I have screwed up my DNS service
Alan Secker
Although my broadband ADSL Modem/Router (WAG54GS) is working properly, I can
neither send or receive emails nor access web-sites.
Recently responsibility for DHCP was transferred from the WAG54GS to our
file server. This enabled members of the LAN to access the file server if
and when the WAG54GS was disabled for one reason or another.
I can ping linksys.com by using its domain octets but not by name. Same with
the BBC. From this I conclude that DNS is messed up. I know what it does
but haven't a clue as to how it does it.
During a call to my broadband and IP supplier's technical support, I was
told that their DNS servers has been changed and gave me the new numbers,
yet the Linksys returns different numbers in its 'Status' window?
Despite being given the new/correct DNS server addresses I do not know where
they need to be plugged in nor whether there are any additional programs
that need to be installed and executed in order to handle DNS on my
machine.
I would appreciate (further) help.
Jim Beard
It would help to know if the connection from your router to your
ISP is DHCP or PPoE. If that connection is DHCP, the router should
hold current DNS server addresses and the ones given you are in
addition. If it is PPoE or something else that uses static DNS
addresses, then your router probably holds the old numbers and should
be updated by logging in as admin and making the changes. You could
try entering the router numbers for your DNS server and see if they
work, as "the proof of the pudding is in the eating."
Next, you must have a DNS server running on your file server, tinyDNS
or some such. You should be able to launch mcc, go to System, and
then to Services and find it in the list. Make sure it is running.
The DNS server software has to know where to get its DNS information.
It may be getting it from your router, or direct from a DNS machine
on the Web, or some combination (first router, then internet..).
You will have to read documentation on the DNS server to find where
that information goes. It likely should show up in /etc/resolv.conf,
but I depend on my router for local as well as internet so I don't
use such.
Cheers!
jim b.
--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.
David W. Hodgins
> During a call to my broadband and IP supplier's technical support, I was
> told that their DNS servers has been changed and gave me the new numbers,
> yet the Linksys returns different numbers in its 'Status' window?
What addresses are showing up in the status window?
> Despite being given the new/correct DNS server addresses I do not know where
> they need to be plugged in nor whether there are any additional programs
In /etc/resolvconf/resolv.conf.d/head add lines like
nameserver 1.2.3.4
with the ip addresses given to you. Make sure the last line ends
with a linefeed. Ignore the warning about not editing the file, as
that is about editing /etc/resolv.conf, which will be generated using
the contents of the head file, along with the base and tail files,
from the same directory, plus, if specified, the dns servers returned
from the dhcp client.
I haven't setup a dhcp server, so I don't know for sure, where you specify
the dns servers, for the other clients on your network, but it looks like
you would plugin the dns server ip addresses in the /etc/dhcpd.conf like
option domain-name-servers 1.2.3.4;
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Bit Twister
> This is a follow-up to 'DHCP Problem'.
>
> the BBC. From this I conclude that DNS is messed up. I know what it does
> but haven't a clue as to how it does it.
/etc/host.conf suggest order as does
$ grep hosts: /etc/nsswitch.conf
hosts: files dns <--- look in /etc/hosts then use dns
Then resolver ip address comes from
nameserver in /etc/resolv.conf
and for LAN node lookup, which domain to search when resolving alias names
search=(LAN domain here)
Example:
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.130
search home.test
The above says to use my named server and search home.test for LAN names.
named will use the forwarders ip contents in /var/lib/named/etc/named.conf
to resolve names outside of the LAN.
Example forwarders:
forwarders { 208.67.222.222; 208.67.220.220; };
Those nameservers belong to opendns.com
That way I do not have to worry if my high speed router gets cracked
and ISP nameservers get replaced with black hat servers. :(
Wes Newell
> This is a follow-up to 'DHCP Problem'.
>
> Although my broadband ADSL Modem/Router (WAG54GS) is working properly, I
> can neither send or receive emails nor access web-sites.
>
> Recently responsibility for DHCP was transferred from the WAG54GS to our
> file server. This enabled members of the LAN to access the file server
> if and when the WAG54GS was disabled for one reason or another.
>
Get rid of dhcp and use static addresses.
> I can ping linksys.com by using its domain octets but not by name. Same
> with the BBC. From this I conclude that DNS is messed up. I know what it
> does but haven't a clue as to how it does it.
>
Mine was screwed up this morning too. I browsed into the router and
disconnected and reconnected and that fixed that. Your router should
automatically get the DNS addresses. The only DNS you need in linux is the
router base address. With static addresses all internal machines wouldn't
care about the status of router except for Internet access.
> During a call to my broadband and IP supplier's technical support, I was
> told that their DNS servers has been changed and gave me the new
> numbers, yet the Linksys returns different numbers in its 'Status'
> window?
>
Then one of them is wrong. More than likely, the tech support person.
> Despite being given the new/correct DNS server addresses I do not know
> where they need to be plugged in nor whether there are any additional
> programs that need to be installed and executed in order to handle DNS
> on my machine.
>
> I would appreciate (further) help.
The router handles dns passthrough (even with pppoe). Use only the router
base address for dns lookup and if the servers change, resetting the
router connection should get the new server addresses.
And I still haven't figured out why you are having trouble with DHCP from
the router. If you're having power outages taking the router down, get a
cheap UPS for it. If it locking up, replace it. Can't fix it? All the more
reason for static addresses.
--
Want the ultimate in free OTA SD/HDTV Recorder? http://mythtv.org
My Tivo Experience http://wesnewell.no-ip.com/tivo.htm
Tivo HD/S3 compared http://wesnewell.no-ip.com/mythtivo.htm
AMD cpu help http://wesnewell.no-ip.com/cpu.php
Bit Twister
> If you're having power outages taking the router down, get a
> cheap UPS for it. If it locking up, replace it. Can't fix it? All the more
> reason for static addresses.
Since criminals have started hacking into routers I would suggest
/etc/resolv.conf to contain opendns resolvers. http://opendns.com/
You get the added benefit of opendns masking off known phishing sites.
and do not have to worry about name servers in a
cracked router.
cat /etc/resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
Alan Secker
This morning I had no response from the Internet at all. This evening I
could get email and read this newsgroup but still no WWW. The only change
this morning was to upgrade the WAG54GS's firmware.
The connection is PPPoA.
The WAG54GS setup does have boxes for the insertion of DNS octets but I have
never had to use them before. I will however plug in the new ones and see
what they bring. Unfortunately I am working away for two days and will not
be able to move on until Thursday.
>
> Next, you must have a DNS server running on your file server, tinyDNS
> or some such. You should be able to launch mcc, go to System, and
> then to Services and find it in the list. Make sure it is running.
That bit puzzles me. Surely I am trying to address my IP's DNS servers to
convert names to numbers? Why would I want my own DNS server? I would have
expected a small program that takes the requested name and sends it to the
server address held in resolv.conf, dhcpd.conf and/or as Dave
suggests /etc/resolvconf/resolv.conf.d/head or one of them!
>
> The DNS server software has to know where to get its DNS information.
