From owner-freebsd-isp Sun Sep 8 18:36:04 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA12217 for isp-outgoing; Sun, 8 Sep 1996 18:36:04 -0700 (PDT) Received: from pinky.junction.net (pinky.junction.net [199.166.227.12]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id SAA12118 for ; Sun, 8 Sep 1996 18:34:41 -0700 (PDT) Received: from sidhe.memra.com (sidhe.memra.com [199.166.227.105]) by pinky.junction.net (8.6.12/8.6.12) with ESMTP id RAA07438; Sun, 8 Sep 1996 17:46:26 -0700 Received: from localhost (michael@localhost) by sidhe.memra.com (8.6.12/8.6.12) with SMTP id SAA20217; Sun, 8 Sep 1996 18:29:17 -0700 Date: Sun, 8 Sep 1996 18:29:16 -0700 (PDT) From: Michael Dillon To: isp-marketing@sparknet.net cc: inet-access@earth.com Subject: Better mailing list for ISP CEO's In-Reply-To: <3.0b11.32.19960908190853.0113be88@mail.sparknet.net> Message-ID: Organization: Memra Software Inc. - Internet consulting MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Christopher, I think that your fundamental mistake here is that you are a marketing person trying to create a trade association of ISP's. I don't think this is workable. Trade associations have to be created by the industry itself and there are numerous other examples in numerous industries to show that this is the way to do things. What you are proposing here differs very little from what IDEA has been flogging for the past year, namely an ISP trade association run by marketing people who are essentially, outsiders to the industry. If ISP CEO's really want to join a non-technical mailing list to talk with others, don't mind a public forum and would like to steer clear of anti-trust issues by having a list that is not explicitly for ISP CEO's only, then may I suggest they send a subscribe message to com-priv-request@lists.psi.com com-priv is a venerable list for commercial Internet providers since the first commercial providers were created. Since it also includes media people, political analysts, telco executives, etc., it is not as likely to be seen as an anti-trust vehicle and yet you can still accomplish the goal of sharing ideas with other industry leaders, making your company visible to prospective buyers and/or shopping for aquisitions yourself. On Sun, 8 Sep 1996, Christopher Sevcik wrote: > * You're right in that it wasn't my intention to get involved in anti-trust > problems, as I had never even thought about that when I started the list. > My public invitation to all ceo's will prove my intentions. Ask your lawyer whether the courts will care about your publicly expressed intentions. Also ask whether a public invitation to all CEO's will lessen anyone's liability. > * You're right in that it won't be the lists fault if two ceo's collude to > share pricing and someone thinks it's anti-trust.... Ask your lawyer whether or not the list owner or other list members could have any liability if two ceo's on the list collude to fix prices. > but, what about the many > who have been sharing for years on other lists? How come no one has gotten > in trouble? Other lists are not for CEO's and the CEO's that are on the lists are small owner-operators. Governments tend to ignore small businesses. The liabilities from anti-trust are with respect to things like price-fixing and manipulating the market, not with respect to other aspects of a business such as marketing ideas or technical ideas. Whenever anyone on the other lists crosses the line, someone slaps them down too. > once in a while on inet-access....I am NOT justifying anti-trust activity as > ethical, I am only stating that if you'll go to the other lists archives, > I'll show you clear violations. If there truly are clear violations there in the archives then the DOJ may already be looking at laying charges. You'll never know until they decide what to do. But the more dangerous thing, IMHO, is when a disgruntled competitor lays the charges. In such a case they may well use historical records to show that the defendant has a history of antitrust violations. > * What if the big ISP's want to buy the small ISP's? What better forum for > ISP Ceo's to get together to get to know each other, so that when the right > business opportunity comes along, I am certain this list will be very > valuable to both parties. Are you saying that you want to buy some small ISP's and you are starting the list so you can go shopping? Quite frankly, I think there are better ways to shop for a company and better venues in which to meet prospective sellers face to face. > * Somehow I am going forward with this list...even if we have to ban > certain topics. There is just way too much value in pulling together the > minds of ISP's CEO's who can pool resources, resources from the mental world > as well as the physical.... so that the ultimate winner is the consumer! This is not a logical thought. There is no direct connection between benefit to the consumer and ISP CEO's pooling resources. It might be good, it might be bad, it might be indifferent. Better ask your lawyer to review that statement as well. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com From owner-freebsd-isp Mon Sep 9 08:45:36 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA26579 for isp-outgoing; Mon, 9 Sep 1996 08:45:36 -0700 (PDT) Received: from tchnet.tchnet.com (tchnet.tchnet.com [198.109.196.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA26574 for ; Mon, 9 Sep 1996 08:45:33 -0700 (PDT) Received: (from rnet@localhost) by tchnet.tchnet.com (8.6.12/8.6.9) id LAA28764; Mon, 9 Sep 1996 11:45:47 -0400 Date: Mon, 9 Sep 1996 11:45:47 -0400 (EDT) From: "R. A. Nethercott" To: freebsd-isp@freebsd.org Subject: Kermit Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I dont know if this would be the proper place to post this, so please be patient with me. I have a modem that lost it's init string and am having trouble with kermit. Here is what I am typing: kermit -l /dev/cuaa* -b 28800 ^ This is where I would type in the tty Currently, I am having problems with modems dg and dh. Would I put cuaadg or cuaag? Either way I try it, I am getting the error message: ?can't open device What am I doing wrong? Thanks, Roy R A Nethercott System Administrator Technet, Inc rnet@tchnet.com From owner-freebsd-isp Tue Sep 10 01:10:26 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA26817 for isp-outgoing; Tue, 10 Sep 1996 01:10:26 -0700 (PDT) Received: from mail.mcnet.ch (mail.mcnet.ch [193.5.163.9]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA26808 for ; Tue, 10 Sep 1996 01:10:21 -0700 (PDT) Received: from pcben.mcnet.ch (pcwin95.mcnet.ch [193.5.166.40]) by mail.mcnet.ch (8.6.9/8.3) with SMTP id KAA09818; Tue, 10 Sep 1996 10:17:32 +0200 Message-Id: <2.2.32.19960910081455.009a9890@mail.mcnet.ch> X-Sender: brossier@mail.mcnet.ch X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 10 Sep 1996 10:14:55 +0200 To: "S(pork)" From: Benoit Rossier Subject: Re: 3Com cards/quotas Cc: freebsd-isp@freebsd.org Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, >We almost exclusively run Linux here, and the 3Com cards work great. We >like to stick with one vendor/model as much as possible so spares are easy >to keep around. In the online handbook, I see the 3C509 has a note next >to it that says (buggy). It seems to be OK, but this will be a production >machine. What I'm wondering is whether the handbook is referring to 2.1 >or 2.1.5 or both and if the driver is truly buggy what might be >recommended as far as another ethernet card. We have 2 servers in production on 2.1.0 release with 3c509 and no problems. > >Also, there will be user accounts on this box, and I'd like to implement >quotas. The handbook has a nice how-to, but in /etc/sysconfig I see a >warning about turning on quotas. Is this still flakey, and could anyone >recommend whether or not the quota system would be OK on a production >machine? I don't know. > >I've got a third question as well (sorry): What is the upper limit on the >amount of memory FreeBSD 2.1 or 2.1.5 will recognize? > A copy of the faq: Due to the manner in which FreeBSD gets the memory size from the BIOS, it can only detect 16 bits worth of Kbytes in size (65535 Kbytes = 64MB). If you have more than 64MB, FreeBSD will only see the first 64MB. To work around this problem, you need to use the kernel option specified below. There is a way to get complete memory information from the BIOS, but we don't have room in the bootblocks to do it. Someday when lack of room in the bootblocks is fixed, we'll use the extended BIOS functions to get the full memory information...but for now we're stuck with the kernel option. options "MAXMEM=" Where n is your memory in Kilobytes. For a 128 MB machine, you'd want to use 131072 Regards, Benoit +---------------------------------------------------------------------+ | Benoit Rossier M&C Management & Communications SA | | Telecom Grand-Places 16 | | CH - 1700 Fribourg | | | | voice: +41 (0)37 22 06 36 fax: +41 (0)37 22 06 38 | | E-Mail: Benoit.Rossier@mcnet.ch http://www.mcnet.ch | +---------------------------------------------------------------------+ From owner-freebsd-isp Tue Sep 10 01:49:26 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA01591 for isp-outgoing; Tue, 10 Sep 1996 01:49:26 -0700 (PDT) Received: from smople.thehub.com.au (smople.thehub.com.au [203.17.162.10]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA01571 for ; Tue, 10 Sep 1996 01:49:20 -0700 (PDT) Received: (from richard@localhost) by smople.thehub.com.au (8.6.12/8.6.9) id SAA08083; Tue, 10 Sep 1996 18:46:46 +1000 Date: Tue, 10 Sep 1996 18:46:43 +1000 (EST) From: Richard J Uren To: freebsd-isp@freebsd.org Subject: Recommendations on password management. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, Im canvassing for opinion on password management & the best way to go about it. Im thinking of something like a master node where all passowrd changes are made and leaf nodes which perform the username/password lookups for local stuff (popper & ftp & radius ..). The central node would also handle user accounting etc .... as well. Any suggestions on the best way to meet these requirements ? Thanks & Cheers Richard From owner-freebsd-isp Tue Sep 10 02:49:05 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA05222 for isp-outgoing; Tue, 10 Sep 1996 02:49:05 -0700 (PDT) Received: from mail.think.com (Mail1.Think.COM [131.239.33.245]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA05217 for ; Tue, 10 Sep 1996 02:49:02 -0700 (PDT) Received: from Early-Bird.Think.COM (Early-Bird-1.Think.COM [131.239.146.105]) by mail.think.com (8.7.5/m3) with ESMTP id FAA14207; Tue, 10 Sep 1996 05:48:43 -0400 (EDT) Received: from compound.Think.COM (fergus-2.dialup.prtel.com [206.10.99.132]) by Early-Bird.Think.COM (8.7.5/e1) with ESMTP id FAA11585; Tue, 10 Sep 1996 05:48:13 -0400 (EDT) Received: (from alk@localhost) by compound.Think.COM (8.7.5/8.7.3) id EAA16704; Tue, 10 Sep 1996 04:44:48 -0500 (CDT) Date: Tue, 10 Sep 1996 04:44:48 -0500 (CDT) From: Tony Kimball Message-Id: <199609100944.EAA16704@compound.Think.COM> To: richard@thehub.com.au Cc: freebsd-isp@freebsd.org Subject: Recommendations on password management. References: Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Quoth Richard J. Uren on Tue, 10 September: : Im thinking of something like a master node where all passowrd changes : are made and leaf nodes which perform the username/password lookups for : local stuff (popper & ftp & radius ..). : : The central node would also handle user accounting etc .... as well. : Any suggestions on the best way to meet these requirements ? : cron rsync in a tree (if your net topo is stable, degnerate to star in the worst case) to keep passwd current. when supporting naive clients, you may wish to handle passwd changes by a mail processor. I can send you one in perl but you would need to modify it to support your authentication model -- should be trivial since your central node gets the connect info anyhow. From owner-freebsd-isp Tue Sep 10 03:30:40 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id DAA07548 for isp-outgoing; Tue, 10 Sep 1996 03:30:40 -0700 (PDT) Received: from al.imforei.apana.org.au (pjchilds@al.imforei.apana.org.au [202.12.89.41]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id DAA07525 for ; Tue, 10 Sep 1996 03:30:27 -0700 (PDT) Received: (from pjchilds@localhost) by al.imforei.apana.org.au (8.7.5/8.7.3) id TAA04597; Tue, 10 Sep 1996 19:58:12 GMT Date: Tue, 10 Sep 1996 19:58:12 GMT From: Peter Childs Message-Id: <199609101958.TAA04597@al.imforei.apana.org.au> To: richard@thehub.com.au, freebsd-isp@freebsd.org Subject: Re: Recommendations on password management. Newsgroups: apana.sa.lists.freebsd-isp X-Newsreader: TIN [version 1.2 PL2] Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <514d7d$40v@al.imforei.apana.org.au> you wrote: : Hi, Gday! Loved the cafe last time i was up in brizzy (hope i've got the right place) : Im canvassing for opinion on password management & the best way to : go about it. "man yp" talks about YP/NIS stuff.. but i've heard from a security point of view it sucks a little??? I guess it all depends on the scale of the system you want to use as the the system you implement. if you implement something too hacked up it may not scale too well, but if you use something too large then it may just not be the most cost/time/hastle effective way :) Well thats pointed out more questions than answers.. but i'd be interested in the replies to this one. Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object! From owner-freebsd-isp Tue Sep 10 07:03:33 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA17281 for isp-outgoing; Tue, 10 Sep 1996 07:03:33 -0700 (PDT) Received: from house.multinet.net (house.multinet.net [204.138.173.37]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id HAA17264 for ; Tue, 10 Sep 1996 07:03:28 -0700 (PDT) Received: (from graydon@localhost) by house.multinet.net (8.6.12/8.6.12) id JAA08742; Tue, 10 Sep 1996 09:53:08 -0400 Date: Tue, 10 Sep 1996 09:53:07 -0400 (EDT) From: Graydon Hoare To: Peter Childs cc: freebsd-isp@freebsd.org Subject: Re: Recommendations on password management. In-Reply-To: <199609101958.TAA04597@al.imforei.apana.org.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 10 Sep 1996, Peter Childs wrote: > In article <514d7d$40v@al.imforei.apana.org.au> you wrote: > > if you implement something too hacked up it may not scale too well, > but if you use something too large then it may just not be the > most cost/time/hastle effective way :) > > Well thats pointed out more questions than answers.. but i'd be > interested in the replies to this one. I'm at the stage where I'm considering my options for this exact problem, and I'm slowly edging towards a kerberized setup. Now out site is probably abnormal in that we've got a dial group of maybe 10 (!) lines and mostly service business clients who want to log in and pretend they are a virtual mail server, or update web pages we're holding for them. The dial group is on a bunch of netblazers which do speak kerberos... the current setup is to have one-line passwd files tftp'd around the network for each user and stored in a little users directory, but it's not necessary for all users who have email accounts to also have logins to the web server (undesirable security hole possibilities). The problem with using eBones (kerb) is that wu-ftpd-academ knows sweet nothing about kerberos, and neither does popper. However, since passwords are flying all over the network in plaintext anyway, I have devised a semi-solution which gives me better-than-it-could-be security without breaking all user tools. there's a little bit of perl glue, but basically the user only _thinks_ they have one password, but in reality there are local passwords for popper, local passwords on the shell/ftp accounts on the web machine, and kerb passwords stored in the kserver (which happens to be running on the mail server) users can use eudora to "change their password" which I am assuming won't happen as often as they login, and a script uses the foolishly simple eudora passwd-changer protocol to talk with SYS_setuid(), then kinit, then passwd, then passwd -l, then kdestroy (no proof that any of this works yet, mind you), it then uses a configuration file to pull users who are supposed to be able to use the web machine out of the master.passwd and squirts them across the lan via an rsh web -k -x pwd_mkdb. This is cool cause the users on the mailbox are all /nonexistent login shells, and telnetd/ftpd on all the machines don't accept root, standard rlogin is disabled, and rlogin -k -x and su are as secure as eBones can make them (haven't looked at the code). Essentially it pushes admin security and daily PPP login security into the kerberos realm (no pun intended) and leaves ftpd and popper and telnetd on user accounts nice and open, while centralizing password management for the netblazers. I am guessing this would scale for a while, but probably nowhere near the level some of the ISPs on this list are operating at. From owner-freebsd-isp Tue Sep 10 07:07:02 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA17517 for isp-outgoing; Tue, 10 Sep 1996 07:07:02 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA17495 for ; Tue, 10 Sep 1996 07:06:58 -0700 (PDT) From: felix@isot.isot.com Received: from isot.isot.com (www.isot.com.67.26.206.IN-ADDR.ARPA [206.26.67.224]) by who.cdrom.com (8.7.5/8.6.11) with SMTP id HAA06758 for ; Tue, 10 Sep 1996 07:06:52 -0700 (PDT) Received: from MHS by isot.isot.com with MHS id AJAMDDBE ; Tue, 10 Sep 1996 09:13:20 -0500 Date: Tue, 10 Sep 1996 09:12:50 -0500 Message-ID: Subject: Is it working? To: freebsd-isp@freebsd.org Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I don't seem to be receiving any mail on this new system. If you get this, would you respond please? Felix. From owner-freebsd-isp Tue Sep 10 07:38:34 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA19506 for isp-outgoing; Tue, 10 Sep 1996 07:38:34 -0700 (PDT) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id HAA19499 for ; Tue, 10 Sep 1996 07:38:28 -0700 (PDT) Received: from kmt.kmtnet.com by agora.rdrop.com with smtp (Smail3.1.29.1 #17) id m0v0Tvz-0008vIC; Tue, 10 Sep 96 07:37 PDT Received: (from marpat@localhost) by kmt.kmtnet.com (8.6.12/8.6.12) id KAA06289; Tue, 10 Sep 1996 10:32:57 -0400 Date: Tue, 10 Sep 1996 10:32:57 -0400 (EDT) From: Mark Patterson To: FreeBSD ISP List cc: Linux ISP List Subject: T1 offc. resell config In-Reply-To: <199607121936.PAA14518@etinc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi Folks, Looking for suggestions on how i might handle the following: We're considering having a full T1 dropped into a 13-story office building. Serveral of the tennents have expressed interest in getting access from us already. So we want to sell portions (fractionalize?) our T1 _within_ the office bldg. Outside the building a little later ;-) Initially, what's the *least* expensive way to go about this? We only have an initial budget of $10k. More if we can show a profit to the investors. Current equipment - an ET/5025 Router card (I think this card will do T1) in a x386-Linux box; a 56/64k Adtran CSU/DSU (with buy back option); FreeBSD P5/120mhz 32MB RAM, SCSI 2-1Gb HDD, 3Com-509 ethercard; and a x486-66 w/16mb RAM. Don't know if the building is wired to handle a T1. What equip. do i use to break up our T1 into resellable portions for potential clients ranging in need from 56kb - 128kb and above? Any and all suggestions appreciated. Thanks!!! -- Mark P. markp@kmtnet.com From owner-freebsd-isp Tue Sep 10 08:30:57 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA22546 for isp-outgoing; Tue, 10 Sep 1996 08:30:57 -0700 (PDT) Received: from patty.loop.net (patty.loop.net [204.179.169.20]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA22539 for ; Tue, 10 Sep 1996 08:30:46 -0700 (PDT) Received: from mlcoh.loop.com (mlcoh.loop.com [204.179.169.6]) by patty.loop.net (8.6.12/8.6.12) with SMTP id IAA01068 for ; Tue, 10 Sep 1996 08:30:22 -0700 Message-Id: <199609101530.IAA01068@patty.loop.net> Comments: Authenticated sender is From: "Greg Wiley" Organization: The Loop To: FreeBSD ISP List Date: Tue, 10 Sep 1996 08:31:27 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: T1 offc. resell config Priority: normal X-mailer: Pegasus Mail for Win32 (v2.42) Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk If you fractionalize your T-span, you'll need a routing port or switched virtual circuit port for each fraction you sell. Why not, instead, create an ethernet backbone resource for the building and charge tenants to hang on to that? You'll be capitalizing on the bursty nature of Inet traffic and so maintaining higher throughput for individual transactions. If you want differentiate usage levels, you could set up some kind of IP accounting but it might not be worth it. -greg From owner-freebsd-isp Tue Sep 10 10:07:55 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA27640 for isp-outgoing; Tue, 10 Sep 1996 10:07:55 -0700 (PDT) Received: from mail.calweb.com (mail.calweb.com [165.90.138.20]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA27635 for ; Tue, 10 Sep 1996 10:07:52 -0700 (PDT) Received: from web1.calweb.com (rdugaue@web1.calweb.com [165.90.138.10]) by mail.calweb.com (8.7.5/8.7.3) with SMTP id KAA01612; Tue, 10 Sep 1996 10:00:55 -0700 (PDT) Date: Tue, 10 Sep 1996 10:00:54 -0700 (PDT) From: Robert Du Gaue To: Greg Wiley cc: FreeBSD ISP List Subject: Re: T1 offc. resell config In-Reply-To: <199609101530.IAA01068@patty.loop.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Why not take a look at the product from emerging technologies (on their website). It's about $500, you put a second nic in your FreeBSD box, and then your able to throttle traffic coming from any IP through that Nic. On Tue, 10 Sep 1996, Greg Wiley wrote: > Date: Tue, 10 Sep 1996 08:31:27 +0000 > From: Greg Wiley > To: FreeBSD ISP List > Subject: Re: T1 offc. resell config > > If you fractionalize your T-span, you'll need a routing port or > switched virtual circuit port for each fraction you sell. Why not, > instead, create an ethernet backbone resource for the building and > charge tenants to hang on to that? You'll be capitalizing on the > bursty nature of Inet traffic and so maintaining higher throughput > for individual transactions. > > If you want differentiate usage levels, you could set up some kind > of IP accounting but it might not be worth it. > > -greg > -------------------------------------------------------------------------- Robert Du Gaue - rdugaue@calweb.com http://www.calweb.com President, CalWeb Internet Services Inc. (916) 641-9320 -------------------------------------------------------------------------- From owner-freebsd-isp Tue Sep 10 10:46:31 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA00463 for isp-outgoing; Tue, 10 Sep 1996 10:46:31 -0700 (PDT) Received: from mail.id.net (mail.id.net [199.125.1.6]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA00451 for ; Tue, 10 Sep 1996 10:46:16 -0700 (PDT) Received: from server.id.net (rls@server.id.net [199.125.1.10]) by mail.id.net (8.7.5/ID-Net) with ESMTP id NAA05848; Tue, 10 Sep 1996 13:47:57 -0400 (EDT) Received: (from rls@localhost) by server.id.net (8.7.5/8.7.3) id NAA27081; Tue, 10 Sep 1996 13:45:27 -0400 (EDT) From: Robert Shady Message-Id: <199609101745.NAA27081@server.id.net> Subject: Re: Is it working? In-Reply-To: from "felix@isot.isot.com" at "Sep 10, 96 09:12:50 am" To: felix@isot.isot.com Date: Tue, 10 Sep 1996 13:45:27 -0400 (EDT) Cc: freebsd-isp@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > I don't seem to be receiving any mail on this new system. If you get > this, would you respond please? I got it. -- Rob === _/_/_/_/_/ _/_/_/_/ _/_/ _/ _/_/_/_/_/ _/_/_/_/_/ _/ _/ _/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/_/_/_/_/ _/_/_/_/ _/ _/ _/_/_/_/_/ _/ Innovative Data Services Serving South-Eastern Michigan Internet Service Provider / Hardware Sales / Consulting Services Voice: (810)855-0404 / Fax: (810)855-3268 / Web: http://www.id.net From owner-freebsd-isp Tue Sep 10 11:18:45 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA03242 for isp-outgoing; Tue, 10 Sep 1996 11:18:45 -0700 (PDT) Received: from i-gw.dalsys.com (i-gw.dalsys.com [207.42.153.1]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA03236 for ; Tue, 10 Sep 1996 11:18:42 -0700 (PDT) Received: (from smap@localhost) by i-gw.dalsys.com (8.6.9/8.6.9) id NAA25345 for ; Tue, 10 Sep 1996 13:18:35 -0500 Received: from dev.dsc.dalsys.com(199.170.161.3) by i-gw.dalsys.com via smap (V1.3) id sma025343; Tue Sep 10 13:18:25 1996 Received: from richards.dsc.dalsys.com by dev.dsc.dalsys.com (AIX 3.2/UCB 5.64/8.6.12) id AA62214; Tue, 10 Sep 1996 13:28:08 -0500 Message-Id: <3235CD8F.409D@herald.net> Date: Tue, 10 Sep 1996 13:20:31 -0700 From: Richard Stanford Reply-To: richards@herald.net Organization: Herald Communications X-Mailer: Mozilla 3.0 (Win16; I) Mime-Version: 1.0 To: isp@freebsd.org Subject: IP aliassing. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk When specifying IP aliases, I seem to be able to get to them correctly whether I specify de0 (network interface) or lo0 as the interface to alias. Most of the examples I have seen use the ethernet IF as the one to alias ... is there a reason for this? If the lo0 shouldn't work, I must be doing something wrong ... if it is supposed to work, would it increase overhead as opposed to the de0 approach? Or reduce it? TIA! -Richard From owner-freebsd-isp Tue Sep 10 11:23:04 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA03570 for isp-outgoing; Tue, 10 Sep 1996 11:23:04 -0700 (PDT) Received: from mail.think.com (Mail1.Think.COM [131.239.33.245]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA03482 for ; Tue, 10 Sep 1996 11:21:41 -0700 (PDT) Received: from Early-Bird.Think.COM (Early-Bird-1.Think.COM [131.239.146.105]) by mail.think.com (8.7.5/m3) with ESMTP id OAA19305; Tue, 10 Sep 1996 14:21:20 -0400 (EDT) Received: from compound.Think.COM (fergus-27.dialup.prtel.com [206.10.99.158]) by Early-Bird.Think.COM (8.7.5/e1) with ESMTP id OAA18321; Tue, 10 Sep 1996 14:21:14 -0400 (EDT) Received: (from alk@localhost) by compound.Think.COM (8.7.5/8.7.3) id NAA06897; Tue, 10 Sep 1996 13:21:14 -0500 (CDT) Date: Tue, 10 Sep 1996 13:21:14 -0500 (CDT) From: Tony Kimball Message-Id: <199609101821.NAA06897@compound.Think.COM> To: marpat@kmtnet.com Cc: freebsd-isp@freebsd.org, linuxisp@lightning.com Subject: T1 offc. resell config References: <199607121936.PAA14518@etinc.com> Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Quoth Mark Patterson on Tue, 10 September: : : What equip. do i use to break up our T1 into resellable portions for : potential clients ranging in need from 56kb - 128kb and above? The cheapest thing for you to do is to sell ethernet drops. Moreover, it is very desirable from your client's perspective because they do not need a sync or isdn router, and they can take advantage of surplus available bandwidth. What you sell is not a fixed increment, but either a guaranteed minimum available bandwidth (using a bandwidth limiting router) or a statistical guarantee. In this way you can charge a premium price (due to superiority of service) while incurring lesser infrastructural costs than competing services. From owner-freebsd-isp Tue Sep 10 14:07:46 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA13789 for isp-outgoing; Tue, 10 Sep 1996 14:07:46 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA13583 for ; Tue, 10 Sep 1996 14:03:54 -0700 (PDT) Received: from gallup.cia-g.com (root@gallup.cia-g.com [206.206.162.10]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id OAA07362 for ; Tue, 10 Sep 1996 14:03:53 -0700 (PDT) Received: from gallup.cia-g.com (lithium@gallup.cia-g.com [206.206.162.10]) by gallup.cia-g.com (8.7.5/8.6.12) with SMTP id PAA10416; Tue, 10 Sep 1996 15:01:17 -0600 (MDT) Date: Tue, 10 Sep 1996 15:01:17 -0600 (MDT) From: Stephen Fisher To: Mark Patterson cc: FreeBSD ISP List , Linux ISP List Subject: Re: T1 offc. resell config In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 10 Sep 1996, Mark Patterson wrote: > Looking for suggestions on how i might handle the following: > We're considering having a full T1 dropped into a 13-story office building. > Serveral of the tennents have expressed interest in getting access from us > already. So we want to sell portions (fractionalize?) our T1 _within_ > the office bldg. Outside the building a little later ;-) > > Initially, what's the *least* expensive way to go about this? We only have > an initial budget of $10k. More if we can show a profit to the investors. You'll need more. Especially if you're in an area with good competition. > Current equipment - an ET/5025 Router card (I think this card will do T1) > in a x386-Linux box; a 56/64k Adtran CSU/DSU (with buy back option); > FreeBSD P5/120mhz 32MB RAM, SCSI 2-1Gb HDD, 3Com-509 ethercard; > and a x486-66 w/16mb RAM. Sounds good. > Don't know if the building is wired to handle a T1. Then the phone company will wire it. 56k through T1 only takes 2-pairs of wire. > What equip. do i use to break up our T1 into resellable portions for > potential clients ranging in need from 56kb - 128kb and above? Locally, you can use something called the "Ethernet Bandwidth Manager" from ET,inc. (www.etinc.com). You get a $400 discount on this if you buy it with one of their cards which you said you were doing so it's only around $100 IIRC. Put this on your gateway/router box (the 386 running Linux) and wire an ethernet to your other clients provided it's not too far then tell the bandwidth manager to limit all traffic going to and from the ip addresses of each client to, say, 128k if that's what they're paying for. See www.etinc.com for more details. (I don't have one, but they look nice and seem to solve your problem) For remote clients you need to either put together more router boxes, buy Non-PC routers, or use your currently box. For point to point lines you ned another csu/dsu and sync. card for each, for frame relay you can put multiple connections for lower speeds (PVCs) inside one T1 basically and still use that line for your T-1. Hope this helps... - Steve - Systems Manager - Community Internet Access - http://www.cia-g.com From owner-freebsd-isp Tue Sep 10 15:22:07 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA19285 for isp-outgoing; Tue, 10 Sep 1996 15:22:07 -0700 (PDT) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA19271 for ; Tue, 10 Sep 1996 15:22:01 -0700 (PDT) Received: (from danny@localhost) by panda.hilink.com.au (8.7.5/8.7.3) id IAA19375; Wed, 11 Sep 1996 08:21:47 +1000 (EST) Date: Wed, 11 Sep 1996 08:21:47 +1000 (EST) From: "Daniel O'Callaghan" To: Richard Stanford cc: isp@FreeBSD.org Subject: Re: IP aliassing. In-Reply-To: <3235CD8F.409D@herald.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 10 Sep 1996, Richard Stanford wrote: > When specifying IP aliases, I seem to be able to get to them correctly > whether I specify de0 (network interface) or lo0 as the interface to > alias. Most of the examples I have seen use the ethernet IF as the one > to alias ... is there a reason for this? I use lo0 for my aliases, but then I have aliased an entire class C network with the web box as the "gateway" to that net. So I don't need the ethernet interface to arp for the IP address. If you are just using spare IP addresses from your ethernet network, then you will need to be able to arp for the IP's. Danny From owner-freebsd-isp Tue Sep 10 15:50:52 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA21223 for isp-outgoing; Tue, 10 Sep 1996 15:50:52 -0700 (PDT) Received: from zola.trend1.com (obrien@zola.trend1.com [205.160.113.89]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA21125 for ; Tue, 10 Sep 1996 15:49:29 -0700 (PDT) Received: (from obrien@localhost) by zola.trend1.com (8.6.12/8.6.9) id SAA11043; Tue, 10 Sep 1996 18:33:16 -0400 Date: Tue, 10 Sep 1996 18:33:15 -0400 (EDT) From: "Matthew O'Brien" To: Tony Kimball cc: marpat@kmtnet.com, freebsd-isp@freebsd.org, linuxisp@lightning.com Subject: Re: [Linux-ISP] T1 offc. resell config In-Reply-To: <199609101821.NAA06897@compound.Think.COM> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk How do you provide ethernet drops? On Tue, 10 Sep 1996, Tony Kimball wrote: > Quoth Mark Patterson on Tue, 10 September: > : > : What equip. do i use to break up our T1 into resellable portions for > : potential clients ranging in need from 56kb - 128kb and above? > > The cheapest thing for you to do is to sell ethernet drops. > Moreover, it is very desirable from your client's perspective > because they do not need a sync or isdn router, and they can > take advantage of surplus available bandwidth. What you sell > is not a fixed increment, but either a guaranteed minimum available > bandwidth (using a bandwidth limiting router) or a statistical > guarantee. In this way you can charge a premium price (due to > superiority of service) while incurring lesser infrastructural > costs than competing services. