network issue - Mandriva

This is a discussion on network issue - Mandriva ; Bit Twister wrote: > On Sat, 16 Aug 2008 13:02:45 -0700, Eric wrote: > >> ping wgf1 will ping an internet host somewhere out there and not my >> system host >> host mypersonaldomain.net will return the address of some ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 31 of 31

Thread: network issue

  1. Re: network issue

    Bit Twister wrote:

    > On Sat, 16 Aug 2008 13:02:45 -0700, Eric wrote:
    >
    >> ping wgf1 will ping an internet host somewhere out there and not my
    >> system host
    >> host mypersonaldomain.net will return the address of some internet
    >> company out there and not my system
    >>
    >> The system is acting like /etc/hosts is being ignored

    >
    > Just for fun, put a # in front of your search line in /etc/resolv.conf,
    > save, and try the ping -c1 wgf1 again.
    > Do remember to remove the # on the search line.


    ping works ok if i have no search line or if it says search localhost
    host command always shows the foreign host

  2. Re: network issue

    Bit Twister wrote:

    > On Sat, 16 Aug 2008 17:14:12 -0700, Eric wrote:
    >
    >> My local network, being on 192.168.x.x behind a router (and a cable
    >> modem) is address isolated from the internet. If my neighbor is on the
    >> same 192.168.x.x address and behind a router and cable modem it matters
    >> not a bit and I'll never be able to resolve any host on his network. e.g
    >> ping joe.whatever.net wont ever return a 192.168.x.x address.

    >
    > That is correct, ISP gateway is supposed to drop 192.168.x.x address.
    >
    >> # cat /etc/host.conf
    >> order hosts,bind
    >> multi on
    >> nospoof on

    >
    > Figured that was ok, still waiting for
    >
    > cat /etc/sysconfig/network
    > and hostname --fqdn
    >
    > results.

    # cat /etc/sysconfig/network
    NETWORKING=yes
    HOSTNAME=wgf1.mypersonaldomain.net
    #hostname --fqdn
    wgf1.mypersonaldomain.net



  3. Re: network issue

    Bit Twister wrote:

    > On Sat, 16 Aug 2008 17:14:12 -0700, Eric wrote:
    >
    >> My local network, being on 192.168.x.x behind a router (and a cable
    >> modem) is address isolated from the internet. If my neighbor is on the
    >> same 192.168.x.x address and behind a router and cable modem it matters
    >> not a bit and I'll never be able to resolve any host on his network. e.g
    >> ping joe.whatever.net wont ever return a 192.168.x.x address.

    >
    > That is correct, ISP gateway is supposed to drop 192.168.x.x address.


    Do you agree with my statement that:
    "If joe pings joe.whatever.net it will *always* return the 192.168.x.x
    address of joes system and not my system of 192.168.x.x"


    >
    >> # cat /etc/host.conf
    >> order hosts,bind
    >> multi on
    >> nospoof on

    >
    > Figured that was ok, still waiting for
    >
    > cat /etc/sysconfig/network
    > and hostname --fqdn
    >
    > results.



  4. Re: network issue

    On Sun, 17 Aug 2008 00:58:31 -0700, Eric wrote:
    > Bit Twister wrote:
    >
    >> On Sat, 16 Aug 2008 17:14:12 -0700, Eric wrote:
    >>
    >>> My local network, being on 192.168.x.x behind a router (and a cable
    >>> modem) is address isolated from the internet. If my neighbor is on the
    >>> same 192.168.x.x address and behind a router and cable modem it matters
    >>> not a bit and I'll never be able to resolve any host on his network. e.g
    >>> ping joe.whatever.net wont ever return a 192.168.x.x address.

    >>
    >> That is correct, ISP gateway is supposed to drop 192.168.x.x address.

    >
    > Do you agree with my statement that:
    > "If joe pings joe.whatever.net it will *always* return the 192.168.x.x
    > address of joes system and not my system of 192.168.x.x"


    Yes.