> It may be getting it from your router, or direct from a DNS machine
> on the Web, or some combination (first router, then internet..).
> You will have to read documentation on the DNS server to find where
> that information goes. It likely should show up in /etc/resolv.conf,
> but I depend on my router for local as well as internet so I don't
> use such.
I noticed that my domestic machine, not on a LAN has under
mcc->system->services a running routine called resolvconf. I would guess
that does something(?)
Thanks everyone I'll check back on Thursday. Alan
>
> Cheers!
>
> jim b.
>
>
Alan Secker
cannot resolve web-site names.
This is the current position. I can access email and newsgroups but only if
the line in both dhcp.conf and dhcpd.conf reads:
option domain-name-servers 192.168.x.1 (which points to my router).
Replacing this with the DNS1 and 2 addresses provided by my ip supplier
results in no emails nor ng as well as no WWW.
No matter what I change, the WAG54GS status report always shows the original
DNS numbers it returned. My earlier belief that DNS numbers could be
manually inserted was based on seeing boxes provided for the insertion of
the octets. They they turned out only to be available if the WAG54GS dhcp
server was enabled. I have it disabled as I am using dhcp services from my
file-server.
Robert Harris suggested on 15 Feb '.... set your server to be 192.168.x.2.
If he meant my file-server, that already has a static address recognised by
every work-station. If that is indeed what he meant, I wouldn't want to
disturb it. I cannot see why that would be significant anyway. I would
appreciate clarification.
/etc/resolv.conf currently has three lines:
search asandco.co.uk (my domain address)
nameserver <new DNS1>
nameserver <new DNS2>
Elsewhere I read that having changed the text files, /sbin/resolvconf should
be run after stopping the network. This didn't exist on MDV 2006 on the
file server and urpmi couldn't find it. I copied the version on MDV 2008 as
it hadn't changed since 2005 but that would not run without the creation of
some directories and a symlink! Eventually I was able to stop the network
run the script with argument -u and restart the network.
Which brought me to the top line above. Clearly something crucial is
missing. I cannot call upon my Linux mentor and guru as he has just lost
his partner but he did mention that he has experienced failure in
electrolytics on Linksys routers. I find it hard to believe that that could
be an issue here though.
Bit Twister
> Despite all the advice (some conflicting) that I have received, I stall
> cannot resolve web-site names.
>
> This is the current position. I can access email and newsgroups but only if
> the line in both dhcp.conf and dhcpd.conf reads:
>
> option domain-name-servers 192.168.x.1 (which points to my router).
>
> Replacing this with the DNS1 and 2 addresses provided by my ip supplier
> results in no emails nor ng as well as no WWW.
I can agree with that. Your "option domain-name-servers" is for dhcp
and guess you modified that in the *lease file.
The DNS* line is found in an /etc/sysconfig/network-scripts/ifcfg-* file.
Since I do not have a wireless setup or run a dhcp server I can not
help with those config files.
> No matter what I change, the WAG54GS status report always shows the original
> DNS numbers it returned. My earlier belief that DNS numbers could be
> manually inserted was based on seeing boxes provided for the insertion of
> the octets.
I would agree since I have done it for a static/manual connection.
I do not have a wireless setup so I can not help with the wireless files.
If you get the right /etc/sysconfig/network-scripts/ config file
I would assume you set/add the DNSx=xx.x.x.x and PEERDNS=no
Then again, you need to look in sysconfig.txt to check what variable
names/values do what for release 2006. Do a
locate /sysconfig.txt
to find it on your 2006 system.
> Elsewhere I read that having changed the text files, /sbin/resolvconf should
> be run after stopping the network. This didn't exist on MDV 2006 on the
> file server and urpmi couldn't find it. I copied the version on MDV 2008 as
> it hadn't changed since 2005 but that would not run
Well, most of the talking about variables and commands for 2008 will
not work on 2006. So on the 2006 system;
locate /sysconfig.txt
Should get you the file name telling you what key words do what in a
given config file 2006 .
If you cannot get the network device config file to set nameserver like
you want, you can play with settings with some custom script you create.
If you are using dhclient as your dhcp client, then you can create
/etc/dhclient-exit-hooks and do whatever you like when a device comes
on line.
That would run after dhcp client runs. Here is a simple one to see
what variables are set.
#*******************************************************************
#*
#* dhclient-exit-hooks - Post processing dhcp client processor
#*
#* Install:
#* chmod +x dhclient-exit-hooks
#* cp dhclient-exit-hooks /etc/dhclient-exit-hooks
#*
#*******************************************************************
_fn=/tmp/dhcp.vars
date >> $_fn
env | sort >> $_fn
echo "------------------------------" >> $_fn
#***************** end dhclient-exit-hooks **************************
Another method would be to create /sbin/ifup-local with the following:
#*******************************************************************
#*
#* ifup-local - post network processor
#*
#* Install:
#* chmod +x ifup-local
#* cp ifup-local /sbin/ifup-local
#*
#*******************************************************************
_fn=/tmp/net.vars
date >> $_fn
echo arg1= $1 >> $_fn
env | sort >> $_fn
echo "------------------------------" >> $_fn
#***************** end ifup-local **************************
Now, you can create both, install them, and do the following:
service network restart
cat /tmp/net.vars
cat /tmp/dhpc.vars
If weak on writing scripts there is
http://tldp.org/LDP/abs/html/index.html
In either file, you could put something like
_fn=/etc/resolv.conf
echo "# created by your_script_name_here" > $_fn
echo "nameserver=208.67.222.222" >> $_fn
echo "nameserver=208.67.220.220" >> $_fn
echo "search where.ever" >> $_fn
then do a
service network restart
cat /etc/resolv.conf
which should have something like
# created by your_script_name_here
nameserver=208.67.222.222
nameserver=208.67.220.220
search where.ever
Anahata
> Despite all the advice (some conflicting) that I have received, I stall
> cannot resolve web-site names.
>
> This is the current position. I can access email and newsgroups but only if
> the line in both dhcp.conf and dhcpd.conf reads:
>
> option domain-name-servers 192.168.x.1 (which points to my router).
>
> Replacing this with the DNS1 and 2 addresses provided by my ip supplier
> results in no emails nor ng as well as no WWW.
Have you got a default route set up, that points to your router?
What does the route command (with no parameters) say?
Anahata
Wes Newell
> Robert Harris suggested on 15 Feb '.... set your server to be
> 192.168.x.2. If he meant my file-server, that already has a static
> address recognised by every work-station. If that is indeed what he
> meant, I wouldn't want to disturb it. I cannot see why that would be
> significant anyway. I would appreciate clarification.
>
I don't know either, if your current filserver address is
182.168.0.<something between 2-253> and you have dhcp in the router
disabled for whatever the address is. If your servers address is not
within this range, then that's the/a problem.
> /etc/resolv.conf currently has three lines: search asandco.co.uk (my
> domain address) nameserver <new DNS1>
> nameserver <new DNS2>
Mine only has one. The router gateway address, 192.168.0.1.