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > To [un]subscribe to this list, contact linuxisp-request@lightning.com > Please send contributions for the mailing list to: linuxisp@lightning.com > Please contact the mailing-list-owner as: linuxisp-owner@lightning.com > From owner-freebsd-isp Tue Sep 10 16:20:10 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA22826 for isp-outgoing; Tue, 10 Sep 1996 16:20:10 -0700 (PDT) Received: from super-g.inch.com (spork@super-g.com [204.178.32.161]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA22681 for ; Tue, 10 Sep 1996 16:18:46 -0700 (PDT) Received: from localhost (spork@localhost) by super-g.inch.com (8.6.12/8.6.9) with SMTP id SAA18947; Tue, 10 Sep 1996 18:15:11 -0500 Date: Tue, 10 Sep 1996 18:15:10 -0500 (CDT) From: "S(pork)" X-Sender: spork@super-g.inch.com To: Tony Kimball cc: marpat@kmtnet.com, freebsd-isp@FreeBSD.ORG, linuxisp@lightning.com Subject: Re: T1 offc. resell config In-Reply-To: <199609101821.NAA06897@compound.Think.COM> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk We're looking at a similar test in our building before we move on to the rest of the city... We were thinking of putting an ethernet-ethernet router like a Cisco 2514 between our network and the ethernet switch that would distribute access to our various customers. We could set up some filters on the router that would disallow ftp/http servers and whatnot, and help keep things safe for our customers. Our big concern now is security BETWEEN clients... The only solutions I see so far are very expensive; with names like Cisco and BayNetworks... sigh. Charles spork@super-g.com On Tue, 10 Sep 1996, Tony Kimball wrote: > Quoth Mark Patterson on Tue, 10 September: > : > : What equip. do i use to break up our T1 into resellable portions for > : potential clients ranging in need from 56kb - 128kb and above? > > The cheapest thing for you to do is to sell ethernet drops. > Moreover, it is very desirable from your client's perspective > because they do not need a sync or isdn router, and they can > take advantage of surplus available bandwidth. What you sell > is not a fixed increment, but either a guaranteed minimum available > bandwidth (using a bandwidth limiting router) or a statistical > guarantee. In this way you can charge a premium price (due to > superiority of service) while incurring lesser infrastructural > costs than competing services. > From owner-freebsd-isp Tue Sep 10 16:40:48 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA24007 for isp-outgoing; Tue, 10 Sep 1996 16:40:48 -0700 (PDT) Received: from etinc.com (et-gw-fr1.etinc.com [204.141.244.98]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA23999 for ; Tue, 10 Sep 1996 16:40:42 -0700 (PDT) Received: from dialup-usr11.etinc.com (dialup-usr11.etinc.com [204.141.95.132]) by etinc.com (8.6.12/8.6.9) with SMTP id TAA29098; Tue, 10 Sep 1996 19:46:16 -0400 Date: Tue, 10 Sep 1996 19:46:16 -0400 Message-Id: <199609102346.TAA29098@etinc.com> X-Sender: dennis@etinc.com X-Mailer: Windows Eudora Version 2.0.3 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: "Matthew O'Brien" From: dennis@etinc.com (Dennis) Subject: Re: [Linux-ISP] T1 offc. resell config Cc: isp@freebsd.org Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >How do you provide ethernet drops? You could run 1 long thinnet cable to each location...or run all the locations to a repeater, or run twisted pair to a hub. Dennis > >On Tue, 10 Sep 1996, Tony Kimball wrote: > >> Quoth Mark Patterson on Tue, 10 September: >> : >> : What equip. do i use to break up our T1 into resellable portions for >> : potential clients ranging in need from 56kb - 128kb and above? >> >> The cheapest thing for you to do is to sell ethernet drops. >> Moreover, it is very desirable from your client's perspective >> because they do not need a sync or isdn router, and they can >> take advantage of surplus available bandwidth. What you sell >> is not a fixed increment, but either a guaranteed minimum available >> bandwidth (using a bandwidth limiting router) or a statistical >> guarantee. In this way you can charge a premium price (due to >> superiority of service) while incurring lesser infrastructural >> costs than competing services. >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> To [un]subscribe to this list, contact linuxisp-request@lightning.com >> Please send contributions for the mailing list to: linuxisp@lightning.com >> Please contact the mailing-list-owner as: linuxisp-owner@lightning.com >> > > From owner-freebsd-isp Tue Sep 10 17:01:14 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA25041 for isp-outgoing; Tue, 10 Sep 1996 17:01:14 -0700 (PDT) Received: from mail.think.com (Mail1.Think.COM [131.239.33.245]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA24945 for ; Tue, 10 Sep 1996 16:59:52 -0700 (PDT) Received: from Early-Bird.Think.COM (Early-Bird-1.Think.COM [131.239.146.105]) by mail.think.com (8.7.5/m3) with ESMTP id TAA00598; Tue, 10 Sep 1996 19:59:29 -0400 (EDT) Received: from compound.Think.COM ([206.147.16.34]) by Early-Bird.Think.COM (8.7.5/e1) with ESMTP id TAA01740; Tue, 10 Sep 1996 19:59:26 -0400 (EDT) Received: (from alk@localhost) by compound.Think.COM (8.7.5/8.7.3) id SAA19909; Tue, 10 Sep 1996 18:59:19 -0500 (CDT) Date: Tue, 10 Sep 1996 18:59:19 -0500 (CDT) From: Tony Kimball Message-Id: <199609102359.SAA19909@compound.Think.COM> To: spork@super-g.com Cc: freebsd-isp@FreeBSD.ORG, linuxisp@lightning.com Subject: Re: T1 offc. resell config References: <199609101821.NAA06897@compound.Think.COM> Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Quoth spork@super-g.com on Tue, 10 September: : We could set up some : filters on the router that would disallow ftp/http servers and whatnot, : and help keep things safe for our customers. Our big concern now is : security BETWEEN clients... Then you are not only acting as an Internet service provider -- you are managing the client intranet as well. Such services demand high premium rates. From owner-freebsd-isp Tue Sep 10 17:07:19 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA25362 for isp-outgoing; Tue, 10 Sep 1996 17:07:19 -0700 (PDT) Received: from mail.think.com (Mail1.Think.COM [131.239.33.245]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA25298 for ; Tue, 10 Sep 1996 17:05:56 -0700 (PDT) Received: from Early-Bird.Think.COM (Early-Bird-1.Think.COM [131.239.146.105]) by mail.think.com (8.7.5/m3) with ESMTP id UAA02489; Tue, 10 Sep 1996 20:05:47 -0400 (EDT) Received: from compound.Think.COM ([206.147.16.34]) by Early-Bird.Think.COM (8.7.5/e1) with ESMTP id UAA01826; Tue, 10 Sep 1996 20:05:37 -0400 (EDT) Received: (from alk@localhost) by compound.Think.COM (8.7.5/8.7.3) id TAA19921; Tue, 10 Sep 1996 19:05:38 -0500 (CDT) Date: Tue, 10 Sep 1996 19:05:38 -0500 (CDT) From: Tony Kimball Message-Id: <199609110005.TAA19921@compound.Think.COM> To: obrien@trend1.com Cc: freebsd-isp@freebsd.org, linuxisp@lightning.com Subject: Re: [Linux-ISP] T1 offc. resell config References: <199609101821.NAA06897@compound.Think.COM> Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Quoth Matthew O'Brien on Tue, 10 September: : How do you provide ethernet drops? That's going to depend strongly on the physical environment and the topology of your internal network, as well as your security and financial constraints. From owner-freebsd-isp Tue Sep 10 17:57:17 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA27366 for isp-outgoing; Tue, 10 Sep 1996 17:57:17 -0700 (PDT) Received: from alyssa.ai.net ([208.194.40.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id RAA27319 for ; Tue, 10 Sep 1996 17:55:54 -0700 (PDT) Received: (from nc@localhost) by alyssa.ai.net (8.6.12/8.6.12) id UAA11993; Tue, 10 Sep 1996 20:56:28 -0400 Date: Tue, 10 Sep 1996 20:56:27 -0400 (EDT) From: Network Coordinator To: "S(pork)" cc: Tony Kimball , marpat@kmtnet.com, freebsd-isp@freebsd.org, linuxisp@lightning.com Subject: Re: T1 offc. resell config In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Not that I'd say anything bad about Cisco, except with their IOS in backbone routers, ;-) Cisco Catalysts run about $3000 or less depending on where you go. You could theoretically build a multi port ethernet router out of a BSD box on a 486/133 AMD or something. Four or Five ethers easy, run gated and IPFW and you are in business (literally). Jerry Tagra American Information Network On Tue, 10 Sep 1996, S(pork) wrote: > We're looking at a similar test in our building before we move on to the > rest of the city... We were thinking of putting an ethernet-ethernet > router like a Cisco 2514 between our network and the ethernet switch that > would distribute access to our various customers. We could set up some > filters on the router that would disallow ftp/http servers and whatnot, > and help keep things safe for our customers. Our big concern now is > security BETWEEN clients... The only solutions I see so far are very > expensive; with names like Cisco and BayNetworks... sigh. > > Charles > > spork@super-g.com > > > On Tue, 10 Sep 1996, Tony Kimball wrote: > > > Quoth Mark Patterson on Tue, 10 September: > > : > > : What equip. do i use to break up our T1 into resellable portions for > > : potential clients ranging in need from 56kb - 128kb and above? > > > > The cheapest thing for you to do is to sell ethernet drops. > > Moreover, it is very desirable from your client's perspective > > because they do not need a sync or isdn router, and they can > > take advantage of surplus available bandwidth. What you sell > > is not a fixed increment, but either a guaranteed minimum available > > bandwidth (using a bandwidth limiting router) or a statistical > > guarantee. In this way you can charge a premium price (due to > > superiority of service) while incurring lesser infrastructural > > costs than competing services. > > > > From owner-freebsd-isp Tue Sep 10 20:20:23 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA04431 for isp-outgoing; Tue, 10 Sep 1996 20:20:23 -0700 (PDT) Received: from al.imforei.apana.org.au (pjchilds@al.imforei.apana.org.au [202.12.89.41]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA04422 for ; Tue, 10 Sep 1996 20:20:07 -0700 (PDT) Received: (from pjchilds@localhost) by al.imforei.apana.org.au (8.7.5/8.7.3) id MAA19915; Wed, 11 Sep 1996 12:49:32 GMT From: Peter Childs Message-Id: <199609111249.MAA19915@al.imforei.apana.org.au> Subject: Re: Recommendations on password management. In-Reply-To: from Richard J Uren at "Sep 11, 96 07:52:33 am" To: richard@thehub.com.au (Richard J Uren) Date: Wed, 11 Sep 1996 12:49:31 +0000 () Cc: freebsd-isp@freebsd.org X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > Gday! Loved the cafe last time i was up in brizzy (hope i've got > > the right place) > > Thats us ;-) Neat.. now if i'd know you were a FreeBSD shop i'd have been really impressed :) > We only need something simplistic & we have to store passwords in > plaintext on the main server (some people use CHAP with PPP). Well you can rewrite the authentication part of ppp to use whatever you want... I've done it here with ijppp (we use it for our server side ppp) so that it uses the /etc/password file (via system calls) rather than /etc/ppp/ppp.secret... > > if you implement something too hacked up it may not scale too well, > > but if you use something too large then it may just not be the > > most cost/time/hastle effective way :) > > Thats the trade off alrighty. The section in the handbook on kerbos looks interesting. I don't know how it would work across a distributed system, but it might be worth looking into a bit closer. With just a few machines (like a main server, admin machine, dialup server) or like, you might want to investigate the "ssh" port (secure shell) that includes scp (secure copy)... you could then just only update the password files on the "admin" machine, and scp them out to all the nodes... Food for thought.. Regards, Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object! From owner-freebsd-isp Tue Sep 10 21:39:00 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA09411 for isp-outgoing; Tue, 10 Sep 1996 21:39:00 -0700 (PDT) Received: from boris.clintondale.com (boris.clintondale.com [206.88.120.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA09404 for ; Tue, 10 Sep 1996 21:38:55 -0700 (PDT) Received: from localhost (matt@localhost) by boris.clintondale.com (8.7.5/8.7.3) with SMTP id AAA00194; Wed, 11 Sep 1996 00:22:02 -0400 (EDT) Date: Wed, 11 Sep 1996 00:22:02 -0400 (EDT) From: Matt Hamilton To: Peter Childs cc: Richard J Uren , freebsd-isp@FreeBSD.org Subject: Re: Recommendations on password management. In-Reply-To: <199609111249.MAA19915@al.imforei.apana.org.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > The section in the handbook on kerbos looks interesting. I don't know > how it would work across a distributed system, but it might be worth > looking into a bit closer. I know of a sysop that is trying to hack radius authentication into the logon for his machines. So when a user enters their usename and password it is encrypted and sent to a central radius server (that also controls the Portmasters and Ascends) for verification. This seems like a pretty good solution as it is secure and easily scalable and it fits in easily with his existing setup (as he already has a radius server for it to connect to). To make the job EVEN easier his user accounting package (UTA) has or is (I'm not sure this was a while ago) come out with a radius add on for their package. This means that the users info is entered once when the user subscribes and that's it! -Matt From owner-freebsd-isp Wed Sep 11 00:33:52 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA18539 for isp-outgoing; Wed, 11 Sep 1996 00:33:52 -0700 (PDT) Received: from smople.thehub.com.au (smople.thehub.com.au [203.17.162.10]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA18531 for ; Wed, 11 Sep 1996 00:33:48 -0700 (PDT) Received: (from richard@localhost) by smople.thehub.com.au (8.6.12/8.6.9) id RAA18627; Wed, 11 Sep 1996 17:30:47 +1000 Date: Wed, 11 Sep 1996 17:30:47 +1000 (EST) From: Richard J Uren To: Matt Hamilton cc: Peter Childs , freebsd-isp@freebsd.org Subject: Re: Recommendations on password management. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 11 Sep 1996, Matt Hamilton wrote: > > The section in the handbook on kerbos looks interesting. I don't know > > how it would work across a distributed system, but it might be worth > > looking into a bit closer. > > I know of a sysop that is trying to hack radius authentication into the > logon for his machines. So when a user enters their usename and password > it is encrypted and sent to a central radius server (that also controls > the Portmasters and Ascends) for verification. This seems like a pretty > good solution as it is secure and easily scalable and it fits in easily > with his existing setup (as he already has a radius server for it to > connect to). To make the job EVEN easier his user accounting package > (UTA) has or is (I'm not sure this was a while ago) come out with a radius > add on for their package. This means that the users info is entered once > when the user subscribes and that's it! > This sounds promising. We use radius here so that would make me extra happy. Ide be willing to contribute to the effort by porting usefull programs as well (popper, ftp etc ...). Is he using FreeBSD ? And which radius server ? Cheers Richard From owner-freebsd-isp Wed Sep 11 05:07:25 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA28397 for isp-outgoing; Wed, 11 Sep 1996 05:07:25 -0700 (PDT) Received: from monet.telebyte.nl (jvissers@monet.telebyte.nl [194.235.214.12]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA28391; Wed, 11 Sep 1996 05:07:20 -0700 (PDT) Received: (from jvissers@localhost) by monet.telebyte.nl (8.7.3/8.6.11) id OAA11744; Wed, 11 Sep 1996 14:07:04 +0200 From: Jos Vissers Message-Id: <199609111207.OAA11744@monet.telebyte.nl> Subject: Why does arp not work when ip-alias installed To: questions@freebsd.org, isp@freebsd.org Date: Wed, 11 Sep 1996 14:07:04 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, This is my final try on getting an answer on this. My employer is convinced that it all works well on Linux and wants to switch back. We have a network with several Livingston portmaster and a cisco router as gateway. Most of the dial-up ip addresses are on the same class c network as the servers and therefore arp -a should give the ethernet address of the portmaster for an address that is in use. It does on machines without an ip-alias. It doesn't on machines with ip-aliases. If this is supposed to be like this can somebody please explain why? The routing problem is solved by running routed which adds the dial-up ip addresses if somebody dials in. Our Linux machine has about 50 ip aliases and arp works fine on it without need for routed. To make things worse routed sometimes removes the default route and doesn't want to add it again unless you restart it. It really shouldn't be necesary to run routed should it? Jos -- Jos Vissers, System administrator Telebyte From owner-freebsd-isp Wed Sep 11 05:31:43 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA29678 for isp-outgoing; Wed, 11 Sep 1996 05:31:43 -0700 (PDT) Received: from mail.id.net (mail.id.net [199.125.1.6]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA29619 for ; Wed, 11 Sep 1996 05:30:20 -0700 (PDT) Received: from server.id.net (rls@server.id.net [199.125.1.10]) by mail.id.net (8.7.5/ID-Net) with ESMTP id IAA12211; Wed, 11 Sep 1996 08:33:08 -0400 (EDT) Received: (from rls@localhost) by server.id.net (8.7.5/8.7.3) id IAA02667; Wed, 11 Sep 1996 08:30:19 -0400 (EDT) From: Robert Shady Message-Id: <199609111230.IAA02667@server.id.net> Subject: Re: T1 offc. resell config In-Reply-To: from S at "Sep 10, 96 06:15:10 pm" To: spork@super-g.com (S) Date: Wed, 11 Sep 1996 08:30:18 -0400 (EDT) Cc: alk@think.com, marpat@kmtnet.com, freebsd-isp@FreeBSD.ORG, linuxisp@lightning.com X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > We're looking at a similar test in our building before we move on to the > rest of the city... We were thinking of putting an ethernet-ethernet > router like a Cisco 2514 between our network and the ethernet switch that > would distribute access to our various customers. We could set up some > filters on the router that would disallow ftp/http servers and whatnot, > and help keep things safe for our customers. Our big concern now is > security BETWEEN clients... The only solutions I see so far are very > expensive; with names like Cisco and BayNetworks... sigh. Stay away from the Cisco 2514's as well, they don't have enough power to handle crap above T1 speeds.. We started out using a Cisco 2514, two ethernets, and two T1's... The T1's worked fine (as far as we could tell) but doing an FTP or similiar from ethernet to ethernet segment would literally bring down both T1's (timeout's would be my guess), and max thru-put would be ~200K per second. We switched to a FreeBSD box with 3 100 Mbit, and two 10 Mbit ethernet cards on a 486-DX4-120 Mhz box with 32 MB of RAM running Gated w/OSPF & BGP-4, which in turn is speaking OSPF & BGP-4 with our Cisco.. Works rather well, and we do have IP Firewalling setup to provide security between nets if needed. -- Rob === _/_/_/_/_/ _/_/_/_/ _/_/ _/ _/_/_/_/_/ _/_/_/_/_/ _/ _/ _/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/_/_/_/_/ _/_/_/_/ _/ _/ _/_/_/_/_/ _/ Innovative Data Services Serving South-Eastern Michigan Internet Service Provider / Hardware Sales / Consulting Services Voice: (810)855-0404 / Fax: (810)855-3268 / Web: http://www.id.net From owner-freebsd-isp Wed Sep 11 06:58:29 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA03967 for isp-outgoing; Wed, 11 Sep 1996 06:58:29 -0700 (PDT) Received: from boris.clintondale.com (boris.clintondale.com [206.88.120.