Re: DHCP & DNS
by Steve Blackwell
It seems like the solution is to set up a local DNS server on the same machine as the the DHCP server. Some people suggested putting the DHCP server on the Fedora box but it is usually not on during the day which would be a problem for the Windows box which usually is. I'm going to do a little research and see if I can put a DNS server on the Linksys.
Thanks to all who responded on this. I'll report back on my progress.
Steve
---- Adalbert Prokop <adalbert.prokop(a)gmx.de> wrote:
> zephod(a)cfl.rr.com wrote on Sunday 21 October 2007:
>
> > Here is my simple and, I suspect, very common setup: 2 PCs, one FC6
> > Linux, one Windows Vista and a Linksys wireless router. A DHCP server
> > on the Linksys determines the IP addresses of the 2 machines.
>
> > My question is: is it possible for either machine to ping the other
> > without having to make an entry in its local hosts file?
>
> At least not only with DHCP. It is only for assigning IP addresses and
> parameters to network devices. If you want name-to-address resolving you
> need (an internal) DNS server. That could be your Linksys router. I don't
> know if the original firmware has a DNS server, but WRT54G is flashable.
> That means you can install a small Linux distro on it and within a DNS
> server (dnsmasq or bind or ...). Look here
>
> http://www.freewrt.org/trac/wiki/Documentation/TargetSystems
>
> If you cannot use a DNS server you could use Bonjour/Zeroconf for address
> resolving. Apples Bonjour is available for Windows and Linux has its own
> implementations of the mDNS (multicast DNS) protocoll, e.g. mDNSresponder
> or avahi. mDNS is simmilar to DNS but it does not need a central server
> because every machine is sending broadcast messages on the network
> announcing itself to its neighbours. With help of the nss-mdns package
> you can then resolve the broadcasted names to IP addresses.
>
> For a small office the DHCP/DNS solution is the preferable one.
>
> --
> bye,
> Adalbert
>
> Mathematics is the only science where one never knows what one is talking
> about nor whether what is said is true. -- Russell
>
> --
> fedora-list mailing list
> fedora-list(a)redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
16 years, 7 months
Re: DHCP & DNS
by Adalbert Prokop
zephod(a)cfl.rr.com wrote on Sunday 21 October 2007:
> Here is my simple and, I suspect, very common setup: 2 PCs, one FC6
> Linux, one Windows Vista and a Linksys wireless router. A DHCP server
> on the Linksys determines the IP addresses of the 2 machines.
> My question is: is it possible for either machine to ping the other
> without having to make an entry in its local hosts file?
At least not only with DHCP. It is only for assigning IP addresses and
parameters to network devices. If you want name-to-address resolving you
need (an internal) DNS server. That could be your Linksys router. I don't
know if the original firmware has a DNS server, but WRT54G is flashable.
That means you can install a small Linux distro on it and within a DNS
server (dnsmasq or bind or ...). Look here
http://www.freewrt.org/trac/wiki/Documentation/TargetSystems
If you cannot use a DNS server you could use Bonjour/Zeroconf for address
resolving. Apples Bonjour is available for Windows and Linux has its own
implementations of the mDNS (multicast DNS) protocoll, e.g. mDNSresponder
or avahi. mDNS is simmilar to DNS but it does not need a central server
because every machine is sending broadcast messages on the network
announcing itself to its neighbours. With help of the nss-mdns package
you can then resolve the broadcasted names to IP addresses.
For a small office the DHCP/DNS solution is the preferable one.
--
bye,
Adalbert
Mathematics is the only science where one never knows what one is talking
about nor whether what is said is true. -- Russell
16 years, 7 months
Re: Bizarre connections from and to a FC7 unattended
by stan
On Mon, 23 Jul 2007 14:53:35 -0300
Thomas TS <ttsoares(a)cristhom.com.br> wrote:
> This is a FC7 full updated.
> The system is running with no user logged in.