> Elsewhere I read that having changed the text files, /sbin/resolvconf
> should be run after stopping the network. This didn't exist on MDV 2006
> on the file server and urpmi couldn't find it. I copied the version on
> MDV 2008 as it hadn't changed since 2005 but that would not run without
> the creation of some directories and a symlink! Eventually I was able to
> stop the network run the script with argument -u and restart the
> network.
>
Someone decided the old simple way of having the admin control resolv.conf
isn't good. An obvious mistake IMO. They now overwrite any changes made
directly to /etc/resolv.conf.
Alan Secker
Before commenting on the result of acting on your advice as far as I
was able to, after a few tweaks, I clean booted the file server.
Newsgroups and email still OK but nothing coming up on Firefox yet
it reports 'done'.
Decide to ping Google by name: $ ping google.co.uk. It responded. I
then tried bbc.co.uk, five.com and my website. Same. I thought maybe
they were cached. I looked around for something I could never have
called and found www.cieonline.co.uk a trade electronic component
magazine. I pinged it and up it came.
Surely this means the name server is doing its stuff. So why is nothing
being returned?
Anyway. How I dealt wit your advice:
> I can agree with that. Your "option domain-name-servers" is for dhcp
> and guess you modified that in the *lease file.
I don't know what a *lease file is.
> The DNS* line is found in an /etc/sysconfig/network-scripts/ifcfg-*
> file.
'Er No, not in mine. However I added it to idcfg-eth0 as that seemed fromn
its content to be the most apropriate
> Since I do not have a wireless setup or run a dhcp server I can not
> help with those config files.
I have wireless disabled.
>
>> No matter what I change, the WAG54GS status report always shows the
>> original DNS numbers it returned. My earlier belief that DNS numbers
>> could be manually inserted was based on seeing boxes provided for the
>> insertion of the octets.
>
> I would agree since I have done it for a static/manual connection.
> I do not have a wireless setup so I can not help with the wireless files.
> If you get the right /etc/sysconfig/network-scripts/ config file
> I would assume you set/add the DNSx=xx.x.x.x and PEERDNS=no
PEERDNS was set to yes. according to sysconfig.txt a setting of yes
causes the script to 'drop' the DNS values into resolv.conf. Changing
it to no presumably has the opposite effect but as they are already
in resolv.conf, it hardly matters I guess.
>
> Then again, you need to look in sysconfig.txt to check what variable
> names/values do what for release 2006. Do a
> locate /sysconfig.txt
> to find it on your 2006 system.
>
Because the router is still displaying the original DNS numbers it had when
first linking up the broadband link, I suspect disbling dhcp only worked
partially. I am tempted to reset the device to factory defaults, reboot it,
then reset electrically, i.e press the rest button and start from scratch.
If it still does it, then I will query Linksys tech support again.
Thanks for your support.
Alan
Martin Burke
On your machine the DNS should point to your router, on the router the DNS
should point to you ISP's
So your machine DNS = 192.168.x.x
Router Primary DNS = z.z.z.z
Router Secondary DNS = y.y.y.y
this is what my set up is like and it works
my resolv.conf is
search home
nameserver 192.168.1.254
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# ppp temp entry
Hope this is of some help
Martin
--
Linux - Free no Virus's Spyware Trojans
Windowz - Expensive buggy virus's spyware trojans SLOW
Bit Twister
> Bit Twister wrote:
>
> Before commenting on the result of acting on your advice as far as I
> was able to, after a few tweaks, I clean booted the file server.
> Newsgroups and email still OK but nothing coming up on Firefox yet
> it reports 'done'.
>
> Decide to ping Google by name: $ ping google.co.uk. It responded. I
> then tried bbc.co.uk, five.com and my website. Same. I thought maybe
> they were cached. I looked around for something I could never have
> called and found www.cieonline.co.uk a trade electronic component
> magazine. I pinged it and up it came.
OK, I agree, using ping proves DNS resolution and connectivity to target.
> Surely this means the name server is doing its stuff. So why is nothing
> being returned?
I would get into router and verify, name servers are valid.
>> The DNS* line is found in an /etc/sysconfig/network-scripts/ifcfg-*
>> file.
>
> 'Er No, not in mine. However I added it to idcfg-eth0 as that seemed fromn
> its content to be the most apropriate
It would depend if you had set dns values when configuring eht0
>> Since I do not have a wireless setup or run a dhcp server I can not
>> help with those config files.
>
> I have wireless disabled.
Ok, then setup for nic would be either auto or manual/static.
>>
>>> No matter what I change, the WAG54GS status report always shows the
>>> original DNS numbers it returned. My earlier belief that DNS numbers
>>> could be manually inserted was based on seeing boxes provided for the
>>> insertion of the octets.
>>
>> I would agree since I have done it for a static/manual connection.
>> I do not have a wireless setup so I can not help with the wireless files.
>> If you get the right /etc/sysconfig/network-scripts/ config file
>> I would assume you set/add the DNSx=xx.x.x.x and PEERDNS=no
>
> PEERDNS was set to yes. according to sysconfig.txt a setting of yes
> causes the script to 'drop' the DNS values into resolv.conf. Changing
> it to no presumably has the opposite effect but as they are already
> in resolv.conf, it hardly matters I guess.
They would get there if you set eth0 as Automatic.
> Because the router is still displaying the original DNS numbers it had when
> first linking up the broadband link, I suspect disbling dhcp only worked
> partially. I am tempted to reset the device to factory defaults, reboot it,
> then reset electrically, i.e press the rest button and start from scratch.
That would get you a starting point if nothing else. If me, I would
delete eth0, and reconfigure it again as static/manual, give it your
router's gateway, open dns servers 208.67.222.222 208.67.220.220
or use your ISP's name servers.
Next verify ping google.com works, then try the browser with google.com
If you want use the supplied script and provide the results and let me
look at all your config files.
-------- standard debug network problem text/script follows: ------------
dump_net.txt version 4.4
If you read http://www.catb.org/~esr/faqs/smart-questions.html
it will suggest you provide any information about your setup which might
help troubleshoot your problem. Example, Internet connection type,
(cable, adsl,,,), it's hardware, (vendor/model of the modem).
Maybe that your system is hooked to a hub/switch/router and type of
hookup, (Ethernet,usb, wireless,...), distribution, config file values,... .
We need to know about your network hardware and see your config settings.
Something does not start up, try
dmesg
and/or look through /var/log/messages for an error message.
If your problem is slow network give a URL so we can try it.
Once you get your network running, you may want to run xx one last time
and save the output file for disk crash/new installs :)
Might not hurt to save xx for one of a network debugging checklist steps.
The following ambidextrous script is for suse, mandriva, ubuntu, kubuntu
and will dump your hardware status, network settings and config files used
in network setup. We need that information to troubleshoot your problem.
If you are having to use windows to access Usenet:
Format a diskette on the windows system.
Copy the following xx.txt script into xx.txt using notepad.exe
then save xx.txt to the diskette/cd/usb stick.
