Hello, guys! Please, guide me of how to setup router. I need my network`s W98 computers see Internet thru my server (SuSE Linux 6.2). I.e., I need my Server work as a gateway. On the way to internet another gateway is placed. The current situation is: - from inside Linux Server is able to access both local and external network - W98 workstations are able to access Server only (even ping does not work for other IP) - naming is configured via SAMBA-WINS I have tried all the documentation, but I don`t know, what is wrong. Please, see my config files (attached). # # /etc/route.conf # # In this file you can configure your static routing... # # This file is read by /sbin/init.d/route. # # # Destination Dummy/Gateway Netmask Device # # Examples: # # Net devices # 193.141.17.192 0.0.0.0 255.255.255.192 eth0 # # Gateways # default Riemann # 0.0.0.0 193.141.17.193 # # # Host behind Gateway # 193.141.17.142 193.141.17.193 255.255.255.255 # # Net behind a Gateway # 193.141.17.145 193.141.17.193 255.255.255.0 # # Multicast route for e.g. eth0. IP multicasting, forwarding and perhaps # multicast routing in kernel should be enabled. More information will # be found in the NET-3-HOWTO. Most people do NOT need this feature. # # 224.0.0.0 0.0.0.0 240.0.0.0 eth0 # # ISDN (i4l) # 192.168.0.1 0.0.0.0 255.255.255.255 ippp0 # default 192.168.0.1 192.168.6.0 0.0.0.0 255.255.255.224 eth0 172.16.0.0 0.0.0.0 255.255.0.0 eth1 default 172.16.0.1 # # /etc/resolv.conf # # Automatically generated by SuSEconfig on Fri Mar 24 14:36:45 EET 2000. # # PLEASE DO NOT EDIT THIS FILE! # # Change variables (NAMESERVER + SEARCHLIST) in /etc/rc.config instead. # # search nameserver 195.50.0.161 nameserver 194.158.194.131 # See tcpd(8) and hosts_access(5) for a description. #(ALL EXCEPT in.fingerd) EXCEPT in.identd : ALL : (safe_finger -l @%h 2>&1| \ # /bin/mail -s "%d-%h %u" root) & # See tcpd(8) and hosts_access(5) for a description. #http-rman : ALL EXCEPT LOCAL # # Automatically generated make config: don't edit # # # Code maturity level options # CONFIG_EXPERIMENTAL=y # # Processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set CONFIG_M586TSC=y # CONFIG_M686 is not set CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_TSC=y # CONFIG_MATH_EMULATION is not set CONFIG_MTRR=y # CONFIG_SMP is not set # # Loadable module support # CONFIG_MODULES=y # CONFIG_MODVERSIONS is not set CONFIG_KMOD=y # # General setup # CONFIG_NET=y CONFIG_PCI=y # CONFIG_PCI_GOBIOS is not set # CONFIG_PCI_GODIRECT is not set CONFIG_PCI_GOANY=y CONFIG_PCI_BIOS=y CONFIG_PCI_DIRECT=y CONFIG_PCI_QUIRKS=y # CONFIG_PCI_OPTIMIZE is not set CONFIG_PCI_OLD_PROC=y # CONFIG_MCA is not set # CONFIG_VISWS is not set CONFIG_SYSVIPC=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_SYSCTL=y CONFIG_BINFMT_AOUT=y CONFIG_BINFMT_ELF=y CONFIG_BINFMT_MISC=m # CONFIG_BINFMT_JAVA is not set CONFIG_PARPORT=m CONFIG_PARPORT_PC=m # CONFIG_PARPORT_OTHER is not set # CONFIG_APM is not set # # Plug and Play support # CONFIG_PNP=y CONFIG_PNP_PARPORT=m # # Block devices # CONFIG_BLK_DEV_FD=y CONFIG_BLK_DEV_IDE=y # # Please see Documentation/ide.txt for help/info on IDE drives # # CONFIG_BLK_DEV_HD_IDE is not set CONFIG_BLK_DEV_IDEDISK=y CONFIG_BLK_DEV_IDECD=y CONFIG_BLK_DEV_IDETAPE=y CONFIG_BLK_DEV_IDEFLOPPY=y # CONFIG_BLK_DEV_IDESCSI is not set CONFIG_BLK_DEV_CMD640=y # CONFIG_BLK_DEV_CMD640_ENHANCED is not set CONFIG_BLK_DEV_RZ1000=y CONFIG_BLK_DEV_IDEPCI=y CONFIG_BLK_DEV_IDEDMA=y # CONFIG_BLK_DEV_OFFBOARD is not set CONFIG_IDEDMA_AUTO=y # CONFIG_BLK_DEV_OPTI621 is not set # CONFIG_BLK_DEV_TRM290 is not set # CONFIG_BLK_DEV_NS87415 is not set # CONFIG_BLK_DEV_VIA82C586 is not set # CONFIG_BLK_DEV_CMD646 is not set # CONFIG_IDE_CHIPSETS is not set # # Additional Block Devices # CONFIG_BLK_DEV_LOOP=m # CONFIG_BLK_DEV_NBD is not set CONFIG_BLK_DEV_MD=y CONFIG_MD_LINEAR=y CONFIG_MD_STRIPED=y CONFIG_MD_MIRRORING=y CONFIG_MD_RAID5=y CONFIG_MD_BOOT=y CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_INITRD=y # CONFIG_BLK_DEV_XD is not set CONFIG_PARIDE_PARPORT=m CONFIG_PARIDE=m # # Parallel IDE high-level drivers # # CONFIG_PARIDE_PD is not set # CONFIG_PARIDE_PCD is not set # CONFIG_PARIDE_PF is not set # CONFIG_PARIDE_PT is not set # CONFIG_PARIDE_PG is not set # # Parallel IDE protocol modules # # CONFIG_PARIDE_ATEN is not set # CONFIG_PARIDE_BPCK is not set # CONFIG_PARIDE_COMM is not set # CONFIG_PARIDE_DSTR is not set # CONFIG_PARIDE_FIT2 is not set # CONFIG_PARIDE_FIT3 is not set # CONFIG_PARIDE_EPAT is not set # CONFIG_PARIDE_EPIA is not set # CONFIG_PARIDE_FRIQ is not set # CONFIG_PARIDE_FRPW is not set # CONFIG_PARIDE_KBIC is not set # CONFIG_PARIDE_KTTI is not set # CONFIG_PARIDE_ON20 is not set # CONFIG_PARIDE_ON26 is not set # CONFIG_BLK_DEV_HD is not set # # Networking options # CONFIG_PACKET=y CONFIG_NETLINK=y CONFIG_RTNETLINK=y CONFIG_NETLINK_DEV=y # CONFIG_FIREWALL is not set CONFIG_FILTER=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_RTNETLINK=y CONFIG_NETLINK=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y # CONFIG_IP_ROUTE_TOS is not set CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_ROUTE_LARGE_TABLES is not set CONFIG_IP_ROUTE_NAT=y # CONFIG_IP_PNP is not set # CONFIG_IP_ROUTER is not set CONFIG_NET_IPIP=m CONFIG_NET_IPGRE=m # CONFIG_NET_IPGRE_BROADCAST is not set # CONFIG_IP_MROUTE is not set CONFIG_IP_ALIAS=y # CONFIG_ARPD is not set # CONFIG_SYN_COOKIES is not set # # (it is safe to leave these untouched) # # CONFIG_INET_RARP is not set CONFIG_SKB_LARGE=y CONFIG_IPV6=m # CONFIG_IPV6_EUI64 is not set # # # CONFIG_IPX=m # CONFIG_IPX_INTERN is not set CONFIG_SPX=m CONFIG_ATALK=m CONFIG_X25=m CONFIG_LAPB=m # CONFIG_BRIDGE is not set # CONFIG_LLC is not set CONFIG_ECONET=m # CONFIG_ECONET_AUNUDP is not set # CONFIG_ECONET_NATIVE is not set CONFIG_WAN_ROUTER=m # CONFIG_NET_FASTROUTE is not set # CONFIG_NET_HW_FLOWCONTROL is not set # CONFIG_CPU_IS_SLOW is not set # # QoS and/or fair queueing # CONFIG_NET_SCHED=y CONFIG_NETLINK=y CONFIG_RTNETLINK=y # CONFIG_NET_SCH_CBQ is not set # CONFIG_NET_SCH_CSZ is not set # CONFIG_NET_SCH_PRIO is not set # CONFIG_NET_SCH_RED is not set # CONFIG_NET_SCH_SFQ is not set # CONFIG_NET_SCH_TEQL is not set # CONFIG_NET_SCH_TBF is not set # CONFIG_NET_QOS is not set # CONFIG_NET_CLS is not set # # SCSI support # CONFIG_SCSI=y # # SCSI support type (disk, tape, CD-ROM) # CONFIG_BLK_DEV_SD=y CONFIG_CHR_DEV_ST=y CONFIG_BLK_DEV_SR=y # CONFIG_BLK_DEV_SR_VENDOR is not set CONFIG_CHR_DEV_SG=m # # Some SCSI devices (e.g. CD jukebox) support multiple LUNs # CONFIG_SCSI_MULTI_LUN=y CONFIG_SCSI_CONSTANTS=y # CONFIG_SCSI_LOGGING is not set # # SCSI low-level drivers # # CONFIG_SCSI_7000FASST is not set # CONFIG_SCSI_ACARD is not set # CONFIG_SCSI_AHA152X is not set # CONFIG_SCSI_AHA1542 is not set # CONFIG_SCSI_AHA1740 is not set CONFIG_SCSI_AIC7XXX=y # CONFIG_AIC7XXX_TCQ_ON_BY_DEFAULT is not set CONFIG_AIC7XXX_CMDS_PER_DEVICE=8 # CONFIG_AIC7XXX_PROC_STATS is not set CONFIG_AIC7XXX_RESET_DELAY=10 # CONFIG_SCSI_ADVANSYS is not set # CONFIG_SCSI_IN2000 is not set # CONFIG_SCSI_AM53C974 is not set # CONFIG_SCSI_MEGARAID is not set # CONFIG_SCSI_BUSLOGIC is not set # CONFIG_SCSI_DTC3280 is not set # CONFIG_SCSI_EATA is not set # CONFIG_SCSI_EATA_DMA is not set # CONFIG_SCSI_EATA_PIO is not set # CONFIG_SCSI_FUTURE_DOMAIN is not set # CONFIG_SCSI_GDTH is not set # CONFIG_SCSI_GENERIC_NCR5380 is not set # CONFIG_SCSI_G_NCR5380_PORT is not set # CONFIG_SCSI_G_NCR5380_MEM is not set # CONFIG_SCSI_INITIO is not set # CONFIG_SCSI_INIA100 is not set # CONFIG_SCSI_PPA is not set # CONFIG_SCSI_IMM is not set # CONFIG_SCSI_NCR53C406A is not set # CONFIG_SCSI_SYM53C416 is not set # CONFIG_SCSI_NCR53C7xx is not set # CONFIG_SCSI_NCR53C8XX is not set # CONFIG_SCSI_SYM53C8XX is not set # CONFIG_SCSI_PAS16 is not set # CONFIG_SCSI_PCI2000 is not set # CONFIG_SCSI_PCI2220I is not set # CONFIG_SCSI_PSI240I is not set # CONFIG_SCSI_QLOGIC_FAS is not set # CONFIG_SCSI_QLOGIC_ISP is not set # CONFIG_SCSI_QLOGIC_FC is not set # CONFIG_SCSI_SEAGATE is not set # CONFIG_SCSI_DC390T is not set # CONFIG_SCSI_T128 is not set # CONFIG_SCSI_U14_34F is not set # CONFIG_SCSI_ULTRASTOR is not set # CONFIG_SCSI_DEBUG is not set # # Network device support # CONFIG_NETDEVICES=y CONFIG_ARCNET=m # CONFIG_ARCNET_ETH is not set # CONFIG_ARCNET_1051 is not set # CONFIG_ARCNET_COM90xx is not set # CONFIG_ARCNET_COM90xxIO is not set # CONFIG_ARCNET_RIM_I is not set # CONFIG_ARCNET_COM20020 is not set CONFIG_DUMMY=m # CONFIG_EQUALIZER is not set # CONFIG_ETHERTAP is not set CONFIG_NET_ETHERNET=y # CONFIG_NET_VENDOR_3COM is not set # CONFIG_LANCE is not set # CONFIG_NET_VENDOR_SMC is not set # CONFIG_NET_VENDOR_RACAL is not set # CONFIG_RTL8139 is not set # CONFIG_YELLOWFIN is not set # CONFIG_ACENIC is not set # CONFIG_NET_ISA is not set CONFIG_NET_EISA=y # CONFIG_PCNET32 is not set # CONFIG_AC3200 is not set # CONFIG_APRICOT is not set # CONFIG_CS89x0 is not set # CONFIG_DE4X5 is not set # CONFIG_DEC_ELCP is not set # CONFIG_DGRS is not set # CONFIG_EEXPRESS_PRO100 is not set # CONFIG_LNE390 is not set # CONFIG_NE3210 is not set # CONFIG_NE2K_PCI is not set # CONFIG_TLAN is not set # CONFIG_VIA_RHINE is not set # CONFIG_ES3210 is not set # CONFIG_EPIC100 is not set # CONFIG_ZNET is not set # CONFIG_NET_POCKET is not set CONFIG_FDDI=y # CONFIG_DEFXX is not set CONFIG_HIPPI=y # CONFIG_CERN_HIPPI is not set # CONFIG_ROADRUNNER is not set # CONFIG_DLCI is not set # CONFIG_LTPC is not set # CONFIG_COPS is not set # CONFIG_IPDDP is not set # CONFIG_PLIP is not set # CONFIG_PPP is not set # CONFIG_SLIP is not set # CONFIG_NET_RADIO is not set CONFIG_TR=y # CONFIG_IBMTR is not set # CONFIG_SKTR is not set # CONFIG_SHAPER is not set # CONFIG_HOSTESS_SV11 is not set # CONFIG_COSA is not set # CONFIG_RCPCI is not set # CONFIG_WAN_DRIVERS is not set # CONFIG_LAPBETHER is not set # CONFIG_X25_ASY is not set # # Amateur Radio support # CONFIG_HAMRADIO=y # # Packet Radio protocols # # CONFIG_AX25 is not set # # Misc. hamradio protocols # # CONFIG_HFMODEM is not set # # IrDA subsystem support # CONFIG_IRDA=m # # IrDA protocols # # CONFIG_IRLAN is not set # CONFIG_IRCOMM is not set # CONFIG_IRLPT is not set # CONFIG_IRDA_OPTIONS is not set # CONFIG_IRDA_COMPRESSION is not set # # Infrared-port device drivers # # # SIR device drivers # CONFIG_IRTTY_SIR=m # CONFIG_IRPORT_SIR is not set # # FIR device drivers # # CONFIG_NSC_FIR is not set # CONFIG_WINBOND_FIR is not set # CONFIG_SHARP_FIR is not set # CONFIG_TOSHIBA_FIR is not set # CONFIG_SMC_IRCC_FIR is not set # # Dongle support # # CONFIG_DONGLE is not set # # ISDN subsystem # CONFIG_ISDN=m # CONFIG_ISDN_PPP is not set # CONFIG_ISDN_AUDIO is not set # CONFIG_ISDN_X25 is not set # CONFIG_ISDN_DRV_ICN is not set # CONFIG_ISDN_DRV_LOOP is not set # CONFIG_ISDN_DRV_PCBIT is not set # CONFIG_ISDN_DRV_HISAX is not set # CONFIG_ISDN_DRV_SC is not set # CONFIG_ISDN_DRV_ACT2000 is not set # CONFIG_ISDN_DRV_AVMB1 is not set # # Old CD-ROM drivers (not SCSI, not IDE) # CONFIG_CD_NO_IDESCSI=y # CONFIG_AZTCD is not set # CONFIG_GSCD is not set # CONFIG_SBPCD is not set # CONFIG_MCD is not set # CONFIG_MCDX is not set # CONFIG_OPTCD is not set # CONFIG_CM206 is not set # CONFIG_SJCD is not set # CONFIG_ISP16_CDI is not set # CONFIG_CDU31A is not set # CONFIG_CDU535 is not set # # Character devices # CONFIG_VT=y CONFIG_VT_CONSOLE=y # CONFIG_SERIAL is not set # CONFIG_SERIAL_EXTENDED is not set # CONFIG_SERIAL_NONSTANDARD is not set CONFIG_UNIX98_PTYS=y CONFIG_UNIX98_PTY_COUNT=256 # CONFIG_PRINTER is not set CONFIG_MOUSE=y # # Mice # # CONFIG_ATIXL_BUSMOUSE is not set # CONFIG_BUSMOUSE is not set # CONFIG_MS_BUSMOUSE is not set CONFIG_PSMOUSE=y CONFIG_82C710_MOUSE=y # CONFIG_PC110_PAD is not set # CONFIG_QIC02_TAPE is not set # CONFIG_WATCHDOG is not set # CONFIG_NVRAM is not set CONFIG_RTC=y # # Video For Linux # CONFIG_VIDEO_DEV=m # CONFIG_RADIO_RTRACK is not set # CONFIG_RADIO_RTRACK2 is not set # CONFIG_RADIO_AZTECH is not set # CONFIG_RADIO_CADET is not set # CONFIG_RADIO_MIROPCM20 is not set # CONFIG_RADIO_GEMTEK is not set # CONFIG_VIDEO_BT848 is not set # CONFIG_VIDEO_BWQCAM is not set # CONFIG_VIDEO_CQCAM is not set # CONFIG_VIDEO_PMS is not set # CONFIG_VIDEO_SAA5249 is not set # CONFIG_RADIO_SF16FMI is not set # CONFIG_RADIO_TYPHOON is not set # CONFIG_RADIO_ZOLTRIX is not set # # Joystick support # CONFIG_JOYSTICK=m # CONFIG_JOY_ANALOG is not set # CONFIG_JOY_ASSASIN is not set # CONFIG_JOY_GRAVIS is not set # CONFIG_JOY_LOGITECH is not set # CONFIG_JOY_SIDEWINDER is not set # CONFIG_JOY_THRUSTMASTER is not set # CONFIG_JOY_LIGHTNING is not set # CONFIG_JOY_CONSOLE is not set # CONFIG_JOY_DB9 is not set # CONFIG_JOY_TURBOGRAFX is not set # CONFIG_DTLK is not set # # Ftape, the floppy tape device driver # CONFIG_FTAPE=m # CONFIG_ZFTAPE is not set CONFIG_FT_NR_BUFFERS=3 # CONFIG_FT_PROC_FS is not set CONFIG_FT_NORMAL_DEBUG=y # CONFIG_FT_FULL_DEBUG is not set # CONFIG_FT_NO_TRACE is not set # CONFIG_FT_NO_TRACE_AT_ALL is not set # # Hardware configuration # CONFIG_FT_STD_FDC=y # CONFIG_FT_MACH2 is not set # CONFIG_FT_PROBE_FC10 is not set # CONFIG_FT_ALT_FDC is not set CONFIG_FT_FDC_THR=8 CONFIG_FT_FDC_MAX_RATE=2000 # # ONLY for DEC Alpha architectures # CONFIG_FT_ALPHA_CLOCK=0 # # Filesystems # CONFIG_QUOTA=y CONFIG_AUTOFS_FS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set CONFIG_FAT_FS=y CONFIG_MSDOS_FS=y CONFIG_UMSDOS_FS=y CONFIG_VFAT_FS=y CONFIG_ISO9660_FS=y CONFIG_JOLIET=y CONFIG_MINIX_FS=y CONFIG_NTFS_FS=m # CONFIG_NTFS_RW is not set CONFIG_HPFS_FS=y CONFIG_PROC_FS=y CONFIG_DEVPTS_FS=y # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set CONFIG_EXT2_FS=y # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set # # Network File Systems # CONFIG_CODA_FS=m CONFIG_NFS_FS=y CONFIG_NFSD=m CONFIG_NFSD_SUN=y CONFIG_SUNRPC=y CONFIG_LOCKD=y CONFIG_SMB_FS=m CONFIG_NCP_FS=m # CONFIG_NCPFS_PACKET_SIGNING is not set # CONFIG_NCPFS_IOCTL_LOCKING is not set # CONFIG_NCPFS_STRONG is not set CONFIG_NCPFS_NFS_NS=y CONFIG_NCPFS_OS2_NS=y # CONFIG_NCPFS_SMALLDOS is not set CONFIG_NCPFS_MOUNT_SUBDIR=y CONFIG_NCPFS_NLS=y CONFIG_NCPFS_EXTRAS=y # # Partition Types # CONFIG_BSD_DISKLABEL=y CONFIG_MAC_PARTITION=y CONFIG_SMD_DISKLABEL=y CONFIG_SOLARIS_X86_PARTITION=y # CONFIG_UNIXWARE_DISKLABEL is not set CONFIG_NLS=y # # Native Language Support # CONFIG_NLS_CODEPAGE_437=y # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set CONFIG_NLS_CODEPAGE_850=y # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set CONFIG_NLS_CODEPAGE_866=y # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_874 is not set CONFIG_NLS_ISO8859_1=y # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set CONFIG_NLS_ISO8859_5=y # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_15 is not set CONFIG_NLS_KOI8_R=y # # Console drivers # CONFIG_VGA_CONSOLE=y CONFIG_VIDEO_SELECT=y # CONFIG_MDA_CONSOLE is not set CONFIG_FB=y CONFIG_DUMMY_CONSOLE=y # CONFIG_FB_PM2 is not set CONFIG_FB_VESA=y CONFIG_VIDEO_SELECT=y # CONFIG_FB_MATROX is not set # CONFIG_FB_ATY is not set CONFIG_FB_VIRTUAL=y # CONFIG_FBCON_ADVANCED is not set CONFIG_FBCON_MFB=y CONFIG_FBCON_CFB2=y CONFIG_FBCON_CFB4=y CONFIG_FBCON_CFB8=y CONFIG_FBCON_CFB16=y CONFIG_FBCON_CFB24=y CONFIG_FBCON_CFB32=y CONFIG_FBCON_MAC=y # CONFIG_FBCON_FONTWIDTH8_ONLY is not set # CONFIG_FBCON_FONTS is not set CONFIG_FONT_8x8=y CONFIG_FONT_8x16=y # # Sound # CONFIG_SOUND=m # CONFIG_SOUND_ES1370 is not set # CONFIG_SOUND_ES1371 is not set # CONFIG_SOUND_SONICVIBES is not set # CONFIG_SOUND_MSNDCLAS is not set # CONFIG_SOUND_MSNDPIN is not set # CONFIG_SOUND_OSS is not set # # Kernel hacking # CONFIG_MAGIC_SYSRQ=y KEYTABLE="us.map.gz" LANGUAGE="english" # # Some people don't want SuSEconfig to modify the system. With this # entry you can disable SuSEconfig completely. # Please don't contact our support if you have trouble configuring your # system after having disabled SuSEconfig. (yes/no) # ENABLE_SUSECONFIG=yes # # # Local users will get RC_LANG as their default language, # i.e. the environment variable $LANG . $LANG is the default # of all $LC_*-variables, as long as $LC_ALL is not set, which # overrules all $LC_-variables. If empty, $LANGUAGE will be used. # Root uses this variable only if ROOT_USES_LANG is set to "YES" # # RC_LANG="" # # This variable will overrule all LC-variables!! # Again, ROOT_USES_LANG has to be set to YES in order # to get any effect for the superuser. # RC_LC_ALL="" # # This defines the locale in which messages of programs and # libraries with i18n-support should appear if a translated # message catalog for the library or the program is installed. # It also defines yes/no answers which are defined by the locale. # RC_LC_MESSAGES="" # # This defines the locale for character handling and classification. # The locale defined here is used by the libc in functions which # are used to qualify if this character is an charcater which may # be used in an text string, if the character is e.g. lowercase # and it defnes upper/lowercase-mapping of foreign characters # RC_LC_CTYPE="" # # This defines the locale for sorting strings and characters. # The locale defined here is used by the libc in functions which # are used to qualify if a character is befor or beyond an other # character in the alphabet. Note: sort(1) doesn't use these # functions, but other application such as databases may use it. # RC_LC_COLLATE="" # # This defines the locale for date and time output formats. # i.e.: 06/09/1999 vs. 09.06.1999 # RC_LC_TIME="" # # This defines the locale for formatting and reading numbers. # i.e.: 1,234.56 vs. 1.234,56 # RC_LC_NUMERIC="" # # This defines the locale for formatting and reading money values. # RC_LC_MONETARY="" # # This defines if the user "root" should use the locale settings # which are defined here. # ROOT_USES_LANG="no" # # SuSEconfig can mail reports (created by YaST or included in packages) # to you. Here you can set the address. If you don't want reports to # be send, then simply set it to "". # MAIL_REPORTS_TO="root" # # There are two levels of mailing. If you set MAIL_LEVEL it to "warn" # you only get the important mails. If you set it to "all", you get # logs also. # MAIL_LEVEL="warn" # # Which device is the mouse ? (e.g. "/dev/ttyS0") # MOUSE="/dev/ttyS0" # # Which device is the modem ? (e.g. "/dev/ttyS1") # MODEM="" # # Load this console font upon bootup: # CONSOLE_FONT="" # # Does your console font need a screenmap? Insert it into CONSOLE_SCREENMAP. # CONSOLE_SCREENMAP="" # # some fonts/keymap need a unicode map (TRANSLATION in former releases). # add it to CONSOLE_UNICODEMAP. # CONSOLE_UNICODEMAP="" # # for some fonts the console has to be initialized with CONSOLE_MAGIC. # CONSOLE_MAGIC can be empty or have the values "(B", ")B", "(K" or ")K". # CONSOLE_MAGIC="" # # keyboard repeat rate (2.0 - 30.0) # keyboard delay time in ms (250, 500, 750, 1000) # (If you want "kbdrate" to be executed, you have to set both of them.) # KBD_RATE="" KBD_DELAY="" # # NumLock on? ("yes" or "no") KBD_NUMLOCK="no" # # CapsLock on? ("yes" or "no") KBD_CAPSLOCK="no" # # tty's for NumLock and CapsLock # example: "tty1 tty2" # "" for all tty's # KBD_TTY="tty1 tty2 tty3 tty4 tty5 tty6" # # Set to "-u" if your system clock is set to GMT, otherwise "". # GMT="" # # Timezone (e.g. CET) # (this will set /usr/lib/zoneinfo/localtime) # TIMEZONE="Europe/Minsk" # # start loopback networking? ("yes" or "no") # START_LOOPBACK="yes" # # networking # # number of network cards: "_0" for one, "_0 _1 _2 _3" for four cards # NETCONFIG="_0 _1" # # IP Adresses # IPADDR_0="192.168.6.1" IPADDR_1="172.16.68.1" IPADDR_2="" IPADDR_3="" # # network device names (e.g. "eth0") # NETDEV_0="eth0" NETDEV_1="eth1" NETDEV_2="" NETDEV_3="" # # parameteres for ifconfig, if you put "bootp" into it, bootp will # be used to configure it # sample entry for ethernet: # IFCONFIG_0="192.168.81.38 broadcast 192.168.81.63 netmask 255.255.255.224" # IFCONFIG_0="192.168.6.1 broadcast 192.168.6.31 netmask 255.255.255.224 up" IFCONFIG_1="172.16.68.1 broadcast 172.16.255.255 netmask 255.255.0.0 up" IFCONFIG_2="" IFCONFIG_3="" # # setup dummy network device for IPADDR_0? this is useful for non permanent # network connections (e.g. SLIP, PPP). Some software needs a connection # to FQHOSTNAME (e.g. plp). (yes, no) SETUPDUMMYDEV="no" # # Do you want the "dynamic IP patch" to be enabled at bootup? (yes/no) # IP_DYNIP=no # # Enable syn flood protection (see /usr/src/linux/Documentation/Configure.help) # (yes/no) # IP_TCP_SYNCOOKIES=yes # # runtime-configurable parameter: forward IP packets. # Is this host a router? (yes/no) # IP_FORWARD=yes # # SuSEconfig can do some checks and modifications in /etc/hosts. # If this is not wanted, set the following variable to 'no' (yes, no). # CHECK_ETC_HOSTS=yes # # If CHECK_ETC_HOSTS is set to yes, SuSEconfig sorts your # /etc/hosts. But in some cases this may be unwanted. So here is a # flag, where you can configure if /etc/hosts should be "beautified". # (yes/no) # BEAUTIFY_ETC_HOSTS=yes # # if SORT_PASSWD_BY_UID is set to yes, SuSEconfig sorts your /etc/passwd # and /etc/group by uid/gid. # SORT_PASSWD_BY_UID=no # # hostname of the system (full name) # if zero, and bootp is used above, bootp will also set the hostname # (e.g. "riemann.suse.de" or "hugo.linux.de") # don't forget to also edit /etc/hosts for your system # FQHOSTNAME="MMTSSERVER.MMTS.BSUIR.BY" # # SuSEconfig can create and check the /etc/host.conf for you. Should this # be done ("yes" or "no"). # CREATE_HOSTCONF="yes" # # Shall SuSEconfig maintain /etc/resolv.conf (needed for DNS) ? # If set to yes and one of SEARCHLIST and NAMESERVER is empty, # it is assumed, that no DNS is wanted and /etc/resolv.conf will # be deleted. If yes and both are filled out, it will be created. # "no" leaves /etc/resolv.conf untouched. # CREATE_RESOLVCONF=yes # # domain searchlist that should be used in /etc/resolv.conf # (e.g. "suse.de linux.de uni-stuttgart.de") # Attention! this has to be filled out, if you want to access a name server # SEARCHLIST=" " # # space separated list of nameservers that should be used for /etc/resolv.conf # give a maximum of 3 IP numbers # (e.g. "192.168.116.11 192.168.7.7") # NAMESERVER="195.50.0.161 194.158.194.131" # # Used for News-Postings. # ORGANIZATION="" # # News server. # NNTPSERVER="news" # # space separated list of irc servers # IRCSERVER="" # # start the inet daemon in multi-user? ("yes" or "no") # this is needed, if you have to telnet/rlogin to your own machine. # It is also needed for the man page formatter in SuSE Help system # and for starting the plp lp daemon. # START_INETD="yes" # # have mail daemon on SMTP port? ("yes" or "no") # needed, if you receive email from other hosts via tcp/ip # not needed, if you have a uucp-only host or only out-going email. # If set to "yes", sendmail will be started as daemon. # As uucp site, you can get along with "SMTP=no", if you make # a "sendmail -q" call after each poll. (As rmail is queuing the mail only # and not delivering it...) # SMTP="yes" # # From:-Line in email and News postings # (otherwise the FQDN is used) # FROM_HEADER="MMTSSERVER.MMTS.BSUIR.BY" # # some programs (e.g. lynx, arena and wget) support proxies, if set in # environment. SuSEconfig can add this environment variables to # /etc/SuSEconfig/* (sourced by /etc/profile etc.) - See # http://www.suse.de/Support/sdb_e/lynx_proxy.html for more details. # Example: HTTP_PROXY="http://proxy.provider.de:3128/" HTTP_PROXY="" # # Example: FTP_PROXY="http://proxy.provider.de:3128/" # FTP_PROXY="" # # Example: GOPHER_PROXY="http://proxy.provider.de:3128/" # GOPHER_PROXY="" # # Example: NO_PROXY="www.me.de, do.main, localhost" # NO_PROXY="localhost" # # start kernel daemon? ("yes" or "no") # START_KERNELD="yes" # # start cron daemon? ("yes" or "no") # should be left unchanged to the default "yes" entry # CRON="yes" # # start portmap? ("yes" or "no") # this is needed, if the NFS server is started or if NIS is used # Caution! The portmapper will be started with no regard to # START_PORTMAP if NFS_SERVER is set to "yes"! # START_PORTMAP="yes" # # should the NFS server be started on this host? ("yes" or "no") # (needs activated portmapper) # NFS_SERVER="yes" # # should the kernel based NFS server be started on this host # (instead of the user space version) ? ("yes" or "no") # THIS NEEDS A 2.1 KERNEL WITH NFSD SUPPORT # USE_KERNEL_NFSD="no" # # the kernel nfs-server supports multiple server threads # USE_KERNEL_NFSD_NUMBER="4" # # translates userid and goupid between server and client # ("yes" or "no"). Needs to be started on NFS clients. # NFS_SERVER_UGID="yes" # # should imported NFS be reexported? ("yes" or "no") # REEXPORT_NFS="no" # # when shutting down routing, all net connection can be closed (not useful # in all cases). If CLOSE_CONNECTIONS is set to "true" /sbin/init.d/route # scans /proc to search for network connections and sends a term signal # to the processes. # CLOSE_CONNECTIONS="false" # # start pcnfsd (for PCNFS clients; needs activated portmapper - # see man pcnfsd) (yes/no) # START_PCNFSD=no # # start bwnfsd (pcnfs related) (yes/no) # START_BWNFSD=no # # pcnfsd and bwnfsd need spool directory for lpd. Set it here. # PCNFSD_LPSPOOL=/var/spool/lpd # # start rwhod? NOTE: rwhod broadcasts regularly, so dial # on demand connections (ISDN and/or diald) might be established # (yes/no) # START_RWHOD=no # # should gpm be started on this machine? ("yes" or "no") # START_GPM="yes" # # gpm will be started with these parameters # it won't be started in runlevel 3 (xdm) # (example: "-t msc -m /dev/mouse") # GPM_PARAM=" -t ms -m /dev/mouse" # # start routed (for dynamic routing - see man routed) (yes/no) # ATTENTION: starting routed causes net traffic every 30 seconds. # If your host is connected to internet via dial-up it makes absolutely # no sense to activate it. # START_ROUTED=yes # # start the named (package bind)? You have to configure the named first, # before you can start it (man named). # START_NAMED=no # # should updatedb (for locate) be started by cron.daily ("yes" or "no") # RUN_UPDATEDB=yes # # should mandb and whatis be recreated by cron.daily ("yes" or "no") # REINIT_MANDB=yes # # updatedb has a parameter "--localuser". it runs the find as this user. # some people think, its a security hole to run it as root (because you # can get information about directories you can not read normally). Some # think its useful to hold all files in the database. If you want full # information in locate db, set RUN_UPDATEDB_AS=root. If you want security # use