Multiple OS/2 PEERLAN help please - OS2

This is a discussion on Multiple OS/2 PEERLAN help please - OS2 ; On Tue, 2 Sep 2008 10:57:29 UTC, Mike Luther wrote: > Again learned a lot from you Dave .. Getting there :-) If you got subnets under your belt you might have answered your own questions :-) The *mask* deliniates ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 29 of 29

Thread: Multiple OS/2 PEERLAN help please

  1. Re: Multiple OS/2 PEERLAN help please

    On Tue, 2 Sep 2008 10:57:29 UTC, Mike Luther
    wrote:

    > Again learned a lot from you Dave ..


    Getting there :-)

    If you got subnets under your belt you might have answered your own
    questions :-)

    The *mask* deliniates where in the address the *network* address stops
    and the local box addresses start.

    With an address of 192.168.1.1 and a mask of 255.255.255.0 then the
    *network* is 192.168.1.* where * is 0 to 255. (actually available
    values are 1 - 254 as 0 defines the network and 255 is the broadcast
    address for it.)

    So you need the LAN side as 192.168.1.x masked with 255.255.255.0 and
    the WAN side as 192.168.2.x with the same mask of 255.255.255.0. To
    get a different subnet you need to change a digit *outside* of the
    subnet mask.

    IPGATE defaults to off.

    Actually Alex's idea is a good one. The modem/router will be using NAT
    which protects against incoming and if all the other boxes only have
    NETBIOS then you are OK as NETBIOS is not routable. Your error
    messages are most likly becasue you are not setting the IPs correctly
    and the system is getting confused about what NICs it has. Typically
    that error is when a NIC has failed to initialize.

    --
    Regards
    Dave Saville

    NB Remove nospam. for good email address

  2. Re: Multiple OS/2 PEERLAN help please

    Thank you for the URL!

    jch wrote:

    > MPTS appears to have a bug. I needed the TCP/IP protocol _and_ access
    > my samba servers and Windows NT5/NT5 via the SMB protocol. This
    > following link may or may not be of help. It explains how to check and
    > fix LAN0 and LAN1 setups.
    > http://www.mit.edu/activities/os2/peer/WARPPEER.HTM
    >


    I had this one marked in the URL's from years ago and was looking for it. Your
    post was what I was looking for. My attention has been taken away from this
    problem until today. Before I go back to work on this it will get read at again.


    --


    --> Sleep well; OS2's still awake!

    Mike Luther

  3. Re: Multiple OS/2 PEERLAN help please

    On Tue, 2 Sep 2008 14:35:50 UTC, Mike Luther wrote:

    > > I don't even think a machine with two NICs is necessary.
    > >
    > > Just plug all the machines into a router that connects to the Internet.
    > > Install TCP/IP on the one machine to have 'net access. Don't install it
    > > on any of the others, and they won't be able to access the Internet.

    >
    > I can understand the thought. With two sideswipe thought paths though.
    >
    > 1.) Do you also then disable IPGATE on the box that the TCP/IP on it
    > as well?


    Yes. IPGATE turns the system into a router. There are no other TCP/IP
    systems to route traffic to or from, hence, you don't need it.


    > a.) Does that prevent IP operations from moving across it to
    > the file system operations it works with on the connection
    > LAN operations on the PEERLAN too?


    What? TCP/IP doesn't "work with LAN operations" at all, not if you're using
    only NETBEUI (which is obviously the implication of my suggestion).


    > b.) Does that also prevent bash type operations that might be
    > attempted from the other side. I think I realize that
    > one would have to be careful about how sharing and connecting
    > was done on all the boxes. Or .. could be done .. but does
    > this help prevent things perhaps naughty?


    What do you mean by "bash type operations"?

    NETBEUI can't normally cross over a router, so you're not open to exploits,
    if that's what you're asking.