To get the script results back to Windows and
none of the above hardware works, you can use http://www.fs-driver.org/
If you do not want some malware writing to linux. You can replace it
with http://www.diskinternals.com/linux-reader/ which does not
provide write access to linux.
The above assumes you have not created a FAT partition to exchange
files between OSs. If you did, copy dosa.txt to it from linux and read
it from windows.
I do recommend remove/installing the windows/linux file system
driver after you get the linux network up.
Makes your Windows Anti Virus scanner run much faster after removal.
Also, if logged into windows, it would be nice to include your windows
network settings. Click up a Prompt/cmd/terminal and add in contents from
ipconfig /all
when you reply with linux settings.
If using linux for Usenet access, su - root, copy script text into xx
chmod +x xx
./xx
and include a.txt (if on linux) or dosa.txt (if on windows) in your reply.
NOTE: to become root, you need to do a
su - root
not su root
For the suse, ubuntu, kubuntu users,
sudo -i
chmod +x xx
./xx
exit will exit the sudo -i command.
If xx is not in your home directory, you will have to provide the full
path in place of $HOME. Example:
sudo -i
chmod +x /some/where/xx
/some/where/xx
------------------ Script starts below this line ---------
#!/bin/bash
#*************************************************************
#*
#* xx - Dump network config files and network hardware status
#*
#* Output: a.txt linux file
#* dosa.txt Windows file
#*
#*************************************************************
_fn=a.txt
_out_fn=$PWD/$_fn
_dos_fn=$PWD/dos${_fn}
_home=$PWD
function cat_fn
{
_fn=$1
if [ -f $_fn ] ; then
_count=$(stat -c %s $_fn )
if [ $_count -gt 0 ] ; then
echo "=== cat $_fn ====" >> $_out_fn
cat $_fn >> $_out_fn
fi
fi
} # end cat_fn
function grep_fn
{
_fn=$1
if [ -e $_fn ] ; then
_count=$(stat -c %s $_fn )
if [ $_count -gt 0 ] ; then
_count=$(grep -v '^#' $_fn | wc -l)
if [ $_count -gt 0 ] ; then
echo "======== grep -v '^#' $_fn ==========" >> $_out_fn
if [ "$_fn" != "shorewall.conf" ] ; then
grep -v '^#' $_fn >> $_out_fn
else
awk 'empty{if (!/^#/) print; empty=0} /^$/{empty=1}' $_fn >> $_out_fn
fi
fi
fi
fi
} # end grep_fn
function ls_dir
{
_dr=$1
if [ -d $_dr ] ; then
echo "========= cd $_dr ; ls -al ========" >> $_out_fn
cd $_dr
ls -al >> $_out_fn
fi
} # end ls_dir
function tail_fn
{
_fn=$1
if [ -e $_fn ] ; then
echo "======== tail -18 $_fn ==========" >> $_out_fn
tail -18 $_fn >> $_out_fn
fi
} # end tail_fn
#********************************
# check if commands are in $PATH
# and if not add them to PATH
#********************************
_path=""
type ifconfig > /dev/null 2>&1
if [ $? -ne 0 ] ; then
_path="${_path}/sbin:"
fi
type cat > /dev/null 2>&1
if [ $? -ne 0 ] ; then
_path="${_path}/bin:"
fi
type id > /dev/null 2>&1
if [ $? -ne 0 ] ; then
_path="${_path}/usr/bin:"
fi
if [ -n "$_path" ] ; then
PATH=${_path}$PATH
export PATH
fi
#********************************
# check if root and logged in correctly
#********************************
_uid=$(id --user)
if [ $_uid -ne 0 ] ; then
echo " "
echo "You need to be root to run $0"
echo "Click up a terminal and do the following:"
echo " "
echo "su - root"
echo "$PWD/xx"
echo " "
echo "or "
echo " "
echo "sudo -i"
echo "$PWD/xx"
echo " "
exit 1
fi
root_flg=1
if [ -n "$LOGNAME" ] ; then
if [ "$LOGNAME" != "root" ] ; then
root_flg=0
fi
fi
if [ -n "$USER" ] ; then
if [ "$USER" != "root" ] ; then
root_flg=0
fi
fi
if [ $root_flg -eq 0 ] ; then
echo " "
echo "Guessing you did a su root"
echo "instead of a su - root"
echo "please exit/logout of this session and do the following:"
echo " "
echo "su - root"
echo "$PWD/xx"
echo " "
echo "or "
echo " "
echo "sudo -i"
echo "$PWD/xx"
echo " "
exit 1
fi
#********************************
# main code starts here
#********************************
echo "Working, output will be in $_out_fn "
date > $_out_fn
chmod 666 $_out_fn
if [ -n "$_path" ] ; then
echo "======== echo $PATH ==========" >> $_out_fn
echo "$PATH" >> $_out_fn 2>&1
fi
cat_fn /etc/product.id
for _d in /etc/*release ; do
if [ ! -d $_d ] ; then
echo "======== cat $_d ==========" >> $_out_fn
cat $_d >> $_out_fn
fi
done
echo "======== uname -rvi =============" >> $_out_fn
uname -rvi >> $_out_fn
for _d in /etc/*version ; do
if [ ! -d $_d ] ; then
echo "======== cat $_d ==========" >> $_out_fn
cat $_d >> $_out_fn
fi
done
cat_fn /proc/*version
type lsb_release > /dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "======== lsb_release -a ==========" >> $_out_fn
lsb_release -a >> $_out_fn 2>&1
fi
echo " " >> $_out_fn
if [ -n "$SECURE_LEVEL" ] ; then
echo "msec security level is $SECURE_LEVEL" >> $_out_fn
fi
echo "
$(grep 'model name' /proc/cpuinfo)
$(grep 'cpu MHz' /proc/cpuinfo)
" >> $_out_fn
cat_fn /etc/urpmi/urpmi.cfg
echo "======== free ==========" >> $_out_fn
free >> $_out_fn 2>&1
echo " " >> $_out_fn
if [ -e /etc/inittab ] ; then
_line=$(grep :initdefault /etc/inittab)
set -- $(IFS=':'; echo $_line)
echo " " >> $_out_fn
echo "Default run level is $2" >> $_out_fn
echo " " >> $_out_fn
fi
type chkconfig > /dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "======== chkconfig --list ==========" >> $_out_fn
for _serv in avahi named tmdns ; do
chkconfig --list | grep -i $_serv > /dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "Double check if /$_serv/ needs to be disabled on boot" >> $_out_fn
chkconfig --list | grep -i $_serv >> $_out_fn
fi
done
chkconfig --list >> $_out_fn
else
echo "======== ls -o /etc/rcS.d/ ==========" >> $_out_fn
for _serv in avahi named tmdns ; do
ls /etc/rcS.d/S* | grep $_serv > /dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "Double check if /$_serv/ needs to be disabled on boot" >> $_out_fn