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA03949 for ; Wed, 11 Sep 1996 06:58:25 -0700 (PDT) Received: from localhost (matt@localhost) by boris.clintondale.com (8.7.5/8.7.3) with SMTP id JAA01046; Wed, 11 Sep 1996 09:47:45 -0400 (EDT) Date: Wed, 11 Sep 1996 09:47:45 -0400 (EDT) From: Matt Hamilton To: Richard J Uren cc: Peter Childs , freebsd-isp@freebsd.org Subject: Re: Recommendations on password management. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 11 Sep 1996, Richard J Uren wrote: > This sounds promising. We use radius here so that would make > me extra happy. Ide be willing to contribute to the effort by > porting usefull programs as well (popper, ftp etc ...). > > Is he using FreeBSD ? And which radius server ? I will have to check with him as this was a while ago, I'm not sure if he completed the project or not. He is using serveral platforms, SunOS, Solaris, and FreeBSD. The RADIUS he uses is Ascends radius server with a couple of his own hacks. I'll pass this message on to him and see what he's up to. -Matt From owner-freebsd-isp Wed Sep 11 07:33:08 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA06272 for isp-outgoing; Wed, 11 Sep 1996 07:33:08 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA06266 for ; Wed, 11 Sep 1996 07:33:05 -0700 (PDT) Received: from etinc.com (et-gw-fr1.etinc.com [204.141.244.98]) by who.cdrom.com (8.7.5/8.6.11) with SMTP id HAA08893 for ; Wed, 11 Sep 1996 07:33:03 -0700 (PDT) Received: from dialup-usr11.etinc.com (dialup-usr11.etinc.com [204.141.95.132]) by etinc.com (8.6.12/8.6.9) with SMTP id KAA04366; Wed, 11 Sep 1996 10:37:22 -0400 Date: Wed, 11 Sep 1996 10:37:22 -0400 Message-Id: <199609111437.KAA04366@etinc.com> X-Sender: dennis@etinc.com X-Mailer: Windows Eudora Version 2.0.3 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: "S(pork)" From: dennis@etinc.com (Dennis) Subject: Re: T1 offc. resell config Cc: isp@freebsd.org Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >We're looking at a similar test in our building before we move on to the >rest of the city... We were thinking of putting an ethernet-ethernet >router like a Cisco 2514 between our network and the ethernet switch that >would distribute access to our various customers. We could set up some >filters on the router that would disallow ftp/http servers and whatnot, >and help keep things safe for our customers. Our big concern now is >security BETWEEN clients... The only solutions I see so far are very >expensive; with names like Cisco and BayNetworks... sigh. > >Charles > >spork@super-g.com Why would you even consider these options, when you could do everything you want with a dual card freebsd box for less money... plus the 2514 will choke at about 3Mb/s and you can do full 10Mbs easily with FBSD. Dennis From owner-freebsd-isp Wed Sep 11 08:44:05 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA10400 for isp-outgoing; Wed, 11 Sep 1996 08:44:05 -0700 (PDT) Received: from beauty.nacamar.de (root@beauty.nacamar.de [194.112.16.36]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA10354; Wed, 11 Sep 1996 08:43:55 -0700 (PDT) Received: from petzi (petzi.nacamar.de [194.162.54.13]) by beauty.nacamar.de (8.7.3/8.7.3) with SMTP id RAA21861; Wed, 11 Sep 1996 17:48:21 +0200 Message-Id: <2.2.32.19960911134348.002d3f28@mail.nacamar.de> X-Sender: petzi@mail.nacamar.de X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 11 Sep 1996 15:43:48 +0200 To: isp@freebsd.org, hackers@freebsd.org From: Michael Beckmann Subject: INN trouble with too many files open Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello, I have made a news installation with the 2.2-960801-SNAP and INN 1.4unoff4 . I am receiving a streaming feed from one site, and whenever that site starts to feed me, my innd throttles after a while, with a message: Server throttled Too many open files writing article file -- throttling The weird thing is, that I have already compiled a kernel with maxusers set to 256, and that I have used sysctl and set the maximum number of files to 20.000 , but it didn't help. I must have overlooked something. Here is the output from sysctl: news: {154} sysctl -a kern.ostype: FreeBSD kern.osrelease: 2.2-960801-SNAP kern.osrevision: 199506 kern.version: FreeBSD 2.2-960801-SNAP #0: Wed Sep 11 16:08:03 MET DST 1996 petzi@peanuts.nacamar.de:/usr/src/sys/compile/NEWSCONF kern.maxvnodes: 7900 kern.maxproc: 4116 kern.maxfiles: 20000 kern.argmax: 65536 kern.securelevel: -1 kern.hostname: news.nacamar.de kern.hostid: 0 kern.clockrate: { hz = 100, tick = 10000, profhz = 1024, stathz = 128 } kern.posix1version: 198808 kern.ngroups: 16 kern.job_control: 1 kern.saved_ids: 1 kern.boottime: { sec = 842451193, usec = 525989 } Wed Sep 11 16:13:13 1996 kern.domainname: kern.update: 30 kern.osreldate: 199608 kern.bootfile: /kernel kern.maxfilesperproc: 8232 kern.maxprocperuid: 4115 kern.dumpdev: -1 kern.somaxconn: 128 kern.maxsockbuf: 262144 kern.ps_strings: -272637968 kern.usrstack: -272637952 kern.acct_suspend: 2 kern.acct_resume: 4 kern.acct_chkfreq: 15 kern.sockbuf_waste_factor: 8 .... Any ideas ? All help is appreciated. Michael Beckmann From owner-freebsd-isp Wed Sep 11 09:18:49 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA12235 for isp-outgoing; Wed, 11 Sep 1996 09:18:49 -0700 (PDT) Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id JAA12208; Wed, 11 Sep 1996 09:18:43 -0700 (PDT) Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <15953(1)>; Wed, 11 Sep 1996 09:11:39 PDT Received: from localhost by crevenia.parc.xerox.com with SMTP id <177595>; Wed, 11 Sep 1996 09:09:14 -0700 To: Jos Vissers cc: questions@freebsd.org, isp@freebsd.org Subject: Re: Why does arp not work when ip-alias installed In-reply-to: Your message of "Wed, 11 Sep 96 05:07:04 PDT." <199609111207.OAA11744@monet.telebyte.nl> Date: Wed, 11 Sep 1996 09:09:02 PDT From: Bill Fenner Message-Id: <96Sep11.090914pdt.177595@crevenia.parc.xerox.com> Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199609111207.OAA11744@monet.telebyte.nl> you write: >We have a network with several Livingston portmaster and a >cisco router as gateway. Most of the dial-up ip addresses are on >the same class c network as the servers and therefore arp -a >should give the ethernet address of the portmaster for an >address that is in use. > >It does on machines without an ip-alias. >It doesn't on machines with ip-aliases. Are machines with IP aliases still able to contact these hosts? What does "netstat -nr" show on the machines with aliases? Could you give us a more complete description of your configuration, including the commands that you use to add the aliases and the "netstat -nr" from both the working machines and the non-working machines? Thanks, Bill From owner-freebsd-isp Wed Sep 11 09:19:42 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA12351 for isp-outgoing; Wed, 11 Sep 1996 09:19:42 -0700 (PDT) Received: from hon.hn ([206.48.105.210]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA12323 for ; Wed, 11 Sep 1996 09:19:34 -0700 (PDT) Received: from hon.hn.hon.hn (si1.hon.hn [206.48.253.70]) by hon.hn (8.7.5/8.7.3) with SMTP id KAA12535 for ; Wed, 11 Sep 1996 10:18:40 -0600 (CST) Message-ID: <32363E08.67F2@hon.hn> Date: Wed, 11 Sep 1996 10:20:25 +0600 From: "Samuel E. Romero" Reply-To: ser@hon.hn Organization: Honduras On Net X-Mailer: Mozilla 3.0Gold (Win95; I) MIME-Version: 1.0 To: FreeBSD ISP Mailing List Subject: Additional pop accounts - how? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi!, How can I create additional pop-only accounts for a login account?. I've seen that advertised in some places and I'd like to know how to doit. Somebody knows? or where can I found the info? Thks. From owner-freebsd-isp Wed Sep 11 10:42:19 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA17348 for isp-outgoing; Wed, 11 Sep 1996 10:42:19 -0700 (PDT) Received: from radio.nwpros.com (nwpros.com [205.229.128.214]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA17343 for ; Wed, 11 Sep 1996 10:42:14 -0700 (PDT) Received: from rickbox.nwpros.com (rickbox.nwpros.com [205.229.128.217]) by radio.nwpros.com (8.6.12/8.6.12) with SMTP id MAA03710 for ; Wed, 11 Sep 1996 12:42:39 -0500 Message-Id: <1.5.4.32.19960911175428.0068dd10@nwpros.com> X-Sender: rickg@nwpros.com X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 11 Sep 1996 12:54:28 -0500 To: isp@freebsd.org From: Rick Gray Subject: Netscape error Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I seached the database and only came up with the same question I am about to ask and no answer was posted. I'm trying to install Netscape 3.0 and typing 'make' only gives a checksum error. What's the solution to this? Thanks. ************************************************ Rick Gray Director of Internet Services Network Pros, Inc. rickg@nwpros.com (713)780-5900 "It is a good day to die." ----Klingon Philosophy ************************************************ From owner-freebsd-isp Wed Sep 11 10:43:45 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA17404 for isp-outgoing; Wed, 11 Sep 1996 10:43:45 -0700 (PDT) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA17399 for ; Wed, 11 Sep 1996 10:43:42 -0700 (PDT) Received: from i-gw.dalsys.com by agora.rdrop.com with smtp (Smail3.1.29.1 #17) id m0v0tJl-0008vhC; Wed, 11 Sep 96 10:43 PDT Received: (from smap@localhost) by i-gw.dalsys.com (8.6.9/8.6.9) id MAA08355; Wed, 11 Sep 1996 12:39:24 -0500 Received: from dev.dsc.dalsys.com(199.170.161.3) by i-gw.dalsys.com via smap (V1.3) id sma008353; Wed Sep 11 12:39:21 1996 Received: from richards.dsc.dalsys.com by dev.dsc.dalsys.com (AIX 3.2/UCB 5.64/8.6.12) id AA63200; Wed, 11 Sep 1996 12:49:10 -0500 Message-Id: <3237160F.183@herald.net> Date: Wed, 11 Sep 1996 12:42:07 -0700 From: Richard Stanford Reply-To: richards@herald.net Organization: Herald Communications X-Mailer: Mozilla 3.0 (Win16; I) Mime-Version: 1.0 To: ser@hon.hn Cc: isp@freebsd.org Subject: Re: Additional pop accounts - how? References: <32363E08.67F2@hon.hn> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Samuel E. Romero wrote: > How can I create additional pop-only accounts for a login account?. > I've seen that advertised in some places and I'd like to know how to > doit. > Somebody knows? or where can I found the info? > Thks. Well, you could add a user to your mail machine only with no shell... that should do the trick. -Richard From owner-freebsd-isp Wed Sep 11 10:45:34 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA17498 for isp-outgoing; Wed, 11 Sep 1996 10:45:34 -0700 (PDT) Received: from presence.lglobal.com ([207.107.12.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA17493 for ; Wed, 11 Sep 1996 10:45:29 -0700 (PDT) Received: from presence.lglobal.com (drop@presence.lglobal.com [207.107.12.2]) by presence.lglobal.com (8.6.12/8.6.12) with SMTP id PAA08768; Wed, 11 Sep 1996 15:05:02 -0400 Date: Wed, 11 Sep 1996 15:05:02 -0400 (EDT) From: Colin Ryan To: "Samuel E. Romero" cc: FreeBSD ISP Mailing List Subject: Re: Additional pop accounts - how? In-Reply-To: <32363E08.67F2@hon.hn> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 11 Sep 1996, Samuel E. Romero wrote: Depends. If they have a legitamite PPP account already and you they just want another POP box, create the user but give home directory of /dev/null and /bin/false(or some other fake shell) as there shell. Then they cannot ftp or telnet to the account but popper works(unless you have user mail in there own home directories) If you want POP e-mail only accounts it's a bit trickier in that you do the above but must set filters on there PPP connection allowing only UDP,POP,DNS packets. > Hi!, > > How can I create additional pop-only accounts for a login account?. > I've seen that advertised in some places and I'd like to know how to > doit. > Somebody knows? or where can I found the info? > Thks. > -------------------------------\\|!|//------------------------------- | Colin P. Ryan \!/ Cyber- | | Local GlobalAccess Inc.....More than Just a Provider! Rights | | 320 1/2 Bloor St. W. Toronto. ON NOW !! | | e:drop@lglobal.com Phone: (416)515-7400| --------------------------------------------------------------------- From owner-freebsd-isp Wed Sep 11 11:43:47 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA20940 for isp-outgoing; Wed, 11 Sep 1996 11:43:47 -0700 (PDT) Received: from super-g.inch.com (spork@super-g.com [204.178.32.161]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA20933 for ; Wed, 11 Sep 1996 11:43:45 -0700 (PDT) Received: from localhost (spork@localhost) by super-g.inch.com (8.6.12/8.6.9) with SMTP id NAA20517; Wed, 11 Sep 1996 13:40:25 -0500 Date: Wed, 11 Sep 1996 13:40:24 -0500 (CDT) From: "S(pork)" X-Sender: spork@super-g.inch.com To: Dennis cc: isp@freebsd.org Subject: Re: T1 offc. resell config In-Reply-To: <199609111437.KAA04366@etinc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk The reason that we're looking at commercial products is that this initial "trial" in our building is both a sales and engineering trial... If we go to BigCo.com and say "we'll wire your building and charge $x/customer" we need something that can go above and beyond what a PC can do... For example, if we wire a building with both ABC and NBC in the same building, I'm not sure how MIS would react to being on the same ethernet as a competitor. Cisco and Bay both are making rack systems that make the line between a switching hub and a router rather blurry... My concern is to be able to make sure seperate clients on the same building feed can't see each other at all... I just can't seem to find an economical way to do this... Charles > > Why would you even consider these options, when you could do > everything you want with a dual card freebsd box for less money... > plus the 2514 will choke at about 3Mb/s and you can do full 10Mbs > easily with FBSD. > > Dennis > From owner-freebsd-isp Wed Sep 11 11:48:33 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA21192 for isp-outgoing; Wed, 11 Sep 1996 11:48:33 -0700 (PDT) Received: from boris.clintondale.com (boris.clintondale.com [206.88.120.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA21187 for ; Wed, 11 Sep 1996 11:48:30 -0700 (PDT) Received: from localhost (matt@localhost) by boris.clintondale.com (8.7.5/8.7.3) with SMTP id OAA01933 for ; Wed, 11 Sep 1996 14:48:04 -0400 (EDT) Date: Wed, 11 Sep 1996 14:48:04 -0400 (EDT) From: Matt Hamilton To: FreeBSD ISP Mailing List Subject: Re: Additional pop accounts - how? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > If you want POP e-mail only accounts it's a bit trickier in that > you do the above but must set filters on there PPP connection allowing > only UDP,POP,DNS packets. I have set up something similar in that we have a setup with an X.25 line connected to a Cisco 2501 and have people all over the world dial in to a local SprintNet number to connect to us. At a rate of $30/hour we don't want people to wander around the web all day (this is a private system that the company pays for not a commercial ISP). I have given people Eudora and set up a dial-up script to connect to our Cisco as a X.25 PAD ---> telnet connection and telnet from the cisco directly into port 25 or 110 of our mail machine. This has several advantages. 1) I can restrict access to our subnet only 2) Eudora hangs up the phone line after it's done (always) 3) I don't have to administer, install and troubleshoot TCP/IP on users computers The only disadvantages are the change password feature of Eudora doesn't work and they can't use the Eudora ph or finger tools. Which is a shame as I am trying to set up the company phonebook on something with ph/qi -Matt From owner-freebsd-isp Wed Sep 11 12:13:49 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA22873 for isp-outgoing; Wed, 11 Sep 1996 12:13:49 -0700 (PDT) Received: from super-g.inch.com (spork@super-g.com [204.178.32.161]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA22865 for ; Wed, 11 Sep 1996 12:13:46 -0700 (PDT) Received: from localhost (spork@localhost) by super-g.inch.com (8.6.12/8.6.9) with SMTP id OAA20560; Wed, 11 Sep 1996 14:10:19 -0500 Date: Wed, 11 Sep 1996 14:10:19 -0500 (CDT) From: "S(pork)" X-Sender: spork@super-g.inch.com To: Colin Ryan cc: "Samuel E. Romero" , FreeBSD ISP Mailing List Subject: Re: Additional pop accounts - how? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Also, if you are using qpopper from Qualcomm, make sure it's not compiled with the option to disallow access if the user doesn't have a valid shell, or things will get really confusing... Charles On Wed, 11 Sep 1996, Colin Ryan wrote: > On Wed, 11 Sep 1996, Samuel E. Romero wrote: > > Depends. > > If they have a legitamite PPP account already and you they just want > another POP box, create the user but give home directory of /dev/null and > /bin/false(or some other fake shell) as there shell. Then they > cannot ftp or telnet to the account but popper works(unless you have user > mail in there own home directories) > > If you want POP e-mail only accounts it's a bit trickier in that > you do the above but must set filters on there PPP connection allowing > only UDP,POP,DNS packets. > > > > > Hi!, > > > > How can I create additional pop-only accounts for a login account?. > > I've seen that advertised in some places and I'd like to know how to > > doit. > > Somebody knows? or where can I found the info? > > Thks. > > > > -------------------------------\\|!|//------------------------------- > | Colin P. Ryan \!/ Cyber- | > | Local GlobalAccess Inc.....More than Just a Provider! Rights | > | 320 1/2 Bloor St. W. Toronto. ON NOW !! | > | e:drop@lglobal.com Phone: (416)515-7400| > --------------------------------------------------------------------- > From owner-freebsd-isp Wed Sep 11 12:28:50 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA23555 for isp-outgoing; Wed, 11 Sep 1996 12:28:50 -0700 (PDT) Received: from pinky.junction.net (pinky.junction.net [199.166.227.12]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA23548 for ; Wed, 11 Sep 1996 12:28:48 -0700 (PDT) Received: from sidhe.memra.com (sidhe.memra.com [199.166.227.105]) by pinky.junction.net (8.6.12/8.6.12) with ESMTP id LAA18001 for ; Wed, 11 Sep 1996 11:42:11 -0700 Received: from localhost (michael@localhost) by sidhe.memra.com (8.6.12/8.6.12) with SMTP id MAA24383 for ; Wed, 11 Sep 1996 12:26:29 -0700 Date: Wed, 11 Sep 1996 12:26:28 -0700 (PDT) From: Michael Dillon To: isp@freebsd.org Subject: Re: T1 offc. resell config In-Reply-To: Message-ID: Organization: Memra Software Inc. - Internet consulting MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 11 Sep 1996, S(pork) wrote: > between a switching hub and a router rather blurry... My concern is to be > able to make sure seperate clients on the same building feed can't see > each other at all... I just can't seem to find an economical way to do > this... Get a motherboard that will handle 6 Network cards and build a FreeBSD Ethernet router. Use reverse twisted connections to connect only one customer per Ethernet port. This should be reasonably priced (cheaper than running a T1) and if you use ET's software you can control the bandwidth used as well. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com From owner-freebsd-isp Wed Sep 11 12:46:01 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA24263 for isp-outgoing; Wed, 11 Sep 1996 12:46:01 -0700 (PDT) Received: from pinky.junction.net (pinky.junction.net [199.166.227.12]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA24258 for ; Wed, 11 Sep 1996 12:46:00 -0700 (PDT) Received: from sidhe.memra.com (sidhe.memra.com [199.166.227.105]) by pinky.junction.net (8.6.12/8.6.12) with ESMTP id LAA18231 for ; Wed, 11 Sep 1996 11:59:21 -0700 Received: from localhost (michael@localhost) by sidhe.memra.com (8.6.12/8.6.12) with SMTP id MAA24536 for ; Wed, 11 Sep 1996 12:43:37 -0700 Date: Wed, 11 Sep 1996 12:43:36 -0700 (PDT) From: Michael Dillon To: freebsd-isp@freebsd.org Subject: Re: SYN Resisting (fwd) Message-ID: Organization: Memra Software Inc. - Internet consulting MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Protect against SYN attacks... Read the stuff on SYN floods near the end of http://www.merit.edu/mail.archives/html/nanog/ to find out why you might need this. ---------- Forwarded message ---------- Date: Wed, 11 Sep 1996 14:39:57 -0500 (CDT) From: Karl Denninger To: Michael Dillon Cc: freebsd-hackers@freebsd.org Subject: Re: SYN Resisting (fwd) Diffs to implement this patch are enclosed. These are against -CURRENT, but these files haven't changed much in recent months, so they may work against any of the FreeBSD releases with slight offsets. This changes the startup connection timeout to 10 seconds, which should be more than enough on the Internet of today to prevent dropped links. 75 seconds is only needed if you're running across two pieces of wet string. Index: uipc_socket2.c =================================================================== RCS file: /usr/cvs/src/sys/kern/uipc_socket2.c,v retrieving revision 1.13 diff -r1.13 uipc_socket2.c 165a166 > #ifndef SYN_FLOOD_RESIST 167a169 > #endif Index: tcp_timer.h =================================================================== RCS file: /usr/cvs/src/sys/netinet/tcp_timer.h,v retrieving revision 1.9 diff -r1.9 tcp_timer.h 98a99,101 > #ifdef SYN_FLOOD_RESIST > #define TCPTV_KEEP_INIT ( 10*PR_SLOWHZ) /* initial connect keep alive */ > #else 99a103 > #endif Patch, define "options SYN_FLOOD_RESIST" in your config file and recompile the kernel to implement. If you leave the option off, the diffs enclosed do nothing. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1 from $600 monthly; speeds to DS-3 available | 23 Chicagoland Prefixes, 13 ISDN, much more Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 312 248-9865] | Home of Chicago's only FULL Clarinet feed! > > Is FreeBSD resistant to this kind of SYN attack? > > Michael Dillon - ISP & Internet Consulting > Memra Software Inc. - Fax: +1-604-546-3049 > http://www.memra.com - E-mail: michael@memra.com > > ---------- Forwarded message ---------- > Date: Wed, 11 Sep 1996 14:08:56 -0400 > From: Avi Freedman > To: nanog@merit.edu > Cc: alexis@panix.com, freedman@netaxs.com > Subject: SYN Resisting > > I know this may not be strictly on-topic here because it deals with > "host-stuff" rather than "router-stuff", but here goes... > > I will have some comments on how to track where SYN storms are coming > from a bit later. > > In order to build a SYN-resistant BSD kernel, you need to modify one > file in src/sys/os, uipc_socket2.c, and you also need to modify > src/sys/netinet/tcp_timer.h and you have to rebuild tcp_usrreq.c and > tcp_input.c in the netinet directory. > > For those without SunOS source, I will get Sun4c (Sparc 1/1+/2/IPC/IPX/ > ELC/SLC) binaries online; for those running BSD on other platforms, you > probably have source. > > >From the bottom level up, change TCPTV_KEEP_INIT from 75*PR_SLOWHZ > to 7*PR_SLOWHZ (or whatever # you want). This timeout (the 75) is > the number of seconds that the kernel will keep un-established TCP > PCB/sockets around for... When the SYN is received, it is acknowledged > and the PCB && socket are set up for the embryonic session; the goal > is to rip those things out of any queues they're in more aggressively. > > At the top (socket) level, instead of modifying SOMAXCONN, I decided to > just see what happened if I removed the limit. What you do is up to your > own personal taste. I commented out: > > if (head->so_qlen + head->so_q0len > 3 * head->so_qlimit / 2) > goto bad; > > in src/sys/os/uipc_socket2.c. > > Head in this case points to a 'server' socket (the socket for your > web, mail, news, ... server). so_qlimit is set to the min of either > what the listen() system call inside of it requested or SOMAXCONN. > I had some funkiness increasing SOMAXCONN to 8096 or so when I was > playing with it - and didn't want to recompile inetd, sendmail, etc... > to ask for more slots in the listen() queue (just a linked list or two), > so I figured I'd *try* to make the queue size infinite and see what > happened. so_qlen and so_q0len are the linked lists of sockets waiting > to be accept()ed and the sockets of the embryonic (not established) > TCP connections that were aimed at this server socket, respectively. > The code uses a 3/2 fudge factor to make the comparison, and is saying > "if the number of queued requests is > 3/2 times the limit for this > socket, don't stick this requesting socket in the queue - just destroy > it and exit". > > I just commented those two lines out. > > On a Sparc 1+ w/ 4.1.4, I could sustain a 200-400 SYN-packet/sec attack > and still remain functional (and quick for a 1+), but the machine didn't > normally run web servers... Even when I nailed it with 1000 SYNs/sec, > the machine continued functioning but I couldn't connect to the socket > being nailed. A second after stopping the heavier attack, I could. > > I've had trouble compiling and getting these modified modules to work on a > Sun4m architecture (Sparc 5 and 10) but may play more with that today. > > The best solution is to implement a better data structure than a linked > list for storing the embryonic connections per socket. A large-ish array > with appropriate hashing, perhaps. Either per socket or for the whole > kernel. If anyone wants to attack that problem, please do; otherwise, > I'll blow BSD on a laptop so I can play with it when I'm next on a plane/ > train. > > Avi > > Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com From owner-freebsd-isp Wed Sep 11 12:48:52 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA24377 for isp-outgoing; Wed, 11 Sep 1996 12:48:52 -0700 (PDT) Received: from warp10.smartlink.net (smartlink.net [204.118.4.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA24372 for ; Wed, 11 Sep 1996 12:48:50 -0700 (PDT) Received: from gandalf.netmaster.com by warp10.smartlink.net(8.6.12/SMARTLINK-1.0) with id MAA18167 SMTP for on Wed, 11 Sep 1996 12:50:46 -0700 From: joe@smartlink.net (Joseph McDonald) To: "S(pork)" Cc: isp@freebsd.org Subject: Re: T1 offc. resell config Date: Wed, 11 Sep 1996 19:49:10 GMT Organization: SmartLink Communications Message-ID: <3237177f.163980527@mail.smartlink.net> References: In-Reply-To: X-Mailer: Forte Agent .99e/32.227 Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 11 Sep 1996 13:40:24 -0500 (CDT), you wrote: >between a switching hub and a router rather blurry... My concern is to be >able to make sure seperate clients on the same building feed can't see >each other at all... I just can't seem to find an economical way to do >this... What about a switched ethernet hub? regards, -joe From owner-freebsd-isp Wed Sep 11 13:45:24 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA29009 for isp-outgoing; Wed, 11 Sep 1996 13:45:24 -0700 (PDT) Received: from etinc.com (et-gw-fr1.etinc.com [204.141.244.98]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id NAA29003 for ; Wed, 11 Sep 1996 13:45:20 -0700 (PDT) Received: from dialup-usr11.etinc.com (dialup-usr11.etinc.com [204.141.95.132]) by etinc.com (8.6.12/8.6.9) with SMTP id QAA07046 for ; Wed, 11 Sep 1996 16:51:11 -0400 Date: Wed, 11 Sep 1996 16:51:11 -0400 Message-Id: <199609112051.QAA07046@etinc.com> X-Sender: dennis@etinc.com X-Mailer: Windows Eudora Version 2.0.3 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: isp@freebsd.org From: dennis@etinc.com (Dennis) Subject: Re: T1 offc. resell config Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >On Wed, 11 Sep 1996, S(pork) wrote: > >> between a switching hub and a router rather blurry... My concern is to be >> able to make sure seperate clients on the same building feed can't see >> each other at all... I just can't seem to find an economical way to do >> this... > >Get a motherboard that will handle 6 Network cards and build a FreeBSD >Ethernet router. Use reverse twisted connections to connect only one >customer per Ethernet port. This should be reasonably priced (cheaper than >running a T1) and if you use ET's software you can control the bandwidth >used as well. A nice rackmount passive backplane box will do nicely...although it will cost a little more. Still a lot less than the other alternatives. From owner-freebsd-isp Wed Sep 11 15:06:10 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA06427 for isp-outgoing; Wed, 11 Sep 1996 15:06:10 -0700 (PDT) Received: from hon.hn ([206.48.105.210]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA06412 for ; Wed, 11 Sep 1996 15:05:55 -0700 (PDT) Received: from hon.hn.hon.hn (si1.hon.hn [206.48.253.70]) by hon.hn (8.7.5/8.7.3) with SMTP id QAA16039 for ; Wed, 11 Sep 1996 16:04:02 -0600 (CST) Message-ID: <32368EFC.1D53@hon.hn> Date: Wed, 11 Sep 1996 16:05:48 +0600 From: "Samuel E. Romero" Reply-To: ser@hon.hn Organization: Honduras On Net X-Mailer: Mozilla 3.0Gold (Win95; I) MIME-Version: 1.0 To: FreeBSD ISP Mailing List Subject: Can background processes be accounted for? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk How can I track the time used for every background process used by every user?. If I left a background process running and hangup, the process is not logged (is not shown at least), by 'ac ...' or 'sa ...'. How can I find out the time used for the process? (not using 'time', but for the system wide usage). Is the information recorded somewhere in the system?. With the user account?. Thanks. From owner-freebsd-isp Wed Sep 11 17:22:29 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA16688 for isp-outgoing; Wed, 11 Sep 1996 17:22:29 -0700 (PDT) Received: from monet.telebyte.nl (jvissers@monet.telebyte.nl [194.235.214.12]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA16682; Wed, 11 Sep 1996 17:22:22 -0700 (PDT) Received: (from jvissers@localhost) by monet.telebyte.nl (8.7.3/8.6.11) id CAA00961; Thu, 12 Sep 1996 02:22:00 +0200 From: Jos Vissers Message-Id: <199609120022.CAA00961@monet.telebyte.nl> Subject: Re: Why does arp not work when ip-alias installed To: fenner@parc.xerox.com (Bill Fenner) Date: Thu, 12 Sep 1996 02:21:59 +0200 (MET DST) Cc: questions@FreeBSD.org, isp@FreeBSD.org In-Reply-To: <96Sep11.090914pdt.177595@crevenia.parc.xerox.com> from "Bill Fenner" at Sep 11, 96 09:09:02 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Bill Fenner wrote: > >We have a network with several Livingston portmaster and a > >cisco router as gateway. Most of the dial-up ip addresses are on > >the same class c network as the servers and therefore arp -a > >should give the ethernet address of the portmaster for an > >address that is in use. > > > >It does on machines without an ip-alias. > >It doesn't on machines with ip-aliases. > > Are machines with IP aliases still able to contact these hosts? No, they cannot be reached: PING usquebauch.telebyte.nl (194.235.214.23): 56 data bytes ping: sendto: Host is down ping: wrote usquebauch.telebyte.nl 64 chars, ret=-1 This is my own machine at home, I could log in to another server and then telnet to this one so it should definitely have been reacheable. From the dial-up host the server just doesn't respond. It apparently knows how to get packets to the server, but the server doesn't know how to get them back. > What does "netstat -nr" show on the machines with aliases? Without routed it shows nothing abnormal until you ping one of the dial-up hosts that are connected at the time. It wil not show in the routing table and arp -a shows: usquebauch.telebyte.nl (194.235.214.23) at (incomplete) If I run routed it shows the portmasters ip as gateway which is correct: usquebauch pm2.nmg UGH 0 3 ed0 but arp -a doesn't show any of the dial-up hosts. It did some further testing and it only appears to happen when I add an ip-alias in another class-c network. I used "ifconfig alias 193.67.242.20 netmask 0xffffff00" and the machine's regular ip address is 194.235.214.65 When I remove the alias again it refuses to start working. The problem doesn't occurr when I define aliases in the same class-c with - of course - a netmask of 0xffffffff. Is this my error? Should I use 2 different ethernet cards when using different class-c addresses on one machine? Another of our servers with 2 cards doesn't have this problem. Thanks for the help, Jos -- Jos Vissers, System administrator Telebyte From owner-freebsd-isp Wed Sep 11 19:21:13 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id TAA22867 for isp-outgoing; Wed, 11 Sep 1996 19:21:13 -0700 (PDT) Received: from pegasus.com (pegasus.com [140.174.243.13]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id TAA22860 for ; Wed, 11 Sep 1996 19:21:08 -0700 (PDT) Received: by pegasus.com (8.6.8/PEGASUS-2.2) id QAA15664; Wed, 11 Sep 1996 16:20:46 -1001 Date: Wed, 11 Sep 1996 16:20:46 -1001 From: richard@pegasus.com (Richard Foulk) Message-Id: <199609120221.QAA15664@pegasus.com> X-Mailer: Mail User's Shell (7.2.5 10/14/92) To: freebsd-isp@freebsd.org Subject: security proxy? Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I'm having problems accessing Java sites. I have Netscape 3.0 running on FBSD 2.1.5 talking through a CERN proxy on another machine. Everything works fine except Java applets which Netscape reports numerous security violations for. Some simple Java applets do work. Is the Netscape proxy required to make this stuff work or did I just miss something? Netscape's Manual Proxy Configuration menu lists a Security Proxy which I've set to the same thing as the other entries. Is there a freeware proxy that will handle this? Thanks Richard From owner-freebsd-isp Wed Sep 11 20:29:48 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA27962 for isp-outgoing; Wed, 11 Sep 1996 20:29:48 -0700 (PDT) Received: from zeus.xtalwind.net (slipper28b.xtalwind.net [205.160.242.106]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA27953 for ; Wed, 11 Sep 1996 20:29:44 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zeus.xtalwind.net (8.7.5/8.7.3) with SMTP id XAA00202; Wed, 11 Sep 1996 23:28:56 -0400 (EDT) Date: Wed, 11 Sep 1996 23:28:56 -0400 (EDT) From: jack To: "Samuel E. Romero" cc: FreeBSD ISP Mailing List Subject: Re: Additional pop accounts - how? In-Reply-To: <32363E08.67F2@hon.hn> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 11 Sep 1996, Samuel E. Romero wrote: > Hi!, > > How can I create additional pop-only accounts for a login account?. > I've seen that advertised in some places and I'd like to know how to > doit. > Somebody knows? or where can I found the info? A 'bug' in popper allows users with an invalid shell entry in /etc/master.password to log in for mail. We set up email only accounts by setting the home directory and shell entry to /nonexistent They can send and receive mail but that's all they can do. Jack -------------------------------------------------------------------------- Jack O'Neill Finger jacko@onyx.xtalwind.net or jack@xtalwind.net http://www.xtalwind.net/~jacko/pubpgp.html #include for my PGP key. PGP Key fingerprint = F6 C4 E6 D4 2F 15 A7 67 FD 09 E9 3C 5F CC EB CD -------------------------------------------------------------------------- From owner-freebsd-isp Wed Sep 11 20:40:40 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA28908 for isp-outgoing; Wed, 11 Sep 1996 20:40:40 -0700 (PDT) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA28868; Wed, 11 Sep 1996 20:40:31 -0700 (PDT) Received: (from danny@localhost) by panda.hilink.com.au (8.7.5/8.7.3) id NAA26547; Thu, 12 Sep 1996 13:39:38 +1000 (EST) Date: Thu, 12 Sep 1996 13:39:38 +1000 (EST) From: "Daniel O'Callaghan" To: Jos Vissers cc: Bill Fenner , questions@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: Why does arp not work when ip-alias installed In-Reply-To: <199609120022.CAA00961@monet.telebyte.