KCLUG February 2006

kclug@kclug.org

41 participants
43 discussions

RE: test
by Kelsay, Brian - Kansas City, MO 16 Feb '06

16 Feb '06

-----Original Message----- From: kclug-bounces(a)kclug.org [mailto:kclug-bounces@kclug.org] On Behalf Of Hal Duston Sent: Wednesday, February 15, 2006 10:41 PM To: kclug(a)kclug.org Subject: Re: test > ------------------------------------------------------------------------ > > - > > The original message was received at Mon, 13 Feb > > 2006 08:57:33 -0700 > > from [165.221.20.101] > > > > ----- The following addresses had permanent fatal > > errors ----- > > <kclug(a)kclug.org> > > (reason: 553 sorry, that domain isn't in my list > > of allowed > > rcpthosts (#5.7.1)) > > > > ----- Transcript of session follows ----- > > ... while talking to mail.illi.net.: > > >>> RCPT To:<kclug(a)kclug.org> > > <<< 553 sorry, that domain isn't in my list of > > allowed rcpthosts > > (#5.7.1) > > 550 5.1.1 <kclug(a)kclug.org>... User unknown What appears to be happening is this. For some reason there is some sort of intermittent connectivity issue with the main kclug.org server. There is a fallback MX record that points to the previous kclug.org server that is in Chicago which is no longer set up to receive email for kclug.org. -- Hal Duston --------------------------------------------- Aha! So the ILLIANA.net server (old server) is there and knows it isn't supposed to be receiving the messages. I'd say that whoever has the access to the DNS records for the LUG needs to remove the fallback MX record completely or shange it to something that can spool and eventually forward the mail correctly. I thought it looked weird seeing mail.illi.net in the header. Brian

2 1

test
by Kelsay, Brian - Kansas City, MO 16 Feb '06

16 Feb '06

I tried to reply to a message this morning and got the error below. WTF? ------------------------------------------------------------------------ - The original message was received at Mon, 13 Feb 2006 08:57:33 -0700 from [165.221.20.101] ----- The following addresses had permanent fatal errors ----- <kclug(a)kclug.org> (reason: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)) ----- Transcript of session follows ----- ... while talking to mail.illi.net.: >>> RCPT To:<kclug(a)kclug.org> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) 550 5.1.1 <kclug(a)kclug.org>... User unknown

4 3

Which wireless card?
by Kelsay, Brian - Kansas City, MO 13 Feb '06

13 Feb '06

Second try sending. You could always do what I did and have recommended here frequently: Google search for Linux wireless lan or wlan. These three will yield lots of info. I'm not sure how up to date the list is, but I found cards there they I could use. The Intel 2200 and 2915 in Centrino laptops work too. http://www.linux-wlan.org/ www.linux-wlan.org/docs/wlan_adapters.html.gz the list www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/ -----Original Message----- From: On Behalf Of Leo Mauler Sent: Monday, February 13, 2006 9:29 AM It is so hard to find the right wireless card since manufacturers never seem to want to put the name of the chipset on the box. And once you have the shrinkwrap off the box, the computer store frequently takes a dim view of returns, especially when the reason is "An operating system with, officially, about 5% of the market, won't work with this card." I guess what the KCLUG list really needs is a list of local stores which have a reasonable return policy that doesn't require the device to be completely non-functional (in a Windows box) to exchange it for another wireless card. It would be nice as well to have a link to a compact list of all the compatible wireless chipsets for loading into your PDA. Yes ornico wireless cards are really nice, but again, hard to find the right chipset.

1 0

Penguicon 4.0: April 21-23, 2006
by Leo Mauler 13 Feb '06

13 Feb '06

I'm sorry if this is old news and I'm the only one who doesn't know, but a friend of mine was pointing out all the SciFi/Fantasy Conventions, and I stumbled across Penguicon 4.0. Its in Livonia, MI this year, April 21-23, 2006. http://www.penguicon.org/ >From the information on the site: "To those of you familiar with the Linux and Open Source community, think of a weekend long Linux Users Group meeting with hundreds of other geeks which also just happens to have nationally acclaimed guests, its own wireless network, free caffeine and snacks always available, lots of folks talking about Science Fiction and Fantasy, situated next to a place to buy really cool t-shirts and buttons and such, and with some extra events like amateur singing, anime, and a costume contest." "To those of you familiar with Science Fiction conventions, imagine all the convention features you know and love, with the addition of wireless internet access, computer gaming (including the fabulous Celebrity Frag Fest), non-stop Internet access, people who know about online publishing / books on demand / digital art, a programming track involving computing topics and another one focusing on the crossover between Science Fiction and computing." This year they're promising "Water Joe", OpenCola, and that they'll make ice cream with liquid nitrogen! Wow! Water Joe: http://www.reallifecomics.com/daily.php?strip_id=680 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