> Just some default daemons and services:
>
> # netstat -apn | grep LIST | grep tcp
>
> tcp 0 0 127.0.0.1:8000
> 0.0.0.0:* LISTEN 2580/nasd
> tcp 0 0 192.168.122.1:53
> 0.0.0.0:* LISTEN 2834/dnsmasq
> tcp 0 0 0.0.0.0:821
> 0.0.0.0:* LISTEN 2335/rpc.statd
> tcp 0 0 127.0.0.1:631
> 0.0.0.0:* LISTEN 2525/cupsd
> tcp 0 0 127.0.0.1:25
> 0.0.0.0:* LISTEN 2559/sendmail: acce
> tcp 0 0 :::111
> :::* LISTEN 2301/rpcbind
> tcp 0 0 :::22
> :::* LISTEN 2539/sshd
>
>
> This box is behind a NAT and from the gateway one can look the
> connections to/from the FC7 system.
>
> After some time monitoring with iptraf several - for me - strange
> connections appears...
>
> ┌ TCP Connections (Source Host:Port) ───────────── Packets ─── Bytes
> ─── Flags ──── Iface ─────┐
> │┌192.168.1.254:42977
> = 695 45740 --A- eth2 │
> │└192.168.1.129:22
> = 575 96948 -PA-
> eth2 │
> │┌193.28.235.40:80
> = 0 0 ----
> eth2 │
> │└192.168.1.129:45869
> = 4 240 S--- eth2 │
> │┌192.168.1.129:44799
> = 8 565 --A- eth2 │
> │└131.252.208.96:80
> = 7 2730 CLOSED eth2 │
> │┌193.140.100.100:21
> = 0 0 ----
> eth2 │
> │└192.168.1.129:55991
> = 1 46 RESET eth2 │
> │┌192.168.1.129:56462
> = 0 0 ---- eth2
> │
> │└64.90.181.77:55979
> > 1 52 --A-
> > eth2 │
> │┌192.168.1.129:22
> = 49 6668 CLOSED eth2 │
> │└192.168.1.254:36544
> = 64 7008 CLOSED eth2 │
> │┌192.168.1.129:44507
> = 9 641 --A- eth2 │
> │└209.132.176.120:80
> = 9 4689 CLOSED eth2 │
>
> Some are obviously acceptable, as 209.132.176.120
> admin.fedora.redhat.com but a lot ones are to places very strange !!!
>
> I am already blocking all to/from
>
> 198.82.161.0/24
> 193.28.235.0/24
> 147.102.222.0/24
> 131.252.208.0/24
>
> because could not figure out why and witch program was doing a lot of
> uploads from my system to hosts at IPs at those class B and C nets...
>
> Am i to paranoid ?
>
It is possible, depending on how you are logging the TCP packets
that you are seeing failed attempts rather than actual connections.
I am not an expert (or even very knowledgeable) but I would be
concerned or at least investigate.
Run
"/sbin/ausearch -i -ts yesterday | grep -i fail | less"
I suspect you will see lots of hits on ssh. Perhaps someone succeeded.
"/sbin/ausearch -i -ts yesterday | grep -i ssh | grep -i success"
I think Fedora locks down the sendmail server by default, but you could
check it as well. Spammers are always looking for open relays, and
it is another exposure to the web for crackers to exploit.
You can get more info on ausearch with man ausearch.
Remove any chkrootkit in case it is compromised and install again.
yum remove chkrootkit*
yum install chkrootkit*
Then run it with the fresh copy to see if it finds any infestations.
Not perfect, but should catch crackers that aren't skilled.
16 years, 10 months
Bizarre connections from and to a FC7 unattended
by Thomas TS
This is a FC7 full updated.
The system is running with no user logged in.
