id WAA17353 for fwtk-users-outgoing; Tue, 24 Nov 1998 22:55:27 -0500 (EST) From: mallik@wipsys.soft.net Message-Id: <199811251352.IAA02625@benz.wipsys.soft.net> Subject: Address lookup errors in Smap To: fwtk-users@tis.com Date: Wed, 25 Nov 1998 08:52:17 -0500 (GMT) Cc: mallik@benz.wipsys.soft.net () X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi There seems to be a major problem with my Mailing system. The smap Daemon running on my gateway server continously flashing these error messages. gatekeeper smap[1097]: connect host=unknown/164.164.128.17 gatekeeper smap[1095]: 202.54.63.129 host address lookup failed gatekeeper smap[418]: SMTP QUIT with no message unknown/206.103.12.89 Infact all my Internet links are choked and Mails are bouncing back. The log file size increasing at an alarming rate due to these errors. could someone through some light on this. TIA Regards mallik From owner-fwtk-users Wed Nov 25 06:58:33 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id GAA18603 for fwtk-users-outgoing; Wed, 25 Nov 1998 06:53:32 -0500 (EST) Message-Id: <3.0.3.32.19981125071359.006f676c@shadow> X-Sender: ibarra@shadow X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 25 Nov 1998 07:13:59 -0500 To: sanjayk@ssdi.sony.com.sg, fwtk-users@ex.tis.com From: "Michael C. Ibarra" Subject: Re: Y2K Patches on FWTK Cc: sanjayk@ssdi.sony.com.sg In-Reply-To: <482566C7.000E4B96.00@ssdi-lns1.ssdi.sony.com.sg> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 10:37 AM 11/25/98 +0800, sanjayk@ssdi.sony.com.sg wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >Hi, > >We are using FWTK Version 1.3. Is this Y2K Compliant? See http://www/erols.com/avenger/running.html#5.1.11 but why not just upgrade to the latest version? >This is running on Sun Sparc 1000 Server and Solaris 2.5.1. >We are planning to apply Y2K Patches, any concerns/issues >that I need to take care of? Sun has produced many Y2K patches for 2.5.1, far less for 2.6. My advice would be to upgrade to 2.6, install FWTK 2.1. > >Thanks in advance. >Sanjay Good luck, -mike From owner-fwtk-users Wed Nov 25 09:29:11 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA19072 for fwtk-users-outgoing; Wed, 25 Nov 1998 09:26:35 -0500 (EST) Date: Wed, 25 Nov 1998 09:46:54 -0500 (EST) From: The UnSeen To: "Michael C. Ibarra" cc: sanjayk@ssdi.sony.com.sg, fwtk-users@ex.tis.com Subject: Re: Y2K Patches on FWTK In-Reply-To: <3.0.3.32.19981125071359.006f676c@shadow> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] You might have to upgrade the eeprom for the SS1000 depending on what version it is... ;) On Wed, 25 Nov 1998, Michael C. Ibarra wrote: > >This is running on Sun Sparc 1000 Server and Solaris 2.5.1. > >We are planning to apply Y2K Patches, any concerns/issues > >that I need to take care of? > > Sun has produced many Y2K patches for 2.5.1, far less for 2.6. My > advice would be to upgrade to 2.6, install FWTK 2.1. > > > > >Thanks in advance. > >Sanjay > > Good luck, > > -mike > The Unseen From owner-fwtk-users Wed Nov 25 14:18:43 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA20747 for fwtk-users-outgoing; Wed, 25 Nov 1998 14:06:17 -0500 (EST) Date: Wed, 25 Nov 1998 13:26:35 -0600 Message-Id: <199811251926.NAA02261@colibri.msg.com.mx> From: Alejandro Escalante Medina To: fwtk-users@ex.tis.com Subject: email domain conversions Mime-Version: 1.0 (generated by tm-edit 7.108) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I would like to know what is the more common approach for resolving this issue among fwtk users. I have a network connected to the internet using a fwtk based firewall. The internal network is using a private name structure with an internal dns. Something like ``www.admin'' or ``ftp.support''. All internal mail works fine like this, but I have the need to convert internal email addresses when the mail goes to the outside world. If I don't, replies will never get back. Of course I need the opposite conversion when the reply arrives, to redirect mail to its correct internal host and user. I need a translation like this: jane@mail.admin <-----> janea@mycorp.com jane@mail.support <-----> janeb@mycorp.com What is the common way to solve this thing? What are you using? Saludos, Alex -- Alejandro Escalante Medina amedina@msg.com.mx From owner-fwtk-users Wed Nov 25 15:59:08 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA20966 for fwtk-users-outgoing; Wed, 25 Nov 1998 15:54:30 -0500 (EST) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: bgoldstock@mailhost.tvdata.com Message-Id: In-Reply-To: <199811251352.IAA02625@benz.wipsys.soft.net> Date: Wed, 25 Nov 1998 16:13:03 -0500 To: fwtk-users@tis.com From: Brett Goldstock Subject: POP3 via plug-gw Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] ok, I know this has been covered extensively on this list, but I've got a problem getting POP3 working via the plug-gw. I perused old emails and the FAQ. It's probably just some stupid mistake I made. I'm running fwtk 2.1 under Solaris 2.5.1. netperm-table: pop3: 2009 pop3 * -plug-to mymailhost.mydomain.com -port 110 inetd.conf: pop3 stream tcp nowait root /usr/local/etc/plug-gw plug-gw pop3 Running plug-gw using: plug-gw -daemon 2009 My testing involves going to a remote host and doing: telnet mybastionhost 2009 The connection gets closed immediately and a "deny" message is logged by syslog. Any ideas what's wrong? -Brett |Brett M. Goldstock brett@tvdata.com| |Senior Technical Analyst/Sys Admin http://www.tvdata.com| |TVData 800/833-9581| | "We tell the world what's on TV." | From owner-fwtk-users Wed Nov 25 16:33:44 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA21149 for fwtk-users-outgoing; Wed, 25 Nov 1998 16:33:20 -0500 (EST) Message-Id: <4.1.19981125164930.00948380@pop3.clark.net> X-Sender: avolio@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 25 Nov 1998 16:50:01 -0500 To: Alejandro Escalante Medina , fwtk-users@ex.tis.com From: Frederick M Avolio Subject: Re: email domain conversions In-Reply-To: <199811251926.NAA02261@colibri.msg.com.mx> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Sendmail does this nicely. Fred At 01:26 PM 11/25/98 -0600, Alejandro Escalante Medina wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > > >I would like to know what is the more common approach for resolving >this issue among fwtk users. > >I have a network connected to the internet using a fwtk based >firewall. The internal network is using a private name structure with >an internal dns. Something like ``www.admin'' or ``ftp.support''. All >internal mail works fine like this, but I have the need to convert >internal email addresses when the mail goes to the outside world. If I >don't, replies will never get back. Of course I need the opposite >conversion when the reply arrives, to redirect mail to its correct >internal host and user. > >I need a translation like this: > > jane@mail.admin <-----> janea@mycorp.com > jane@mail.support <-----> janeb@mycorp.com > > >What is the common way to solve this thing? What are you using? > >Saludos, >Alex > > >-- >Alejandro Escalante Medina >amedina@msg.com.mx From owner-fwtk-users Wed Nov 25 16:36:38 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id QAA21171 for fwtk-users-outgoing; Wed, 25 Nov 1998 16:36:31 -0500 (EST) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: bgoldstock@mailhost.tvdata.com Message-Id: Date: Wed, 25 Nov 1998 16:55:11 -0500 To: fwtk-users@tis.com From: Brett Goldstock Subject: Re: POP3 via plug-gw (nevermind) Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Figured this one out. Realized my netperm-table was horribly wrong. Also, I apparently don't have to run plug-gw as daemon? -Brett >Date: Wed, 25 Nov 1998 16:13:03 -0500 >To: fwtk-users@tis.com >From: Brett Goldstock >Subject: POP3 via plug-gw >Cc: >Bcc: >X-Attachments: > >ok, I know this has been covered extensively on this list, but I've got a >problem getting POP3 working via the plug-gw. I perused old emails and the >FAQ. It's probably just some stupid mistake I made. I'm running fwtk 2.1 >under Solaris 2.5.1. > >netperm-table: > >pop3: 2009 pop3 * -plug-to mymailhost.mydomain.com -port 110 > > >inetd.conf: > >pop3 stream tcp nowait root /usr/local/etc/plug-gw plug-gw pop3 > > >Running plug-gw using: > >plug-gw -daemon 2009 > > > >My testing involves going to a remote host and doing: > >telnet mybastionhost 2009 > >The connection gets closed immediately and a "deny" message is logged by >syslog. > > > >Any ideas what's wrong? > > >-Brett > > -- The more original a discovery, the more obvious it seems afterward. From owner-fwtk-users Wed Nov 25 17:30:56 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA21358 for fwtk-users-outgoing; Wed, 25 Nov 1998 17:29:56 -0500 (EST) Message-Id: <365C8A1E.B75E1201@newbridge.com> Date: Wed, 25 Nov 1998 17:52:14 -0500 From: David Law Organization: Newbridge Networks Corporation X-Mailer: Mozilla 4.5 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: fwtk-users@ex.tis.com Subject: Re: email domain conversions References: <199811251926.NAA02261@colibri.msg.com.mx> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Alejandro: Check out the Sendmail V8 info on domaintable and genericstable (probably also need mailertable). Alejandro Escalante Medina wrote: > > I have a network connected to the internet using a fwtk based > firewall. The internal network is using a private name structure with > an internal dns. Something like ``www.admin'' or ``ftp.support''. All > internal mail works fine like this, but I have the need to convert > internal email addresses when the mail goes to the outside world. If I > don't, replies will never get back. Of course I need the opposite > conversion when the reply arrives, to redirect mail to its correct > internal host and user. > > I need a translation like this: > > jane@mail.admin <-----> janea@mycorp.com > jane@mail.support <-----> janeb@mycorp.com > > What is the common way to solve this thing? What are you using? > From owner-fwtk-users Wed Nov 25 19:41:05 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA21657 for fwtk-users-outgoing; Wed, 25 Nov 1998 19:38:29 -0500 (EST) From: "Tom Krotchko" To: Subject: RE: email domain conversions Date: Wed, 25 Nov 1998 19:58:40 -0500 Message-ID: <003001be18d7$e8261e00$d57596d1@s00499> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal In-Reply-To: <4.1.19981125164930.00948380@pop3.clark.net> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Just to amplify, get the book "Sendmail" by Costales et al. It appears intimidating at first, but believe it or not, if you force yourself to read it over a weekend (and you'll only need to read about the first 10 chapters to do this), you'll feel very comfortable doing this. In fact, you may be surprised by how flexible the latest versions of sendmail are. > Sendmail does this nicely. > >I need a translation like this: > > > > jane@mail.admin <-----> janea@mycorp.com > > jane@mail.support <-----> janeb@mycorp.com From owner-fwtk-users Thu Nov 26 09:36:06 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA23779 for fwtk-users-outgoing; Thu, 26 Nov 1998 09:31:00 -0500 (EST) X-Authentication-Warning: wall.pdv.de: mail set sender to using -f Message-ID: <312154075E4AD211B6A30000F843CD6203F845@exchange.pdv.de> From: "Dirk.Nerling" To: "Firewall Toolkit (M-list)" Subject: using sendmail 891 and smap for anti-relaying ??? Date: Thu, 26 Nov 1998 15:51:00 +0100 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, first of all: thanks for all the good points to the anti-relay smap. I got it work but because of my local configuration I do have my MX point to myself at the DNS and I'm afraid the whole world knows my MX for my domain. Means all