FC3 problem with ip_forward / masquerade : no more DNS

Ian Fogarty ian.foggo at btinternet.com
Fri Nov 12 17:14:18 UTC 2004 

I think by adding to the firewall
-A RH-Firewall-1-INPUT -i eth1 -p udp --dport 53 -j ACCEPT

(--dport 53 is the destination port of 53 (DNS))

as it seems from the iptables dump, DNS lookups are taking place on UDP.

Please excuse me if the answer is wrong or my formatting is incorrect -
this is the first time of replying to a post so I am trying my best!!

Ian

-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] On Behalf Of
fedora-list-request at redhat.com
Sent: 12 November 2004 17:01
To: fedora-list at redhat.com
Subject: fedora-list Digest, Vol 9, Issue 152

Send fedora-list mailing list submissions to
	fedora-list at redhat.com

To subscribe or unsubscribe via the World Wide Web, visit
	http://www.redhat.com/mailman/listinfo/fedora-list
or, via email, send a message with subject or body 'help' to
	fedora-list-request at redhat.com

You can reach the person managing the list at
	fedora-list-owner at redhat.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of fedora-list digest..."


Today's Topics:

   1. Re: General proc. for uninstalling software? (Alexander Appel)
   2. Re: help,	why I cannot use graphical interface of remote
      workstation? (Mike Klinke)
   3. Re: FC3 problem with ip_forward / masquerade : no more DNS
      resolution (Pierre-Yves Berger)
   4. Re: FC3 performance on non-P4 CPUs (Dave Jones)
   5. Re: Yahoo mail downloaded to Ximian Evolution? (Paul Howarth)
   6. Re: [FC3] synaptics touchpad doesn't work at all (Julian Mayer)


----------------------------------------------------------------------

Message: 1
Date: Fri, 12 Nov 2004 17:35:18 +0100
From: Alexander Appel <alexander at caput.org>
Subject: Re: General proc. for uninstalling software?
To: fedora-list at redhat.com
Message-ID: <1100277318.3702.3.camel at hermes>
Content-Type: text/plain

Am Freitag, den 12.11.2004, 17:13 +0100 schrieb Hans Troost:
> Is there a general way to "uninstall" software and are there pitfalls
> I have 
> to avoid (and how).
> 
> Examples: I want to remove the whole XIMIAN stuff, I am happy with
> KMAIL, I 
> want to remove the whole MOZILLA-suite and replace it by a web-
> browser-only 
> program like Firefox and I want to remove a lot of other software I
> just 
> installed to try and no longer use.
> 
> My only installation experience up to now is with YUM (used update,
> install 
> and search) and RPM -IVH. Not further experience nor in general nor
> with 
> these programs.


A simple 'yum remove PROGNAME' will do the job. Example: 'yum remove
evolution' will remove the Ximian Evolution program (and everything that
depends on it) from your system. It may be possible (I can't remember if
it's only the FC1 Openoffice or the FC2 too) that Openoffice needs the
Mozilla package to run, so you may have to keep it if you want to use
Openoffice, but yum will tell you about every program it has to remove
to satisfy the dependencies.

Greetings,
Alexander Appel




------------------------------

Message: 2
Date: Fri, 12 Nov 2004 10:36:21 -0600
From: Mike Klinke <lsomike at futzin.com>
Subject: Re: help,	why I cannot use graphical interface of remote
	workstation?
To: For users of Fedora Core releases <fedora-list at redhat.com>
Message-ID: <200411121036.21332.lsomike at futzin.com>
Content-Type: text/plain;  charset="iso-8859-1"

On Friday 12 November 2004 09:39, Yang Xiao wrote:
 
>
> you need to enable X forwarding in sshd.conf, and on the client
> side, use ssh -X -l username host

Things have changed a little; from the FC3 release notes....

In addition, OpenSSH is no longer configured to request X11 
forwarding by default when connecting to servers. To enable X11 
forwarding, the -X or -Y option must be specified, or the 
ForwardX11 option must be enabled in the ~/.ssh/config file.

The behavior of ssh clients that are invoked with the -X flag has 
changed. In OpenSSH 3.8 and later, X11 forwarding is performed in a 
way that applications run as untrusted clients by default. 
Previously, X11 forwarding was performed so that applications 
always ran as trusted clients. Some applications may not function 
properly when run as untrusted clients. To forward X11 so that 
applications are run as trusted clients, invoke ssh with the -Y 
flag instead of the -X flag, or set ForwardX11Trusted in the 
~/.ssh/config file.