2 2

Monitoring devices connected to a network
by Charles Steinkuehler 11 Feb '06

11 Feb '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I manage a small business network, and would like to put some simple monitoring in place (to avoid things like rogue wireless APs), but don't want to deny access by default, which is the way most of the stuff I've seen works. Ideally, I'm thinking something that keeps track of MAC addresses seen by the firewall/router (running linux, of course!), compares the MAC address with a list of 'known' addresses, and e-mails me when a new MAC shows up would work pretty well. Sniffing ARP packets should be a good way to collect MAC addresses without requiring excessive CPU resources, sniffer ports on my switch, etc. Does this sound reasonable to anyone else? Does anyone know of a pre-existing program that would do this, or is it something I'm going to have to roll on my own? Any better ideas for keeping track of what's actually plugged in and talking on a network while still 'playing nice' and generally trusting the user base? - -- Charles Steinkuehler charles(a)steinkuehler.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD7RXNLywbqEHdNFwRAqkCAKC04XbDyNY3/tsidoq6FX3HkIm63QCggwbR QvFeVsmr4XQgB0MeWZlwS58= =R+s5 -----END PGP SIGNATURE-----

6 7

Re: KCLUG.NET available
by Jared 10 Feb '06

10 Feb '06

IPCOP it is. I neglected to mention that the wireless AP would be open access for all, including internal use. The picture below is roughly what I'll be doing. I happen to have a spare 586 sitting around waiting for a Linux image, and IPCOP does both firewall and routing. Basically, for free, and that's the selling point. Thanks to all for the help! p.s. The KCLUG.NET address went very quickly. -Jared >>> small network whose owner wants to make it available >>> for web-browsing to anyone roaming the neighborhood via >>> wireless. However, as best I know this gives access to >>> the other computers on the network, and I'm curious to >>> know if there is a way to expose a single computer to >>> the world as a wireless server, without giving access to >>> the rest of the network. >> >>Internet to 5-port switch >>Switch to Wireless AP and a NAT/Firewall device >>NAT/Firewall to private network > > solution #1: > > Internet > | > +----------+ > | Firewall | > |----------| > | FW | FW | > +----------+ > | | > | | +----------+ > | +------| Wireless | > | +----------+ > | > +----------+ > | LAN | > +----------+

2 1

RE: KCLUG.NET available
by Kelsay, Brian - Kansas City, MO 10 Feb '06

10 Feb '06

If it is open to all, make static IP assignments for the MAC addresses of the cards that are the network owner's. If he needs internal LAN access to a server, either put it in the DMZ or in local (Green) LAN and make DMZ pinholes for those MACs/IPs to get to the server IP. That prevents outside/free users from getting to the local server and network. I'd also either make sure nocatauth is on IPCop or put it on there yourself. As I said before, it gives the Acceptable Use Policy for outside users. The first Internet hit they try will bounce them to the AUP. If you want to filter Internet access, use Dan's Guardian. There is info on the IPCop page about adding it. Good Luck -----Original Message----- From: kclug-bounces(a)kclug.org [mailto:kclug-bounces@kclug.org] On Behalf Of Jared Sent: Friday, February 10, 2006 5:28 AM IPCOP it is. I neglected to mention that the wireless AP would be open access for all, including internal use. The picture below is roughly what I'll be doing. I happen to have a spare 586 sitting around waiting for a Linux image, and IPCOP does both firewall and routing. Basically, for free, and that's the selling point. Thanks to all for the help! p.s. The KCLUG.NET address went very quickly. -Jared >>> small network whose owner wants to make it available >>> for web-browsing to anyone roaming the neighborhood via >>> wireless. However, as best I know this gives access to >>> the other computers on the network, and I'm curious to >>> know if there is a way to expose a single computer to >>> the world as a wireless server, without giving access to >>> the rest of the network. >> >>Internet to 5-port switch >>Switch to Wireless AP and a NAT/Firewall device >>NAT/Firewall to private network > > solution #1: > > Internet > | > +----------+ > | Firewall | > |----------| > | FW | FW | > +----------+ > | | > | | +----------+ > | +------| Wireless | > | +----------+ > | > +----------+ > | LAN | > +----------+