mail server could connect my smap server directly, they get my smap server through the MX of DNS and deliver the email, instead of connecting my provider. It safes me a hop and my emails will never laying around on my providers mailserver, if my internal mail server is broken (this happens sometimes with Exchange and some of my subdomains on the WAN). Unfortunately recognized http://www.dorkslayers.com/orbs/ my smap "hole" - they spoke with my provider and we (my provider and I) have to solve the problem until friday. Otherwise they will put my domain and my providers domain on there black list. :( The solution from my provider was to install sendmail v891 which will anti relay by default (messages from a site outside of my domain to another site outside of domain are denied by sendmail rules). Unfortunately not in my smap configuration. Seems as the way smap spools the mail and smapd launchs sendmail, will not consider these sendmail rules. Does anybody have an idea for such a strange problem and my strange (?) configuration too? best regards and thanks for ANY hint!!! Dirk -- Milky Way - Sol System - Earth - Europe - Germany - Thuringia - Erfurt http://wall.pdv.de/~nerle From owner-fwtk-users Thu Nov 26 10:53:40 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA24124 for fwtk-users-outgoing; Thu, 26 Nov 1998 10:50:34 -0500 (EST) From: ark@eltex.ru Date: Thu, 26 Nov 1998 19:07:58 +0300 Message-Id: <199811261607.TAA20583@paranoid.eltex.spb.ru> Organization: "Klingon Imperial Intelligence Service" Subject: rsh-gw To: avenger@erols.com, youngk@ttc.com Cc: fwtk-users@tis.com Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Here it is. Will make rexec-gw if somebody needs it. rsh-gw v0.1alpha ^^^^^^ ^^^^^^^^^ This file is README for rsh-gw, a proxy for rshd(8) protocol and fwtk-style firewalls. It makes (should do) usage of rsh and rsh-based services like rsync,rdist,cvs and so on possible across firewalls. WARNING: this proxy (due to nature of rsh protocol) does not support authentication techniques other than generic one which is based solely on rsh client and host system security. So it is at least not wise to use it to access "trusted" networks from "untrusted" ones. Once again: the primary purpose of the program is to allow "internal" users acess to [semi-]public rsh-based services. Another purpose is to run x-gw authomagically from script. If you got any interesting services running please send me your setup and log fragments - i need it for future documentation. setting up proxy ^^^^^^^ ^^ ^^^^^ Edit Makefile to add -DIPFILTER to c options and IPFILTER variable to point to IPFilter source if you use IPFilter tranparency. Compile the source and edit inetd.conf to point to the binary. If your system does not have rcmd(3) system call you can use a generic BSD implementation provided in this distribution for reference purposes. Set up connection divertor if you use transparent operation. netperm-table general options: {permit-|deny-}hosts similar to fwtk xforwarder similar to tn-gw/rlogin-gw netperm-table hosts options: - -dest similar to fwtk - -transparent tranparent operation - -plug-to plug to a pre-defined server - -user specify the list of users allowed to access proxy. "!" modifier is valid. - -ausers specify the list of users treated as "authenticated" if rsh authentication was successful - -xok permit x-gw access - -extnd turn extended permissions processing on (see authsrv documentation) setting up client side ^^^^^^^ ^^ ^^^^^^ ^^^^ Use "rsh -l user@host firewall-host command" syntax to specify real destination for non-transparent operation. For transparent operations no special client setup is required. "rsh firewall-host x" will just run x-gw on firewall. You can redirect stdout from this command to somewhere and use it as future reference to "remote" display. Example: eval `rsh myfirewall x|sed "s/display port/RDISPLAY/"` rsh -l me@somewhere.out myfirewall xperfmon++ -display $RDISPLAY BUGS ^^^^ Just an alpha release - so there should be some. I think i should make it more portable. ToDo ^^^^ Anything else? For developers ^^^ ^^^^^^^^^^ Feel free to improve the program the way you want - but send me a copy of your patches. Revision history ^^^^^^^^ ^^^^^^^ 0.1alpha First version Email ^^^^^ home: ark@mpak.convey.ru work: ark@eltex.ru begin 664 rsh-gw-0.1alpha.tar.gz M'XL(`````````^Q;:WO:QK;N5_0K)B1-P.'B2YJT=I(&`[9UC@W>7)IDI]E4 ME@;0MI#8NMCAU/GOYUUK1D+"=I+NYVG/^;"I`]+,FG6_S4@]LR[EU/7D=W_B M9V=[^_FS;?&=H(_^W=G5]_@\WWZ!K^>[S_9V=G=^>(Z1%R^VM[\3VW\F4^DG MB6(K%.*[,`CBOX+>_[./Z]M>XLA2H]$\TZ[0L`-_ZLX,HWUTVCH>OA)UL]$0 MCRKM_OFHBIM'%?/\R#P==0>XZZ37AF%YWKX(HWE]=FT8ZC>];P0"!#SW8GH- MJ(:E[ZPDGC;"Y4H!M8'E5:XW>GYF'5*-GS1>"( M%S_\@+6&87O2\O>-4K@0]:E&M<9H!Z$T#->'Y<%R"5]&R9V*#P3[J-+I#D?5 MIE[S\4#$<^F+7XU2:7&U.5N\;02><6\8_ M^"/^D7X,8S1W(T&)0>!7^8N8!J%V[IJPQ#(,/JW2,:?R8Y5&XL`./&'YCIA> MQY?U*%YYTIBZH:3@C1K"C,4"&2<2E6@>))XCG*`JDLB:21%PS/):(G)A1=(1 MD0RO7!OPGGLID5]6OET+'3>*:_95Q+!1(`)?+(,H^^Z_$D`%F`B!V_+%3/HR=&TP),7UW+7GI#PM2.!);X492I+"]EP@8_[G M000JJRB6"TAK)Z$;KQIB&`@WIM56+)#6`$+,7+L1%UR+LNO',O0MKTP,A."-:6/^0R07;OWC,KGP7-NX;3T8H>4K M/:5T%.(P\<4G)NP, M3F`G!,"6!GDL9UK)4CF/CA8*%Z&CI>L`15I*66..DRN3-`*O6!)"Y;79S)45 MNM:%6K0,(!I9%;.N!R'A-4D(>[E*`63V;"H.+7]IA=*W5^"Q'2R63!JVTXN( MC"2^7/B$P_4](T(7!'KA^C!^0VLX3/TP\_ZY=25%:"^A:@LX4 M]E:A)T.LH%`5+^G;MQ:RGG(0+:7M3E?L!31&@:^CFH)=.D:)VS\#7@ MHX3YFR8>Z'\*+AE.V5>G%I['I/P4^XZ2*@E]@5LD":B*@5$^*#8A)4$CW!5! M$*E$4G)^BL*K8FZH%G*#SND1O/U6AE`_AC&&TY9)G+K'XK_A[)\6JSK?V<%B M@=@M(]Y`YQ/E@U1[4)4G'$Y]5A8_?N#7[PN$HR"\.T@HO!5:8$PYIS1)B3F4 M_TK`$EF4F2WR]ZF,.H04\$_4E74")V8T6$.\U]D!.#!FQT84.T$2J[3.64`+ M27X;!0MYC=*@,I8J;0*&U=EXG1[B`.S(11#+,F61I6?!'Y%[/UF47/0,8?GIZWWS?)OAK;'0K[)6&D0MWDDT-MT M$?A/GXIZBN=1BL,PC,/Q\=!0)OXO4@MDY\8*W*MZ5*<^)68I=>-S(5ER*F^D M$O\2Q4A/48=$2EA@R\+L4DH!X"CH!)I*RU_1HIF07B1_5H9VY)7TR,*146CF M`'XDI0?M2RXSR-!(RK)0Y^GZ&D)19KVVX`QU@12=E5'+L(/EBH*6R\32BNTY MYVEC(*]<"AT!JR([9\4QHV\8:9=9*AVY(92#O!1Q-NLN+-T/\OK__.?/JSFOO2GV0HO+?^AVQ$*&+CT M6O7=5!2$(G*C_@SQX>;F8^XK]^G`=GO_\L/O\Q_>?\YZ_Y-+<,L27: M".G0GG'_=J^/Y)?3\#1&F$K#"0,VZ6]<9@[+LSS>KJAFEFK:(:J@Q\5P@J]$OLC%A M47V'JOW8@5)RY#H?4Q%/^TQLQ&+F=!I0(T,Y$KD$?3!5/<)"ZQ8RWJ?KG<8& M:RRGYLD.'$!RE9.QQ?TK&+V@U&FGJB,D^*!7QBZDIFI;VM^LR;)X19Y`U/8L M=R%#TI'8O=&6]!]I43JUT_U$9[(3[Y7./,JB;\;W7;PPG!VLEKXE"& MERCI*]:B&U,CXRMA@S!B89\U1$^Z^DQ`"NJ"[X@=/UA/L\]MXDIEA8CH%!+J M85"Z48XQ)TE!D(A:H50R;*R@4(1IU1+O?&PW,P_&H M/QB*WWYK#;'@R1.:(E2MWGO1?7<^Z`Z'HC\0YMGYJ0D\0#QH]49F=U@39J]] M.NZ8O6-H>3P2O?Y(G)IGY@A@HWZ-Z!&BVRM%_TB<=0?M$]RV#LU3<_2>&3HR M1STB=P1Z+7'>&HS,]OBT-1#GX\%Y?\C82"YT<>W3EGG6[2"'F3T0%MU?()88 MGK1.3PMR`E-!S,,N6&P=GC(NI@,Q.^:@VQZ1/.NK-K0&[DYK8GC>;9MTT7W7 MA2BMP?N:1COL_FT,($P2MD[KK'4,X2I?40M,TAX/NF?$,!0Q'!\.1^9H/.J* MXWZ_,R140#_L#GXQV]WA@3CM#UECXV&W!B*C%I,'%J@+T[@^'`]-5IS9&W4' M@_'YR.SWJH3HI/\6F@&S+:SNL)+[/9892NH/WA->T@?;H";>GG0Q/B"=LM9: MI(LAM-<>$;8<)*A"GZ.Q683)S2`"FHOP6_3?) M.&;QR5C@35WFG+?&)A7FD6AU?C&)>0T,1QB:VFGZ1X1I.&Z?:.U3'#0-XR&V MH'I;73DU#]N38;L]K(K'C\6#=-AS_;B*70XRI2WL.7J+R+:Q$_SP4;P2Y3>5 MAU75SIKT9B_WAB.`OM2QG>,@SL:S0W[,J;#H:;K%\&M<&DU:68#/G)GON45 M8:>V'V\,T7G317$H\5$4G.+8\GIC0(:A'VPP'CONQI`=KY9R$RI$]E=C4]A$ MO#_/S89+NXE_Q248B*[LYFHYH4/?>^9LSU=3;!QH0MD;6?E3!<7@HEJJ5"SQ M&A?B9V&)?5S0(Z:X-)FX?";"AR^3R7FE=L563203+_!G-&A@(,#W,N%N@!, M34R=W24_EZ+U6[SDP"@E$VP_PUBMQ7V>IPS15H9I"Z@`Q:Y)"`^,WXT2#$%5 MEC#2B<+6',/I(/FEY3CAA+H^%PT<%2I,3YU))*FUL9P(MR2;"#QG8467N%VZ MSB06^-:TT!EZ2KC8700'6@H;.B!01-M,QKBH0"NE^5+=$SL7*RJU%24M32+8 M*@3P2O3&IZ=5`>Y+*-IA$.:`2NC\Z*RH4M^AV\]&207S1=Q'XJ785G!\S^%#`G5;QRT3*9L.L"I7@>M4IRCU M?CRM()P`5>,9:@G*Y#3[0J6,?>[2B`0WGS#SKWZ9J97HE.%^=)MHOH^P<$T$ M]E=Z90:K"B/4`ZNSAK3RU'A1X:3Q$F>8"@Q_-!EV1_VWO1KY`T_#CQKX-YE: M"]=;958A-Z,L02`7U!]7UN,3:HD_;'^LB2UR_T<& M$#('5:T6R&H#IA'#5M!'UL1O9<27J<&_0/>+RC?K%OO@2 MSOA<8U*4(T_*)3NJL@F#;;T2N_=2V%3OSD?Q(!]8'+J!YD/P+T7LO?ZDE:B? MI(1T_OQ]M"^44Y%/47&:^'%@;9A'>:NF$VA"ZD"8/'!;`6RP^_0IC_[[GJ(- M*N[@Y1X!1^&*]BO?1XU&(PV6K\JUJ?E[<).F5`CFDE3MSC"\)PIO9;VUAY&U M*=V3.^GD0QL(2?Y>!D45MFEJVZ;E?$;)D)RK_63QX<>/[-64SW?O2G'@=B^% M@(XYKW+(4,VHIC/^E"I&F@UW.1V2GF8!_.;".D)0_840<%5\TGT MWAQ:R!.[:BPO._D(Z0CJHXX%[`/JZ8X2JL(SK\51A[+JT/Q[FDWN2>YQ$`"+ MO^*7`J*L,GP+#R#Q]^Z@7WG,-9YA%%5BZ8[!W<)H&LW;6=U#[XP$2_RG@#6Q MK?ZJ<((=<7,C'@"9.=Q`5]VHE0_2U/N-99()?\U<]]OKRU649\J*QO[Z78JI MY7KT'`05V79#.W'U@YH_9(%H#PJD!V'+F/5Q5V6BT(*FX,>Y."F@9>7OY;J. M;W%Q137+2'IF5RL'?XI&EJ&R M5EWG)'U/>>G@%G#6S6M@?7\W,.\=-""N-1"IEZ*+8]FF+$O:U4GP/OES_I&K M5EMZ]W*7C^0%_ZRHVBI^50V:T]L/FXR\RA@IR#(<=;J#P82V9+U^"GR0I@:; MECWYU7^B,D/6E7V^S<7=Y3.MGI2^"'9?L:LJRD9DL6\KN'WC=N/W90)M2+3EJ]]P1" M,N[_P;+7?>5!N%X5:7?;LKOVNS4DDY4_TXH=0CY%8;F:*Y>S_NM.RIS=Q! MJ=3<$@Q`)T%WTOZL?:$TF?")P23DMU`F_$X2(N'`H/ZKM#694.1-0`#*2@\/ M*.R#RTJH(S!!PZR/#M2/QWFA>"J@@;O?7DM6@H^U"ZLV(Y6^V+MU(]U;(B.N^W M?.$NT_U/@R:C)3^?"8-D-BZ.7X/PG^OTO>MLIY+<:U.,*?K.H(11"EQ\[T<[$ ME!%DA3$R!XHDE8CL4WO!P67 M-5'?H2LZ+0TNU;DMN75FO?#+YLN<,=3>N.'"1;B2.,U`23UU\OK MB>.&&R!6K$'*31U5I%*#DC5U.5NB/;?\F11R.J77&!%,,*U0S0I9A()4+Z2' M3U-!+R20XZO5U,[P8TU?](Z&8A$D/CWK9O'5VY@U>L_JB3H]53LS?@"NEG,N M06\)TEA%($VUX0RN?3@'Q7^#(:F@).GIJ4ST\6DJIQY*M9#HL[?4VY1K:36$ MY3M6JA7I49%:=K\!4M69*ISI':I90N]*DG@U>O3I1BP!/[&E=ZCH=>OU6]AJ M-;L_O5U*"E5OC;+L_';F!3V_7=$R>LF)4A!KI":02>.U2FRJ(\1FZDX>1;,6 M]3$%=34[RIG9=.F3>Q=`1"*!X,L2T==(\KM+P1Q9-%X,CJ'2A( M]KSD1313YH3&_4`'SU=8FM[+4LH)>0""+7^+/BAO]C56]*OK.D*ZNQLE"2<0 MOQ#Z[?'@_(9^^Z.3N^0M6"?W3OT:>Y-]0KU$=ZW>%UR1?V,-O3#"ME.&XS9> MU_E2H=T!1<[.7T]4N9Z.NW[.DU\JZ>_>O>,'MUPX^14^]12GII[>0RIO2?^; MQ!\L8=^:A&]5DF)!*SS-29_EW%?`]/Q2%R%[GE8@78!.^L-1KW7611$23\7. M[H\?57_*CT:>BO]M[]F?VCB2_GGU5ZQU9;,2"TC$=EW0D808XJ,.(Y?A\B6% M*9605GC/>I4>1%P^_O>O7_/:G94$QKZKKU`E1IIG3T_/3'=/=P\91=-,4*5/ M>+YGJETV"IA":.4]L`;S`:#L>I[V9[&=14HO.7MN#L:T"3R&7,[;L%VUX)"[7D?_E)F]$(5(R)5/_1&\!=2 MXLA%H,G&3'5-B&,`9HT\"X!PH`\VBVD/AIH_`B&RPXS-,)E=`X,T9OX&KS%Y M9'D.&&\;C]-(F`72?9W+VX4[T#=AACG4AU^(R%>=S9(!,%N^8O?G4Z MR6IC)?TC?R&__K(AO:`(-AJ@9='VMH"6:T4@@:I6S_(KM']\G#F_:JH3[!2. MN/D8>!MH!J^69R,TR>=?>[PN`8M\;9&!/+0!ARYTHYN;>K("&TIO)2(CZ2"@ MHQ0.@DS%@N$I[5;A*.VV^6X@VPEA0(&JV('#4;BYLT5"P>9/.UL_A<01TGHA M"R^4%*9D(=^_!8EB.KN-N2(>\6A,S3;+X=E\V#S;F(97"0@W:/\T'<&I.$&+ M\V,R6I\E_;[A`:9_I%`/B?BB=LG([*!!]\;FQI[2&#W#W#KFLN5O%7-UAV@_ MSD<<$TR@-RG2Q%L:)II+5F=0@S0=/\$48I/4''!#M,?"8:+WC6RKL$-BEMDI ML+'=2]D:=*HL>UQ#<:CW/*VG)F+/]LD:E4Q_MH&"R%E.UX`8:E4/D_&WM;&G ML#5)_H5Z=4@21.$D(]I@VTPGXB?"W7J00_3-LOK2D;/A\8KQ,W7*3JEX`/L* M2TM&J\9BCMYB2=:->8J95[R%FW;":4FID5TV72.`> MJ@V]S;,7BC9\9'O6;%?/Z(@9C"-I72&CB'AIA:!8(9.#&AM]OL<6O?)T,5+Q M!,$9HZ.?P.NE2;\K2X#L8A"P:I9-<+P[Y,V!^ M5!75+Z9\Q"%0O1G^7CB;W"+;Q'.(C!.A*8?.I9-7%>T'_=D3)8]G69CV\)#B MUBR9=(423W'PZ'V;D*<:`1TS2S\<&975CF715?*MVCXI-G-<>X8O[[.IELVP M>YEHG2O-]?W-5<>D;(4I.)^()W?[#TL5R-HGPX^FTVYZG0^0+QJ7W1U,*I#TBSF,\)%]UGH"H"P,_)#.&Z2JPU5,@(DRI8=>#A;VNJ MU3-;_VBK.+EI4A:/_K0A MO/O/Q7^0T!5?U0-HN?_/RU'9)_2`XQ`)W03-?5F&11\\=O`X/SYCCV568D1O*I8?4?W[[_^*YRVYOHW2 M0[0D-FY[/V"%7]GY+]2A)Z@=U[8Y;_,+2?T438K#L,#LU[)T[H^R:1ZS96V0 M'&;,I-%N<)JWGIZE@ZS1,:12Y)RU+;`+#+;34<=C0;W:,'NIX335[CEI9>V@ M^ZE<4NH1'Y32QGY(3ZQ(SFH M_B2E#?Q_=3M+IJQ@"D;SF?R\"],1'I5X':VLK9OO6X='I[^'M5K=3CMIOH6- MI;9KIQW\\_SOD/:2>+-AGAV&M7BO)T4Q*HF!"I]+% MJ_KN9'IW24L_G^"WFF&`J'ZGQ98@(?(&#;FBM6-GBJA//C;;<_:4"OXLQ;7[LQ< MONE=!U6,HS'.(&W"?)F35B6M;8+B++0DB+0Q:1=CJ6II.8Q`L+*8*G2!.EG4 MKL^'F%1V2R%40JIA>3@:)IG\/FG[/&O`2GS:`0T(4S`$*S]R!M*Q5BU%=74Q&M&%& MBB+BL^/FFX/S=P^(7LBN0FW1:1B=G!S]&I>Q'#'7^\^W`?;N[4IQ9.` M%*`8-/O??]Z%93O#/TA(^\^AP)QC1NRC8:S?]9ZWS9@WR1A;C'D5;HG=XU7D5$9;Y"CFF/J9BZO`"@*$A3$;8. M"Q]70Q8"(-!.;^N']N2Z@W:PE<(X"72C-?VO451]G,6#D'\]B$+?CZ_8,.*7;]W)G`A.3#N**^>!ORLA7>WETKV$CL2,M&PZN#,8?H3YTFW9 MFX@<2B%M)IY/B5&`7FFXGT0W<8?W%\RLWC1*:BEW&E)AY8Z@:BA^H&:M.R!M MBU70/!>B)8=$FZ?0Y088L:D3J<.$3Q>,*6"/GQ5XV?9ZLHDR3*;Y"_J75KAA M`1EZ6.N%U)"G$R_`=$D#$.O,6(#81,/I:NB.Q":.!R%-'<`YF-0H]\.;ACU; MF0)XQ7T9.LSP_:B(KNX?D8H4&^BC(LE;@XQ4*X]%1P8JJ_T+^C=+2)3X`$+* M@>Q0$N7&`L?]26DMS'EIR1FIEYBL$E],3>UO1$Z6P+$<)[9D\A6(23?