fi
done
ls -o /etc/rcS.d >> $_out_fn
fi
_fn=/etc/nsswitch.conf
if [ -e $_fn ] ; then
echo "======== grep hosts: $_fn ==========" >> $_out_fn
grep hosts: $_fn >> $_out_fn
fi
grep_fn /etc/resolv.conf
grep_fn /etc/resolvconf/resolv.conf.d/head
cat_fn /etc/resolvconf/resolv.conf.d/base
cat_fn /etc/resolvconf/resolv.conf.d/tail
echo "======== hostname --fqdn ==========" >> $_out_fn
hostname --fqdn >> $_out_fn
cat_fn /etc/netprofile/profiles/default/files/etc/hosts
cat_fn /etc/hostname
cat_fn /etc/HOSTNAME
ls /etc/mod*.conf > /dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "======== grep eth /etc/mod*.conf ==========" >> $_out_fn
grep eth /etc/mod*.conf >> $_out_fn
fi
cat_fn /etc/dhclient-enter-hooks
cat_fn /etc/dhclient-exit-hooks
grep_fn /etc/host.conf
echo "================ ifconfig -a ==============" >> $_out_fn
ifconfig -a >> $_out_fn
cat_fn /etc/iftab
cat_fn /etc/udev/rules.d/61-net_config.rules
echo "============== route -n =================" >> $_out_fn
route -n >> $_out_fn
cat_fn /etc/sysconfig/network/routes
cat_fn /etc/sysconfig/network
grep_fn /etc/mkinitramfs/initramfs.conf
echo "========== head -15 /etc/hosts ===========" >> $_out_fn
head -15 /etc/hosts >> $_out_fn
cat_fn /etc/network/interfaces
cat_fn /var/run/network/ifstate
cat_fn /etc/dhclient.conf
ethtool_flg=0
type ethtool > /dev/null 2>&1
if [ $? -eq 0 ] ; then
ethtool_flg=1
fi
mii-tool_flg=0
type mii-tool > /dev/null 2>&1
if [ $? -eq 0 ] ; then
mii-tool_flg=1
fi
for nic in 0 1 2 ; do
if [ $mii-tool_flg -eq 1 ] ; then
mii-tool -v eth$nic > /dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "======== mii-tool -v eth$nic ==========" >> $_out_fn
mii-tool -v eth$nic >> $_out_fn
fi
fi
if [ $ethtool_flg -eq 1 ] ; then
ethtool eth$nic > /dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "======== ethtool eth$nic ==========" >> $_out_fn
ethtool eth$nic >> $_out_fn
fi
fi
echo "=== dmesg | grep eth$nic | grep -v SRC= ===" >> $_out_fn
dmesg | grep eth$nic | grep -v SRC= >> $_out_fn
echo "=== grep eth$nic /var/log/messages | tail -10 ===" >> $_out_fn
grep eth$nic /var/log/messages | tail -10 >> $_out_fn
cat_fn /etc/sysconfig/network-scripts/ifcfg-eth$nic
cat_fn /etc/sysconfig/networking/devices/ifcfg-eth$nic
cat_fn /etc/sysconfig/networking/profiles/default/ifcfg-eth$nic
ifconfig eth$nic > /dev/null 2>&1
if [ $? -eq 0 ] ; then
set $(ifconfig eth$nic | tr [A-Z] [a-z])
cat_fn /etc/sysconfig/network/ifcfg-eth-id-$5
fi
tail_fn /var/lib/dhcp/dhclient-eth${nic}.leases
tail_fn /var/lib/dhclient/dhclient-eth${nic}.leases
tail_fn /etc/dhcpc/dhcpcd-eth${nic}.info
done # end for nic in 0 1 2 ; do
_dir=/etc/NetworkManager/dispatcher.d
if [ -d $_dir ] ; then
ls_dir $_dir
for _d in "if-up.d" "if-down.d" "if-pre-up.d" "if-post-down.d" ; do
if [ -e /etc/network/${_d} ] ; then
echo "==== cd /etc/network/${_d} ; ls -al ===" >> $_out_fn
cd /etc/network/${_d}
ls -al >> $_out_fn
fi
done
fi
if [ -d /etc/sysconfig/network-scripts ] ; then
for _d in "ifdown.d" "ifup.d" ; do
if [ -e /etc/sysconfig/network-scripts/${_d} ] ; then
_cmd="cd /etc/sysconfig/network-scripts/${_d} ; ls -al "
echo "===== $_cmd ====" >> $_out_fn
cd /etc/sysconfig/network-scripts/${_d}
ls -al >> $_out_fn
fi
done
fi
ls_dir /etc/dhcp3/dhclient-exit-hooks.d
ls_dir /etc/resolvconf/update.d
if [ -d /etc/shorewall ] ; then
_count=$(chkconfig --list shorewall | grep -c :on )
if [ $_count -gt 0 ] ; then
echo "======= Shorewall settings =========" >> $_out_fn
cd /etc/shorewall
for _f in $(ls) ; do
echo "======= $_f =========" >> $_out_fn
grep_fn $_f
done
fi
fi
cd $_home
grep_fn /etc/hosts.allow
grep_fn /etc/hosts.deny
echo "==== end of config/network data dump =======" >> $_out_fn
awk '{print $0 "\r" }' $_out_fn > $_dos_fn
chmod 666 $_dos_fn
echo " "
echo "If posting via linux, post contents of $_out_fn"
echo "You might want to copy it to your account with the command"
echo "cp $_out_fn ~your_login"
echo " "
echo "If posting via windows, post contents of $_dos_fn"
echo " "
echo "If using diskette,"
echo "Copy $_dos_fn to diskette with the following commands:"
echo " "
echo "mkdir -p /floppy"
echo "mount -t auto /dev/fd0 /floppy"
echo "cp $_dos_fn /floppy"
echo "umount /floppy "
echo " "
echo "and $_dos_fn is ready for windows from diskette"
echo " "
#*********** end of dump xx.txt script *********
----------- script ends above this line ------------------------
and then copy xx.txt to the diskette.
On some linux distributions, you may need to get into the User/Group
screen, show all users, double click root, create the password, and
enable root. Root's password should never be the same as anyone else's.
To move xx.txt from diskette to the linux box, click up a linux terminal
su - root
(root's passwd)
mkdir -p /floppy
mount -t auto /dev/fd0 /floppy
tr -d '\015' < /floppy/xx.txt > xx
chmod +x xx
./xx
Back on the windows OS, you can cut/paste the a:\dosa.txt into your reply
under windows.
Do not attach it.
When you do reply, please remove/trim my response/text/script from your reply
before you add in the results/output of the script.
If you are dual booting the box, you can copy xx.txt to linux from windows.
Note: The following assumes /dev/hda1 is where windows is installed on the
first partition on the C: drive
If you have sata drive, you may have to use /dev/sda1 instead of /dev/hda1.
cat /etc/fstab to see which value will be required.
Do keep quotes used in the following:
mkdir -p /doze
mount -t auto /dev/hda1 /doze
tr -d '\015' < "/doze/wherever/you_saved/xx.txt" > xx
umount /doze
On windows you can read dosa.txt from a linux partition if you installed
windows linux file system driver from
http://uranus.it.swin.edu.au/~jn/linux/explore2fs.htm
Remember to remove/uninstall it to allow your Windows Anti Virus
scanner to run faster.