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 12 Sep 1996, Jos Vissers wrote: > It did some further testing and it only appears to happen > when I add an ip-alias in another class-c network. > I used "ifconfig alias 193.67.242.20 netmask 0xffffff00" and > the machine's regular ip address is 194.235.214.65 > > When I remove the alias again it refuses to start working. > > The problem doesn't occurr when I define aliases in the same > class-c with - of course - a netmask of 0xffffffff. > > Is this my error? Should I use 2 different ethernet cards > when using different class-c addresses on one machine? > Another of our servers with 2 cards doesn't have this problem. I put my class C of aliases onto lo0. I have only a single IP address on ed0. How have you allocated your aliases and how do you send traffic to them. I have on www: ifconfig ed0 203.2.135.50 ifconfig lo0 203.8.13.1 alias ... ifconfig lo0 203.8.13.254 alias And on the routers around the equivalent of: route add 203.8.13.0 203.2.135.50 See if that helps. Danny From owner-freebsd-isp Wed Sep 11 20:50:01 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA00315 for isp-outgoing; Wed, 11 Sep 1996 20:50:01 -0700 (PDT) Received: from orion.webspan.net (root@orion.webspan.net [206.154.70.41]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA00284 for ; Wed, 11 Sep 1996 20:49:55 -0700 (PDT) Received: from localhost (gpalmer@localhost [127.0.0.1]) by orion.webspan.net (8.7.5/8.6.12) with SMTP id XAA29924; Wed, 11 Sep 1996 23:49:37 -0400 (EDT) X-Authentication-Warning: orion.webspan.net: Host gpalmer@localhost [127.0.0.1] didn't use HELO protocol To: jack cc: "Samuel E. Romero" , FreeBSD ISP Mailing List From: "Gary Palmer" Subject: Re: Additional pop accounts - how? In-reply-to: Your message of "Wed, 11 Sep 1996 23:28:56 EDT." Date: Wed, 11 Sep 1996 23:49:37 -0400 Message-ID: <29920.842500177@orion.webspan.net> Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk jack wrote in message ID : > On Wed, 11 Sep 1996, Samuel E. Romero wrote: > > How can I create additional pop-only accounts for a login account?. > > I've seen that advertised in some places and I'd like to know how to > > doit. > > Somebody knows? or where can I found the info? > A 'bug' in popper allows users with an invalid shell entry in > /etc/master.password to log in for mail. We set up email only accounts by > setting the home directory and shell entry to /nonexistent They can send > and receive mail but that's all they can do. Or if you use the pop server from the MH source tree you can use a different password file which is only for POP users, and still have normal users get their mail over POP. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info From owner-freebsd-isp Wed Sep 11 20:57:07 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA01140 for isp-outgoing; Wed, 11 Sep 1996 20:57:07 -0700 (PDT) Received: from gallup.cia-g.com (root@gallup.cia-g.com [206.206.162.10]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA01125; Wed, 11 Sep 1996 20:57:00 -0700 (PDT) Received: from gallup.cia-g.com (lithium@gallup.cia-g.com [206.206.162.10]) by gallup.cia-g.com (8.7.5/8.6.12) with SMTP id VAA00387; Wed, 11 Sep 1996 21:56:56 -0600 (MDT) Date: Wed, 11 Sep 1996 21:56:54 -0600 (MDT) From: Stephen Fisher To: Jos Vissers cc: Bill Fenner , questions@FreeBSD.org, isp@FreeBSD.org Subject: Ethernet routes wrong? [was: Why does arp not work when ip-alias] In-Reply-To: <199609120022.CAA00961@monet.telebyte.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk I'm experiencing a similar problem. My routers and terminal servers and other servers work fine but FreeBSD just doesn't want to talk to this one Windows/Dos PC on my ethernet. What happens is when I try to ping it it automatically pops up in the routing tables as: IP.IP.IP.11 link#2 UHRLW 0 7 ep0 10 link#2? Why? Then ping start spitting up things about "host is down". When I manually add it and set the gateteway to someone else on my ethernet like my main router and it doesn't work out and I delete it the entire system crashes. It's weird.. they're all on the same subnet (actually each portmaster's dialups are on their own subnet). Everything works thankfully except that one PC that I need to get working. I'm not running routed or gated. Any ideas? On Thu, 12 Sep 1996, Jos Vissers wrote: > Bill Fenner wrote: > > >We have a network with several Livingston portmaster and a > > >cisco router as gateway. Most of the dial-up ip addresses are on > > >the same class c network as the servers and therefore arp -a > > >should give the ethernet address of the portmaster for an > > >address that is in use. > > > > > >It does on machines without an ip-alias. > > >It doesn't on machines with ip-aliases. > > > > Are machines with IP aliases still able to contact these hosts? > > No, they cannot be reached: > PING usquebauch.telebyte.nl (194.235.214.23): 56 data bytes > ping: sendto: Host is down > ping: wrote usquebauch.telebyte.nl 64 chars, ret=-1 > > This is my own machine at home, I could log in to another > server and then telnet to this one so it should definitely > have been reacheable. From the dial-up host the server just > doesn't respond. It apparently knows how to get packets to > the server, but the server doesn't know how to get them back. > > > What does "netstat -nr" show on the machines with aliases? > > Without routed it shows nothing abnormal until you ping one of > the dial-up hosts that are connected at the time. > It wil not show in the routing table and arp -a shows: > usquebauch.telebyte.nl (194.235.214.23) at (incomplete) > > If I run routed it shows the portmasters ip as gateway which is correct: > usquebauch pm2.nmg UGH 0 3 ed0 > > but arp -a doesn't show any of the dial-up hosts. > > > It did some further testing and it only appears to happen > when I add an ip-alias in another class-c network. > I used "ifconfig alias 193.67.242.20 netmask 0xffffff00" and > the machine's regular ip address is 194.235.214.65 > > When I remove the alias again it refuses to start working. > > The problem doesn't occurr when I define aliases in the same > class-c with - of course - a netmask of 0xffffffff. > > Is this my error? Should I use 2 different ethernet cards > when using different class-c addresses on one machine? > Another of our servers with 2 cards doesn't have this problem. > > Thanks for the help, Jos > > -- > Jos Vissers, System administrator Telebyte > From owner-freebsd-isp Wed Sep 11 21:48:40 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA05053 for isp-outgoing; Wed, 11 Sep 1996 21:48:40 -0700 (PDT) Received: from final.dystopia.fi (root@final.dystopia.fi [194.100.42.1]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id VAA05039 for ; Wed, 11 Sep 1996 21:48:32 -0700 (PDT) Received: (from kajtzu@localhost) by final.dystopia.fi (8.6.11/8.6.9) id HAA25021 for freebsd-isp@freebsd.org; Thu, 12 Sep 1996 07:48:21 +0300 From: "Kaj J. Niemi" Message-Id: <199609120448.HAA25021@final.dystopia.fi> Subject: Re: Can background processes be accounted for? To: freebsd-isp@freebsd.org Date: Thu, 12 Sep 1996 07:48:21 +0300 (EET DST) In-Reply-To: <32368EFC.1D53@hon.hn> from "Samuel E. Romero" at Sep 11, 96 04:05:48 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > If I left a background process running and hangup, the process is not > logged (is not shown at least), by 'ac ...' or 'sa ...'. > How can I find out the time used for the process? (not using 'time', but > for the system wide usage). ps -aux should show every active process in the system. So if you have a user called joebob you'd get his process list by "ps -aux | grep joebob". Personally I don't think it's worth the time to mess around with an accounting system to make it do something like this. *way* too complicated :) -- Kaj - kajtzu@dystopia.fi/04800-30565 - PGP: C1EA5FC1657D9CDF-017C33F44433E712 "Hmm.. I need a ride to the morgue.. Hey! that's what Emergency-911 is for!!" "Only the tough work a code in the buff!" - "Quod erat demonstrandum, baby.." From owner-freebsd-isp Wed Sep 11 21:50:35 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA05249 for isp-outgoing; Wed, 11 Sep 1996 21:50:35 -0700 (PDT) Received: from zeus.xtalwind.net (slipper28b.xtalwind.net [205.160.242.106]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA05237; Wed, 11 Sep 1996 21:50:30 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zeus.xtalwind.net (8.7.5/8.7.3) with SMTP id AAA00454; Thu, 12 Sep 1996 00:50:26 -0400 (EDT) Date: Thu, 12 Sep 1996 00:50:26 -0400 (EDT) From: jack To: Gary Palmer cc: freebsd-isp@FreeBSD.org Subject: Re: Additional pop accounts - how? In-Reply-To: <29920.842500177@orion.webspan.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 11 Sep 1996, Gary Palmer wrote: > > A 'bug' in popper allows users with an invalid shell entry in > > /etc/master.password to log in for mail. We set up email only accounts by > > setting the home directory and shell entry to /nonexistent They can send > > and receive mail but that's all they can do. > > Or if you use the pop server from the MH source tree you can use a > different password file which is only for POP users, and still have > normal users get their mail over POP. We had considered something along those lines but we have somewhat of an unusual setup here, and already have two password files, of sorts. We're running TSX-BBS on two boxes that basically function as terminal servers. We don't offer unlimited access, other than dedicated lines, but rather 11, 35, or 250 hrs./month. TSX does an excellent job of dealing with tracking usage, billing (with software we wrote), preventing multiple logins on the same account, etc. And it's a nice shell for the few 2400bps folks, and that one 1200bps guy. Each user also has an account on our main unix box (BSDi :( ), which serves as our mailhost and web server for our user's pages, with a public_html under their home directory. We allow a total of up to three e-mail addresses per account so while I was hacking adduser to create ~/public_html it was a simple matter to add "Is this a secondary e-mail account? [no] " right after collecting the gecos info. A yes responce sticks in /nonexistent then skips right to displaying their data and asking add this user ...... I've got the "buggy" qpop source tared and hidden away on three different machines just in case an upgrade /fixes/ it. :) -------------------------------------------------------------------------- Jack O'Neill Finger jacko@onyx.xtalwind.net or jack@xtalwind.net http://www.xtalwind.net/~jacko/pubpgp.html #include for my PGP key. PGP Key fingerprint = F6 C4 E6 D4 2F 15 A7 67 FD 09 E9 3C 5F CC EB CD -------------------------------------------------------------------------- From owner-freebsd-isp Thu Sep 12 07:31:09 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA07812 for isp-outgoing; Thu, 12 Sep 1996 07:31:09 -0700 (PDT) Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id HAA07791; Thu, 12 Sep 1996 07:31:03 -0700 (PDT) Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <14761(2)>; Thu, 12 Sep 1996 07:30:28 PDT Received: from localhost by crevenia.parc.xerox.com with SMTP id <177595>; Thu, 12 Sep 1996 07:30:13 -0700 To: Stephen Fisher cc: Jos Vissers , Bill Fenner , questions@freebsd.org, isp@freebsd.org Subject: Re: Ethernet routes wrong? [was: Why does arp not work when ip-alias] In-reply-to: Your message of "Wed, 11 Sep 96 20:56:54 PDT." Date: Thu, 12 Sep 1996 07:30:09 PDT From: Bill Fenner Message-Id: <96Sep12.073013pdt.177595@crevenia.parc.xerox.com> Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message you write: >Windows/Dos PC on my ethernet. What happens is when I try to >ping it it automatically pops up in the routing tables as: > >IP.IP.IP.11 link#2 UHRLW 0 7 ep0 10 > >link#2? Why? Then ping start spitting up things about "host is down". "link#2" indicates that it knows which interface it wants to send it out, but that ARP hasn't succeeded in fully resolving the address yet. If you say "arp -a" it will print "(incomplete)" for this address. To help figure out why arp is failing, your best bet is to use tcpdump. You need to have bpf compiled into your kernel, and then you can say "tcpdump -n -i arp". >When I manually add it and set the gateteway to someone else on my >ethernet like my main router and it doesn't work out and I delete it the >entire system crashes. This crash is fixed in -current. Bill From owner-freebsd-isp Thu Sep 12 11:09:14 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA19847 for isp-outgoing; Thu, 12 Sep 1996 11:09:14 -0700 (PDT) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA19840 for ; Thu, 12 Sep 1996 11:09:08 -0700 (PDT) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id NAA02244; Thu, 12 Sep 1996 13:08:01 -0500 From: Joe Greco Message-Id: <199609121808.NAA02244@brasil.moneng.mei.com> Subject: Re: T1 offc. resell config To: marpat@kmtnet.com (Mark Patterson) Date: Thu, 12 Sep 1996 13:08:01 -0500 (CDT) Cc: freebsd-isp@freebsd.org, linuxisp@lightning.com In-Reply-To: from "Mark Patterson" at Sep 10, 96 10:32:57 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Hi Folks, > > Looking for suggestions on how i might handle the following: > We're considering having a full T1 dropped into a 13-story office building. > Serveral of the tennents have expressed interest in getting access from us > already. So we want to sell portions (fractionalize?) our T1 _within_ > the office bldg. Outside the building a little later ;-) > > Initially, what's the *least* expensive way to go about this? We only have > an initial budget of $10k. More if we can show a profit to the investors. You have a "simple" problem but people usually try to look at "simple" problems as complex problems. :-) I do this kind of stuff regularly and it's quite easy when you sit back and think about it. (I personally am _firmly_ convinced that _each_ individual customer should have their own router/firewall, their expense not yours, their premises not yours, and will describe it as such, but one is not technically required to do this.) Set each customer up with a minimalistic Ether/Ether router and firewall. I have been extremely successful with 386DX/40's with 8MB RAM and 2 NE2000 network cards. They will not saturate an Ethernet but WILL handle T1 data rates pretty well. Since this should be a customer firewall, it should run at the customer's site. One Ether is the customer-net, one is the link-net. Run the link-net back to your POP in the building. Your POP can probably be: PCI 486DX/133, 16MB RAM ET/5025 T1 card As many 4-port Znyx 314 cards as you need (you can get 12 or 16 ports on most PCI machines). This box then simply becomes a mega-router. If you want to limit bandwidth on a per client basis, use ET's bandwidth limiter product. (I've done something similar with an 8-slot ISA MB in the past, loaded it up with six (yes, six) SMC cards... quite impressive but not highly recommended these days now that better solns are available.) Since you should make the customers pick up the cost of their firewall (or you can charge it to them as an "installation fee"), I suspect that you can build this for less than HALF of the $10K you are talking about. You can, instead, run their networks to your POP, but if you have to do firewalling or other hand holding for them, it becomes a major burden on you. It is much easier to do it on their site, and it simplifies the configuration of your in-building POP. ... JG From owner-freebsd-isp Thu Sep 12 15:48:18 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA09188 for isp-outgoing; Thu, 12 Sep 1996 15:48:18 -0700 (PDT) Received: from pinky.junction.net (pinky.junction.net [199.166.227.12]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA09183 for ; Thu, 12 Sep 1996 15:48:15 -0700 (PDT) Received: from sidhe.memra.com (sidhe.memra.com [199.166.227.105]) by pinky.junction.net (8.6.12/8.6.12) with ESMTP id PAA03444; Thu, 12 Sep 1996 15:01:34 -0700 Received: from localhost (michael@localhost) by sidhe.memra.com (8.6.12/8.6.12) with SMTP id PAA09049; Thu, 12 Sep 1996 15:45:53 -0700 Date: Thu, 12 Sep 