_:+3D M!5B1DLY\$"6MC;0L(>5&F:6C3`$_&=F'=Z5D^%#D@[/3OK"H6*@NJH[&%61Y M3;>*&ZP+-\C,8"'/AWR:AT)M<4*RHOIG+_`B6SJZB[?^:Z54` M_;?,KY:6'SZY6C7T56;6-[%E.RQE66R_'-6E,AQP;:B6-$@A/'53EB;SWBTM M1I]U.ZS/+&QBIZI#]W)P,;3M)%U^,J.`J>BGD(J!#U88C8T-NK]WY"O+?&-( MA5V)8UE-62:>FN*I4%B38[/ZZ[:MRB/;MSLH7"-H`@:7`2&A)UW1(`:LP7@@!8I9DMKX-?Q)WA4M9M-$(HF&&1%V-FULB`)L*6R%3H&5EF&M4O1!5'(TQZ++N).Q/&RUJA[!D"]U/?"!R-*=?WZI1=GR_J^LPRHW)5" MX(2U<*BS]?N%2HD7NO%;6]J95BN9X54[95B2M0>`HKL5PMWX_6 MU\1O^_X(-N+KP_&KV_@JZ*U],_1J3T5MI&YEE.Q)`(RC(XG%V;:Z<`C`__8Y M(#\;ZN(S"(`-;_C<\H/9J,46>UDC#5]AC$;1,FZKB-EQ;]B>M7I=W7H`O]%` M?CXVWQKZ+C&X^GE>6[C);XHT%SCA>%1.@^WTT/<#("/[O)K?&5^W M38%&3"R1',\#"<3SV&U6Q'\-.,T!.QH:+N_.7#V;UZFTDXL@/S;QE000$V-) MW<:J:3.1%GC&V?,GCRV-_]@.4F3B-@EBQ@D_B5"$&*N9>Z!&M[H"-6;:MX=] MH!J)JF`C08*8.05'\YF4U.`5EDV'Z3C3I%!EMDDJYS;H*\F7?1@TX;1U_N:] MC@N@R1M#?*'OZ?'[D];IP7D<-EL?#ING)[]7UL%>ISTD7SMH(83:83=);SI) M$?[(_I7L#G3W<8B6!V^A[@G,F0:=[LRVZBMZUU5S\\8>B;H7#RSBG)RG:0=] MJ-!,QT2"MD60BIB3*ZOB:;@TSSN$['#M:2=-_TW>78/V@B[R10D=5,FA"_\=66`6[Y^IB:2J-CZR.&?YLBO]MJ?VS<7]=?:P(9<9%Z] MOF3^E+[*.3).@<)3N1<@K0+I23QT7FAE4Z M3)/NMD8?,^:6U5K^0"\4IW\+334321[]Q7!C&&,0>U18FF63A@RKH\>RF;N&.F4N>*-O^3&'2$V63%9KE5%+4PK$3 MW/J21X[73I:F*1RFDR.>\IZTTDXU.`>Z3V9JR>";*S/$(&Q#B7AGH?;,-M81 M2QW>#Y7-8(5;^Q_]CDIWQ,'.KY(.,KS\&@VU0B^,B:T?.@&QRPEWPXU26+/N M?,R;W?]3^RF26]%LS2R2F.;H'H%SH%[3C-`Z[:HB>93(AQHE`U1Z MJ1C%I$.Y)!,UM*$,`K*,X@THL.60L/I2;3_HGC3DH!1;=3OM.IO&;#1_7^AO M'5RO5EPY881MSKFCV`X!I&KBMA`I@*3(P4\;*DHQ[?#)C(H9\T?@US^3UQ]+ M4FY>%3)A/9A]E8JW._K7:"R*<,V_GC3?M@X/CMXU3TL!LBZE766W5LF:J;&TI0W)BHYY>VN6)OFM!XI"A-$ZM-+=OH7I%>A\J=-( M$\R@/88OQOZL=EEQ.+5B6&0-0`.BX":O_E3Z5HUY`+CS8@M7[>,BBUM\%%S- M%:[FCXBK^8-QQ8Z;H\EM(;KNCRW=YI?51L)ADAJN*DROK'29(CJ]A='H=;(*O55ZJXY26BT\_"1P($Z[OU15%UH4%O(\TQ]O=-VD^N\=TPY!!Q M/MREOO"#A"90T.P#.U:OHJW?*>V";^EU#/+/%&D&+0ZZ^%8G7=&,YA,.MTC/ M=*29#LZ:K7\<';T_.#G^]0CU3#2SP-$"M9PU M3UH8_O7H/+9+&?\7**:($;Y6#'^*%.ZJFY!RZZ^1TB4`"`H,8EVF(^G%?U&EN,=-BJV7I$BO[CNW$_^S;N%KX$Q)32"''25]E,0];/CP/>P21&P M1#UGB>@DHUL:`-H&+0HAAS5%2WT=M8K"P)FK1LE8>^V*UDI'ZGB>4UMQBP_3 M62G0VLMA0X]6?!7LS<'Y$4`01G(7S/>R#&FES)!H74!&H4`0YDS)'*1I!9S` M9R%W8I>;:.1:)3`PN#H^!ET^4DC&!3I+AGAX41$2A.-7KV,6EV-]A_19^=B1 M2C@%&7@1L=0,)__&S@:=<`I^V0U\Q3;K^<--!=W/5-?U\J=A28<;&XP=P\IR M60%"VG=4TEC9JB^R1+2N`K&*]W8P85L#78="W,\F%.6,<8[!7)@D,N&[[$AE M.FZ80S84]M5Z*;I0/9TM:.FE=6PN?8E&0];W9(E2NBT1(-=TDXI(*_? M?3+8P[@^G)\:ABST,.9$9`9Y^ZEGLI:U0@0M$:CJQ8^2ZMB;VE8*E;D2!&O MS&,Q4)-ZEF=A:G$N20_)Y-#>K5"G@P\Y%?`-"K="I[!")UN!!T$M;%>]K;ABO\N>#PU]0]6%2 MCD_//[!)2Z'J0[TCHZ0K9ZU8\;SP\LRV]\T<(\F,0K\HV9IG/&SW,%C3\R[T M@@\+`U\D!;BKW$Y!_)SV`=`O\Z@9Q:XY)$T0_,$A\*]'>(^+CVTD&'R^?QM> MI:RX`_(!"'ACQ==Y`Y"HYPM\FF@.Z=/V[13%HNXHX1#*"'ZL8D!BZC;'X^*A MDVN+N83&G37#$(@NH^38#V%5>1;%BAB`M1>D1EC06>)4<*]OPLU]-)OR(25# MT\98RL":[?1^(->RL/I!E8NG)9!FUH:>1:"A=MJ5R8.ET)OWO2C7]1^.>:NV M;S0/P+QW//0>`I&3OK-$=D?"B9"@,E6RN9%R&E27Q>P.\0;`98%@#EC!J.5D M-H"\#`K7@S9';P]8/9@UK)&51["#)PFK1I,O"Q?^^QMTH';C6 M]6CN\/VVMZ6*L=`7FB54>Y/URW\N5MO3Y^GS]'GZ/'V>/D^?I\_3Y^GS]'GZ - -?,GG_P"%^]:9`*`````` ` end _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNl182qH/mIJW9LeBAQHqTwP7B1d99xPPBKSoFaiHjNM70e0mpbEjJZNt CyZPT6NBnYVZwAGhWJnuzroWhxmHpBA8ozZLru337tt569nez4t4lkbu1aU4B5bb WrUi1ljVbLv5U4jrSiwMcmz9oSSYEM0DjUOOq6CA/gf/A5GT7XEZLEBAeGgoit56 H/++3ZdNkvc= =jTgI -----END PGP SIGNATURE----- From owner-fwtk-users Thu Nov 26 12:33:14 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA24464 for fwtk-users-outgoing; Thu, 26 Nov 1998 12:30:47 -0500 (EST) Message-Id: <199811261751.LAA29173@stone.gargoyle.net> Subject: Re: using sendmail 891 and smap for anti-relaying ??? To: Dirk.Nerling@pdv.de (Dirk.Nerling) Date: Thu, 26 Nov 1998 11:51:38 -0600 (CST) From: "Robert Andrews" Cc: fwtk-users@ex.tis.com In-Reply-To: <312154075E4AD211B6A30000F843CD6203F845@exchange.pdv.de> from "Dirk.Nerling" at Nov 26, 98 03:51:00 pm X-Mailer: ELM [version 2.4 PL25 PGP6-MF] Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- Does anybody have an idea for such a strange problem and my strange (?) configuration too? best regards and thanks for ANY hint!!! I'd have to ask what version of fwtk your using? I've been using fwtk 2.0 with an anti-spam patch that includes the anti-relay patch with it. Basically you have a couple of options here.. Since I am not sure if the patch works on the 2.1 version of smap I never bothered to upgrade. So you could if your using fwtk 2.0 use this same exact patch which I would be more than happy to dig up and send to you. Or you can do away with smap if you don't have a true need for it and just allow sendmail to talk on the port for the mail. If you need the 2.0 smap patch I do have it here.. I don't even remember where I got it from and haven't been to sucessful in getting any info from the list the last time I asked if there was a site for the anti-spam and relay patches for fwtk2.1 Robert Andrews Asst. Systems Administrator The MedServe Link Inc. Maple Grove, MN (612) 416-1091 - roba@member.com/root@gargoyle.net -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: latin1 Comment: Requires PGP version 2.6 or later. iQCVAwUBNl15CWejN0t/CEXxAQGbCAP/eHg2M7xTBxZS4SUTMSF1sYd9CC1q9Bkz yLn62Oj22MZ6h2E+0n2hr4U5bjG7GSp4LjkfqdkbL9Wc5B9iOR4Kyh26ulCeTwy7 fIoPxq227HK9+VF2npDUhes1suZp/Gc/1fS0wFguJMCmmyf2jxw3WLRtCx4bVGZy MugM1tK/d4w= =kISq -----END PGP SIGNATURE----- From owner-fwtk-users Fri Nov 27 02:50:22 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA27590 for fwtk-users-outgoing; Fri, 27 Nov 1998 02:33:35 -0500 (EST) X-Authentication-Warning: firewall.strathom.com: nouser set sender to using -f Message-ID: <000d01be19da$c03ada80$0b00a8c0@poste13.strathom.com> From: "Fred LB" To: "Dirk.Nerling" Cc: Subject: Re: using sendmail 891 and smap for anti-relaying ??? Date: Fri, 27 Nov 1998 08:51:33 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 X-MIME-Autoconverted: from 8bit to quoted-printable by firewall.strathom.com id IAA14409 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id CAA27587 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, If you use fwtk 2.1, just try to patch your smap with yao-smap.pch that you'll find on http://www.erols.com/avenger/ after that you just need to add 2 lines to your netperm-table file (at least, there are many more options) : smap: hosts your.internal.network.1.* your.internal.network.2.* your.internal.network.3.* smap: domains *.domain.for.which.you.receive.email.1 *.domain.for.which.you.receive.email.2 *.domain.for.which.you.receive.email.3 and after that smap will directly disable 3rd party relaying, allowing to relay mail for *.domain.for.which.you.receive.email ; the only mail going outside your domains will be reserved for your.internal.network.* That's what i use for myself, as long as like you said, it seems for me that sendmail 8.91 doesn't check the rules i set up in /etc/sendmail.cf. but that patch of smap works great. Fred LB - sysadmin flb@strathom.com Strathom Informatique Nantes - France -----Message d'origine----- De : Dirk.Nerling Ŕ : Firewall Toolkit (M-list) Date : jeudi 26 novembre 1998 18:46 Objet : using sendmail 891 and smap for anti-relaying ??? >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >Hello, > >first of all: thanks for all the good points to the anti-relay smap. I >got it work but because of my local configuration I do >have my MX point to myself at the DNS and I'm afraid the whole world >knows my MX for my domain. Means all mail >server could connect my smap server directly, they get my smap server >through the MX of DNS and deliver the email, >instead of connecting my provider. It safes me a hop and my emails will >never laying around on my providers mailserver, >if my internal mail server is broken (this happens sometimes with >Exchange and some of my subdomains on the WAN). > >Unfortunately recognized http://www.dorkslayers.com/orbs/ my smap >"hole" - they spoke with my provider and >we (my provider and I) have to solve the problem until friday. Otherwise >they will put my domain and my providers domain >on there black list. > >The solution from my provider was to install sendmail v891 which will >anti relay by default (messages from a site outside of >my domain to another site outside of domain are denied by sendmail >rules). Unfortunately not in my smap configuration. Seems as the way >smap spools the mail and smapd launchs sendmail, will not consider these >sendmail rules. > >Does anybody have an idea for such a strange problem and my strange (?) >configuration too? >best regards and thanks for ANY hint!!! > >Dirk >-- >Milky Way - Sol System - Earth - Europe - Germany - Thuringia - Erfurt > http://wall.pdv.de/~nerle From owner-fwtk-users Fri Nov 27 04:47:34 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id EAA28012 for fwtk-users-outgoing; Fri, 27 Nov 1998 04:45:51 -0500 (EST) Message-ID: <312154075E4AD211B6A30000F843CD62045567@exchange.pdv.de> From: "Dirk.Nerling" To: "Firewall Toolkit (M-list)" Subject: smap-yao patch - could someone explain me the following log ??? Date: Fri, 27 Nov 1998 11:05:24 +0100 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, thanks for all how replied - I'm 99% happy with this solution although there is one question left: I have some entries in my log file where I first see a "deny" although the email will be delivered some seconds later: Nov 27 10:47:40 wall smap[2690]: connect host=f318.hotmail.com/207.82.250.238 Nov 27 10:47:40 wall smap[2690]: deny host=f318.hotmail.com/207.82.250.238 use of gateway Nov 27 10:47:41 wall smap[2690]: permit host=f318.hotmail.com/207.82.250.238 use of gateway Nov 27 10:47:41 wall smap[2690]: host=f318.hotmail.com/207.82.250.238 bytes=799 from= to= xma002690 Nov 27 10:47:41 wall smap[2690]: exiting host=f318.hotmail.com/207.82.250.238 bytes=799 Nov 27 10:47:45 wall smapd[2691]: delivered file=sma002690 pid=2692 code=0 Nov 27 10:48:33 wall smap[2696]: connect host=f37.hotmail.com/207.82.250.48 I think my netperm-table smap options are responsible for this, so here they are. #spam options smap: hosts 127.0.0.1 192.168.* smap: domains *pdv.de smap: max-email 1000 smap: scrub-spam 1 smap: unkown-host 1 smap: check-from-address 1 smap: require-full-email 1 smap: spam domain.com frob.com mailcity.com I do need the unkown-host, but this shouldn't be the problem !? Btw. I could ignore check-from-address and require-full-email but what are your expierences with these options? best regards and THANK'S for all your help!!!! Dirk -- Milky Way - Sol System - Earth - Europe - Germany - Thuringia - Erfurt http://wall.pdv.de/~nerle From owner-fwtk-users Fri Nov 27 08:37:21 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id IAA28574 for fwtk-users-outgoing; Fri, 27 Nov 1998 08:32:32 -0500 (EST) Message-ID: <59706945956AD2119562006094B9C002CBD2@bach.jda.cl> From: Gonzalo Diethelm To: fwtk-users@tis.com Subject: RE: using sendmail 891 and smap for anti-relaying ??? Date: Fri, 27 Nov 1998 10:55:01 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Two questions regarding the anti-relay patches to smap: * Of all the alternatives suggested in the FAQ, in section http://www.erols.com/avenger/patches/index.html#6.2.2, which is the "canonical" one? I'm about to install Joe Yao's patch, but I wonder whether Andrew Dunstan's would be a better alternative? If there is no canon on this matter, which one is the most widely used (and, one would assume, the most looked into and the most bug-free)? * What is the WWW page where one can test whether a given site is accepting mail relays? * I tried installing the patch on my FWTK2.1 smap directory, but hunk 30 failed. The log line says Hunk #30 FAILED at 1926. I think I can patch that hunk by hand, but I was wondering why the patch would not install cleanly... Thanks for any info, Gonzalo Diethelm From owner-fwtk-users Fri Nov 27 