Alan Secker
where it was before it started playing up. It is now clear that there were
two problems, the one in the WAG54GS was hiding the other - my settings.
I had to dust off an old Windows 98 machine and run it as a stand-alone
system in order to reset the WAG54GS. The support staff at Linksys are
excellent. They have to have the patience of saints to deal with this
stuff.
I think it could have been solved with a Linux standalone box but that meant
crawling around under desks to connect one and even then Linksys might use
that as an excuse again to refuse to exchange a device if it wasn't proven
to be faulty in an XP environment!
My local IP setting in the WAG54GS is 192.168.x.1 whereas when reset to
factory defaults, the WAG54GS makes it 192.168.1.1
While connected to the LAN it was conflicting with the gateway references
of 192.168.x.1 in the dhcp files I had configured on my file-server. This
had the effect of preventing me from getting into the WAG54GS.
So back to the beginning. The reason I wanted to shift dhcp to the
file-server in the first place was to enable the rest of the LAN to
continue to function even if the WAG54GS did go down but since it is
addressed by the settings in the dhcp etc parameter files on the
file-server, it now looks as though I can't. Does this mean I have go back
to static addresses? If I do, how much of a vulnerability would this
actually be?
Bit Twister
> Does this mean I have go back to static addresses? If I do, how
> much of a vulnerability would this actually be?
What vulnerability are you worried about?
Alan Secker
It has been put to me that a static address is an easier target
for a cracker to reach than a dynamically allocated one. Not being
a specialist, I have to accept what the trained and experienced
tell me. But as I have a firewall in place it occurred to me
that perhaps the likelihood of penetration was so low that static
addresses might be a better way to go, hence the question.
Bit Twister
> It has been put to me that a static address is an easier target
> for a cracker to reach than a dynamically allocated one.
True. But, depending on security through obscurity is unsafe.
> Not being a specialist, I have to accept what the trained and
> experienced tell me.
Yes, I can agree about security in layers, but, your Internet firewall
should be blocking all incoming originating connections.
As an oh, by the way, 192.168.x.x outgoing target packets should be
dropped by the first ISP router it hits.
> But as I have a firewall in place it occurred to me
> that perhaps the likelihood of penetration was so low that static
> addresses might be a better way to go, hence the question.
Firewalls have help with Internet side attacks so well, that Black Hats
are now going after applications behind the firewall.
Richest targets are known exploits which the user has not patched on
their system. Usually generated within 2 days after vendor has
released a fix. That is why I check for patches daily.
I do not wait for rpm updates for jre, firefox, thunderbird,...
I install those as soon as I know about an update on the vendor's site.
Right now, biggest problems I see in what I read, are crackers pushing
malware from web sites they have cracked and through ad/banners in
cracked ad servers. Blocking ad/tracking sites can help there.
"privoxy" on contrib mirror, helps there.
Java exploits. Running firefox with NoScript add on, help closes that window.
I use OpenDNS servers which blacklist known malware sites.
Some home routers have been cracked by website malware to use black
hat DNS servers, so I loaded bind to DNS my LAN IPs, and set
forwarders to use OpenDNS for external look ups.
That leaves your Internet applications as your weak link.
You can use something like "aide" from contrib mirror, to audit your system
for new/changed files.
I have separate linux accounts for each Internet activity which needs
a password and one for surfing. I have a desktop shortcut to run each
script. Script does a "sudo su - account_here" through a xterm.
The account's ~/.bash_profile launches the application, Example:
firefox $HOME/index.html
index.html has the urls I might visit for that account.
That keeps me from mis-typing a url and winding up on a malware site.
When I exit the application, I usually kick off a "at" job which runs
on the next minute and deletes and tars in a pristine copy for any
account using a browser.
I have separate linux accounts for each email account. That way a
Thunderbird exploit will not leak any information about other
accounts. Since I use separate email accounts for bank, creditcard,
family, friends,... I know who or which group leaked my email address.
Here is my privoxy install instructions with all the sites I block so far.
#***************** start privoxy.txt *********************************
click up a terminal
su - root
urpmi --wget privoxy --auto
You might consider getting a copy of my user.action file:
cp /etc/privoxy/user.action /etc/privoxy/user.action_orig
Then Copy my user.aciton file into /etc/privoxy/user.action
service privoxy restart
exit
exit
In firefox,
Edit->Preference->Advanced
Click Network tab
Connection
Settings button
click Manual proxy configuration:
HTTP Proxy: 127.0.0.1 Port: 8118
SSL Proxy: 127.0.0.1 Port: 8118
Click OK
Click Close
#********************* end privoxy.txt **************************
From the next ####### to end of reply is user.action file.
I hope your readers line wrap does not bit you. If nothing else
diff user.action_orig user.action to see where I added the sites to block.
######################################################################
#
# File : $Source: /cvsroot/ijbswa/current/user.action,v $
#
# $Id: user.action,v 1.7 2006/10/04 00:37:05 hal9 Exp $
#
# Purpose : User-maintained actions file, see
# http://www.privoxy.org/user-manual/actions-file.html
#
######################################################################
# This is the place to add your personal exceptions and additions to
# the general policies as defined in default.action. (Here they will be
# safe from updates to default.action.) Later defined actions always
# take precedence, so anything defined here should have the last word.
# See http://www.privoxy.org/user-manual/actions-file.html, or the
# comments in default.action, for an explanation of what an "action" is
# and what each action does.
# The examples included here either use bogus sites, or have the actual
# rules commented out (with the '#' character). Useful aliases are
# included in the top section as a convenience.
#############################################################################
# Aliases
#############################################################################
{{alias}}
#############################################################################
#
# Aliases must be defined before they are used and are local to the
# actions file that they are defined in, you can't use the ones from
# default.action, unless you repeat them here:
#
# These aliases just save typing later, and the alias names should
# be self explanatory.
#
+crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies}
allow-popups = -filter{all-popups} -kill-popups -filter{unsolicited-popups}
+block-as-image = +block +handle-as-image
-block-as-image = -block
# These aliases define combinations of actions that are useful for
# certain types of sites:
#
fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referer -kill-popups -prevent-compression
shop = -crunch-all-cookies allow-popups
# Your favourite blend of filters:
#
myfilters = +filter{html-annoyances} +filter{js-annoyances} +filter{all-popups}\
+filter{webbugs} +filter{banners-by-size} +filter{fun}
# Allow ads for selected useful free sites:
#
allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
#... etc. Customize to your heart's content.