  5. Re: network issue

    On Sun, 17 Aug 2008 00:44:22 -0700, Eric wrote:
    >
    > ping works ok if i have no search line or if it says search localhost


    Just for fun, modify /etc/hosts
    127.0.0.1 localhost.localdomain localhost
    127.0.0.1 wgf1.mypersonaldomain.net wgf1

    set your search mypersonaldomain.net

    ping -c1 wgf1


    Looking at ping
    $ strings /bin/ping | grep gethostby
    gethostbyaddr
    gethostbyname

    I would have expected ping to call gethostbyname with wgf1
    The resolver would add mypersonaldomain.net because of the
    search mypersonaldomain.net
    and look for wgf1.mypersonaldomain.net in /etc/hosts
    and return 127.0.0.1 to ping.

    > host command always shows the foreign host


    And always will. DNS resolution tools, host, nslookup, dig... will
    ignore /etc/hosts and use a DNS server.

    Your options, worst to best choice.
    1 pick another unregistered domain name
    2 install bind, use opendns DNS servers (208.67.222.222 208.67.220.220)
    as forwarders.
    3 change .net to .invalid or .test
    4 registered a domain name. :-)


  6. Re: network issue

    On Sat, 16 Aug 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , David W. Hodgins wrote:

    >The problem with making up names, even if you check to ensure they are
    >not currently in use, is that they may be registered in the future.


    Hence RFC2606.

    >Even if you pick an invalid top level domain, that tld may someday
    >become valid.


    By next spring, businesses and other organizations will be able to
    apply for any top-level domain they can possibly think of, like
    arstechnica.awesome or google.thegoogle. Joking aside, the Internet
    Corporation for Assigned Names and Numbers (ICANN) voted today in Paris
    on a measure that significantly expands the scope of generic Top Level
    Domains (gTLDs), allowing organizations to apply for almost any domain
    suffix they can dream up.

    Up until now, the rules for TLDs are rather strict and tightly
    regulated. Beyond the typical .com, .net, and .org, there are only a
    handful of others TLDs that IP addresses can be registered under,
    including .tv, .biz, .mobi, and .us. Thanks to today's unanimous vote,
    however, the list of possible options will skyrocket. "What we're
    effectively doing is opening up huge amounts of online real estate,"
    ICANN president and CEO Paul Twomey told the Wall Street Journal before
    the vote took place.

    Late June 2008. The up-side for ICANN is that they will charge huge
    amounts of ca$h for allowing you to create your own vanity TLD. The
    down-side is that every freakin' id10t in the world knows that all
    hostnames begin with 'www.' and end with '.com'. For those wondering
    what TLDs exist now, see http://www.iana.org/domains/root/db/

    Old guy

  7. Re: [OT] network issue

    On Sun, 17 Aug 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Aragorn wrote:

    >Well, one of the great things about UNIX systems and GNU/Linux in
    >particular is that the system itself is already so secure out of the
    >box that a serious system administrator doesn't have any difficulty at
    >all at keeping the system secure enough.


    Running *nix is not a magic bullet that makes you immune from all of
    the nasties out in the world. Anyone can screw up just about anything
    because nothing is fool proof, and they keep inventing improved fools
    every day.

    In the mid-1990s, the average open mail relay was an out-of-box Linux
    system, usually running Red Hat or Caldera (Mandrake didn't come along
    until 5.1 released in July 1998). Why? Because the default installs
    included sendmail configured to be a relay. That's obviously changed.

    >For instance, there's that whole firewall thing. For someone running
    >GNU/Linux on a box that's connected to the internet via a simple enduser
    >client connection, there's no need to run a firewall at all.


    Depends what the system is running. A basic workstation - I'm inclined
    to agree with you. The "install everything!!!111" setup beloved by the
    eleet wanna-be's - quite another situation.

    >A system that's properly set up and that disallows root logins -
    >especially remote ones - is secure enough.


    This goes along the ideas of an OpenBSD model, and Theo's mantra that
    no OpenBSD box has ever been hacked (sic) in an out-of-box condition.
    That may be true, but the reason is simple - even if you install
    everything, no servers are enabled, and in order to get them working
    you first have to find out how to enable them. It's the same thing as
    saying that MS-DOS 3.3 was absolutely immune to network attacks as
    installed.