Regards, Mike Klinke



------------------------------

Message: 3
Date: Fri, 12 Nov 2004 17:40:12 +0100
From: Pierre-Yves Berger <linux at pyves.ch>
Subject: Re: FC3 problem with ip_forward / masquerade : no more DNS
	resolution
To: For users of Fedora Core releases <fedora-list at redhat.com>
Message-ID: <85C41BEF-34C9-11D9-8813-0003930A3872 at pyves.ch>
Content-Type: text/plain; charset=US-ASCII; format=flowed

On 11 nov. 04, at 18:27, Alexander Dalloz wrote:

> Am Do, den 11.11.2004 schrieb Pierre-Yves Berger um 18:14:
>
>> I just installed FC3 on a system I use as nat.
>> eth0 gets a dynamic address from my ISP.
>> eth1 has a static local address.
>>
>> I did the configuration as described in the NAT-HOWTO document
>> at www.netfilter.org.
>>
>> Now, from the computers on my local network, I cannot access Internet
>> using the names. I can access everything with ip numeric addresses.
>>  From the nat computer, I can access everything (names and numeric
>> addresses).
>
> This problem description normally says that the NATed hosts have no
> valid nameserver knowledge.
>
>> The computers on the local network have correct DNS entries and
worked
>> correctly before I swapped my old (hardware) unstable FC2 box with a
>> newer FC3 box.
>
> To where do the DNS entries on the NATed clients point?
>
>> Pierre-Yves
>
> Alexander

resolv.conf contains the following entries :
nameserver 80.83.47.10
nameserver 80.83.47.157

These are correct for my ISP.
I can ping them from my NATed client but nslookup or dig could not 
connect.

Then, I tried to log rejected packets in iptables on the NAT system and 
got those in
/var/log/messages

Nov 11 21:30:29 gate kernel: IN=eth1 OUT=eth0 SRC=x.x.x.x 
DST=80.83.47.157 \
LEN=58 TOS=0x00 PREC=0x00 TTL=63 ID=37097 PROTO=UDP SPT=2027 \
DPT=53 LEN=38
Nov 11 21:30:29 gate kernel: IN=eth1 OUT=eth0 SRC=x.x.x.x 
DST=80.83.47.10 \
LEN=58 TOS=0x00 PREC=0x00 TTL=63 ID=37100 PROTO=UDP SPT=2030 \
DPT=53 LEN=38
with x.x.x.x being my NATed client address.

So, I added a rule in iptables that says

-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT

at the beginning of the RH-Firewall-1-INPUT chain and I have again 
access to the world :-)

Is there a better way to do this ?

I may add that this is my home network with 2 Macs and a Linux system 
and users are not
a security risk, at least not deliberately.

Pierre-Yves



------------------------------

Message: 4
Date: Fri, 12 Nov 2004 11:41:31 -0500
From: Dave Jones <davej at redhat.com>
Subject: Re: FC3 performance on non-P4 CPUs
To: For users of Fedora Core releases <fedora-list at redhat.com>
Message-ID: <20041112164130.GD11111 at redhat.com>
Content-Type: text/plain; charset=us-ascii

On Fri, Nov 12, 2004 at 06:23:17PM +0200, Pasha wrote:
 > Hi,
 > 
 > FC3 release notes states that it is optimized for P4 processors. How
 > does this affect earlier CPUs? Will I gain anything if I recompile
 > kernel and glibc for my processor (P3)?
 
Instructions are scheduled (ordered) optimally for P4, but no
P4 specific instructions are used. As such it'll run just fine
on < P4's.  Recompiling will gain you a tiny percentage speed
increase, but probably nothing noticable.

		Dave



------------------------------

Message: 5
Date: Fri, 12 Nov 2004 16:51:21 +0000
From: Paul Howarth <paul at city-fan.org>
Subject: Re: Yahoo mail downloaded to Ximian Evolution?
To: For users of Fedora Core releases <fedora-list at redhat.com>
Message-ID: <4194EA09.9060608 at city-fan.org>
Content-Type: text/plain; charset=us-ascii; format=flowed

John Morrison wrote:
> I would also like to get this working, but so far i get logged in and
> nothing gets downloaded. I get the following:
> 
> Logging in securely via SSL as myusername on Fri Nov 12 16:00:51 2004
> You are using 4% of your 100.0MB limit.
> Successfully logged in as myusername.
> Country code : uk       Folder: Inbox   Version: 2.8.6
> Getting Message ID(s) for message(s) 1 - 12.
> Got 0 Message IDs
>

> Finished downloading 0 messages.
> 0 message(s) have been deleted.
> Logged out.
> 
> Any thoughts?

I'm getting this too (also a uk user). It looks like it's been happening
for a 
while too (I don't get much mail on the yahoo account so I didn't miss
it)! I 
downgraded back to version 2.8.5 and it appears to be working, so I
think this 
will need to be taken up with the author.

Paul.