## end aliases ########################################################
#######################################################################
# Begin examples: #####################################################
# Say you have accounts on some sites that you visit regularly, and you
# don't want to have to log in manually each time. So you'd like to allow
# persistent cookies for these sites. The allow-all-cookies alias defined
# above does exactly that, i.e. it disables crunching of cookies in any
# direction, and the processing of cookies to make them only temporary.
#
{ allow-all-cookies }
#.sourceforge.net
#sunsolve.sun.com
#slashdot.org
#.yahoo.com
#.msdn.microsoft.com
#.redhat.com
# Say the site where you do your homebanking needs to open popup
# windows, but you have chosen to kill popups uncoditionally by default.
# This will allow it for your-example-bank.com:
#
{ -filter{all-popups} -kill-popups }
.banking.example.com
# Some hosts and some file types you may not want to filter for
# various reasons:
#
{ -filter }
# Technical documentation is likely to contain strings that might
# erroneously get altered by the JavaScript-oriented filters:
#
#.tldp.org
#/(.*/)?selfhtml/
# And this stupid host sends streaming video with a wrong MIME type,
# so that Privoxy thinks it is getting HTML and starts filtering:
#
stupid-server.example.com/
# Example of a simple "block" action. Say you've seen an ad on your
# favourite page on example.com that you want to get rid of. You have
# right-clicked the image, selected "copy image location" and pasted
# the URL below while removing the leading http://, into a { +block }
# section. Note that { +handle-as-image } need not be specified, since
# all URLs ending in .gif will be tagged as images by the general rules
# as set in default.action anyway:
#
{ +block }
www.example.com/nasty-ads/sponsor.gif
.theweathernetwork.com/common/images/internalads/
/.*affiliate/
.cnn.net/cnn/.element/img/2.0/content/partners/
.cnn.com/virtual/ie/cnet/
.nytstore.com
.theweathernetwork.com/common/images/contest*
.theweathernetwork.com/common/images/feature*
.twistermc.com
worsethanfailure.com/Resources/Tizes
.zdnet.com.au/i/
poncho.ucomics.com
wt.o.nytimes.com
www.wulffmorgenthaler.com/flash/
i.a.cnn.net/cnn/images/time/
images.infoworld.com
.adinterax.com
images.gocomics.com/images/gc1/
.cc-dt.com
.andrewsmcmeel.com
.tokyofriends.com
.imagehosting.us/img
.it-observer.com/img/
calsun.canoe.ca/images/
i.a.cnn.net/cnn/.element/img/1.5/main/video/overlay/
i.cnn.net/cnn/.element/img/1.3/pipeline/keyframes/88x49/
.canoe.ca/Canoe/CanoeClassic/Images/btn*.*
.klipmart.com
.pointroll.com
.itwire.com.au/images/
.tribalfusion.com
.courttv.com/graphics/inc/
.nextag.com
.feedlounge.com
.cnn.net/cnn/cnn_adspaces/
images.businessweek.com/autos/
lxer.com/content/
.llnwd.net
.advertising.com
.google-analytics.com
.nyadmcncserve*.com/
boards.epicurious.com/templates/epicurious/images/gourmet.jpg
.600z.com
.backbeatmedia.com
news.com.com/i/ne/pg/
.egcorporate.org/phpads/
te.nytimes.com
.clicktracks.com
.tacoda.net
.adrevolver.com
theweathernetwork.com/common/flash/
.bizrate.com
.ad-logics.com
.imrworldwide.com
.comicspage.com/images/
.casalemedia.com
adimg.com.com
.interclick.com
.hitbox.com
.about.com
.dcswx.com
.eyereturn.com
.monkeyads.com
.hitslink.com
.dvlabs.com
.travelzoo.com
.dealtime.com
.midaddle.com
www.canoe.ca/EdmontonSunImages/
lemauricien.com/mauricien/pub/pub.gif
.web-merchand.com/
sc.msn.com
.devx.com
www.canoe.ca/Moneyimages/
.theahl.com
www.canoe.ca/JamHomeGraphics/
scripts.canoe.ca
media.msnbc.msn.com
msnbcmedia.msn.com
.kanoodle.com
te.businessweek.com
te.sfgate.com
.specificclick.net
209.210.181.2
.webtrendslive.com
.humanclick.com
.2o7.net
.360i.com
www.canoe.ca/NewHomeImages/ban*.*
.inet1.com
.statcounter.com
.clickability.com
shopping.msn.com
.centrport.net
.mnginteractive.com
.uclick.com
www.canoe.ca/Lifewise2Images/top-comics2.gif
.google.com/images/cleardot.gif
.konversation.com
.zedo.com
.interpolls.com
.lygo.com
.trafficfile.com
calgarysun.com/images/site/bn/
www.osviews.com/themes/osViews/images/linkbar/getpublished.gif
.maxserving.com
.adserver.com
.shopping.com
.zdmcirc.com
common.ziffdavisinternet.com
.fastclick.net
.passportimages.com
.surveymonkey.com
.checkm8.com
.eyewonder.com
/.*adimage*/*
/.*adserver/*
.247realmedia.com
robots.cnn.com
.eshop.msn.com
robots.cnnfn.com
.serving-sys.com
i.cnn.net/cnn/.element/img/1.1/misc/
i.a.cnn.net/cnn/.element/img/1.0/sect/LAW/
.ru4.com
ads2.osdn.com
.highbeam.com
.resellerratings.com
.tripadvisor.com
images.vnunet.com
.bridgetrack.com
.unicast.com
.webhitsdirect.com
.itnation.com
.dtmpub.com
.superpages.ca
.a1.yimg.com
.questionmarket.com
images.thestreet.com
events.theregister.co.uk
.egullet.com/adrotation/
.canoe.ca/CanoeHomepageImages/
imageads.canoe.ca
.scripps.com
/.*/*sponsor*/*
.nnselect.com
.dnps.com
.adbureau.net
.speedera.net
.proximi-t.com
/.*/*banner*/*
/advert*/*
.sageanalyst.net
/.*/cdxpo-top.gif
.falkag.net
.i.com.com
.targetnet.com
.thruport.com
.lfpress.com/adserver/
.tridentads.com
www.bns2.net
www.bns1.net
www.rgs2.net
www.rgs1.net
www.cms2.net
www.cms1.net
rps2.opera.com
rps1.opera.com
rgs2.opera.com
rgs1.opera.com
ins2.opera.com
ins1.opera.com
.adjuggler.com
.gatorcorporation.com
banner*.*
.xlontech.net/
www.comics.com/comics/peanuts/images/
.canoe.ca/londonimages/
.fyilondon.com/
i.a.cnn.net/cnn/LAW/images/martindale.gif
.realmedia.com
.googlesyndication.com/
.fyicalgary.com/
.fyiwinnipeg.com/
.fyiedmonton.com/
www.canoe.ca/Match_Com/
www.comics.com/images_new/
.*/ads/.*
.canoe.ca/AdsCanoe/
68.46.203.153/
logs.comics.com
.spinbox.net
i.cnn.net/cnn/LAW/images/martindale.gif
i.cnn.net/cnn/.element/img/1.0/sect/
mirror.canada.com/images/prCA39fs120x601.gif
track.
images.slashdot.org/banner/
168.143.181.42/
.infinit.com/
www.comics.com/comics/pearls/images/pearls_cafepress.gif
us.i1.yimg.com/us.yimg.com/i/promo/
adserver.
/.*/ads/.*
.canoe.ca/SunShopImages/
.ad-flow.com
sfads.osdn.com
.atdmt.com/
.mediaplex.com/
ads.