RUN_UPDATEDB_AS=nobody. # RUN_UPDATEDB_AS=nobody # # uptdatedb normally only scans local harddisks, but can include net paths # in database as well. If you specify directories here, they will be scanned. # UPDATEDB_NETPATHS="" # # uptdatedb can skip directories for its database. The following parameter # says which. # UPDATEDB_PRUNEPATHS="/S.u.S.E. /mnt /cdrom /tmp /usr/tmp /var/tmp /var/spool /proc" # # search net paths as ? (e.g. nobody) # UPDATEDB_NETUSER="" # # old corefiles? should they be deleted ("yes" or "no") # if set to no, cron.daily will tell you, if it finds old core files. # please note, that this feature needs RUN_UPDATEDB to be set to "yes". # DELETE_OLD_CORE=no # # how old are 'old' core files? (in days) # MAX_DAYS_FOR_CORE=7 # # should old preformated man pages be deleted (/var/catman) # (yes/no) # DELETE_OLD_CATMAN=yes # # How old are OLD preformated man pages for you? (days) # CATMAN_ATIME=7 # # we have a small script to generate usr/info/dir file. This needs perl.. # ("yes" or "no") # CREATE_INFO_DIR="yes" # # SuSEconfig can call chkstat to check permissions and ownerships for # files and directories (using /etc/permissions). # Setting to "set" will correct it, "warn" produces warnings, if # something strange is found. Disable this feature with "no". # CHECK_PERMISSIONS=set # # SuSE Linux contains two different configurations for # chkstat. The differences can be found in /etc/permissions.secure # and /etc/permissions.easy. If you create your own configuration # (e.g. permissions.foo), you can enter the extension here as well. # # (easy/secure local foo whateveryouwant). # PERMISSION_SECURITY="easy local" # # How long to store old log files. If set to 0, log files will be untouched. # The log files below will be checked by cron.daily. The number # after the name means the minimum size in k, the file has to have, before # it will be backed up (root gets a mail, if it happens). # # /tmp/log_mg.* (1024), /var/log/wtmp (400), /var/log/isdn (4096), # /var/lib/xdm/xdm-errors (200), /var/spool/uucp/Log (2048), # /var/spool/uucp/Stats (1024), /var/log/debug (1024), /var/log/warn (1024), # /var/log/messages (4096), /var/log/xferlog (4096), # /local/www/logs/access_log (4096), /local/www/logs/error_log (1024) # /var/adm/isdn.log (1024), /var/log/isdncalls (1024) # MAX_DAYS_FOR_LOG_FILES=365 # # cron.daily can make backup the rpm database. Set the path here, and # cron.daily will make backup everytime it is called and the db has # changed. This backups are recommended. If you don not want this # feature, set it to "". # RPMDB_BACKUP_DIR=/var/adm/backup/rpmdb # # here you can set the maximum number of backup files for the rpm # database. # MAX_RPMDB_BACKUPS=5 # # cron.daily can check for old files in tmp-dirs. It will delete all files # not accessed for more than MAX_DAYS_IN_TMP. If MAX_DAYS_IN_TMP is not set # or set to 0, this feature will be disabled. # MAX_DAYS_IN_TMP=0 # # You can specify in TMP_DIRS_TO_CLEAR, which directories have to be # searched for old files, to be deleted. # TMP_DIRS_TO_CLEAR="/tmp /var/tmp" # # In OWNER_TO_KEEP_IN_TMP, you can specify, whoms file shall not be deleted. # OWNER_TO_KEEP_IN_TMP="root" # # Do you want to have "." in root path? This is not recommended, but # many people do prefer it (yes/no). # CWD_IN_ROOT_PATH="no" # # If you want to allow root logins from other machines, set ROOT_LOGIN_REMOTE # to "yes". # ROOT_LOGIN_REMOTE="yes" # # Some packages by SuSE include dynamically linked motif progs as well # as statically linked (*.SuSE-dynamic resp. *.SuSE-static). SuSEconfig # can analyze your system and link the matching program to *. If you # set this to "clean", the other binary will be deleted. (no/link/clean) # HOW_TO_HANDLE_COMMERCIAL_LIBS=link # # SuSEconfig can do some modifications to /etc/inittab. If you don't want # this, set CHECK_INITTAB to no. (yes/no) # CHECK_INITTAB=yes # # Here you can set the default Display manager (kdm/xdm/console). # Attention: CHECK_INITTAB has to be set to yes, to activate this feature. # If DISPLAYMANAGER is set to console, SuSEconfig will not bother you # with a missing XF86Config. # DISPLAYMANAGER="" # # Here you can set the default window manager (kde, fvwm, ...) # DEFAULT_WM=kde # # CONSOLE_SHUTDOWN determines how ctrl-alt-del is handled. # Attention: CHECK_INITTAB has to be set to yes, to activate this feature. # (ignore/reboot/halt) # CONSOLE_SHUTDOWN=reboot # # Should isapnp be used to initialize your PNP at bootup? (yes/no) # START_ISAPNP=yes # # run the Name Service Caching Daemon at boot time? (yes/no) # START_NSCD=yes umask 022 # # Attention! This variable PATH is NOT setting the PATH for user or root # shells. It is only used internally for /sbin/init.d/*, SuSEconfig and # cron.daily. Please do NOT change PATH here. # PATH=/sbin:/bin:/usr/sbin:/usr/bin ## ## Formating the boot script messages: ## The boot scripts should use the variables rc_done and rc_fail to ## symbolize their success. See /sbin/init.d/skeleton for an example ## how to use these variables. ## rc_done_up and rc_failed_up do the same as rc_done and rc_failed ## but one line above (usefull for starting daemons who talk to user). ## The variable rc_reset is used by the master resource control script ## /sbin/init.d/rc to turn off all attributes and switch on