1 0

Re: KCLUG.NET available
by rcedelman＠comcast.net 08 Feb '06

08 Feb '06

Well, if buying some new (used) equipment is in the budget, I'd pick up a Cisco Aironet 1200 AP. You can get them pretty reasonable on EBay. I'd also pick up a couple of directional attennas. The Aironet can have multiple SSIDs, each on its own VLAN. Then all you need is some kind of device capable of routing between VLANs (I believe a linksys with hacked firmware can do this, or any linux router with 3 nics), and you're good to go. The only downside to this, aside from spending $$$, is that when you have multiple SSIDs on the same AP, you can't broadcast. This is pretty similar to what we use at Netstandard for our wireless solution, but we've got 3 Wifi networks on the same AP. Rich -------------- Original message ---------------------- From: David Nicol <davidnicol(a)gmail.com> > On 2/7/06, Jack <quiet_celt(a)yahoo.com> wrote: > > --- David Nicol wrote: > > > > as I see it the question is, is there a way to > > > expose the one server, > > > while still providing wireless for your other > > > devices, using a single > > > access point, and the answer is no. He's going to > > > need a second > > > access point. One AP for the public wireless and > > > one for his > > > unrestricted private. > > > > I disagree. > > no you don't. Your pictures, with one wireless node, are not providing > a trusted wireless, that has access to the LAN section, > in addition to the untrusted wireless. > > I said that if you want a trusted wireless and an untrusted wireless both, > you need to WAPs. Your diagrams agree with that. > _______________________________________________ > Kclug mailing list > Kclug(a)kclug.org > http://kclug.org/mailman/listinfo/kclug

1 0

KCLUG.NET available
by Jared 07 Feb '06

07 Feb '06

Coupla things, 2nd one is off topic: 1. A couple of years ago I bought the name KCLUG.NET, intending to set up mail accounts or make it available for the cluster idea, but soon found myself with limited resources. The domain name expires at the end of May, and in the past when I've relinquished a quality domain name, I watched it snapped up by a reseller who made it available for 3 digits or more. So, I have this quality domain name which I will transfer for free to a good home; it expires in 3 months, so it's not much, but it's a start for anyone with time to spare. 2. I write software so I dunno networking, requesting help from the user group. I was invited to manage a very small network whose owner wants to make it available for web-browsing to anyone roaming the neighborhood via wireless. However, as best I know this gives access to the other computers on the network, and I'm curious to know if there is a way to expose a single computer to the world as a wireless server, without giving access to the rest of the network. Wireless Belkin Router/AP, but willing to buy other equipment if necessary. Thanks, -Jared

4 4

RE: KCLUG.NET available
by Kelsay, Brian - Kansas City, MO 07 Feb '06

07 Feb '06

For a preconfigured solution, see www.IPCop.org, current version is 1.4.10. The Red is Internet, Green is local LAN, Orange is DMZ, Blue is untrusted wireless. You use DMZ pinholes to allow specific hosts or a range of hosts to have direct connection from one net to another. E.g. allow specific IP address access to server on Orange (DMZ) so that your laptop can admin the server. Blue (wireless), by default has access to the internet, but you may want to add nocatauth to allow you to add an acceptable useage notice to users. -----Original Message----- From: On Behalf Of Jack Dinsmore Sent: Tuesday, February 07, 2006 1:33 PM To: kclug(a)kclug.org Subject: Re: KCLUG.NET available I disagree. The way I see it he could build a tri-homed firewall. Three NICs , One NIC is a wireless on a private IP range, one NIC is assigned a different IP range, and the third connects to the Internet. I don't know enough about switches to analyze the first answer, but it seemed reasonable, basically the same as my solution - except the switch is the tri-homed device. My solution has the added benefit of offering some protection to the wireless device and also prevents maliscious persons from using the wireless to launch attacks. The downside is, if the tri-homed device is compromised all is exposed. Another solution here would be to have a gateway firewall machine, put the wireless on the DMZ side of this firewall add a DMZ firewall protecting the internal network from both the wireless and the Internet. solution #2: Internet | +----------+ | Firewall | +----------+ | | +----------+ +------| Wireless | | +----------+ | +----------+ | Firewall | +----------+ | | +----------+ | LAN | +----------+ solution #1: Internet | +----------+ | Firewall | |----------| | FW | FW | +----------+ | | | | +----------+ | +------| Wireless | | +----------+ | +----------+ | LAN | +----------+ Granted this configuration is an advanced firewall, and the previous set up requires two different firewalls. In all cases the first firewall is a gateway firewall and the others are choke firewalls. However it is doable without a second access point. The first solution can be done with a single iptables configuration. Brian JD

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

KCLUG February 2006