1996 15:45:52 -0700 (PDT) From: Michael Dillon To: iap@vma.cc.nd.edu cc: linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: SYN attacks in the Washington Post Message-ID: Organization: Memra Software Inc. - Internet consulting MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk SYN attacks in the Washington Post. This is serious stuff... Read all about it at http://www.washingtonpost.com/wp-srv/WPlate/1996-09/12/156L-091296-idx.html Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com From owner-freebsd-isp Thu Sep 12 20:17:42 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA06169 for isp-outgoing; Thu, 12 Sep 1996 20:17:42 -0700 (PDT) Received: from npc.haplink.co.cn ([202.96.192.53]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id UAA06134 for ; Thu, 12 Sep 1996 20:17:33 -0700 (PDT) Received: (from xiyuan@localhost) by npc.haplink.co.cn (8.6.11/8.6.9) id LAA07122; Fri, 13 Sep 1996 11:24:14 GMT Date: Fri, 13 Sep 1996 11:24:14 GMT From: xiyuan qian Message-Id: <199609131124.LAA07122@npc.haplink.co.cn> To: brian@MediaCity.com Subject: CSU/DSU to FreeBSD router Cc: isp@freebsd.org, steve@cioe.com Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, my CSU/DSU is 2703 MainStreet V.35 of Newbridge company, can it be connected directly to our FreeBSD host: P586, EISA. Do it need a translate cable or someother hardware? If ok, is that right when I set routed? Any other suggestion? Thanks a lot! --xiyuan From owner-freebsd-isp Thu Sep 12 21:05:54 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA26616 for isp-outgoing; Thu, 12 Sep 1996 21:05:54 -0700 (PDT) Received: from kmt.kmtnet.com ([205.177.113.3]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id VAA26546 for ; Thu, 12 Sep 1996 21:05:46 -0700 (PDT) Received: (from marpat@localhost) by kmt.kmtnet.com (8.6.12/8.6.12) id AAA10390; Fri, 13 Sep 1996 00:05:24 -0400 Date: Fri, 13 Sep 1996 00:05:24 -0400 (EDT) From: Mark Patterson To: FreeBSD ISP List cc: Linux ISP List Subject: Re:(Thanx) T1 offc. resell config In-Reply-To: <199609101759.NAA26693@etinc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > >Hi Folks, > > > >Looking for suggestions on how i might handle the following: > >We're considering having a full T1 dropped into a 13-story office building. ---snip--- Thank ya'll for your help and suggestions! Everyone's input has been very useful and appreciated. - Mark P. From owner-freebsd-isp Thu Sep 12 21:15:02 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA00411 for isp-outgoing; Thu, 12 Sep 1996 21:15:02 -0700 (PDT) Received: from kmt.kmtnet.com ([205.177.113.3]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id VAA00372 for ; Thu, 12 Sep 1996 21:14:57 -0700 (PDT) Received: (from marpat@localhost) by kmt.kmtnet.com (8.6.12/8.6.12) id AAA10401; Fri, 13 Sep 1996 00:13:35 -0400 Date: Fri, 13 Sep 1996 00:13:35 -0400 (EDT) From: Mark Patterson To: xiyuan qian cc: brian@MediaCity.com, isp@FreeBSD.ORG, steve@cioe.com Subject: Re: CSU/DSU to FreeBSD router In-Reply-To: <199609131124.LAA07122@npc.haplink.co.cn> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, 13 Sep 1996, xiyuan qian wrote: > Date: Fri, 13 Sep 1996 11:24:14 GMT > From: xiyuan qian > To: brian@MediaCity.com > Cc: isp@FreeBSD.ORG, steve@cioe.com > Subject: CSU/DSU to FreeBSD router > > Hi, my CSU/DSU is 2703 MainStreet V.35 of Newbridge company, can it be connected directly to our FreeBSD host: P586, EISA. Do it need a translate cable or someother hardware? If ok, is that right when I set routed? Any other suggestion? > Thanks a lot! > > --xiyuan > Get yourself a ET/5025 router and cable from www.etinc.com, and put card _in_ your FreeBSD host machine. Use the cable you get to connect your new router to your CSU/DSU. -Mark P. From owner-freebsd-isp Thu Sep 12 22:42:37 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id WAA08570 for isp-outgoing; Thu, 12 Sep 1996 22:42:37 -0700 (PDT) Received: from gandalf.asiapac.net (gandalf.asiapac.net [202.188.0.130]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id WAA08529 for ; Thu, 12 Sep 1996 22:42:30 -0700 (PDT) Received: from klj-7-50.tm.net.my (klj-7-50.tm.net.my [202.188.7.50]) by gandalf.asiapac.net (8.6.12/8.6.12) with SMTP id NAA23545 for ; Fri, 13 Sep 1996 13:24:51 +0800 Date: Fri, 13 Sep 1996 13:24:51 +0800 Message-Id: <199609130524.NAA23545@gandalf.asiapac.net> X-Sender: sckhoo@mail.asiapac.net X-Mailer: Windows Eudora Light Version 1.5.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: isp@FreeBSD.ORG From: Swee-Chuan Khoo Subject: telebit card to FreeBSD Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk hi, I have a lot ( really a lot ) of Telebit Netblazer card extra for terminal server. I am just wondering any one got any driver for connecting it to my P75 FreeBSD 2.1.5 machine? The Netblazer card actuially conencted to a Intel 386 machine. Thanx. +-----------------------------------------------------------------------+ | Khoo Swee Chuan ( The Network Connections ) - system administrator | | http://www.asiapac.net/~sckhoo/ sckhoo@asiapac.net | | tel:603-7337757 fax:603-7345577 #include | +-----------------------------------------------------------------------+ "if you eliminate the impossible, whatever remains - however improbable - must be the truth." From owner-freebsd-isp Fri Sep 13 01:26:47 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA02398 for isp-outgoing; Fri, 13 Sep 1996 01:26:47 -0700 (PDT) Received: from pancake.remcomp.fr (root@pancake.remcomp.fr [194.51.30.247]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA02389 for ; Fri, 13 Sep 1996 01:26:39 -0700 (PDT) Received: from zapata.omnix.fr.org (zapata [128.127.10.1]) by zapata.omnix.fr.org (8.6.12/8.6.9) with SMTP id KAA14712; Fri, 13 Sep 1996 10:02:31 +0200 Date: Fri, 13 Sep 1996 10:02:31 +0200 (MET DST) From: To: Michael Dillon cc: iap@vma.cc.nd.edu, linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: Re: SYN attacks in the Washington Post In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 12 Sep 1996, Michael Dillon wrote: > > > SYN attacks in the Washington Post. This is serious stuff... > > Read all about it at > > http://www.washingtonpost.com/wp-srv/WPlate/1996-09/12/156L-091296-idx.html > > > Michael Dillon - ISP & Internet Consulting > Memra Software Inc. - Fax: +1-604-546-3049 > http://www.memra.com - E-mail: michael@memra.com > > could you explain the principle of the SYN attack ? thanks -- Didier Derny didier@omnix.fr.org From owner-freebsd-isp Fri Sep 13 01:43:58 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA03648 for isp-outgoing; Fri, 13 Sep 1996 01:43:58 -0700 (PDT) Received: from pinky.junction.net (pinky.junction.net [199.166.227.12]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA03642 for ; Fri, 13 Sep 1996 01:43:55 -0700 (PDT) Received: from sidhe.memra.com (sidhe.memra.com [199.166.227.105]) by pinky.junction.net (8.6.12/8.6.12) with ESMTP id AAA10418; Fri, 13 Sep 1996 00:57:17 -0700 Received: from localhost (michael@localhost) by sidhe.memra.com (8.6.12/8.6.12) with SMTP id BAA13983; Fri, 13 Sep 1996 01:41:38 -0700 Date: Fri, 13 Sep 1996 01:41:36 -0700 (PDT) From: Michael Dillon To: iap@vma.cc.nd.edu cc: linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: Re: SYN attacks in the Washington Post In-Reply-To: Message-ID: Organization: Memra Software Inc. - Internet consulting MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 13 Sep 1996 didier@omnix.fr.org wrote: > > SYN attacks in the Washington Post. This is serious stuff... > > > > Read all about it at > > > > http://www.washingtonpost.com/wp-srv/WPlate/1996-09/12/156L-091296-idx.html > could you explain the principle of the SYN attack ? Flood one or more ports on one or more achines with so many SYN packets that the whole thing locks up. It's like if I dialed your phone number and as soon as you answer I hang up and dial again, and again, and again, and again..... Nobody else will be able to call you. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com From owner-freebsd-isp Fri Sep 13 07:05:11 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA21068 for isp-outgoing; Fri, 13 Sep 1996 07:05:11 -0700 (PDT) Received: from saratoga.compassnet.com (nguyept@saratoga.compassnet.com [198.66.160.253]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA21063 for ; Fri, 13 Sep 1996 07:05:08 -0700 (PDT) Received: (from nguyept@localhost) by saratoga.compassnet.com (8.7.5/8.7.3) id JAA13154; Fri, 13 Sep 1996 09:00:49 -0500 (CDT) Date: Fri, 13 Sep 1996 09:00:48 -0500 (CDT) From: Peter Nguyen To: isp@freebsd.org cc: isp@freebsd.org Subject: ISDN Cisco router with FBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Netters, A friend of mine gave me (yep !) a Cisco router 760 Ethernet-to-ISDN router. Have anybody set their ISP with this router ? Technically, all I have to do is hooked the Cisco in an Ethernet network with my FBSD. However, this sounds unstable. Tell me it ain't so, ptr From owner-freebsd-isp Fri Sep 13 09:37:27 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA01130 for isp-outgoing; Fri, 13 Sep 1996 09:37:27 -0700 (PDT) Received: from challenge.com (nomad.challenge.com [206.12.153.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id JAA01121 for ; Fri, 13 Sep 1996 09:37:24 -0700 (PDT) Received: from [206.12.153.100] by challenge.com with smtp (Smail3.1.29.1 #3) id m0v1bEp-003kMyC; Fri, 13 Sep 96 09:37 PDT Message-Id: To: Swee-Chuan Khoo Subject: Re: telebit card to FreeBSD Date: Fri, 13 Sep 96 09:38:48 -0500 From: Doug Woodward X-Mailer: E-Mail Connection v3.1 CC: "isp@FreeBSD.Org" Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -- [ From: Doug Woodward * EMC.Ver #3.1 ] -- hi, I have a lot ( really a lot ) of Telebit Netblazer card extra for terminal server. I am just wondering any one got any driver for connecting it to my P75 FreeBSD 2.1.5 machine? The Netblazer card actually conencted to a Intel 386 machine. Thanx. +----------------------------------------------------------------------- + | Khoo Swee Chuan ( The Network Connections ) - system administrator | | http://www.asiapac.net/~sckhoo/ sckhoo@asiapac.net | | tel:603-7337757 fax:603-7345577 #include | +----------------------------------------------------------------------- + "if you eliminate the impossible, whatever remains - however improbable - must be the truth." -------- REPLY, End of original message -------- Nearly all of the boards for Telebit Netblazers, etc. are actually made for Telebit by a company called Specialix, an English company. Their web-site is www.specialix.com. I use (unfortunately) use telebit products as well and was looking for BSD drivers for their Sync boards and async board so I spoke to specialix in Ca. (To get rid of Telebit for good) They do have source code drivers available for the async board as they sell it (for less $$$) on the open market. The sync board is however is made only for Telebit and Telebit wrote their own drivers. Be aware though, that Specialix told me Telebit changed the pinouts on the external RS232 box that connects to their 8 port async board. Pins 6 & 20 are swapped therefore you will have to adjust the source code driver for this. This driver is available on their web-site. From owner-freebsd-isp Fri Sep 13 12:27:17 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA10794 for isp-outgoing; Fri, 13 Sep 1996 12:27:17 -0700 (PDT) Received: from radio.nwpros.com (nwpros.com [205.229.128.214]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA10788 for ; Fri, 13 Sep 1996 12:27:15 -0700 (PDT) Received: from rickbox.nwpros.com (rickbox.nwpros.com [205.229.128.217]) by radio.nwpros.com (8.6.12/8.6.12) with SMTP id OAA09985 for ; Fri, 13 Sep 1996 14:28:28 -0500 Message-Id: <1.5.4.32.19960913194022.0068c72c@nwpros.com> X-Sender: rickg@nwpros.com X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 13 Sep 1996 14:40:22 -0500 To: isp@freebsd.org From: Rick Gray Subject: Lame Server Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I have recently installed TCPwrappers. In the log file I see lots of "lame server" messages. Is this normal? So far today I count 14 such messages. I do understand that this has nothing to with me--I think--and I can just ignore them. Is this right? Just curious. ;-) ************************************************ Rick Gray Director of Internet Services Network Pros, Inc. rickg@nwpros.com (713)780-5900 "It is a good day to die." ----Klingon Philosophy ************************************************ From owner-freebsd-isp Fri Sep 13 14:15:20 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA17850 for isp-outgoing; Fri, 13 Sep 1996 14:15:20 -0700 (PDT) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA17842 for ; Fri, 13 Sep 1996 14:15:15 -0700 (PDT) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id QAA03993; Fri, 13 Sep 1996 16:14:09 -0500 From: Joe Greco Message-Id: <199609132114.QAA03993@brasil.moneng.mei.com> Subject: Re: Lame Server To: rickg@nwpros.com (Rick Gray) Date: Fri, 13 Sep 1996 16:14:08 -0500 (CDT) Cc: isp@freebsd.org In-Reply-To: <1.5.4.32.19960913194022.0068c72c@nwpros.com> from "Rick Gray" at Sep 13, 96 02:40:22 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I have recently installed TCPwrappers. In the log file I see lots of "lame > server" messages. Is this normal? So far today I count 14 such messages. I > do understand that this has nothing to with me--I think--and I can just > ignore them. Is this right? > > Just curious. ;-) > ************************************************ > Rick Gray > Director of Internet Services > Network Pros, Inc. > rickg@nwpros.com > (713)780-5900 > > "It is a good day to die." ----Klingon Philosophy > ************************************************ Lame server is most likely a DNS error coming from named/bind... It means that a server which was supposed to have an authoritative answer to a query returned a nonauthoritative answer. In general it is safe to ignore - unless its one of your own zones :-) (But we all run DOC, etc, right?) ... JG From owner-freebsd-isp Fri Sep 13 14:31:11 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA18920 for isp-outgoing; Fri, 13 Sep 1996 14:31:11 -0700 (PDT) Received: from bitbucket.edmweb.com (redshirt01.edmweb.com [204.244.190.10]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id OAA18906 for ; Fri, 13 Sep 1996 14:31:04 -0700 (PDT) Received: (from steve@localhost) by bitbucket.edmweb.com (8.6.12/8.6.12) id OAA00287; Fri, 13 Sep 1996 14:30:19 -0700 Date: Fri, 13 Sep 1996 14:30:15 -0700 (PDT) From: Steve Reid To: didier@omnix.fr.org cc: iap@vma.cc.nd.edu, linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: Re: SYN attacks in the Washington Post In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > could you explain the principle of the SYN attack ? A normal TCP connection is started with a three-way handshake, like this: 1- Client sends a TCP packet with the SYN (syncronize sequence numbers) bit set. The client is saying, "Can I connect?" Client connection is now in a half-open state (SYN_SENT). 2- Server receives SYN, and sends back a TCP packet with both the SYN and ACK (acknowlegement) bits set. The server is saying, "Yes, connect and send your data." Server connection is now in a half-open state (SYN_RCVD). 3- Client sends a TCP packet with the ACK bit set, along with whatever data it means to send. This puts the TCP connection into the ESTABLISHED state on the client end, and also on the server end when the packet gets there. The problem is, the server can only handle so many half-open (SYN_RCVD) TCP connections. This number is hard-wired into the kernel, and is usually between 6 and 16 (sometimes higher). Once this number of half-open connections is reached, the kernel will ignore new connection attemps, because it can't keep track of any more SYN_RCVD connections. It _must_ receive an ACK to complete the connection, otherwise it sits in a SYN_RCVD state until it times out (usually after 75 seconds). An attacker can easily use up the maximum number of half-open connections by sending out SYN packets with a forged source address. For instance, if the attacker were to send a SYN packet with a source address of 198.41.0.253 to your web server, the server would go into SYN_RCVD state and respond with a SYN|ACK (that's the second part of the handshake). The SYN|ACK would be sent to 198.41.0.253, becuase that's where the server thinks the SYN came from. However, because there is nothing at 198.41.0.253 (ping it and you'll get nothing) the SYN|ACK goes into the bitbucket. Since there is no host to complete the third part of the handshake (ACK+data) the server sits in the SYN_RCVD state for 75 seconds. Meanwhile, the attacker sends out more bogus SYN packets, and the server eventually ignores _all_ SYN packets, even from legitimate connection attempts. This attack requires very little bandwidth- multiple servers could be knocked down with a single 28.8k connection. Tracing the attack back to the source would require cooperation from the operators of every network administrator between the victim and the attacker (virtually impossible). All that's needed to attempt the attack is one of the programs published in 2600, Phrack, etc. and an internet-connected machine with access to raw sockets. If the attacker is sending packets with the same address every time, then you could just block that address. But most likely, the attacker's program will choose addresses completely at random, and you can't even begin to block them all. There are a few things you can do... 1- Get a kernel that can handle more SYN_RCVD connections. IIRC, according to the SYN bombing article in Phrack 48, FreeBSD 2.1.5-RELEASE can handle 128 SYN_RCVD connections. The ability to have more connections half-open means the attacker has to send a lot more packets to bring your server down. 2- Change the SYN_RCVD timeout value in the kernel from 75 seconds down to around 10 seconds, or even less. If you go too low, legitimate connections might time out, but 75 is _way_ higher than you need. Lowering the timeout means the attacker has to send SYN packets a lot more often to keep your server down. 3- Set your router so that it will _not_ allow packets to be sent from your network with an address that doesn't match your network. For instance, if your network is 198.41.0.