Just some default daemons and services:
# netstat -apn | grep LIST | grep tcp
tcp 0 0 127.0.0.1:8000
0.0.0.0:* LISTEN 2580/nasd
tcp 0 0 192.168.122.1:53
0.0.0.0:* LISTEN 2834/dnsmasq
tcp 0 0 0.0.0.0:821
0.0.0.0:* LISTEN 2335/rpc.statd
tcp 0 0 127.0.0.1:631
0.0.0.0:* LISTEN 2525/cupsd
tcp 0 0 127.0.0.1:25
0.0.0.0:* LISTEN 2559/sendmail: acce
tcp 0 0 :::111
:::* LISTEN 2301/rpcbind
tcp 0 0 :::22
:::* LISTEN 2539/sshd
This box is behind a NAT and from the gateway one can look the
connections to/from the FC7 system.
After some time monitoring with iptraf several - for me - strange
connections appears...
┌ TCP Connections (Source Host:Port) ───────────── Packets ─── Bytes ───
Flags ──── Iface ─────┐
│┌192.168.1.254:42977
= 695 45740 --A- eth2 │
│└192.168.1.129:22
= 575 96948 -PA-
eth2 │
│┌193.28.235.40:80
= 0 0 ----
eth2 │
│└192.168.1.129:45869
= 4 240 S--- eth2 │
│┌192.168.1.129:44799
= 8 565 --A- eth2 │
│└131.252.208.96:80
= 7 2730 CLOSED eth2 │
│┌193.140.100.100:21
= 0 0 ----
eth2 │
│└192.168.1.129:55991
= 1 46 RESET eth2 │
│┌192.168.1.129:56462
= 0 0 ---- eth2 │
│└64.90.181.77:55979
> 1 52 --A- eth2 │
│┌192.168.1.129:22
= 49 6668 CLOSED eth2 │
│└192.168.1.254:36544
= 64 7008 CLOSED eth2 │
│┌192.168.1.129:44507
= 9 641 --A- eth2 │
│└209.132.176.120:80
= 9 4689 CLOSED eth2 │
Some are obviously acceptable, as 209.132.176.120
admin.fedora.redhat.com but a lot ones are to places very strange !!!
I am already blocking all to/from
198.82.161.0/24
193.28.235.0/24
147.102.222.0/24
131.252.208.0/24
because could not figure out why and witch program was doing a lot of
uploads from my system to hosts at IPs at those class B and C nets...
Am i to paranoid ?
16 years, 10 months
Re: Home Lan with D-Link DI-604
by Carlos Alberto Alves
Mikkel L. Ellertson wrote:
> The results show that you do not get an IP address for sempron. So
> when sempron tries to mount the NFS share, it is an unknown machine,
> and does not have permission to mount. I would try ether putting an
> entry for sempron in /etc/hosts, or editing /etc/exports and
> replacing sempron with the proper IP address.
>
> What you may want to do, if you are using DHCP on the D-link router,
> is to assign fixed IP addresses to the machines using the MAC
> address of the machines. I have had good luck doing this in the
> past. The other thing that works well if you have a Linux box
> running 24/7 is to put the DHCP server on it, as well as a local
> name server, and let all the machines on the network use its name
> server. There are some nice packages like dnsmasq that combine a
> caching name server and a DHCP server into one package, and update
> the name server to reflect DHCP leases.
>
> Mikkel
Hi Mikkel!
Your idea seems the best, but the router assigns the same address for
both machines (I do not know how). I will have to talk to the ISP that
owns the router and ask them to do it.
I will let you know their answer.
TIA,
--
**********************************************
* Carlos Alberto Alves *
* Child Neurologist *
* Systems Analyst/ASUS Certified Professional*
* Rio de Janeiro, Brazil *
* Skype: carlos-aa *
* mailto:drcaa@click21.com.br *
* mailto:drcaa@predialnet.com.br *
**********************************************
17 years
Re: Home Lan with D-Link DI-604
by Mikkel
The results show that you do not get an IP address for sempron. So
when sempron tries to mount the NFS share, it is an unknown machine,
and does not have permission to mount. I would try ether putting an
entry for sempron in /etc/hosts, or editing /etc/exports and
replacing sempron with the proper IP address.