.doubleclick.net/
mirror.canada.com/barterads/
images.salon.com/src/
www.salon.com/Creatives/
.atwola.com/
130.94.70.82/~web_ani/
www.theregister.co.uk/media/
.ucomics.com/images/
www.canoe.ca/NewHomeImages/logo.gif
www.canoe.ca/NewHomeImages/ban_ad_subscribe.gif
.matchcontact.com/
toolbar.aol.com/
www.canoe.ca/TorontoSunImages/
media.exitravel.com
www.canoe.ca/AutoNet/
# The URLs of dynamically generated banners, especially from large banner
# farms, often don't use the well-known image file name extensions, which
# makes it impossible for Privoxy to guess the file type just by looking
# at the URL.
# You can use the +block-as-image alias defined above for these cases.
# Note that objects which match this rule but then turn out NOT to be an
# image are typically rendered as a "broken image" icon by the browser.
# Use cautiously.
#
{ +block-as-image }
#.doubleclick.net
#/Realmedia/ads/
#ar.atwola.com/
# Now you noticed that the default configuration breaks Forbes
# Magazine, but you were too lazy to find out which action is the
# culprit, and you were again too lazy to give feedback, so you just
# used the fragile alias on the site, and -- whoa! -- it worked. The
# 'fragile' aliases disables those actions that are most likely to break
# a site. Also, good for testing purposes to see if it is Privoxy that
# is causing the problem or not.
#
{ fragile }
#.forbes.com
# Here are some sites we wish to support, and we will allow their ads
# through.
#
{ allow-ads }
#.sourceforge.net
#.slashdot.org
#.osdn.net
# user.action is generally the best place to define exceptions and
# additions to the default policies of default.action. Some actions are
# safe to have their default policies set here though. So let's set a
# default policy to have a 'blank' image as opposed to the checkerboard
# pattern for ALL sites. '/' of course matches all URLs.
# patterns:
#
{ +set-image-blocker{blank} }
#/
## set vi:nowrap tw=72
#************** end user.action *************************************
David W. Hodgins
> It has been put to me that a static address is an easier target
> for a cracker to reach than a dynamically allocated one. Not being
If a cracker is specifically targetting you, then a static public ip
address makes it easier for them to find you, but doesn't make it any
easier for them to exploit your system.
Behind the router, it makes no difference, except that you can't forward
specific ports to specific systems, without upnp.
With upnp disabled on the router, you have to use static ip addresses on
the lan, if you want to forward some ports, for use by p2p, voip, or
servers, running on the lan.
Alan Secker
factory defaults and then made a manual reset. After that I
couldn't get to the router at all.
Linksys made me do it again but holding the reset button in
for 60 seconds. This time it did come back but once I
re-entered my settings it became inaccessible again!
This time nothing would get it back. Linksys only support
via Windows XP onwards. They say they will replace a faulty
device but only if proven to be faulty driven by a Windows
machine. Tomorrow I'm going to set one up but I have a
feeling that whatever happens, without buying a spare I
would be without a router for another week or two.
This brings me back to the network settings. I originally
thought that if I could move DHCP from the WAG54GS to my
file server, should the WAG have to be disconnected,
the LAN would still stay up. It doesn't. It is looking for
the Gateway value of 168.192.x.1 specified in the DHCP
set up. Can I get round this still using DHCP?
Alan Secker
> On Mon, 25 Feb 2008 09:03:41 +0000, Alan Secker wrote:
>
Thanks fo all that.I've save it to print and digest slowly.
Regards
Alan
Bit Twister
> Things have gone from bad to worse. I reset the WAG54GS to
> factory defaults and then made a manual reset. After that I
> couldn't get to the router at all.
Going to need more facts.
> Linksys made me do it again but holding the reset button in
> for 60 seconds.
Yep, manual indicates I have to hold my actiontec router for 15 seconds.
Help desk had me hold it for 30 then 60 seconds when it lost it's mind
on a Friday night. Verizon hot footed a tech with router out Saturday.
> This time it did come back but once I
> re-entered my settings it became inaccessible again!
> This time nothing would get it back. Linksys only support
> via Windows XP onwards.
Kinda sounds like a help desk tech knows s/he is going to lose points
for working a problem too long.
Now, let's say 168.192.1.1 is router's gateway after factory defaults
and you make no typing mistakes and take no shortcuts in my
instructions.
You set your nic eth0 connected to router up as static with with
168.192.1.10 and 168.192.1.1 gateway and your isp dns servers with no other
equipment connected to router using Mandriva Control Center.
I think you have to delete the connection then create it.
If not, I recommend you delete the connection then create it.
If you do a service network restart and can ping -c1 yahoo.com, you
know you have connectivity to the Internet and know static setup works
with router.
From now on, you do not use the Control Center, click up a terminal
su - root
and you can use a gui editor like kwrite or gedit or whatever editor
you like.
In /etc/sysconfig/network-scripts/ifcfg-eth0
Change
BOOTPROTO=static
to BOOTPROTO=dhcp
and under BOOTPROTO, add
PERSISTENT_DHCLIENT=yes
DHCPRELEASE=yes
DHCP_CLIENT=dhclient
reset router, and after it boots,
service network restart
service shorewall restart
ping -c1 yahoo.com
Proves everything and router is working with linux dhcp.
Next,
service network stop
and change ip range from .1. to say .20. in your router
You change all .1. to .20. in /etc/sysconfig/network-scripts/ifcfg-eth0
change BOOTPROTO=dhcp
to BOOTPROTO=static
reset router, after it boots,
service network restart
service shorewall restart
ping -c1 yahoo.com should still work.
If not, re-boot your pc just make sure router is not at fault for not
working when modify router settings.
Still broke, router is flaky.
If works. that would prove router holds your settings, and you know it
works with your settings and static linux.
Now edit /etc/sysconfig/network-scripts/ifcfg-eth0
change BOOTPROTO=static
to BOOTPROTO=dhcp
reset router, after it boots,
service network restart
service shorewall restart
ping -c1 yahoo.com should still work.
If no, re-boot pc just make sure linux is not at fault.
If it works, then it may be one of the values in ifcfg-eth0
Save a copy with
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/eth0
Get into the Control Center and delete eht0 and recreate it as
dhcp.
That should do the service network restart for you so just do the ping.
If ping fails,
service network restart
service shorewall restart
ping -c1 yahoo.com
Still fails,
In /etc/sysconfig/network-scripts/ifcfg-eth0
under BOOTPROTO, add
PERSISTENT_DHCLIENT=yes
DHCPRELEASE=yes
DHCP_CLIENT=dhclient
service network restart
service shorewall restart
ping -c1 yahoo.com
Should work, If not, start adding lines from /root/eth0
until network/shorewall/ping works.
> This brings me back to the network settings. I originally
> thought that if I could move DHCP from the WAG54GS to my
> file server, should the WAG have to be disconnected,
Sorry I can not help there.
I have a 4 port LinkSys switch between my router and the LAN systems.
All set to static.