    >I've been running GNU/Linux since late November 1999, and I only got an
    >internet connection as of April 2000. I've never set up a firewall -
    >although I have used /iptables/ to set up NAT and PAT - and I've never
    >had any problems with malware or anyone trying to break into my system.


    Let's just say that my Linux experience goes back to the early 1990s,
    and I've been using various forms of UNIX for over a decade before that.
    No one trying to break in - what, not running sshd on port 22? ;-)

    >It's just that most users here come from the Windows world and some may
    >even still be using Windows alongside GNU/Linux. Windows is flawed by
    >design, and thus the experience with Windows makes people think that
    >they are exposed to the same kinds of threats in GNU/Linux that they
    >were exposed to in Windows.


    Let's face it - VERY FEW Linux users have had _any_ training in the
    operating system. Thus, they are going with the flawed experience that
    they do have - which means windoze.

    >And sadly enough, distromakers like Mandriva don't do anything to
    >discourage this misconception. If anything, they're actually feeding
    >it.


    When I started learning UNIX, it was six months before I realized who
    this 'root' user was. It was close to a year before I got limited
    access to some privileged commands - the equivalent of 'sudo' or
    'su -c', and about 18 months before I got a root password. Even then,
    I was terrified that I'd screw up, and fumble-finger some command which
    would bring the entire system crashing down about me, and the users
    would be running about with torches and pitch-forks looking for me.
    Today, (with the exception of Ubuntu and clones) root is the first
    account a new user gets access to. For a system that the unskilled
    gain access to with no training/skills - what can you expect?

    Old guy

  8. Re: network issue

    Bit Twister wrote:

    > On Sun, 17 Aug 2008 00:58:31 -0700, Eric wrote:
    >> Bit Twister wrote:
    >>
    >>> On Sat, 16 Aug 2008 17:14:12 -0700, Eric wrote:
    >>>
    >>>> My local network, being on 192.168.x.x behind a router (and a cable
    >>>> modem) is address isolated from the internet. If my neighbor is on the
    >>>> same 192.168.x.x address and behind a router and cable modem it matters
    >>>> not a bit and I'll never be able to resolve any host on his network.
    >>>> e.g ping joe.whatever.net wont ever return a 192.168.x.x address.
    >>>
    >>> That is correct, ISP gateway is supposed to drop 192.168.x.x address.

    >>
    >> Do you agree with my statement that:
    >> "If joe pings joe.whatever.net it will *always* return the 192.168.x.x
    >> address of joes system and not my system of 192.168.x.x"

    >
    > Yes.

    so then it should matter, (except for masking) what name you choose to use
    on private network. This is why winders users get away with picking any 8
    letter name they like.
    Anyway, i have this fixed now - for good.
    The guy who bought all those domain names only owned my (the one i was
    using) domain for 5 days, today he dropped it (go figure). I registered it
    in my name and thats the end of that:-)
    Eric


  9. Re: network issue

    On Sun, 17 Aug 2008 13:55:20 -0700, Eric wrote:




    > so then it should matter, (except for masking) what name you choose to
    > use on private network. This is why winders users get away with picking
    > any 8 letter name they like.




    Not exactly. The "8 letter name" is not a "domain name", but rather a
    "netbios name" for the computer. A "domain name" ( IP type not an active
    directory domain ) must be setup elsewhere, as in the networksetup/TCPIP
    properties.


    --
    BOFH excuse #106:

    The electrician didn't know what the yellow cable was so he yanked the
    ethernet out.
    ----------------------
    Mandriva Linux release 2008.1 (Official) for x86_64
    2.6.24.7-server-1mnb AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
    ----------------------

  10. Re: [OT] network issue

    On Sunday 17 August 2008 22:23, someone identifying as *Moe Trin* wrote
    in /alt.os.linux.mandriva:/

    > On Sun, 17 Aug 2008, in the Usenet newsgroup alt.os.linux.mandriva, in
    > article , Aragorn wrote:
    >
    >> Well, one of the great things about UNIX systems and GNU/Linux in
    >> particular is that the system itself is already so secure out of the
    >> box that a serious system administrator doesn't have any difficulty at
    >> all at keeping the system secure enough.