What you may want to do, if you are using DHCP on the D-link router,
is to assign fixed IP addresses to the machines using the MAC
address of the machines. I have had good luck doing this in the
past. The other thing that works well if you have a Linux box
running 24/7 is to put the DHCP server on it, as well as a local
name server, and let all the machines on the network use its name
server. There are some nice packages like dnsmasq that combine a
caching name server and a DHCP server into one package, and update
the name server to reflect DHCP leases.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
17 years
KDM Broken After Yum Update
by Kurt Wall
Afternoon, list,
I ran "yum update" this morning. After the update, KDM was borken,
rather severely hosing my KDM config. Here's what yum installed (from
/var/log/yum.log):
Feb 18 08:54:55 Updated: libmp4v2.i386 1.5.0.1-3.fc6
Feb 18 08:54:59 Updated: selinux-policy.noarch 2.4.6-37.fc6
Feb 18 08:57:16 Installed: kernel.i686 2.6.19-1.2911.fc6
Feb 18 08:57:17 Installed: perl-libwww-perl.noarch 5.805-1.1.1
Feb 18 08:57:19 Updated: spamassassin.i386 3.1.8-1.fc6
Feb 18 08:57:23 Updated: ghostscript.i386 8.15.3-4.fc6
Feb 18 08:57:39 Updated: amarok.i386 1.4.5-3.fc6
Feb 18 08:57:40 Updated: libupnp.i386 1.4.2-1.fc6
Feb 18 08:57:41 Updated: system-config-printer-libs.i386 0.7.52-1.fc6
Feb 18 08:57:43 Updated: dnsmasq.i386 2.38-1.fc6
Feb 18 08:57:43 Erased: kde-config-kdm
Feb 18 08:57:51 Installed: kernel-devel.i686 2.6.19-1.2911.fc6
Feb 18 08:57:51 Installed: kmod-nvidia.i686 1.0.9746-1.2.6.19_1.2911.fc6
Feb 18 08:57:52 Updated: smolt.noarch 0.8-1.fc6
Feb 18 08:57:53 Updated: autofs.i386 1:5.0.1-0.rc3.19
Feb 18 08:57:53 Updated: system-config-printer.i386 0.7.52-1.fc6
Feb 18 08:57:54 Updated: kde-config-kdm.noarch 3.5-17.fc6
Feb 18 08:58:06 Updated: selinux-policy-targeted.noarch 2.4.6-37.fc6
Feb 18 08:58:09 Updated: man-pages.noarch 2.39-7.fc6
Feb 18 08:58:10 Updated: rsync.i386 2.6.9-1.fc6
Feb 18 08:58:10 Updated: kde-config.noarch 3.5-17.fc6
Feb 18 08:58:11 Updated: kernel-headers.i386 2.6.19-1.2911.fc6
It looks to me like the suspect updates are kde-config and kde-config-kdm:
$ rpm -q kde-config kde-config-kdm
kde-config-3.5-17.fc6.noarch
kde-config-kdm-3.5-17.fc6.noarch
But, not being a yum expert, I'm not sure how to proceed. What I think
I want to do is revert to the previous versions of kde-config and
kde-config-kdm, but, 1) I'm not sure if that's really what I want to do
and, 2) I don't know how to do it. Anyone have a cluebat handy?
Thanks,
Kurt
--
Gnagloot, n.:
A person who leaves all his ski passes on his jacket just to
impress people.
-- Rich Hall, "Sniglets"
17 years, 3 months
Re: Samba, connection is slow but copying files is fast.
by Mikkel
Marcel Janssen wrote:
> On Saturday 10 February 2007 17:03, Bob Chiodini wrote:
>> Do you use the deadtime parameter in /etc/samba/smb.conf? If so, you
>> may want to lengthen the deadtime or delete it entirely. See man smb.conf.