the standard ## character set. ## ## \033 is just ascii ESC ## \033[<NUM>G move to column <NUM> ## \033[1m switch bold on ## \033[31m switch red on ## \033[32m switch green on ## \033[33m switch yellow on ## \033[m switch color/bold off ## rc_done="\033[71G\033[32mdone\033[m" rc_failed="\033[71G\033[31m\033[1mfailed\033[m" rc_skipped="\033[71G\033[1mskipped\033[m" rc_done_up="\033[1A$rc_done" rc_failed_up="\033[1A$rc_failed" rc_unused="\033[71G\033[1munused\033[m" rc_reset="\033[m\017" # # Should the ATD (at daemon) be started, for the execution of at jobs? (yes/no) # START_ATD=yes # # Update groff DESC to get page sizes correct? (yes/no) # # If the correct page size isn't found in your printcap # you can set GROFF_PAGESIZE to the following values # # letter, legal, a4, or b5 # # supported by both groff *and* ghostscript # UPDATE_GROFF_CONF=yes GROFF_PAGESIZE= # # Should PCMCIA service be started at boottime? (yes/no) # START_PCMCIA="no" # # PCMCIA: This variable determines the used chipset. Valid Values are # "i82365" or "tcic". If it is left empty, pcmcia will not be startet # at boot up. # PCMCIA="" # # PCMCIA_PCIC_OPTS - socket driver timing parameters here. These # parameters are described in "man i82365" (or "man tcic"). # For more information, look for "PCIC_OPTS" in the PCMCIA-HOWTO. # You can find it under /usr/doc/packages/pcmcia. # PCMCIA_PCIC_OPTS="" # # PCMCIA_CORE_OPTS - Put pcmcia_core options here. These options # are described in "man pcmcia_core" # For more information, look for "CORE_OPTS" in the PCMCIA-HOWTO. # You can find it under /usr/doc/packages/pcmcia. # PCMCIA_CORE_OPTS="" # # May SuSEconfig modify your perllocal.pod? (yes/no) # CREATE_PERLLOCAL_POD="yes" # # May SuSEconfig run h2ph when kernelsources have changed # GENERATE_PERL_SYSTEM_INCLUDES="yes" # # Default loglevel for klogd # KERNEL_LOGLEVEL=1 # # if not empty: parameters for syslogd # for example SYSLOGD_PARAMS="-r -s my.dom.ain" # SYSLOGD_PARAMS="" # # Start apmd? (yes/no) # START_APMD=no # # Turn on quotas? (yes/no) # START_QUOTA="no" # # SVGATEXTMODE comes from the package svgatext which allows # higher text resolutions (up to 160x60) on SVGA cards. # The variable contains a valid mode from /etc/TextConfig. # Please configure this file to suit the needs of your graphics card. # How to do this is explained in /usr/doc/packages/svgatext. # Default is "". SVGATextMode will not be started then. # SVGATextMode resolutions are used in runlevel 1,2,3 and turned off # in runlevel s. # SVGATEXTMODE="" # Set this to native, if you want *real* Multithreading, # e.g. in combination with SMP-systems JAVARUNT_THREADS_TYPE="green" # # Should the Apache httpd be started at bootup? (yes/no) # START_HTTPD=yes # # Start the argus networkmonitoring tool? # START_ARGUS=no # # What interface should argus listen? # ARGUS_INTERFACE=eth0 # # Where to write the argus logfile? (Remember to check this file # periodical, because it may become very large!!!) # ARGUS_LOGFILE="/var/log/argus.log" # # Shall auto mount daemon autofs be started? (yes/no) # START_AUTOFS=no # # Start the cipe-daemon for encrypted IPIP-Tunnel? # START_CIPED=no # DHCLIENT="no" # # Shall dynamic host configuration Server DHCP be started? (yes/no) # START_DHCPD="no" # # Interface for dynamic host configuration Server DHCP # DHCPD_INTERFACE="eth0" # # Shall DHCP relay agent be started? (yes/no) # START_DHCRELAY="no" # # DHCP servers to be used by DHCP relay agent # DHCRELAY_SERVERS="127.0.0.1 127.0.0.2" # # The name of the central server for the Online documentation # This should be a fully qualified host name, e.g. host.domain.top # DOC_HOST="" # # Set this to yes on the central documentation server # Then the online-help-system indices are automatically adjusted # and access to the http-rman service is allowed # DOC_SERVER="no" # # List auf host/domain patterns for use with /etc/hosts.allow # access restrictions on http-rman, e.g. ".mydomain.top" to # allow access from all hosts of domain mydomain.top # DOC_ALLOW="LOCAL" # # Firewall settings - See /usr/doc/packages/firewall # for a detailed description # FW_START="no" FW_LOCALNETS="" FW_FTPSERVER="" FW_WWWSERVER="" FW_SSLSERVER="" FW_SSLPORT="443" FW_MAILSERVER="" FW_DNSSERVER="" FW_NNTPSERVER="" FW_NEWSFEED="" FW_WORLD_DEV="eth1" FW_INT_DEV="eth0" FW_LOG_ACCEPT="no" FW_LOG_DENY="yes" FW_ROUTER="" FW_FRIENDS="no" FW_INOUT="no" FW_SSH="no" FW_TRANSPROXY_OUT="" FW_TRANSPROXY_IN="" FW_REDIRECT="" FW_TCP_LOCKED_PORTS="1:1023" FW_UDP_LOCKED_PORTS="1:1023" # # Masquerading settings - See /usr/doc/packages/firewall # for a detailed description # MSQ_START="no" MSQ_NETWORKS="192.168.0.0/24" MSQ_DEV="eth0" MSQ_MODULES="ip_masq_cuseeme ip_masq_ftp ip_masq_irc ip_masq_quake ip_masq_raudio ip_masq_vdolive" # # It is important to run faxsetup before setting this to `yes`!!! # START_HYLAFAX=no # # Start the INN news server? (yes/no) # START_INN=no # # Shall the IRC-Server ircd be started? (yes/no) # START_IRCD="no" # # Start printer daemon lpd? (if you use plp, you can also disable it here # an enable it in /etc/inetd.conf) (yes/no) # START_LPD=yes # # Should the novell server emulator be started at bootup? (yes/no) # START_MARSNWE=no # # start netatalk? ("yes" or "no") # AppleTalk - File- and Printservices # START_ATALK="no" # # NIS(YP)/NIS+ domainname, ask