    >
    > Running *nix is not a magic bullet that makes you immune from all of
    > the nasties out in the world. Anyone can screw up just about anything
    > because nothing is fool proof, and they keep inventing improved fools
    > every day.


    Well, I tend to agree with you there on the theory, but let's face it:
    GNU/Linux is a de facto secure enough system, and the development
    mechanisms of FOSS make it far less prone to bugs or security exploits.
    Sure, security flaws do exist, but they're patched relatively soon in
    comparison to proprietary software, and particularly compared to
    Windows. :-)

    > In the mid-1990s, the average open mail relay was an out-of-box Linux
    > system, usually running Red Hat or Caldera (Mandrake didn't come along
    > until 5.1 released in July 1998).


    My first distribution was /Linux-Mandrake/ 6.0 PowerPack, with the 2.2.9
    kernel, and KDE 1.1.1. I installed it on a Pentium II with 128 MB of
    first-generation SD-RAM. :-)

    >> For instance, there's that whole firewall thing. For someone running
    >> GNU/Linux on a box that's connected to the internet via a simple enduser
    >> client connection, there's no need to run a firewall at all.

    >
    > Depends what the system is running. A basic workstation - I'm inclined
    > to agree with you. The "install everything!!!111" setup beloved by the
    > eleet wanna-be's - quite another situation.


    You would certainly introduce a promiscuity factor there, but let's face it,
    enduser connections are usually quite anonymous. In Windows, even an
    anonymous connection would be hazardous because Windows itself tends to
    phone home, especially since some 85% of all enduser Windows machines is
    part of at least one and possibly multiple botnets.

    >> A system that's properly set up and that disallows root logins -
    >> especially remote ones - is secure enough.

    >
    > This goes along the ideas of an OpenBSD model, and Theo's mantra that
    > no OpenBSD box has ever been hacked (sic) in an out-of-box condition.


    Actually, OpenBSD has been compromised on one and possibly two occasions,
    but that was a long time ago. ;-)

    >> I've been running GNU/Linux since late November 1999, and I only got an
    >> internet connection as of April 2000. I've never set up a firewall -
    >> although I have used /iptables/ to set up NAT and PAT - and I've never
    >> had any problems with malware or anyone trying to break into my system.

    >
    > Let's just say that my Linux experience goes back to the early 1990s,
    > and I've been using various forms of UNIX for over a decade before that.


    I've had some minor UNIX experience in the early 1990s, but not with root
    privileges, and no X Window stuff. I did however (and do still) own a
    pocketbook on UNIX and XENIX.

    It was actually only by installing GNU/Linux in 1999 that I got hands-on
    access to the root account and that I got to be more familiar with the
    system.

    > No one trying to break in - what, not running sshd on port 22? ;-)


    Yes, I am, but my network connection is low profile and my ISP blocks almost
    all ports beneath 1024 to whatever lies outside of its own subnet. So if I
    want to /ssh/ into my machine from anybody else's computer, then this
    person would have to have the same ISP as I do.

    Officially they do that for security reasons, but the truth is that block
    those ports because your internet connection's EULA doesn't cover use as a
    publicly accessible server.

    >> It's just that most users here come from the Windows world and some may
    >> even still be using Windows alongside GNU/Linux. Windows is flawed by
    >> design, and thus the experience with Windows makes people think that
    >> they are exposed to the same kinds of threats in GNU/Linux that they
    >> were exposed to in Windows.

    >
    > Let's face it - VERY FEW Linux users have had _any_ training in the
    > operating system. Thus, they are going with the flawed experience that
    > they do have - which means windoze.


    This is why I regret that Mandriva and so many other distributions tend to
    cater to those habits and profile GNU/Linux as "a Windows alternative",
    instead of profiling it as "a UNIX-like system".

    >> And sadly enough, distromakers like Mandriva don't do anything to
    >> discourage this misconception. If anything, they're actually feeding
    >> it.

    >
    > When I started learning UNIX, it was six months before I realized who
    > this 'root' user was.