09:08:20 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id JAA28770 for fwtk-users-outgoing; Fri, 27 Nov 1998 09:07:08 -0500 (EST) X-Authentication-Warning: f1.interfarma.lt: mail set sender to using -f Message-ID: <111B3F47447DD211BCE200A0C9A31ADC09AB@MAIL> From: Vadim Radzijevskij To: fwtk-users@ex.tis.com Subject: plug-gw and Oracle on Windows NT Date: Fri, 27 Nov 1998 15:26:46 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I have problem when try access Oracle server on windows Nt platform using plug-gw . tnsping to this server run succesfully, but when I try to connect to database using for example sqlplus I get error TNS: unable to connect to destination. USE_DEDICATED_SERVER=ON in sqlnet.ora I have few UNIX servers, all working throw plug-gw without problems. Any ideas? From owner-fwtk-users Fri Nov 27 10:49:10 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA29072 for fwtk-users-outgoing; Fri, 27 Nov 1998 10:46:21 -0500 (EST) Message-Id: <199811271606.LAA29018@fw1.osis.gov> From: Joseph S D Yao Subject: Re: using sendmail 891 and smap for anti-relaying ??? To: root@stone.gargoyle.net (Robert Andrews) Date: Fri, 27 Nov 1998 11:08:41 -0500 (EST) Cc: Dirk.Nerling@pdv.de, fwtk-users@ex.tis.com In-Reply-To: <199811261751.LAA29173@stone.gargoyle.net> from "Robert Andrews" at Nov 26, 98 11:51:38 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > If you need the 2.0 smap patch I do have it here.. I don't even remember where I got it from > and haven't been to sucessful in getting any info from the list the last time I asked if there > was a site for the anti-spam and relay patches for fwtk2.1 I'm sure I didn't see this request, although I have seen messages from you. This information, including other things you mentioned not knowing, is in the FAQ at . -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 27 10:49:10 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA29053 for fwtk-users-outgoing; Fri, 27 Nov 1998 10:43:23 -0500 (EST) Message-Id: <199811271603.LAA28839@fw1.osis.gov> From: Joseph S D Yao Subject: Re: using sendmail 891 and smap for anti-relaying ??? To: Dirk.Nerling@pdv.de (Dirk.Nerling) Date: Fri, 27 Nov 1998 11:05:43 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: <312154075E4AD211B6A30000F843CD6203F845@exchange.pdv.de> from "Dirk.Nerling" at Nov 26, 98 03:51:00 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > The solution from my provider was to install sendmail v891 which will > anti relay by default (messages from a site outside of > my domain to another site outside of domain are denied by sendmail > rules). Unfortunately not in my smap configuration. Seems as the way > smap spools the mail and smapd launchs sendmail, will not consider these > sendmail rules. Your provider obviously has not read the extended discussion on this in the archives of this mailing list. Bottom line - sendmail has no way of knowing the real sender, since it is sent the mail by "localhost". Use the 'smap' configuration I sent you in private e-mail. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 27 11:03:45 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA29159 for fwtk-users-outgoing; Fri, 27 Nov 1998 11:02:04 -0500 (EST) Message-Id: <199811271622.LAA29962@fw1.osis.gov> From: Joseph S D Yao Subject: Re: smap-yao patch - could someone explain me the following log ??? To: Dirk.Nerling@pdv.de (Dirk.Nerling) Date: Fri, 27 Nov 1998 11:24:24 -0500 (EST) Cc: fwtk-users@ex.tis.com In-Reply-To: <312154075E4AD211B6A30000F843CD62045567@exchange.pdv.de> from "Dirk.Nerling" at Nov 27, 98 11:05:24 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I have some entries in my log file where I first see a "deny" although > the email will be delivered > some seconds later: > > Nov 27 10:47:40 wall smap[2690]: connect > host=f318.hotmail.com/207.82.250.238 > Nov 27 10:47:40 wall smap[2690]: deny > host=f318.hotmail.com/207.82.250.238 use of gateway > Nov 27 10:47:41 wall smap[2690]: permit > host=f318.hotmail.com/207.82.250.238 use of gateway > Nov 27 10:47:41 wall smap[2690]: host=f318.hotmail.com/207.82.250.238 > bytes=799 from= to= xma002690 > Nov 27 10:47:41 wall smap[2690]: exiting > host=f318.hotmail.com/207.82.250.238 bytes=799 > Nov 27 10:47:45 wall smapd[2691]: delivered file=sma002690 pid=2692 > code=0 > Nov 27 10:48:33 wall smap[2696]: connect > host=f37.hotmail.com/207.82.250.48 > > I think my netperm-table smap options are responsible for this, so here > they are. > > #spam options > smap: hosts 127.0.0.1 192.168.* > smap: domains *pdv.de > smap: max-email 1000 > smap: scrub-spam 1 > smap: unkown-host 1 > smap: check-from-address 1 > smap: require-full-email 1 > smap: spam domain.com frob.com mailcity.com > > I do need the unkown-host, but this shouldn't be the problem !? > > Btw. I could ignore check-from-address and require-full-email but what > are your expierences with these options? > > best regards and THANK'S for all your help!!!! Note that "unkown-host" should be "unknown-host". If you check how the "deny" could be in there, you'll note that one case the code that produces this SHOULD produce an error return. I posit [in a comment] that there may be some flaw in the original author's logic, but I left it in for those who were already using an earlier version of this author's patch. Perhaps I should have been more aggressive, but I was [as always] under severe time constraints. This code is only called if "check_from_address" is set. Same with the "scrub_spam" code. Apparently, you need these; so, until and unless I can get out an updated patch, you may have to live with it. Not 'til the second-last year of this millennium. Sorry! [Well, that year is only a little over a month away.] -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "COSPO/OSIS Computer Support" mail to sys-adm@cospo.osis.gov ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 27 11:36:11 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA29194 for fwtk-users-outgoing; Fri, 27 Nov 1998 11:35:30 -0500 (EST) Message-Id: <199811271654.LAA01758@fw1.osis.gov> From: Joseph S D Yao Subject: Re: using sendmail 891 and smap for anti-relaying ??? To: Gonzalo.Diethelm@jda.cl (Gonzalo Diethelm) Date: Fri, 27 Nov 1998 11:56:16 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <59706945956AD2119562006094B9C002CBD2@bach.jda.cl> from "Gonzalo Diethelm" at Nov 27, 98 10:55:01 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > * Of all the alternatives suggested in the FAQ, in section > http://www.erols.com/avenger/patches/index.html#6.2.2, > which is the "canonical" one? I'm about to install > Joe Yao's patch, but I wonder whether Andrew Dunstan's > would be a better alternative? If there is no canon on > this matter, which one is the most widely used (and, > one would assume, the most looked into and the most > bug-free)? I won't claim to be totally unbiased. ;-) But I included in my patch the best existing patches I could find. I then removed all of the bugs I could find - some minor ones have been found since. I also did something quite contrary to MJR's dicta. I commented and documented the code. So you will have a better idea what's going on from that patch. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "COSPO/OSIS Computer Support" mail to sys-adm@cospo.osis.gov ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 27 14:14:27 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA29510 for fwtk-users-outgoing; Fri, 27 Nov 1998 14:12:31 -0500 (EST) Message-Id: <199811271931.OAA10476@fw1.osis.gov> From: Joseph S D Yao Subject: Re: using sendmail 891 and smap for anti-relaying ??? To: Gonzalo.Diethelm@jda.cl (Gonzalo Diethelm) Date: Fri, 27 Nov 1998 14:32:58 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <59706945956AD2119562006094B9C002CBD2@bach.jda.cl> from "Gonzalo Diethelm" at Nov 27, 98 10:55:01 am X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] between the version of smap.c V2.1 that you're using, and the one from which I made my changes half a year ago, I find one difference: 582a583 > errno = 0; This is probably blocking the patch, since that is one area that is patched. The addition may help elsewhere [I haven't looked seriously], so if it makes you more comfortable, remove that line, add the patches, and re-insert that line. This business of adding changes - even good ones - without notice is troubling. It means that those who have version X.X.X.X of a product may not all have the same version, even though they swear they do. It is also, unfortunately, not an uncommon practice. Even though there was a big fuss when Red Hat did it for 5.0 and 5.1, it has always been the case for Microsoft and for hardware companies [ever try to replace PCBs from "the same" hardware products, e.g., disk drives?]. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 27 17:19:33 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA29778 for fwtk-users-outgoing; Fri, 27 Nov 1998 17:17:31 -0500 (EST) Message-ID: <59706945956AD2119562006094B9C002CBF1@bach.jda.cl> From: Gonzalo Diethelm To: fwtk-users@tis.com Subject: DNS reverse lookup misconfiguration? Date: Fri, 27 Nov 1998 19:39:40 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I have come to realize that my DNS may not be set up correctly. Please give me hand understanding this issue. We have been assigned 8 IP addresses by our ISP, and one domain name (say, bogus.com). The zone file for the domain name is simple, since I know my DNS is the authority for the whole domain. But come to think of it, the same does not apply to the reverse lookups in my domain; I can't claim I'm the authority for the whole x.y.z.in-addr.arpa, since I only own 8 (6) IP addresses out of the 256 (254) in that domain. So, what happens in this case? How do I claim to be the owner of only 8 of the IP addresses for that domain, and force the DNS queries to go to my ISP for the other 248 addresses? Perhaps I'm totally wrong here, and I should just ask my ISP to serve the reverse lookups themselves? But if this is the case, it forces the centralization of all those 8 IP address ranges in one place, right? Any help is much appreciated. Thanks in advance, Gonzalo Diethelm From owner-fwtk-users Fri Nov 27 17:27:49 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA29812 for fwtk-users-outgoing; Fri, 27 Nov 1998 17:27:30 -0500 (EST) Message-Id: <199811272246.RAA21233@fw1.osis.gov> From: Joseph S D Yao Subject: FWTK & Y2K - OK To: fwtk-users@tis.com Date: Fri, 27 Nov 1998 17:48:29 -0500 (EST) X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] FYI: On a firewall which, for various reasons, is still running FWTK 1.3 with http-gw 1.4, I set the time to 23:55 on 31 Dec 1999, and tested functions as it went into the last year of this millennium (AD 2000). I found no problems that were related to FWTK. It was an older OS rev, too -- SCCS and the 'date' command will have to be replaced. Syslog continued to reflect an accurate date and time. I know of no changes between 1/3/1.4 and 2.1 (2.1b?) that would make use of Y2K-sensitive functions. No, I am NOT going to try this with AD 2038. ;-) Obviously, this is just FYI, and I'm not going to guarantee that the sun will rise tomorrow, much less that any software works "as advertised". But it's a data point. ;-) -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Fri Nov 27 20:03:02 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA00010 for fwtk-users-outgoing; Fri, 27 Nov 1998 19:59:29 -0500 (EST) Message-ID: <365F4F4C.C16988F@insync.net> Date: Sat, 28 Nov 1998 01:18:04 +0000 From: Miles Lott X-Mailer: Mozilla 4.5 [en] (X11; U; Linux 2.1.130 i586) X-Accept-Language: en MIME-Version: 1.0 To: Gonzalo Diethelm CC: fwtk-users@tis.com