Best of Technical Support

Various

Issue #82, February 2001

Our experts answer your technical questions.

Network config Tools

In Windows NT there is a command-line utility (ipconfig) that lets you see the current ip configuration. Is there a utility in Linux for this? —Skip Bigelow, sbigelow@aarp.org

Even though there are graphical tools to give the information you've asked (including Red Hat's netcfg command), you can always use /sbin/ifconfig. It will give you detailed information regarding all active interfaces (ethernet, ppp, loopback etc.). —Mario, mneto@argo.com.br

Sharing a Cable Modem

I have been browsing many different Linux web sites to look for any FAQ or guide on this topic: How to share a cable modem connection at home between a Linux and a Windows machine, which is where the cable modem installed. I would appreciate it if you would give me some pointers. —Samuel Fung, samfz@hotmail.com

I would move the cable modem to the Linux machine and share it with your other computers from there. Why? Because Windows has no provision, off the shelf, to serve as a router, enable security features such as packet filtering, masquerading, forwarding, etc., while Linux does all that quite naturally and quite well. You do not specify the cable modem you have, but I would suggest looking at http://www.linuxdoc.org/ for documents on networking and connecting network devices to your Linux box. After that, look at the how-to articles on connecting to an ISP. —Felipe Barousse, fbarousse@piensa.com

Booting without Messages

Is it possible to turn off the kernel boot-up messages? —Nicholas, vunch@pacific.net.sg

The easiest way is to set console=ttyS3,38400n8, or something similar, on the LILO command line to redirect console output to a serial port. —Marc Merlin, marc_bts@valinux.com

Root Compromise

When I tried to log in to my Linux box this morning, I was surprised to find out that I was no longer able to do this. The login prompt appears as usual, but when I type the user name and press Enter, instead of the password prompt a new login prompt appears. No messages appear except a line that says: /var/hackr0x/login: No such file or directory. This line disappears so quickly that I had to repeat the procedure of typing the user name a couple of times in order to decipher it. —Victor, victor@angolatelecom.com

Your machine was indeed compromised. At this point you don't want to fix your machine, you just want to get your data off and re-install it. You don't know what's been modified nor how. In cases where you can't log in at all, you can always boot with linux init=/bin/bash at the LILO prompt, and then do: mount -wno remount/mount -a /etc/rc.d/init.d/network start (if you want to back up data over the Net). You can also boot from a rescue floppy or CD. Once you get your machine re-installed, do not just connect it to the Internet again without securing it properly. Make sure you have all the updates installed; do not run any unnecesary dæmons, and firewall the machine if possible. —Marc Merlin, marc_bts@valinux.com

Every major distribution has an “announce” list for security updates. After you reinstall, get on the list for the distribution you run. Also, remove unused software—it's the cheapest, fastest security precaution you can take. —Don Marti, info@linuxjournal.com

Slash Notation for Netmasks

Nowadays I'm working with Linux firewalls, and I'm configuring one in a client organization. I found the following lines in the script that applies the rules of the firewall (IPCHAINS):

INT0="eth0"
IP0="192.168.1.125/24"
NET0="192.168.1.0"

What is “/24” in the IP number?

Also can I put two networks in the same variable? For example:

NET0="192.168.1.0,192.168.10.0"

—Fabio Losnak, fabiolosnak@yahoo.com

The “/24” in the IP number means the network 192.168.1.0 with a netmask of /24 or 255.255.255.0. You probably cannot put two networks in the same variable but that would really depend on the script that is parsing this. —Marc Merlin, marc_bts@valinux.com

Can't Unlink Files

As root, I cannot get rid of the following files; they should belong to the deb package r-base, but in this case they seem to be some kind of links:

pimento:/home/ottoz# ls -l /usr/lib/R/library/ts/latex/
........
br-xr-srw-    1 25955    26473    116,  32 mar 20  1987 beavers.tex
br-xrwSr--    1 8301     31084    114,  32 ott 12  2021 sunspot.tex
br-srw-rw-    1 29281    8302     116, 108 set 27  2031 ts.union.tex

I get a message like cannot unlink. operation not permitted —Odoardo Zecca, odoardo.zecca@galactica.it

You had some file system corruption. chattr -i *.tex should remove the incorrectly set immutable flag and let you delete the files. —Marc Merlin, marc_bts@valinux.com

Restricting E-Mail Accounts with Sendmail

I have a mail server (RH 6.2, Sendmail Single Switch) acting as a smart relay on our DMZ. Internally, we have a mail server (RH 7.0, Sendmail Single Switch) that acts as both an SMTP and POP3 server.

We need to be able to differentiate between local-only and WAN e-mail accounts. Local-only accounts would be limited to local delivery/receipt and WAN accounts would be granted access to the world for inbound and outbound mail.