    > In this case, since the IP accessible router would actually touch
    > each and every box, doesn't this automatically open up a potential
    > future route to contaminated touching of every machine that
    > touches it. Sure .. anything might happen .. sometime in the
    > future! But doesn't this get us one step closer to 'bad boy
    > land'? And no, without TCP/IP ain't no Java Jitters here maybe.
    > Or could this way might there be a little sip goes a long way,
    > chuckle?
    >
    > Or at least make it apparently a lot easier to mess with things
    > somehow in the future if the router touches every box?


    If you were to ever add TCP/IP to the other boxes, then yes. OTOH, most
    of these routers have built-in firewalls which are just as effective as
    anything you're likely to set up on a 2-NIC gateway box.

    --
    Alex Taylor
    Fukushima, Japan
    http://www.socis.ca/~ataylo00

    Please take off hat when replying.

  4. Re: Multiple OS/2 PEERLAN help please

    On Thu, 4 Sep 2008 12:59:50 UTC, Mike Luther wrote:

    > > MPTS appears to have a bug. I needed the TCP/IP protocol _and_ access
    > > my samba servers and Windows NT5/NT5 via the SMB protocol. This
    > > following link may or may not be of help. It explains how to check and
    > > fix LAN0 and LAN1 setups.
    > > http://www.mit.edu/activities/os2/peer/WARPPEER.HTM

    >
    > I had this one marked in the URL's from years ago and was looking for it.


    It's not a bug, technically - it's actually supposed to behave that way,
    annoying as it is. But I suppose from a typical user's point of view, the
    end result is the same.

    --
    Alex Taylor
    Fukushima, Japan
    http://www.socis.ca/~ataylo00

    Please take off hat when replying.

  5. Re: Multiple OS/2 PEERLAN help please

    Blessings to you John!

    jch wrote:

    > following link may or may not be of help. It explains how to check and
    > fix LAN0 and LAN1 setups.
    > http://www.mit.edu/activities/os2/peer/WARPPEER.HTM


    OK, I've gone back and read that help site which I had used years ago. And
    what is posted there is correct, with one other learning point about all this.

    First, for whatever reason, with more than one NIC installed in OS/2 PEERLAN,
    I've found a 'must do' fix to stop the IOCTL SIOCAIFADDR Invalid Protocol error
    during the CONFIG.SYS boot run. No matter what else you do, it is apparently
    absolutely required that you:

    1.) Open the TCP/IP Configuration (Local) object.
    2.) Select the LAN1 NIC panel, the NIC that is NETBIOS for OS/2 only.
    3.) Even though it will NOT be expected nor has OS/2 NETBIOS over TCP/IP
    installed, in addition to some fixed IP address and Subnet Mask,
    a.) Open the Advanced 1 Tab.
    b.) Define SOME kind of "Destination Address". I've tried many
    real, fake, whatever octets. Anything seems to work!

    As long as you have SOMETHING in that "Destination Address" setting, the error
    seen in IOCTL SIOCAIFADDR vanishes. Even though for whatever, that LAN1 NIC
    network has, in theory, no possible way to get to TCP/IP whatever!

    Only AFTER doing this could I use the MIT help page URL to finish this task.
    It appears correct that the MPTN setup operation, if *NO* TCP/IP protocol is to
    be used on the NIC in question, does not 'correctly' configure the PROTOCOL.INI
    file in THE #:\IBMCOM directory. In the part for NETBIOS, no matter what I had
    done previously, it required a manual edit to:

    DriverName = netbios$
    ADAPTER0 = netbeui$,0
    ADAPTER1 = netbeui$,1

    Next, following the suggestion pattern in the MIT article, the configuration
    for the IBMLAN.INI file in the #;\IBMLAN directory also was never correctly set
    up for more than one NIC use. Three sections had to be manually edited. TO
    correct that there was simply no second net ever cited in this file, the second
    network definition had to be added to it totally by hand:

    [networks]

    net1 = NETBEUI$,0,LM10,100,150,14
    net2 = NETBEUI$,1,LM10,100,150,14

    .........

    wrknets = NET1,NET2

    .........

    srvnets = NET1,NET2


    Following these two file edits, even with absolutely no ROUTE definition in the
    TCP/IP configuration object at all, the box boots totally correctly. A correct
    log-in and an open of the SHARING and CONNECTING object allows me to see the
    allowable connection to NETBIOS destinations on my fixed IP address system,
    even with the box completely booted to DCHP over the LinkSys WRT54GL router to
    the joint cable modem here via the SMC dumb switch to it to a completely
    different envelope.