Subject: Re: DNS reverse lookup misconfiguration? References: <59706945956AD2119562006094B9C002CBF1@bach.jda.cl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] They must delegate the reverse domain to you, else they can handle them. There is a doc out there describing this, but I have heard it is pretty crazy stuff. Good luck - should work. Gonzalo Diethelm wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > I have come to realize that my DNS may not be set up > correctly. Please give me hand understanding this issue. > > We have been assigned 8 IP addresses by our ISP, and one > domain name (say, bogus.com). The zone file for the domain > name is simple, since I know my DNS is the authority for the > whole domain. But come to think of it, the same does not > apply to the reverse lookups in my domain; I can't claim > I'm the authority for the whole x.y.z.in-addr.arpa, since I > only own 8 (6) IP addresses out of the 256 (254) in that domain. > So, what happens in this case? How do I claim to be the > owner of only 8 of the IP addresses for that domain, and > force the DNS queries to go to my ISP for the other 248 > addresses? > > Perhaps I'm totally wrong here, and I should just ask my > ISP to serve the reverse lookups themselves? But if this > is the case, it forces the centralization of all those > 8 IP address ranges in one place, right? > > Any help is much appreciated. Thanks in advance, > > Gonzalo Diethelm From owner-fwtk-users Fri Nov 27 21:56:18 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA00382 for fwtk-users-outgoing; Fri, 27 Nov 1998 21:52:29 -0500 (EST) From: "Tom Krotchko" To: Subject: RE: DNS reverse lookup misconfiguration? Date: Fri, 27 Nov 1998 22:11:38 -0500 Message-ID: <000001be1a7c$d0498aa0$d57596d1@s00499> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal In-Reply-To: <59706945956AD2119562006094B9C002CBF1@bach.jda.cl> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > whole domain. But come to think of it, the same does not > apply to the reverse lookups in my domain; I can't claim > I'm the authority for the whole x.y.z.in-addr.arpa, since I > only own 8 (6) IP addresses out of the 256 (254) in that domain. I think the confusion comes about because domain != address range. Most ISPs will no longer grant you an entire class C subnet simply because there's too many people on the Internet; back in the day , ISPs regularly were given class B licenses and then doled out a C range out of their B range (so to speak). But now, most people don't use an entire C range of addresses; I do work for very large companies, and the actual external address range is probably less than 10 IP address; Why should an ISP waste 255 addresses when it basically wastes 96% of the address range? > Any help is much appreciated. Thanks in advance, The easiest way to do it is to split your DNS; let your ISP be definitive for your external addresses (what is essentially your domain). Internally, you don't expose those addresses, therefore you have to set up an internal DNS server that is definitive for your site. From owner-fwtk-users Sun Nov 29 21:26:42 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA04261 for fwtk-users-outgoing; Sun, 29 Nov 1998 21:10:21 -0500 (EST) Message-Id: <3.0.32.19981130104304.0075e3a8@jetlink.com.ph> X-Sender: joel@jetlink.com.ph X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 30 Nov 1998 10:43:12 +0800 To: fwtk-users@tis.com From: "Joel D. Consorte" Subject: re: sendmail 8.8.8 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hello everybody i have a sendmail 8.8.8 in my network server and actually it is working but it seems a found out that this sendmail version of mine has not configured yet in anti relay. and my problem is i don't how to put a anit relay in my sendmail can you give some tips or samples for the senmail.cf ... many thanks joel From owner-fwtk-users Mon Nov 30 02:36:41 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id CAA04966 for fwtk-users-outgoing; Mon, 30 Nov 1998 02:33:49 -0500 (EST) Message-Id: <10B94DB22F15D211B5740008C728A30201035088@KECMSG01> From: pdmallya To: fwtk-users@ex.tis.com Subject: RE: email domain conversions Date: Mon, 30 Nov 1998 13:25:05 +0530 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, We have a similar though slightly more complicated situation : we have a set of users where the internal domain name and the domain name known to the external world are different, the user names are also different. sendmail works very well in translating the "from" addresses for sending mail to the outside world, but it doesn't seem to work for the "cc" addresses (the problem comes when a local users sends a cc to another local user - if this goes out untranslated, the cc'd local user doesn't get replies sent by the receiver). How do we handle this? Any responses would be appreciated - one way I can think of is, to patch smap for this to look up a database (has any one done this already?). Or is it just a case of RTFM the sendmail manual - pointers here would be helpful too! Regards P D Mallya > -----Original Message----- > From: Frederick M Avolio [SMTP:fred@avolio.com] > Sent: Thursday, November 26, 1998 3:20 AM > To: Alejandro Escalante Medina; fwtk-users@ex.tis.com > Subject: Re: email domain conversions > > [To be removed from this list send the message "unsubscribe fwtk-users" in > the > BODY of a mail message to majordomo@ex.tis.com.] > > Sendmail does this nicely. > > Fred > > At 01:26 PM 11/25/98 -0600, Alejandro Escalante Medina wrote: > >[To be removed from this list send the message "unsubscribe fwtk-users" > in the > >BODY of a mail message to majordomo@ex.tis.com.] > > > > > >I would like to know what is the more common approach for resolving > >this issue among fwtk users. > > > >I have a network connected to the internet using a fwtk based > >firewall. The internal network is using a private name structure with > >an internal dns. Something like ``www.admin'' or ``ftp.support''. All > >internal mail works fine like this, but I have the need to convert > >internal email addresses when the mail goes to the outside world. If I > >don't, replies will never get back. Of course I need the opposite > >conversion when the reply arrives, to redirect mail to its correct > >internal host and user. > > > >I need a translation like this: > > > > jane@mail.admin <-----> janea@mycorp.com > > jane@mail.support <-----> janeb@mycorp.com > > > > > >What is the common way to solve this thing? What are you using? > > > >Saludos, > >Alex > > > > > >-- > >Alejandro Escalante Medina > >amedina@msg.com.mx From owner-fwtk-users Mon Nov 30 10:32:22 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA06394 for fwtk-users-outgoing; Mon, 30 Nov 1998 10:26:18 -0500 (EST) Message-ID: <01BE1C3E.319C75C0@SAMPSELB-NT> From: "Bryan S. Sampsel" To: "'Alejandro Escalante Medina'" , "fwtk-users@ex.tis.com" Subject: RE: email domain conversions Date: Mon, 30 Nov 1998 08:48:24 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id KAA06391 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] A simple solution for me has always been setting the client to think it's at "mycorp.com"... e.g.- With Outlook or netscape: "Email Address" setting -> user@mycorp.com This sets the reply in the header so that any replies come in the correct way... as to incoming mail...alias on your outside-world mail server. Many NT-based POP/SMTP servers have aliasing and "Sendmail" has the capability...there's qmail....though I haven't used that one. The point is, an alias functionality can map the "real world" address to the internal "bogus" address. There's probably a more elegant solution, but this works. Bryan ==================================== Bryan S. Sampsel Network Administrator Horizon Interactive, Inc. ==================================== -----Original Message----- From: Alejandro Escalante Medina [SMTP:amedina@colibri.msg.com.mx] Sent: Wednesday, November 25, 1998 12:27 PM To: fwtk-users@ex.tis.com Subject: email domain conversions [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I would like to know what is the more common approach for resolving this issue among fwtk users. I have a network connected to the internet using a fwtk based firewall. The internal network is using a private name structure with an internal dns. Something like ``www.admin'' or ``ftp.support''. All internal mail works fine like this, but I have the need to convert internal email addresses when the mail goes to the outside world. If I don't, replies will never get back. Of course I need the opposite conversion when the reply arrives, to redirect mail to its correct internal host and user. I need a translation like this: jane@mail.admin <-----> janea@mycorp.com jane@mail.support <-----> janeb@mycorp.com What is the common way to solve this thing? What are you using? Saludos, Alex -- Alejandro Escalante Medina amedina@msg.com.mx From owner-fwtk-users Mon Nov 30 10:46:53 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA06566 for fwtk-users-outgoing; Mon, 30 Nov 1998 10:45:26 -0500 (EST) Message-Id: <3.0.5.32.19981125151446.00a46e70@mail.hartwellcorp.com> X-Sender: rowl@mail.hartwellcorp.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 25 Nov 1998 15:14:46 -0800 To: fwtk-users@ex.tis.com From: "Michael St. Laurent" Subject: A pptp configuration detail Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I am trying to get our pptp "hole" to narrow down to permit only what is absolutely necessary for pptp to function. With the below ipfwadm rule everything works: /sbin/ipfwadm -F -a m -S $IPSVR/16 -D $ANY -W eth0 If, however, I change it to the following it stops working: /sbin/ipfwadm -F -a m -P tcp -S $IPSVR/16 -D $ANY 1723 -W eth0 My understanding of the pptp masquerading patches was that it was supposed to masquerade the GRE traffic if an there's an entry in the forwarding tables for the tcp traffic. Why does this stop working if I narrow it down to just the TCP port 1723 traffic? I am using the tools and instructions from the Linux PPTP Masquerade HOWTO *DRAFT* located at: http://www.lowrent.org/jhardin/PPTP-howto/PPTP-Masquerade.html Section 3.4 mentions the command: ipfwadm -F -a m -P tcp -S 10.0.0.2/32 -D 199.0.0.1/32 -W eth1 which is similar to the one I am trying to use above. Can anyone explain what I am doing wrong? -------------------- Michael St. Laurent Hartwell Corporation "The software said to use with Windows95 or better, so I installed Linux." From owner-fwtk-users Mon Nov 30 10:47:46 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA06582 for fwtk-users-outgoing; Mon, 30 Nov 1998 10:46:21 -0500 (EST) Date: 26 Nov 1998 16:21:32 +0100 Message-ID: <19981126152132.29193.qmail@brandenburg-gmbh.de> From: Dirk Alboth To: fwtk-users@tis.com In-reply-to: <852566C5.00596C7D.00@ttcmta1-7.ttc.com> (youngk@ttc.com) Subject: Portscans as a network mgmt tool? Reply-to: alboth@brandenburg-gmbh.de Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, sorry, if this is not directly fwtk-related but I think this list could be the right audience anyway. I just want to receive some opinions about a technique our (new) ISP uses to watch their network. Yesterday evening I observed something I thought could be a port scan: >From a host in our ISP's domain originated connection attempts to a number of well-known ports on our gateway: ftp, telnet, pop3, imap2, nntp, snmp, among others. Since our gateway usually (until now..) is not under heavy attack I watched it more closely. Since these scans continued today about every hour I finally called our ISP. They told me that these are not port scans but that they use a tool to check whether all lines are working and this tool does connection attempts to certain services. I wondered why an ICMP echo request (aka ping) wouldn't do this job even better and they told me that they would need to invoke ping manually but this network management tool does this automatically. (I have to confess that I didn't offered them to write a quick'n'dirty script to do this...) IMHO if I want to know whether the line is on, a message telling me that a connection attempt to pop3 failed is of little value. Unless, of course, if pop3 should be running AND if I am responsible for checking that or if I am a user of this service. (In this sense everybody is a legitimate user of the smtp service on a host with an MX record.) Anyway does anybody have an idea what the meaning could be with such a checking policy? Does anybody consider it legitimate for an ISP to gather information about which services are running on all connected client hosts? (What if they are broken into?) Sincerely, Dirk PS: BTW queso told me that this host runs MS-Windows NT or 98. From owner-fwtk-users Mon Nov 30 10:48:50 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id KAA06604 for fwtk-users-outgoing; Mon, 30 Nov 1998 10:47:25 -0500 (EST) Message-ID: <3661F3CC.9D768579@net-operations.de> Date: Mon, 30 Nov 1998 02:24:28 +0100 From: Florian Kunkel Organization: http://www.net-operations.de X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: fwtk-users@tis.com Subject: Re: TIS/NAI approval? References: <852566C5.00596C7D.00@ttcmta1-7.ttc.