To further complicate matters, all users should have the format of first.last@domain.com for e-mail addresses. Is there a method of doing this within the capabilities of Sendmail or, if not, what package(s) will allow me to do this? —Michael Phillips, mike.phillips@ieionline.com

There are many approaches to solve your riddle. For instance, an easy one would be to restrict e-mail relaying with the /etc/mail/access file on an client IP address basis. Your actual request is not a complex one, you just need a bit of a planning on your network layout, the addressing scheme and a bit of tuning on the Sendmail side. Go to the http://www.sendmail.org/ site and look for all relaying-related documents. That will help you solve your requirements. —Felipe Barousse, fbarousse@piensa.com

Telnet Sessions Time Out

Is there a Telnet time-out setting on Linux? My sessions time out after about five minutes. —Jan Dubroca, jan.dubroca@delta-air.com

You are probably Telneting outside of your network, through an IP masquerading server that times out TCP connections after five minutes. On Linux, the fix for this (on the firewall) is:

# Fix the masquerading timeouts
#                  tcp     tcpfin  udp
ipchains -M -S     86400   60      120

—Marc Merlin, marc_bts@valinux.com

I don't believe that there is a tim-eout setting for Telnet. I assume that what's timing out is your shell. The shell time-out can be set in /etc/profile. My guess is you've got an entry that looks something like this:

TMOUT=300

The value here is in seconds. You can change this to give yourself more time or simply remove the line to disable shell time-out completely. —Paul Christensen, pchristensen@penguincomputing.com

Loading vmlinuz, Then Nothing

I used Red Hat 6.0 to install Linux. I booted the machine from CD-ROM successfully, and I pressed Enter after boot: This message appeared:

Loading initrd.img.....................
Loading vmlinuz........

Then the computer stopped.

When I booted my computer from the floppy disk (Win98 bootdisk), I ran the /dosutils/autoboot from the Red Hat CD-ROM. Unexpected, it appeared that I had installed Linux successfully and even configured the X Windows System well. In the end, the computer told me:

Congratulations, you have installed linux successfully,......
The system reboot....

And when it rebooted, this message appeared:

Loading linux..........
Then the computer stopped again.

I have also tried Red Hat 5.0, Bluepoint1.0 and 2.0, TurboLinux, Slackware. The results were all the same. WHY? —ekun, xx@public1.ptt.js.cn

Apparently, you can boot Linux from loadlin (which you did when you started the Linux install from Windows), but, for some unknown reason, it fails when you boot with LILO. One option is to do an install from Windows, like you already did, and then boot from the RH rescue CD-ROM. Copy your kernel (in/boot) to the Windows partition (which you will need to mount too). Copy and configure loadlin (you should have them on your RH CD-ROM), and use loadlin to boot Linux. A sample loadlin config from my system looks like this:

moremagic:/drv/c$ cat linux.bat
c:\linux\loadlin\loadlin @c:\linux\loadlin\boot
moremagic:/drv/c$ cat linux/loadlin/boot
c:\linux\loadlin\vmlinuz
root=/dev/sda6
ro

—Marc Merlin, marc_bts@valinux.com

I've seen this happen as the result of booting a kernel that's optimized for the wrong processor, but if this is happening right away after a fresh install (in fact, after EVERY install of any of a number of distributions) you most likely have a serious hardware problem. You should try different RAM if you have any available. I can't say for sure that the RAM is the culprit, but that's where I'd start. —Robert Connoy, rconnoy@penguincomputing.com

Recompiling the Kernel

I have installed an IDE Atapi Zip drive and need to know how to have Linux to find it. I have tried to recompile but get the following error:

Makefile Makefile: 213 arch/i386/Makefile:
No such file or directory
Makefile: 481 Rule make: No such file or directory
make *** No rule to make target Rules.make. Stop

—Bob Parry, robpar@telus.net

Did you read README in /usr/src/linux? You compile a kernel like this:

make menuconfig; make clean; make dep;
make install; make modules; make modules_install

More details can also be found here: www.linux.com/howto/Kernel-HOWTO.html. If you already have the right module compiled, modprobe ide-floppy should do the trick. —Marc Merlin, marc_bts@valinux.com

I Have No Dæmon, and I Must Print

When I try to send anything to the printer, I get Job is queued, but cannot start dæmon. I can print by sending text directly to the printer with cat, but it won't start the dæmon. lpc status shows no dæmons started. I've set up printers many times before, but I've never run into this problem. I've tried removing and reinstalling the lpr package and all of the other tricks I've read. Even—Jim Jerzycke, kq6ea@amsat.org

Make sure that the printer spooler dæmon is running. With SuSE you'll want to make sure that the file /etc/rc.config includes the line

START_LPD="yes"

If it is not there, or if it is set to no, you should make the change, and then run—Robert Connoy, rconnoy@penguincomputing.com