------------------------------

Message: 6
Date: Fri, 12 Nov 2004 17:52:05 +0100
From: Julian Mayer <julianmayer at mac.com>
Subject: Re: [FC3] synaptics touchpad doesn't work at all
To: wleutwyl at columbus.rr.com,	For users of Fedora Core releases
	<fedora-list at redhat.com>
Message-ID: <2EAB1918-34CB-11D9-8137-000A95C2EA1C at mac.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed

hey thanks for your fast and helpful answer ;)
the sad news is it doesn't work (well i configured everything like you 
said and the pointer still doesn't move) ;(
here is what my /var/log/Xorg.0.log has to say:

"...
(**) |-->Input Device "Synaptics"
(**) |-->Input Device "Keyboard0"
(==) |-->Input Device "<default pointer>"
(WW) The core pointer device wasn't specified explicitly in the layout.
         Using the default mouse configuration.
...
(II) LoadModule: "synaptics"
(II) Loading /usr/X11R6/lib/modules/input/synaptics_drv.o
(II) Module synaptics: vendor="X.Org Foundation"
         compiled for 4.3.99.902, module version = 1.0.0
         Module class: X.Org XInput Driver
         ABI class: X.Org XInput driver, version 0.4
...
(II) Synaptics touchpad driver version 0.13.5
Synaptics no synaptics event device found (checked 3 nodes)
(**) Option "Device" "/dev/input/mice"
Query no Synaptics: 6003C8
(EE) Synaptics no synaptics touchpad detected and no repeater device
(EE) Synaptics Unable to query/initialize Synaptics hardware.
(EE) PreInit failed for input device "Synaptics"
(II) UnloadModule: "synaptics"
...
(WW) <default pointer>: No Device specified, looking for one...
(EE) <default pointer>: Cannot find which device to use.
(==) <default pointer>: Protocol: "Auto"
(**) Option "CorePointer"
(**) <default pointer>: Core Pointer
(EE) xf86OpenSerial: No Device specified.
(WW) <default pointer>: cannot open input device
(==) <default pointer>: Emulate3Buttons, Emulate3Timeout: 50
(==) <default pointer>: Buttons: 3
(II) XINPUT: Adding extended input device "<default pointer>" (type: 
MOUSE)
(II) XINPUT: Adding extended input device "Keyboard0" (type: KEYBOARD)
(EE) xf86OpenSerial: No Device specified.
(WW) <default pointer>: cannot open input device"

any ideas?
thanks, julian


> Here is the synaptics section from my xorg.conf
>
> Section "InputDevice"
> 	Identifier		"Synaptics"
> 	Driver		"synaptics"
> 	Option		"Device" "/dev/input/mice"
> 	Option		"Protocol" "auto-dev"
> 	Option		"Emulater3Buttons" "yes"
> EndSection
>
> Check the ServerLayout Section and make sure you have:
>
> InputDevice "Synaptics" "AlwaysCore"
>
> In the Module section make sure that you have:
>
> Load "synaptics"
>
> Hope this helps.
>>
>> hello all
>> i just installed FC3 on a Medion 5400 laptop (which has a synaptics
>> touchpad)
>> during the install i used a external USB mouse but since it only has
>> one button i wanted to get the touchpad to work (which doesn't work 
>> per
>> default).
>>
>> it seems it is really impossible to get the synaptics touchpad
working
>> on FC3, since kudzu doesn't see it at all:
>> "python
>>
>>>>> import kudzu
>>>>> kudzu.probe(kudzu.CLASS_MOUSE,kudzu.BUS_UNSPEC,kudzu.PROBE_ALL)
>>
>> []
>>
>>>>> kudzu.probe(kudzu.CLASS_UNSPEC,kudzu.BUS_PSAUX,kudzu.PROBE_ALL)
>>
>> [Desc:           AT Translated Set 2 keyboard
>> Driver:         ignore
>> Device:         None
>> ]"
>>
>> nevertheless i've tried the following:
>> 1. adding
>>   "Section "InputDevice"
>>   Identifier "Mouse0"
>>   Driver "mouse"
>>   Option "Protocol" "PS/2"
>>   Option "Device" "/dev/psaux"
>>   Option "Emulate3Buttons"
>>   Option "Emulate3Timeout" "50"
>>   Option "SendCoreEvents" "true"
>>   EndSection"
>> to my Xorg.conf, but since /dev/psaux doesn't exist, it doesnt work
>>
>> i also tried doing cd /dev;./MAKEDEV psaux
>>   but when i did "cat psaux" it says something like "no applicable
>> device found"
>>
>> in /dev/input only mice and mouse0 exist, which both only respond to
>> the external mouse...
>>
>> if i disconnect the USB mouse, mouse0 disappears...and no input
source
>> is left
>>
>> 2. i've also tried adding "psmouse.proto=imps" to the grup.conf, no
>> success
>>
>> 3. select the "synaptics touchpad" in system-config-mouse and do a
>> system-config-display --reconfig
>>
>> by reading fedoraforums.org posts i know that the touchpad worked
with
>> FC2, whats the deal?
>> can anyone help me?
>> thanks, julian



------------------------------

--
fedora-list mailing list
fedora-list at redhat.com
http://www.redhat.com/mailman/listinfo/fedora-list

End of fedora-list Digest, Vol 9, Issue 152
*******************************************

More information about the fedora-list mailing list