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] youngk@ttc.com wrote: > > Is anyone at TIS/NAI still on this list? If so, please see below... > > --Keith > -youngk@ttc.com > > P.S. Mike Ibarra has offered to donate the startup costs and at least 2 > years of Internic fees for fwtk.org. If anyone has contacts in an ISP who > would be willing to mirror/host the site, please let me know. Also, I have > found a web design company who is willing to donate time to design the > site... >... > I don't know if this is the proper address to check with or not, but I > wanted to check with you to see if TIS/NAI will allow an "Official FWTK web > site". It will be completely funded by the FWTK users and will not have any > advertisements on it. > > We will also be following the FWTK license by not mirroring the toolkit on > the server; they will still be required to send the e-mail to download the > file. > > Is this okay? > > --Keith Young > -youngk@ttc.com A know an ISP willing to host FWTK.ORG. Contact: j.weller@ecomp.net WEB: www.ecomp.net ... of course this has to be cleared with TIS/NAI first. F. Kunkel From owner-fwtk-users Mon Nov 30 11:08:30 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA06823 for fwtk-users-outgoing; Mon, 30 Nov 1998 11:06:27 -0500 (EST) Date: Mon, 30 Nov 1998 17:10:11 +0100 (CET) From: Peter RATKAI To: Chique XXXXX cc: fwtk-users@ex.tis.com Subject: Re: Active Server Pages.... In-Reply-To: <19981124193548.24280.qmail@hotmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] HI, I'm also thinking about this problem! I have a webserver outside, M$SQL server inside, the webserver grabs data from SQL by ASP... How can this go through? Or just plug it? :( What about, if all the servers are inside? eg. they are on the same machine, and it must recieve port-80-requests from the internet. It's totally insecure, isn't it? And more: this server should be IIS :( Any idea? Thanks, Peter On Tue, 24 Nov 1998, Chique XXXXX wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > > By any chance could anyone please say , which patch I need to add to the > FWTK so that my browser can accept files that has an ".asp" ending > Active Server Page > > Thanx > Chique > > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com > -- Peter RATKAI Windows is Shutting down... -- From owner-fwtk-users Mon Nov 30 12:57:05 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id MAA07553 for fwtk-users-outgoing; Mon, 30 Nov 1998 12:55:09 -0500 (EST) From: "Brion Leary" To: Vadim Radzijevskij , fwtk-users@ex.tis.com Date: Mon, 30 Nov 1998 13:20:54 -500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: plug-gw and Oracle on Windows NT Reply-to: brion@dia.state.ma.us In-reply-to: <111B3F47447DD211BCE200A0C9A31ADC09AB@MAIL> X-mailer: Pegasus Mail for Win32 (v3.01b) Message-ID: <46CDA2143B3@dia.state.ma.us> Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Vadim, Oracle SQLnet on NT behaves like a UNIX multi-threaded server (MTS) SQLnet configuration. When a connection is established the listener spawns a thread which creates a new socket for the connection. plugw will not work with SQLnet on NT. Note, tnsping will work because it does not create a session, it only verifies that a SQLnet listener is listening at a socket on a server. Brion Leary On 27 Nov 98, at 15:26, Vadim Radzijevskij wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > I have problem when try access Oracle server on windows Nt platform > using plug-gw . > tnsping to this server run succesfully, but when I try to connect to > database using for example sqlplus I get error > TNS: unable to connect to destination. USE_DEDICATED_SERVER=ON in > sqlnet.ora > > I have few UNIX servers, all working throw plug-gw without problems. > > Any ideas? From owner-fwtk-users Mon Nov 30 13:45:18 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA08014 for fwtk-users-outgoing; Mon, 30 Nov 1998 13:44:41 -0500 (EST) Message-Id: <199811301903.OAA12282@fw1.osis.gov> From: Joseph S D Yao Subject: Re: DNS reverse lookup misconfiguration? To: Gonzalo.Diethelm@jda.cl (Gonzalo Diethelm) Date: Mon, 30 Nov 1998 14:05:58 -0500 (EST) Cc: fwtk-users@tis.com In-Reply-To: <59706945956AD2119562006094B9C002CBF1@bach.jda.cl> from "Gonzalo Diethelm" at Nov 27, 98 07:39:40 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > We have been assigned 8 IP addresses by our ISP, and one > domain name (say, bogus.com). The zone file for the domain > name is simple, since I know my DNS is the authority for the > whole domain. But come to think of it, the same does not > apply to the reverse lookups in my domain; I can't claim > I'm the authority for the whole x.y.z.in-addr.arpa, since I > only own 8 (6) IP addresses out of the 256 (254) in that domain. > So, what happens in this case? How do I claim to be the > owner of only 8 of the IP addresses for that domain, and > force the DNS queries to go to my ISP for the other 248 > addresses? > > Perhaps I'm totally wrong here, and I should just ask my > ISP to serve the reverse lookups themselves? But if this > is the case, it forces the centralization of all those > 8 IP address ranges in one place, right? You're exactly right. You can't be the authority for a fraction of x.y.z.in-addr.arpa. Since your ISP is fractionating it out, they must be the, yes centralized, authority for that "domain". You only need to have external Internet reverse lookup entries for those IP addresses that are actually on the Internet - i.e., the external addresses of the firewall and any resources you want the world to see [presumably, on a DMZ]. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users Mon Nov 30 13:46:49 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id NAA08051 for fwtk-users-outgoing; Mon, 30 Nov 1998 13:46:42 -0500 (EST) Message-Id: <3.0.5.32.19981130115357.00a02530@dreamwvr.com> X-Sender: dreamwvr@dreamwvr.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Mon, 30 Nov 1998 11:53:57 -0700 To: alboth@brandenburg-gmbh.de, fwtk-users@tis.com From: dreamwvr Subject: Re: Portscans as a network mgmt tool? In-Reply-To: <19981126152132.29193.qmail@brandenburg-gmbh.de> References: <852566C5.00596C7D.00@ttcmta1-7.ttc.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hi Dirk, looks to me like they are using the service monitoring perl program called 'big brother' which is a real good tool to determine problems on Your/their network. What it does is check to make certain that the services that are supposed to be up are indeed up especially if it is so predictable like every hour. Do a search for it on infoseek or altavisa and then consider putting it on one of your management stations then do it in reverse;')) he will for sure get the idea. Else you might filter out calls for services from the boxes requesting them... Anyways this is off topic but guys the programs real a real good tool. IMHO anyways:')) hope this helps! Regards, dreamwvr@dreamwvr.com At 04:21 PM 11/26/98 +0100, Dirk Alboth wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > > >Hi, > >sorry, if this is not directly fwtk-related but I think this list >could be the right audience anyway. > >I just want to receive some opinions about a technique our (new) ISP >uses to watch their network. > >Yesterday evening I observed something I thought could be a port scan: >>From a host in our ISP's domain originated connection attempts to a >number of well-known ports on our gateway: ftp, telnet, pop3, imap2, >nntp, snmp, among others. Since our gateway usually (until now..) is >not under heavy attack I watched it more closely. Since these scans >continued today about every hour I finally called our ISP. They told >me that these are not port scans but that they use a tool to check >whether all lines are working and this tool does connection attempts >to certain services. > >I wondered why an ICMP echo request (aka ping) wouldn't do this job >even better and they told me that they would need to invoke ping >manually but this network management tool does this automatically. (I >have to confess that I didn't offered them to write a quick'n'dirty >script to do this...) > >IMHO if I want to know whether the line is on, a message telling me >that a connection attempt to pop3 failed is of little value. Unless, >of course, if pop3 should be running AND if I am responsible for >checking that or if I am a user of this service. (In this sense >everybody is a legitimate user of the smtp service on a host with an >MX record.) > >Anyway does anybody have an idea what the meaning could be with such a >checking policy? >Does anybody consider it legitimate for an ISP to gather information >about which services are running on all connected client hosts? >(What if they are broken into?) > >Sincerely, > Dirk > >PS: BTW queso told me that this host runs MS-Windows NT or 98. > > Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. Featuring Website Development and Web Strategies of a TOP Developer "As Unique as the Company You Keep." "===0 PGP Key Available ________________________________________________________________________ From owner-fwtk-users Mon Nov 30 14:38:10 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id OAA08209 for fwtk-users-outgoing; Mon, 30 Nov 1998 14:35:41 -0500 (EST) Date: Mon, 30 Nov 1998 11:48:01 -0800 (PST) From: David Lang X-Sender: dlang@dlang To: "Joel D. Consorte" cc: fwtk-users@tis.com Subject: re: sendmail 8.8.8 In-Reply-To: <3.0.32.19981130104304.0075e3a8@jetlink.com.ph> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- upgrade to 8.9.1 it includes much more anti-relay stuff. David Lang On Mon, 30 Nov 1998, Joel D. Consorte wrote: > Date: Mon, 30 Nov 1998 10:43:12 +0800 > From: Joel D. Consorte > To: fwtk-users@tis.com > Subject: re: sendmail 8.8.8 > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > hello everybody i have a sendmail 8.8.8 in my network server and actually > it is working but it seems a found out that this sendmail version of mine > has not configured yet in anti relay. and my problem is i don't how to put > a anit relay in my sendmail can you give some tips or samples for the > senmail.cf ... > > many thanks > > joel > > -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNmL2cz7msCGEppcbAQENTwf+Id8CFP2/fkG9naE+RAnuaktTNX3GxTbX hZtUhekrqSSM/UAqen5/heKlf6I9Jl48vh9hqvUy3mIb8zUKWNy9dVSIPI4jAI0d lMIcQ8Gxx4mzWDZwArVyHqKwQV8JiGWvT3yPg30k6+IgQ1Cq3d0gmMIOYb+1dIvB GeicOmB7TXBGAx8wQWz4xfg9Es7sSU5ey0ugThaK3+QFq7PKw4FjQrs1HFW3Y9M1 iFLJ7NrN02GDzsDa9WeJlzZUXpNZ5wwrt7ZPA0fuNX9TG/fNMs16KYpVJQ9PhCuJ J0V0rYtctcE6qJHFU0yEox8O+1ZHLMLPUZComOjBTv+zKCM0cfcQDQ== =uC2K -----END PGP SIGNATURE----- From owner-fwtk-users Mon Nov 30 15:29:19 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id PAA08458 for fwtk-users-outgoing; Mon, 30 Nov 1998 15:28:47 -0500 (EST) Date: Tue, 1 Dec 1998 07:44:32 +1100 (EST) From: Pauline van Winsen - Uniq Professional Services Message-ID: <199811302044.HAA15609@basil.uniq.com.au> Subject: Re: DNS reverse lookup misconfiguration? To: Gonzalo.Diethelm@jda.cl Cc: fwtk-users@tis.