    Well, I had read the book - mentioned higher up - first, so I already did
    know. :-)

    > It was close to a year before I got limited access to some privileged
    > commands - the equivalent of 'sudo' or 'su -c', and about 18 months before
    > I got a root password. Even then, I was terrified that I'd screw up, and
    > fumble-finger some command which would bring the entire system crashing
    > down about me, and the users would be running about with torches and
    > pitch-forks looking for me.


    It's silly, but before I used GNU/Linux, I too had that very same feeling
    when sitting at a UNIX console. I was constantly afraid that I'd screw up
    somewhere and bring the whole system down or something. :-)

    > Today, (with the exception of Ubuntu and clones) root is the first
    > account a new user gets access to. For a system that the unskilled
    > gain access to with no training/skills - what can you expect?


    A wise man once said that if you treat your customers like idiots, idiots
    will be the customers you get... :-)

    --
    *Aragorn*
    (registered GNU/Linux user #223157)

  11. Re: [OT] network issue

    On Mon, 18 Aug 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Aragorn wrote:

    >*Moe Trin* wrote


    >> Running *nix is not a magic bullet that makes you immune from all of
    >> the nasties out in the world. Anyone can screw up just about
    >> anything because nothing is fool proof, and they keep inventing
    >> improved fools every day.

    >
    >Well, I tend to agree with you there on the theory, but let's face it:
    >GNU/Linux is a de facto secure enough system, and the development
    >mechanisms of FOSS make it far less prone to bugs or security exploits.


    But it can't make it impossible for the clueless to screw up. The
    separation of ownership of system verses user files makes it more
    difficult, but windoze has this as well, and because the windoze user
    prefers to log in as administrator, it's useless. But then, people
    also log in as root.

    >My first distribution was /Linux-Mandrake/ 6.0 PowerPack, with the
    >2.2.9 kernel, and KDE 1.1.1.


    I played with MCC Interim Linux, and TAMU, but the first one I was
    using was SLS version 1.0something, which also used an 0.99 kernel.
    There was no desktop (certainly not in the concept of KDE).

    >You would certainly introduce a promiscuity factor there, but let's
    >face it,end user connections are usually quite anonymous. In Windows,
    >even an anonymous connection would be hazardous because Windows itself
    >tends to phone home, especially since some 85% of all enduser Windows
    >machines is part of at least one and possibly multiple botnets.


    With Mandrake 6.0 as a starting point, you should still remember the
    'ramen' worm (went after RH6.2 and 7.0 boxes exploiting a pair of holes
    in wu-ftpd and rpc.statd in 6.2, and ldp in 7.0), or the 'luckgo' worm
    (went after rpc.statd in several distributions). Both holes had been
    patched months earlier, but... from section 3 of CERT Summary CS-98.06:

    3. Root Compromises

    We continue to receive daily reports of sites that have suffered a
    root compromise. Many of these compromises can be traced to systems
    that are unpatched or misconfigured, which the intruders exploit
    using well-known vulnerabilities for which CERT advisories have
    been published.

    >> No one trying to break in - what, not running sshd on port 22? ;-)

    >
    >Yes, I am, but my network connection is low profile and my ISP blocks
    >almost all ports beneath 1024 to whatever lies outside of its own
    >subnet. So if I want to /ssh/ into my machine from anybody else's
    >computer, then this person would have to have the same ISP as I do.
    >
    >Officially they do that for security reasons, but the truth is that
    >block those ports because your internet connection's EULA doesn't
    >cover use as a publicly accessible server.


    I've also got an ISP like that. The residential accounts are not
    allowed to run servers (including identd on 113/tcp). You need only
    upgrade to a 'small business' account, and the holes magically
    appear. My other ISPs allow 22/tcp, but block the "normal" ports,
    like 21, 25, 80, 137-139, 443, 1433, and so on.

    >> Let's face it - VERY FEW Linux users have had _any_ training in the
    >> operating system. Thus, they are going with the flawed experience
    >> that they do have - which means windoze.

    >
    >This is why I regret that Mandriva and so many other distributions
    >tend to cater to those habits and profile GNU/Linux as "a Windows
    >alternative", instead of profiling it as "a UNIX-like system".


    Most users would be unable to cope with anything more complicated.
    That is why the Gnome and KDE desktops developed administrative
    helper tools.

    Old guy

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2