    I think that is precisely what I would expect. If there is absolutely no
    TCP/IP protocol installed for the LAN1 NIC which is to be used for the local
    LAN communication, it should have absolutely no need to have a specific TCP/IP
    route connection. As expected, the 'default' behavior for the DCHP request
    during the OS/2 boot run for the box enabled on the LAN0 NIC, as I understand
    this, does create the necessary TCP/IP route for that in SETUP.CMD for us.

    Thus the real stumbling block for all this seems to be tied to the curious
    absolute requirement to have an octet address in the TCP/IP setup pane for the
    LAN1 NIC to a "Destination Address". Even though no TCP/IP service is ever
    wanted of it and the protocol isn't even installed for it!

    Reading through the IBM and all the rest of the docs on this, I wonder if I
    actually could use a "Destination Address" of 0.0.0.0 for this? Way back at
    Warp 4 level OS/2 documentations, there was a host of error help postings about
    this error which mentioned this. The IBM documentation, in another part, says
    something about using 0.0.0.0 so that the configuration process can pass to the
    destination available in the file. Duhhh .. what file come MCP2 level code?
    And would, in theory, this have been correctly set up by OS/2 at installation
    time, during the PEER install, one had correctly set up the MPTN for both NIC's
    ... and then deliberately cited both networks during PEERINST work? Thoughts?

    I've one more question here. But I think it more better focused on Dave's ver
    good help thread to me.

    Thank you so much for your help!

    --


    --> Sleep well; OS2's still awake!

    Mike Luther

  6. Re: Multiple OS/2 PEERLAN help please

    Thanks to you too Dave!

    Dave Saville wrote:

    > Getting there :-)


    > With an address of 192.168.1.1 and a mask of 255.255.255.0 then the
    > *network* is 192.168.1.* where * is 0 to 255. (actually available
    > values are 1 - 254 as 0 defines the network and 255 is the broadcast
    > address for it.)
    >
    > So you need the LAN side as 192.168.1.x masked with 255.255.255.0 and
    > the WAN side as 192.168.2.x with the same mask of 255.255.255.0. To
    > get a different subnet you need to change a digit *outside* of the
    > subnet mask.
    >
    > IPGATE defaults to off.


    Yes! If TCP/IP is actually in use here. But what was wanted for the best
    possible security purposes was that the LAN1 interface have no TCP/IP protocol
    installed on it whatever. So that even though this one box could work with
    the Internet and could actually use shared connections to the file server on
    the internal LAN, with IPGATE off the best possible protection would be there
    for nothing to touch it bad-boy style from the outside world.

    > Your error
    > messages are most likly becasue you are not setting the IPs correctly
    > and the system is getting confused about what NICs it has. Typically
    > that error is when a NIC has failed to initialize.


    Traced to a very strange apparent glitch! Even with absolutely no TCP/IP
    protocol installed on the LAN1 NIC intended for internal LAN use only, I could
    go no further until I actually entered a "Destination Address" in the Advance 1
    pane for the TCP/IP configuration for the LAN1 interface on fixed addressing!
    Even using 'fake' such addresses!

    Only after that could I go in and even manually correct the IBMLAN.INI and
    PROTOCOL.INI to allow the second NET operations on the system!

    But please one more help thought here? Let's go back to:

    > So you need the LAN side as 192.168.1.x masked with 255.255.255.0 and
    > the WAN side as 192.168.2.x with the same mask of 255.255.255.0. To
    > get a different subnet you need to change a digit *outside* of the
    > subnet mask.