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: q2rcefqiSFiUr6c2hwj5Yw== Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hiya, > We have been assigned 8 IP addresses by our ISP, and one > domain name (say, bogus.com). The zone file for the domain > name is simple, since I know my DNS is the authority for the > whole domain. But come to think of it, the same does not > apply to the reverse lookups in my domain; I can't claim > I'm the authority for the whole x.y.z.in-addr.arpa, since I > only own 8 (6) IP addresses out of the 256 (254) in that domain. > So, what happens in this case? How do I claim to be the > owner of only 8 of the IP addresses for that domain, and > force the DNS queries to go to my ISP for the other 248 > addresses? if your ISP is willing they can delegate classless in-addr.arpa zones. two useful sources of info are in the bind FAQ: http://www.users.pfmc.net/~cdp/cptd-faq/section5.html#subnet or RFC 2317: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2317.txt there are scripts which will build the zone files, i think there is a link for one off the FAQ info. hope this helps, pauline Pauline van Winsen http://www.uniq.com.au/people/pauline.html Uniq Professional Services Pty Ltd pauline@uniq.com.au PO Box 70, Paddington, NSW 2021, (Sydney) Australia Phone: +61-2-9380-6360 Fax: +61-2-9380-6416 Pager: 016 287 000 "It is not far fetched to say that a woman's cooking is often an expression of her love, and it's a wise woman who masters the art early. You can be sure he will expect you to cook as well as "Mum"." Way to a Man's heart - Introduction, Woman's World, circa 1964. From owner-fwtk-users Mon Nov 30 17:04:07 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA08714 for fwtk-users-outgoing; Mon, 30 Nov 1998 17:02:44 -0500 (EST) Message-ID: <36631AC7.68B7A6B6@manton.com> Date: Mon, 30 Nov 1998 16:23:03 -0600 From: Ganesan Venkatasubramanian Organization: Manton Communications Corp. X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: Oeuillot Olivier CC: Tim Maher , fwtk-users@tis.com Subject: Re: General Protection on http-gw in Linux 2.0.35 References: <36626354.5E3A22E6@labri.u-bordeaux.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] It also happens with 2.0.36 but it has not crashed the entire machine (at least not in the last 2 weeks). Only http-gw + general protection every now and then. Let me know if you figure anything out. Venkat Oeuillot Olivier wrote: > it happens with 2.0.34 too ! > > Olivier. > > Tim Maher wrote: > > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > According to Ganesan Venkatasubramanian: > > > > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > > BODY of a mail message to majordomo@ex.tis.com.] > > > > > > I am running the http-gw on this machine which is our firewall. It runs > > > RedHat 5.1 with a 2.0.35 kernel. Every few days I see in the log: > > > > > > Nov 5 19:53:27 datalife kernel: general protection: 0000 > > > Nov 5 19:53:27 datalife kernel: CPU: 0 > > > Nov 5 19:53:27 datalife kernel: EIP: 0010:[tcp_close+201/536] > > > Nov 5 19:53:27 datalife kernel: EFLAGS: 00010087 > > > Nov 5 19:53:27 datalife kernel: eax: 0063f208 ebx: 00d36414 ecx: > > > 00000206 edx: 44494e4f > > > Nov 5 19:53:27 datalife kernel: esi: 00d364d4 edi: 00000000 ebp: > > > 00000001 esp: 01509f24 > > > Nov 5 19:53:27 datalife kernel: ds: 0018 es: 0018 fs: 002b gs: > > > 002b ss: 0018 > > > Nov 5 19:53:27 datalife kernel: Process http-gw (pid: 26412, process > > > nr: 22, stackpage=01509000) > > > Nov 5 19:53:27 datalife kernel: Stack: 00d36414 02274690 02274690 > > > 0014d9d9 00d36414 00000000 02274600 00000000 > > > Nov 5 19:53:27 datalife kernel: 001359d8 02274690 00000000 > > > 02274600 02274600 02274600 00000001 00135c11 > > > Nov 5 19:53:27 datalife kernel: 02274690 038a9cc0 00123154 > > > 02274600 038a9cc0 00000000 038a9cc0 001231c4 > > > Nov 5 19:53:27 datalife kernel: Call Trace: [inet_release+97/108] > > > [sock_release+92/156] [sock_close+37/44] [__fput+28/64] [close_fp+76/92] > > > [do_exit+292/508] [sys_exit+14/16] > > > Nov 5 19:53:27 datalife kernel: [system_call+85/124] > > > Nov 5 19:53:27 datalife kernel: Code: 89 72 04 89 93 c0 00 00 00 c7 00 > > > 00 00 00 00 c7 40 04 00 00 > > > > > > Sooner or later the entire machine crashes and has to be restarted. The > > > last time even the keyboard did not respond. It usually happens 4-5 days > > > after a restart. Needless to say this is extremely annoying at the very > > > least! > > > > > > Any help would be appreciated. > > > > > > Thanks, > > > Venkat > > > > > > > > > > On three separate machines, none of which is running http-gw, I > > have the same kind of problem with 2.0.35, which may be triggered > > by date, sendmail, grep, ls, you name it. I fixed the problem on > > all three boxes by going back to 2.0.33. > > > > +================================================================+ > > | Tim Maher, Ph.D. Tel/Fax: (206) 781-UNIX/8649 | > > | Head UNIX Guru, CONSULTIX Email: tim@consultix.wa.com | > > | "The UNIX Training Experts" http://www.consultix.wa.com/yumpy | > > | Seattle Perl Users Group: http://www.halcyon.com/spug | > > +================================================================+ From owner-fwtk-users Mon Nov 30 17:48:24 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id RAA08856 for fwtk-users-outgoing; Mon, 30 Nov 1998 17:47:45 -0500 (EST) Message-ID: <59706945956AD2119562006094B9C002CC2F@bach.jda.cl> From: Gonzalo Diethelm To: fwtk-users@tis.com Subject: Is IPFWADM needed? Date: Mon, 30 Nov 1998 20:10:03 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, I am using FWTK 2.1, and everything has been working great for the past month. Now I started wondering whether I should add a couple of IPFWADM rules to protect things even more. Here is my setup: * Bastion is a linux 2.0.34 dual-homed machine. * IP forwarding is turned OFF. * External Ethernet card is eth0. * Internal Ethernet card is eth1. * I'm using 192.168.11.* as internal IP addresses. Basically, what I'm concerned about is people from the Big Bad Internet trying to spoof their IP addresses to make them look like they are coming from the internal network. I did compile the kernel with "Kernel IP spoof detection" on, but I've never been able to understand or learn what that really does. Anyway, I was thinking of adding a few rules such as these: ADM=/sbin/ipfwadm # Change the default policy for forwarding to DENY. $ADM -F -p deny # Flush (erase) all rules for forwarding, input, output and accounting. $ADM -F -f $ADM -I -f $ADM -O -f $ADM -A -f # Deny all packets from the outer world that: # # 1. Come from the external Ethernet interface. # 2. Clam to belong to a reserved Internet address: # 10.0.0.0 - 10.255.255.255 # 172.16.0.0 - 172.31.255.255 # 192.168.0.0 - 192.168.255.255 $ADM -F -a deny -b -W eth0 -S 10.0.0.0/8 -D 0.0.0.0/0 $ADM -F -a deny -b -W eth0 -S 172.16.0.0/12 -D 0.0.0.0/0 $ADM -F -a deny -b -W eth0 -S 192.168.0.0/16 -D 0.0.0.0/0 # Anything else from the outer world is accepted. $ADM -F -a accept -b -W eth0 -S 0.0.0.0/0 -D 0.0.0.0/0 # Accept only packets from the inner network that: # # 1. Come from the internal Ethernet interface. # 2. Clam NOT to belong to a reserved Internet address: # 10.0.0.0 - 10.255.255.255 # 172.16.0.0 - 172.31.255.255 # 192.168.0.0 - 192.168.255.255 $ADM -F -a accept -b -W eth1 -S 10.0.0.0/8 -D 0.0.0.0/0 $ADM -F -a accept -b -W eth1 -S 172.16.0.0/12 -D 0.0.0.0/0 $ADM -F -a accept -b -W eth1 -S 192.168.0.0/16 -D 0.0.0.0/0 # Anything else from the inner network is denied. $ADM -F -a deny -b -W eth1 -S 0.0.0.0/0 -D 0.0.0.0/0 Questions: 1. Is this sensible? Am I just raving like a lunatic here? 2. If the rules are somewhat reasonable, do they look OK to you? Are there any redundant rules up there? 3. If I have IP forwarding turned off, is it correct to have these rules for the -F ruleset? 4. If I should use the -F ruleset as in the example, should I also specify things for the -I and -O rulesets? 5. Is there a tool that would allow me to inject packets on the external Ethernet interface with "spoofed" IP addresses, just to test the rules? 6. Any other general hints are greatly welcome. Thanks in advance, Gonzalo Diethelm gonzalo.diethelm@jda.cl From owner-fwtk-users Mon Nov 30 18:25:44 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA08923 for fwtk-users-outgoing; Mon, 30 Nov 1998 18:24:43 -0500 (EST) Message-Id: <3.0.5.32.19981130154606.00e46c40@207.194.87.254> X-Sender: devin@207.194.87.254 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 30 Nov 1998 15:46:06 -0800 To: Gonzalo Diethelm , fwtk-users@tis.com From: Devin Redlich Subject: Re: Is IPFWADM needed? In-Reply-To: <59706945956AD2119562006094B9C002CC2F@bach.jda.cl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] >Basically, what I'm concerned about is people from the >Big Bad Internet trying to spoof their IP addresses to >make them look like they are coming from the internal >network. Unless you have the IP-Bind patch, or you're running from an inetd that binds to a specific interface, your proxies are listening on all interfaces. I don't consider this to be a good thing, if for no other reason than it's bad practice to have services listening on the external interface of your firewall when you don't need them. >Anyway, I was thinking of adding a few rules such as these: Good thought, but these rules aren't quite right. They're blocking forwarding, which is impossible since you've got forwarding turned off anyway. What you want to be doing is blocking packets on input. For example, instead of: > $ADM -F -a deny -b -W eth0 -S 10.0.0.0/8 -D 0.0.0.0/0 You want: $ADM -I -a deny -b -W eth0 -S 10.0.0.0/8 -D 0.0.0.0/0 Anyway, what I do to simplify matters is: -block any access with an internal source arriving on the external interface (which is what you have above) -block any access to the internal interface with a source IP that shouldn't be coming from my internal net -block any access on the external interface to ports that my proxies are listening on Those are fairly simple ipfwadm rules to implement, and I consider them to be pretty important in combination with the FWTK. HTH. __ Devin Redlich devin@pctc.com From owner-fwtk-users Mon Nov 30 18:45:14 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id SAA08969 for fwtk-users-outgoing; Mon, 30 Nov 1998 18:44:44 -0500 (EST) Date: Mon, 30 Nov 1998 15:46:06 -0800 From: Mike Batchelor Subject: Re: Portscans as a network mgmt tool? To: fwtk-users@tis.com X-Mailer: Z-Mail Pro 6.2, NetManage Inc. [ZM62_16E] X-Priority: 3 (Normal) References: <852566C5.00596C7D.00@ttcmta1-7.ttc.com> <3.0.5.32.19981130115357.00a02530@dreamwvr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Big Brother is a collection of shell scripts and a couple helper C programs. It does not use Perl (see http://www.maclawran.ca if you are interested in BB). But whatever -- your ISP ought to honor your request to stop poking at these ports. They are probably using a package called "What's Up Gold", not Big Brother - as if it matters... ;) Well, it may actually matter... I recall someone at my office trying out WUG, and it seemed to want to "discover" everything on the networks it's told to monitor... ------------------------ From: dreamwvr Subject: Re: Portscans as a network mgmt tool? Date: Mon, 30 Nov 1998 11:53:57 -0700 To: alboth@brandenburg-gmbh.de, fwtk-users@tis.com > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > hi Dirk, > looks to me like they are using the service monitoring perl program > called 'big brother' which is a real good tool to determine problems on > Your/their _______________________________________________________________ UNIX Team - The difference between theory and practice is often greater in practice than in theory. 