>
> I didn't know this parameter and will check it out.
>
>> Additionally, since you are using DHCP, do you assign the same IP
>> address to the server each time it re-ups its address? You probably
>> should. Linksys probably has a method of "fixing" IP addresses to MAC
>> addresses. Otherwise, the Windows browser mechanism comes into play.
>> That could result in long name to machine resolution times.
>
> Just to try, I have assigned fixed IP addresses to the samba server and
> clients. Now everything is fine, so I guess it really has something to do
> with lookup of name vs IP. Since I also use laptops that I like to keep using
> DHCP for I'll further investigate the issue but at least have a clue now to
> what I should be looking for.
>
> Thanks,
> Marcel
>
If you are running the DHCP server on the Linux machine, then using
something like dnsmasq as your name server and DHCP server can be
handy. It takes care of mapping the IP addresses it servers to the
names. Another way to do it is to have the DHCP server give fixed
addresses based on the MAC address to each machine, and then
populate /etc/samba/lmhosts with the name/IP mapping.
Normally, the nmb daemon that is part of the Samba package takes
care of name/IP mapping for NetBIOS names... But this may not work
if the Linux machine is not the master browser, or if some of the
machines are using other protocols besides NetBIOS over tcp/ip.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
17 years, 3 months
Re: DNS Server search order
by Mikkel
Dan Track wrote:
> HI
>
> Thanks everybody for your help. I guess the crux of the matter then is
> for me to put the internal DNS server first.
>
> Thanks
> Dan
>
You may find that it works better to use something like dnsmasq for
the internal name server, and have it listed as your only name
server. Then put the external name servers in the config for
dnsmasq. That way, you get fast response on local domains, and a DNS
cache as well.
This works great for desktops with a fixed IP address. If you use
DHCP to get your IP address, you need the PEERDNS=no option for the
interface so that resolv.conf does not get overwritten. If you use
it for a laptop, make sure that you use publicly accessible name
servers, or at least ones that work everywhere you plug in the laptop.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
17 years, 4 months
Re: local DNS server
by Mikkel
Neil Cherry wrote:
> Mikkel L. Ellertson wrote:
>> Dotan Cohen wrote:
>>> I've heard that one could run a local DNS server to speed up internet
>>> access. Does this have a real-world advantage for a home user?
>
>> Where running a local name server really helps is if you have more
>> then one machine on the local network, and they are all configured
>> to use the same local name server. Chances are, there are going to
>> be a fair number of sites that are used by more then one computer.
>
> Bingo, this is what I have setup. I'm currently using tinydns and
> dnscache. I have many devices and I can't remember the IP addresses
> of them all. So I put in the local DNS and manually administer it
> and DHCP. There is another DNS program that you can use (not BIND)
> that's supposed to be for this kind of situation (dnsmasq). I
> haven't taken the time to investigate that setup but I eventually
> will.
>
> PS, yes I have enough IP devices to justify the dns.
>
I like dnsmasq. If you are also going to run a DHCP server on the
machine, you can use it as the DHCP server as well. Or you can set
it up to automatically add the DHCP assigned name/IP address from
other DHCP servers. You can also set a system MX record. By default,
it will also read your /etc/hosts file, and add that to the hosts it
knows about. For a small network, it is a lot easier to configure
then a full name server. As an added plus, you can tell it to watch
a file to automatically update the name servers it uses. For
example, if you use dialup, you can have it watch
/etc/ppp/resolf.conf and use the server set by your current dialup
connection. (You need to set PEERDNS to NO in your PPP setup, so
that /etc/resolv.conf does not get changed.) I have also set it up
on a firewall machine so that it provides DNS for the local network,
and gets it forwarding name servers from /etc/resolv.conf that is
set by the Internet connection. (Modem or PPPoE)
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
17 years, 5 months