    I can understand your guidance. But if there is *NO* TCP/IP protocol to be
    allowed on the LAN side of this one box on the LAN1 network, why is there any
    issue about ##.##.##.## network addressing and subnet mask operations at all in
    relation to the LAN1 operation in the TCP/IP setup pane?

    I've tried and can reset the current test DHCP LinkSys WRT54GL router to use
    the 192.168.2.x network addressing. I can do that here. It works with the
    working NETBIOS protocol only on LAN1 now. But suppose I can't even get to the
    Embarq ADSL modem's 'routed' NAT and DCHP allowable setup and it is only going
    to be there for me as 192.168.1.# configuration.

    Why, if there is no TCP/IP operation ever, in theory, to be allowed across this
    specific unique box that is NETBIOS only shared for connections to the internal
    LAN via PEER, is this an issue at all for the LAN side of this?

    Thoughts? Thanks!


    --


    --> Sleep well; OS2's still awake!

    Mike Luther

  7. Re: Multiple OS/2 PEERLAN help please

    Yes, Alex!

    Alex Taylor wrote:

    > What do you mean by "bash type operations"?


    Well, it is possible to contaminate any OS/2 box that can work against the
    Internet that has disk access by modifying the control file parameters from
    afar to sneaky pete add control and contamination things to OS/2 boxes. It's
    really very simple.

    > NETBEUI can't normally cross over a router, so you're not open to exploits,
    > if that's what you're asking.


    That is exactly what I was driving at, for the boxes on the LAN side of this
    one connection box, through sharing and connecting restrictions, I could
    minimize even that kind of access to the in-house operations, so I thought.

    > If you were to ever add TCP/IP to the other boxes, then yes. OTOH, most
    > of these routers have built-in firewalls which are just as effective as
    > anything you're likely to set up on a 2-NIC gateway box.


    Yes, understood. The 2-NIC box wasn't really to be a gateway box. It
    actually was to be an program operational box which could be used to pick data
    OUT of the LAN network, but not to punch data into into it.


    --


    --> Sleep well; OS2's still awake!

    Mike Luther

  8. Re: Multiple OS/2 PEERLAN help please

    On 09/06/08 12:52 pm, Mike Luther wrote:
    > Yes, Alex!
    >
    > Alex Taylor wrote:
    >
    >> What do you mean by "bash type operations"?

    >
    > Well, it is possible to contaminate any OS/2 box that can work against
    > the Internet that has disk access by modifying the control file
    > parameters from afar to sneaky pete add control and contamination things
    > to OS/2 boxes. It's really very simple.


    Unluckily it is possible to infect OS/2 machines. Luckily since we
    aren't targeted usually the infection doesn't get very far.
    Right now I have an infection. Certain Flash sites try to launch a file
    which is reported as /VDM/proxy browser. This ties up my machine for a
    few minutes as Winos2 is started up and eventually exits as it can't
    find the file.
    There was also something going around some time ago that we were only
    saved from due to the infection using the full path to cmd.exe, eg
    C:\windows\cmd.exe instead of just cmd.exe.
    Dave

  9. Re: Multiple OS/2 PEERLAN help please

    On Sat, 6 Sep 2008 19:40:56 UTC, Mike Luther
    wrote:

    > Thanks to you too Dave!
    >
    > I've tried and can reset the current test DHCP LinkSys WRT54GL router to use
    > the 192.168.2.x network addressing. I can do that here. It works with the
    > working NETBIOS protocol only on LAN1 now. But suppose I can't even get to the
    > Embarq ADSL modem's 'routed' NAT and DCHP allowable setup and it is only going
    > to be there for me as 192.168.1.# configuration.
    >
    > Why, if there is no TCP/IP operation ever, in theory, to be allowed across this
    > specific unique box that is NETBIOS only shared for connections to the internal
    > LAN via PEER, is this an issue at all for the LAN side of this?


    I really don't know this one. I have never set up a NIC without an IP
    address - which is essentially what you seem to have/want as it's
    NETBIOS only.


    --
    Regards
    Dave Saville

    NB Remove nospam. for good email address

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2