*, don't allow your router to send out packets unless the source address matches 198.41.0.*. This doesn't offer any protection to you, but it will prevent your network from being used to launch a SYN bombing attack. If someone does attempt it, they will be limited to forging adresses in your subnet (such as 198.41.0.253) which the victim can easily block, and you can easily trace. You could even go so far as to only allow addresses from valid hosts on your network, which will make SYN bombing from your network impossible. Disclaimer: I am not a networking expert. I'm just regurgitating what I've heard about this attack. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From owner-freebsd-isp Sat Sep 14 01:35:43 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA22107 for isp-outgoing; Sat, 14 Sep 1996 01:35:43 -0700 (PDT) Received: from texnet.dingo.com (root@texnet.dingo.com [206.108.192.251]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA22095 for ; Sat, 14 Sep 1996 01:35:40 -0700 (PDT) Received: from [204.191.202.153] (line153.nwm.mindlink.net [204.191.202.153]) by texnet.dingo.com (8.7.5/8.6.9) with SMTP id BAA22761; Sat, 14 Sep 1996 01:36:18 -0700 Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sat, 14 Sep 1996 01:34:39 -0700 To: Michael Dillon From: jay@result.com (Jay Thorne) Subject: Re: Internet MELTS DOWN AT END 1996?? Cc: Small Internet Access Providers , inet-access@earth.com, linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 12:35 AM 09/14/1996, Michael Dillon wrote: <. A long, carefully written, well supported analysis,. > * * *sigh* * That guy gets paid for writing his confusing mish-mash of a column * and I get paid nothing for writing this explanation which I have * gone to some trouble in making as accurate as possible. Well done! The thing that pisses me off the _most_? Idiots who write _about_ tech the same way that the writers for 'Baywatch' write about search and rescue operations. Ie, the "Internet Meltdown" article was the same level of sensationalized fiction. Now if he'd only included pictures of some artificially endowed blonde, the rest of the world would have instantly known it was fiction. -- Jay Thorne http://net.result.com/ President, The Net Result Systems * Services Telephone:(604) 220 2504 WWW & Internet Systems Consultant. From owner-freebsd-isp Sat Sep 14 07:56:41 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA15802 for isp-outgoing; Sat, 14 Sep 1996 07:56:41 -0700 (PDT) Received: from access.netaxs.com (mail@access.netaxs.com [207.8.186.2]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA15791 for ; Sat, 14 Sep 1996 07:56:33 -0700 (PDT) Received: from unix1.netaxs.com (cook@unix1.netaxs.com [207.8.186.3]) by access.netaxs.com (8.7.5/8.6.11) with ESMTP id KAA16042; Sat, 14 Sep 1996 10:56:24 -0400 (EDT) Received: (cook@localhost) by unix1.netaxs.com (8.6.11/8.6.9) id KAA08538; Sat, 14 Sep 1996 10:56:21 -0400 Date: Sat, 14 Sep 1996 10:56:21 -0400 (EDT) From: Gordon Cook To: inet-access@earth.com cc: Small Internet Access Providers , linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: Re: Internet MELTS DOWN AT END 1996?? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >From my email archives: Date: Wed, 07 Jun 95 18:14:20 MST, Subject: Welcome New Writers! from David Hakala, Boardwatch editor Frank X. Sowa will debut with an investigation of the feds' attempts to pay for Clinton's "universal access mandate," entitled "Is BBS Licensing Just Around the Corner?" It makes hair-raising reading. Frank is president of The Xavier Group, an international consultancy that has been providing strategic planning, forecasting, training, and development of business and communications systems for organizations since 1981. As a professional futurist and speaker, he is often hired by corporations to monitor and provide advisories of upcoming trends that may impact their operations. As a certified software consultant for Softarc's First Class, and a reseller for other companies, he configures customized BBS systems for organizations, complete with "regular content updates." Sowa is also founder and sysop of SEED.NET (412) 487-5449, "the online incubator" for small businesses, a seamless BBS-to-Internet (PPP) provider, with business start-up assistance and seed capital available online. Send e-mail to: franksowa@seed.net.com Having just checked my archival copy of my lengthy resignation letter, let me say that I resigned as a Boardwatch columnist on Weds. June 21 1995. One thing that troubled me about the "Is BBS Licensing Just Around the Corner?" was that the only quote in the article with a date attached to it was January 1994. ************************************************************************ The COOK Report on Internet For subsc. pricing & more than 431 Greenway Ave, Ewing, NJ 08618 USA ten megabytes of free material (609) 882-2572 (phone & fax) visit http://pobox.com/cook/ Internet: cook@cookreport.com For case study of MercerNet & TIIAP induced harm to local community http://pobox.com/cook/mercernet.html ************************************************************************ From owner-freebsd-isp Sat Sep 14 11:21:29 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA29254 for isp-outgoing; Sat, 14 Sep 1996 11:21:29 -0700 (PDT) Received: from pinky.junction.net (pinky.junction.net [199.166.227.12]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA29247 for ; Sat, 14 Sep 1996 11:21:26 -0700 (PDT) Received: from sidhe.memra.com (sidhe.memra.com [199.166.227.105]) by pinky.junction.net (8.6.12/8.6.12) with ESMTP id XAA27584; Fri, 13 Sep 1996 23:51:23 -0700 Received: from localhost (michael@localhost) by sidhe.memra.com (8.6.12/8.6.12) with SMTP id AAA25173; Sat, 14 Sep 1996 00:35:44 -0700 Date: Sat, 14 Sep 1996 00:35:42 -0700 (PDT) From: Michael Dillon To: Small Internet Access Providers cc: inet-access@earth.com, linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: Re: Internet MELTS DOWN AT END 1996?? In-Reply-To: Message-ID: Organization: Memra Software Inc. - Internet consulting MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 14 Sep 1996, Hubert Savelberg wrote: > What is your opinion/experience about the published statement in: > > http://www.boardwatch.com/mag/96/sept/bwm17.htm The guy is clueless and any ISP that looks to him for advice is even more clueless. A) Customers do not call and complain about sites greater than 30 hops away because they don't know this. The actual network diameter has been shrinking recently due to more exchange points and NAP's in operation so the 30 hop limit is highly unlikely to be reached. B) Yes your upstream might call you and tell you to renumber at any time. But you should know this ftp://rs.internic.net/policy/internic/internic-ip-1.txt and you should be prepared for this http://www.isi.edu/div7/pier and your provider will give you the time you need to renumber and reconfigure things. This is a fact of life everywhere in the world if you are a small ISP on today's Internet. C) Since you know all about renumbering in advance you should already have your customers ready to renumber painlessly or they should already be insulated from renumbering by using NAT's and RFC1918 addresses. Therefore there should be no fallout. D) If your network connection is not performing as it should, then you should know today! not tomorrow. You should be analyzing performance on a continuing basis and upgrading as needed to avoid bottlenecks. Loopback testing is just plain silly unless your tests show that your T1 can't handle a 1.54mbps to the next hop router. E) Sprint is not turning away small ISP traffic. They merely have a policy that filters traffic from small unaggregated networks. The word "unaggregated" is the key here because if your IP addresses come from your upstream provider then your small network *WILL* be aggregated and Sprint's filters will not affect you. F) This use of the words "dampen" and "meltdown" are completely out of context and have nothing to do with small ISP's at all. When large ISP's who run dynamic BGP routing protocols run into problems and oscillate between withdrawing and announcing routes, all the tier 1 NSP's (not just Sprint) dampen their BGP sessions to prevent the routers in the network core from being overloaded with too many adds and deletes in the routing tables. Meltdown is a cute way to say overload. G) This thing about trade laws is silly. Trade laws have no effect whatsoever on technology and technical capability. If there was a law that an airline could not refuse you a seat on an airline if you were there an hour ahead of time, would it make any difference? No, because when the plane is full, it is full and laws cannot change that. H) He attempts to make it seem as if the IETF is guaranteeing that there will be an Internet meltdown this year. Not true. Bob Metcalfe is predicting such a meltdown and he is probably an IETF member along with thousands of others who do not believe any meltdown is imminent. I) The Internet has *ALWAYS* been on the verge of collapse and probably always will be. This is better known as the free market as opposed to a monopoly market. The telcos have a monopoly so they can make you pay big bucks for an over-engineered network. But in a free market situation, the tier 1 NSP's, the tier 2 RNP's (Regional Network Providers) and the ISP's at tier 3 only add capacity when customers are ready to order and pay for that capacity. This is good because it keeps prices under control and relatively flat rate. J) All his 1, 2, 3, 4 points about Cisco routers are either wrong, minor problems, or things that have been fixed. K) Last year people though collapse was imminent when NSFnet shut down. But when it actually happened nobody noticed because everything worked fine. Later on, however, problems started to appear with route announcements as more ISP's started to use the BGP routing protocol but some smart engineer invented route dampening and Cisco promptly implemented it and the problem was promptly solved just in time. Kind of like things normally work in a free market -- see point I above. L) Of the three URL's given, two are wrong. One should be www.ietf.cnri.reston.va.us and the other should be www.internic.net. Actually, www.ietf.org is easier to remember. Besides, I don't see what any of those URL's has to do with router shutdowns (rare) and Internet slowdowns. M) Now we have a garbled comment about Cisco routers that imply they are broken. In actual fact most tier 1 NSP's use Cisco routers because they are the only ones that can handle the complex mesh of the global Internet core and the traffic load at the core. N) Some mythical NANOG study is quoted to make some point or other which makes no sense to me. Obviously some reporter looked in on a bunch of network engineers talking about stuff that he doesn't understand and jumped to conclusions. I suppose he would be upset if somebody showed him that there was grease on the engine under the hood of his car! The real world is *NOT* seamless and sweet. There are real people, mechanics, engineers, etc, that make things works and deal with the grungy mess that underlies 100% of modern technical society. If you can't handle this, don't peek under the hood! O) I suppose I better deal with the specifics rather than just the generalities here. In this quote "A problem that Cisco routers have with the Internet Protocol itself is causing router update oscillation, link/router failures and congestion." it appears that Cisco routers have a fundamental flaw at the IP level. However the mention of router updates seems to point at BGP which is a higher level protocol. Sounds like yet another rehash of the BGP dampening code. In any case the important thing here is that engineers are studying what happens, discovering some things that don't work well, pinpointing why they don't work well, and *FIXING* them. Give the engineers a round of applause for discussing this in the open at NANOG instead of hiding it all behind a veil of secrecy. P) Two more URL's. One so general I don't see the point. The other one is broken. Don't these writers even use the Internet? Q) The column talks about Sprint's route filters as if they target small ISP's when in reality they target small networks who also have the mistaken idea that they can bypass the address allocation hierarchy and still get working addresses. Then it talks about address crowding which has nothing whatsoever to do with Sprint's filters. The filters are there as part of the impetus to reduce the size of the global routing table so it is not filled with garbage like this: 208.10.16/24 Fred's ISP --> send to Big ISP 208.10.17/24 Widget World --> send to Big ISP 208.10.18/24 Malls Electric --> send to Big ISP 208.10.19/24 Billy's BBS --> send to Big ISP Instead it should look like this 208.10.16/22 Some BIG ISP customers --> send to Big ISP which takes up less global routing table space and still gets the traffic where it is supposed to go. R) The columnist does not explain that Sean Doran's quote applies to the larger ISP's who are the ones running BGP and who should be controlling their routes so that they do *NOT* flap. It is punishing poorly run large ISP's and not small ISP's. S) It seems that Sprintlink customers are treated more leniently. So what, they pay Sprint for the service, don't they? If even one other tier 1 NSP implemented the same policy as Sprint then Sprint's lawyers (who wrote their customer contracts) would have the excuse they need to apply the same policy to Sprintlink customers. T) The columnist mistakenly refers to Yakhov Rekhter as "Cisco Systems'" whereas in fact IETF members *NEVER* represent the sompany they happen to work for at the time but only represent themselves. U) The hierarchical IP numbering scheme being discussed is in fact the scheme in place today and it has been so for some time. The IETF and IANA merely want to document this scheme and clarify it by publishing a Best Common Practices RFC so that it is easier for everybody to understand and explain what is going one. If this would cause you hardship, tough bananas! That's life. This is how things are in order to make the Internet operate effectively and if you didn't know this and make engineering and business plans accordingly then that's your problem. But it's never too late to educate yourself and to adjust your engineering and your policies to lessen the negative impact of hierarchical addressing. V) All this talk about fees for routes is just that. Talk. There isn't even an IETF working group yet for this topic but if you are real interested you can join piara@apnic.net (get ready to be flamed to a crisp if you ask dumb questions on this list) or better yet hunt up the PIARA mailing list archives at ftp.apnic.net I believe. W) This thing about "large providers blame small ISP's" is ludicrous. It's true that some few employees of large ISP's say nasty things about small ISP's but so what. The small ISP's who are clueless and do stupid things deserve to have nasty things said about them. There is such a wealth of educational material on the Internet about how to run an ISP and how to run a network that there really should not be any clueless small ISP's. Unless, of course, they think that $9.95 per month all you can eat service is the road to riches :-( X) I'm not going to say much more about all this talk of mythical charges. Just be aware that anyone can say what they want but that does not mean it will happen. But do pay attention to the cost of renumbering. If you do not plan your network and your business from day 1 with renumbering in mind then it will hurt bad when you have to do it and it could kill your business. Be prepared. Y) This idea of ISP co-ops is sort of what a tier 2 Regional Network provider does. If you are a customer of Netaxs or TLG or IXA then not only are you somewhat insulated from a lot of these problems but you have a certain ammount of access to some very skilled people who can help you make sure your networks are properly designed and configured. Z) There is no power in owning IP address blocks because at the present time IP addresses are not owned. Right now the power is in having a *WORKING* IP address block and that is intimately tied in to your choice of upstream provider. And if you change providers then you will have to change IP address blocks in order to retain that power of having a working address. *sigh* That guy gets paid for writing his confusing mish-mash of a column and I get paid nothing for writing this explanation which I have gone to some trouble in making as accurate as possible. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com