11/30/98 15:46:06 From owner-fwtk-users Mon Nov 30 19:06:22 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA09043 for fwtk-users-outgoing; Mon, 30 Nov 1998 19:05:48 -0500 (EST) Date: Mon, 30 Nov 1998 16:24:31 -0800 (PST) From: "Charles A. Clinton" To: dreamwvr cc: alboth@brandenburg-gmbh.de, fwtk-users@tis.com Subject: Re: Portscans as a network mgmt tool? In-Reply-To: <3.0.5.32.19981130115357.00a02530@dreamwvr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Mon, 30 Nov 1998, dreamwvr wrote: > hi Dirk, > looks to me like they are using the service monitoring perl program > called 'big brother' which is a real good tool to determine problems on > Your/their > network. What it does is check to make certain that the services that are > supposed to be up are indeed up especially if it is so predictable like every > hour. Do a search for it on infoseek or altavisa and then consider putting > it on one of your management stations then do it in reverse;')) he will for > sure get the idea. Or measure the bandwidth and CPU utilization that their probing is taking up on your network connection and machine, and bill them for it. -- Charles From owner-fwtk-users Mon Nov 30 19:14:51 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id TAA09082 for fwtk-users-outgoing; Mon, 30 Nov 1998 19:14:43 -0500 (EST) Message-Id: <3.0.5.32.19981130192850.00882370@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 30 Nov 1998 19:28:50 -0500 To: "Joel D. Consorte" From: Rick Murphy Subject: re: sendmail 8.8.8 Cc: fwtk-users@tis.com In-Reply-To: <3.0.32.19981130104304.0075e3a8@jetlink.com.ph> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 10:43 AM 11/30/98 +0800, Joel D. Consorte wrote: >hello everybody i have a sendmail 8.8.8 in my network server and actually >it is working but it seems a found out that this sendmail version of mine >has not configured yet in anti relay. and my problem is i don't how to put >a anit relay in my sendmail can you give some tips or samples for the >senmail.cf ... With smap/smapd front-ending sendmail, you can't effectively use sendmail anti-relaying: all mail appears to be sent from localhost. Using one of the anti-spam patches for smap is the best solution. -Rick From owner-fwtk-users Mon Nov 30 21:04:24 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id VAA09501 for fwtk-users-outgoing; Mon, 30 Nov 1998 21:01:45 -0500 (EST) Message-Id: <36635262.DF94A84D@valinor.cargill.com> Date: Mon, 30 Nov 1998 20:20:18 -0600 From: Jim Bostwick X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en Mime-Version: 1.0 To: Rick Murphy Cc: "Joel D. Consorte" , fwtk-users@tis.com Subject: Re: sendmail 8.8.8 References: <3.0.5.32.19981130192850.00882370@fw.itm-inst.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Rick, Ok, so the replies are comming in, and your's remains the best advice - but I have a minor nit to pick. While I haven't tried the sendmail built-in anti-relay from behind FWTK, I'll accept that they will fail - precisely because smapd makes everything appear to come from the local (bastion) host. I'll also accept that the 'best' solution is to run the anti-relay patches to smap/smapd, although I haven't actually tried them (read on). It *is* possible to implement effective anti-relay using sendmail 8.8.8 behind FWTK. I don't claim it's easy, nor that it's best, but it can be done. Basically, we have a bastion host that runs FWTK, and has a sendmail that is a slightly modified 'null-client'. This thing's job is to relay all inbound mail to an internal mail hub. This sendmail uses a 'check_compat' ruleset (and another, called check_compat_2) to determine that: * the mail claims to come from 'outside' * it claims to go to 'inside' - else - bounce it. Works good, lasts a long time. But, unless the reader is willing to buy and sleep with the Bat Book (Sendmail, Second Edition, Brian Costales with Eric Allman, O'Reilly and Associates, ISBN 1-56592-222-0), then just take Rick's advise and use the FWTK patches. Hacking sendmail.cf files is -well- interesting, but not for beginners and not for the faint of heart. Rick - you didn't say "the only", and a patched smap may well be best, but I built this stuff (by sleeping with the bat book) before the smap patches came out, so I just have to point out that it *is* possible to do this with sendmail behind a vanilla FWTK. It also does stuff like translating internal to external addresses, hiding internal domains behind externally-visible ones, and so on, some of which are var outside the scope of smap/smapd. Sometimes, just picking up a 1200 page manual and pounding it against your head until the head and the book are the same shade of purple is the only way.... OTOH - some people will be just now visiting this subject, and for them, letting smap do the anti-relay *will* be the best/easiest/most-effective solution. -j Rick Murphy wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > At 10:43 AM 11/30/98 +0800, Joel D. Consorte wrote: > >hello everybody i have a sendmail 8.8.8 in my network server and actually > >it is working but it seems a found out that this sendmail version of mine > >has not configured yet in anti relay. and my problem is i don't how to put > >a anit relay in my sendmail can you give some tips or samples for the > >senmail.cf ... > With smap/smapd front-ending sendmail, you can't effectively use sendmail > anti-relaying: all mail appears to be sent from localhost. > Using one of the anti-spam patches for smap is the best solution. > -Rick From owner-fwtk-users Mon Nov 30 22:50:55 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id WAA09912 for fwtk-users-outgoing; Mon, 30 Nov 1998 22:44:45 -0500 (EST) Message-Id: <3.0.5.32.19981130200431.0093f780@mail.intextonline.com> X-Sender: eudora@mail.intextonline.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Mon, 30 Nov 1998 20:04:31 -0800 To: alboth@brandenburg-gmbh.de, fwtk-users@tis.com From: inTEXT Communications Subject: Re: Portscans as a network mgmt tool? In-Reply-To: <19981126152132.29193.qmail@brandenburg-gmbh.de> References: <852566C5.00596C7D.00@ttcmta1-7.ttc.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Sounds to me, like you have some wanna be hackers, working the grave yard shift at your ISP. If you're running a linux box, maybe run tcpdump at night time and watch what they do At 04:21 PM 11/26/98 +0100, Dirk Alboth wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > > >Hi, > >sorry, if this is not directly fwtk-related but I think this list >could be the right audience anyway. > >I just want to receive some opinions about a technique our (new) ISP >uses to watch their network. > >Yesterday evening I observed something I thought could be a port scan: >>From a host in our ISP's domain originated connection attempts to a >number of well-known ports on our gateway: ftp, telnet, pop3, imap2, >nntp, snmp, among others. Since our gateway usually (until now..) is >not under heavy attack I watched it more closely. Since these scans >continued today about every hour I finally called our ISP. They told >me that these are not port scans but that they use a tool to check >whether all lines are working and this tool does connection attempts >to certain services. > >I wondered why an ICMP echo request (aka ping) wouldn't do this job >even better and they told me that they would need to invoke ping >manually but this network management tool does this automatically. (I >have to confess that I didn't offered them to write a quick'n'dirty >script to do this...) > >IMHO if I want to know whether the line is on, a message telling me >that a connection attempt to pop3 failed is of little value. Unless, >of course, if pop3 should be running AND if I am responsible for >checking that or if I am a user of this service. (In this sense >everybody is a legitimate user of the smtp service on a host with an >MX record.) > >Anyway does anybody have an idea what the meaning could be with such a >checking policy? >Does anybody consider it legitimate for an ISP to gather information >about which services are running on all connected client hosts? >(What if they are broken into?) > >Sincerely, > Dirk > >PS: BTW queso told me that this host runs MS-Windows NT or 98. > > ####################################################################### inTEXT Communications Vancouver BC Canada Linux - Unix - Bsd - Programming /Perl / c++ / Java System Administration - Unix System Security http://www.intextonline.com From owner-fwtk-users Mon Nov 30 23:04:19 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id XAA09962 for fwtk-users-outgoing; Mon, 30 Nov 1998 23:04:01 -0500 (EST) Message-Id: <3.0.5.32.19981130231648.008a37a0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 30 Nov 1998 23:16:48 -0500 To: Peter RATKAI From: Rick Murphy Subject: Re: Active Server Pages.... Cc: Chique XXXXX , fwtk-users@ex.tis.com In-Reply-To: References: <19981124193548.24280.qmail@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 05:10 PM 11/30/98 +0100, Peter RATKAI wrote: >I'm also thinking about this problem! I have a webserver outside, M$SQL >server inside, the webserver grabs data from SQL by ASP... >How can this go through? Or just plug it? :( You can't use plug-gw for SQL Server - at least as of 6.5. SQL server will not tolerate having it's messages fragmented; plug-gw being protocol-independent can't preserve message boundaries. -Rick From owner-fwtk-users Mon Nov 30 23:05:53 1998 Received: by portal.ex.tis.com (8.9.1/8.9.1) id XAA09980 for fwtk-users-outgoing; Mon, 30 Nov 1998 23:05:44 -0500 (EST) Message-Id: <3.0.5.32.19981130232349.008715b0@fw.itm-inst.com> X-Sender: rmurphy@fw.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 30 Nov 1998 23:23:49 -0500 To: Jim Bostwick From: Rick Murphy Subject: Re: sendmail 8.8.8 Cc: "Joel D. Consorte" , fwtk-users@tis.com In-Reply-To: <36635262.DF94A84D@valinor.cargill.com> References: <3.0.5.32.19981130192850.00882370@fw.itm-inst.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-fwtk-users@ex.tis.com Precedence: bulk [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 08:20 PM 11/30/98 -0600, Jim Bostwick wrote: >Rick, > Ok, so the replies are comming in, and your's remains the best advice - but I >have a minor nit to pick. > While I haven't tried the sendmail built-in anti-relay from behind FWTK, I'll >accept that they will fail - precisely because smapd makes everything appear to >come from the local (bastion) host. I'll also accept that the 'best' solution is >to run the anti-relay patches to smap/smapd, although I haven't actually tried >them (read on). No argument. You can arrange things so they work but it's much more straightforward to have smap do the rejections. Until recently, you didn't have that choice. I prefer editing the netperm-table - sendmail.cf is not a native language to me :-) -Rick