the admin of the server. # YP_DOMAINNAME="" # # start the ntopd (yes|no) # START_NTOPD="no" # # Specifies the network interface used by ntop # NTOPD_IFACE="eth0" # # Supposing to start ntop at the port 3000, # the URL to access is http://hostname:3000/ # # The file /root/.ntop specifies the # HTTP user/password of those people who are allowed to # access ntop. If the /root/.ntop file is missing no security # will be used hence everyone can access traffic informa- # tion. Please note that an HTTP server is NOT needed in # order to use the program in interactive mode. # NTOPD_PORT="3000" # # Set this to 'yes', if you want to start the ldap server: # START_LDAP=no # # Start RADIUSD ? (yes/no) # START_RADIUSD=no # # Start the rinetd TCP redirector? # START_RINETD="no" # # start samba? ("yes" or "no") # Windows 95 / NT - File- and Printservices # START_SMB="yes" # # do you want to generate a sendmail-configuration /etc/sendmail.cf from # parameters given in /etc/rc.config ("yes") or do you want to generate # your /etc/sendmail.cf yourself ("no") ? # (you could also use /etc/mail/linux.mc to do so.) # SENDMAIL_TYPE="yes" # # smarthost - this host gets all outgoing email from us # normally used for uucp-connected sites or for dialup connections # use "uucp-dom:server.uucp.com" to deliver all email to "server.uucp.com" # SENDMAIL_SMARTHOST="" # # sendmail assumes the following space-separated host-names to be # the local host (this must just be used for names differrent to the # hostname, for e.g. aliases like www.nowhere.com) # SENDMAIL_LOCALHOST="localhost" # # do not deliver any email locally, but send all email to another host # this can just be used with another system that has the same users on it # and you probably also want to set the FROM_HEADER to the other host # SENDMAIL_RELAY="" # # with what parameters should sendmail be started? # normal sites use "-bd -q30m -om". if you set SENDMAIL_EXPENSIVE and you # have a dialup ISDN connection, you probably want to set this to # "-bd -om" and run "sendmail -q" from your crontab. # SENDMAIL_ARGS="-bd -q30m -om" # # sendmail will only queue email in /var/spool/mqueue and will only start # to deliver it if "sendmail -q" is run # SENDMAIL_EXPENSIVE="no" # # sendmail will not try to canonify hostnames in your email # so much less DNS-queries are send # you probably want to enable this on a SENDMAIL_EXPENSIVE system # SENDMAIL_NOCANONIFY="yes" # # these domains can additional to the local domains be changed # in /etc/mail/genericstable # SENDMAIL_GENERICS_DOMAIN="" # # Shall the cmu snmpd be started at boot up ? (yes/no) # START_SNMPD=no # # Start the squid WWW-proxy ? (yes/no) # START_SQUID=yes # # Should the thttpd webserver be started at bootup? (yes/no) # START_THTTPD=no # # Set this to 'yes', if you want to start the webb500gw: # START_WEBGW=no # # Start WWW offline browser wwwoffle ? # START_WWWOFFLE="no" # # Start XNTPD? (yes/no) # START_XNTPD=no # # Usually it's a good idea to get the current time and date # from some other ntp server, before xntpd is started. # If we should do so, provide a space-separated list of # ntp servers to query. # XNTPD_INITIAL_NTPDATE="" # # This allows you to alter the kernel TICK variable. # # WARNING: YOU MUST NOT CHANGE THIS VARIABLE! # # Believe me, it won't help to solve any problem you have # if you set it. On the contrary, you will run into trouble! # # It's just here for those few, who know why they do not # believe me ;) # XNTPD_KERNEL_TICK="" # # Should /etc/yp.conf be created automatically? ("yes" or "no") # If set to yes /etc/passwd and /etc/group will also be checked. # CREATE_YP_CONF="yes" # # YP-Servers. Attention! You've to fill in IP adresses, a name or a nick # name here. It must be defined in /etc/hosts (case sensitive). # DNS does not work with ypbind. (e.g. "192.168.116.11 192.168.7.7") # YP_SERVER="" # # start the ypbind daemon for NIS ? ("yes" or "no") # This entry is ignored if no YP_DOMAINNAME is set. # In this case, ypbind is not started. # START_YPBIND="yes" # # start the yp-server? # START_YPSERV="no" # # start ypxfrd? # this is only needed on the main yp-server if you also # have slave yp-servers. it speeds up the transfer of maps # to the slave servers # START_YPXFRD="no" # # start yppasswdd? # START_YPPASSWDD="no" # # YP Source directory for passwd, shadow and group. You could # give here an different directory as /etc where YP will search # the source files for the passwd and group tables. # YPPWD_SRCDIR=/etc # # Start scanlogd? (yes/no) # START_SCANLOGD=yes # # Start the ssh daemon ? (yes/no) # START_SSHD=yes # # KDM_SHUTDOWN determines who will be able to shutdown the # system in kdm. Valid values are: "root", "all", "none", "local", # KDM_SHUTDOWN=root # # space separated list of users for which icons should be shown in KDM # if empty, then take system defaults # KDM_USERS="" # # path of jpeg or xpm image to be shown in the background of kdm # or background color (color names from /usr/X11R6/lib/X11/rgb.txt) # KDM_BACKGROUND=/opt/kde/share/wallpapers/paper01.jpg # # title string of kdm, special string HOSTNAME displays name of computer # KDM_GREETSTRING="" # # Pixmap which appears on the top of a KDE window, do not specify full path # path name; it will be searched in KDE IconPath; no Gimmick if empty # just try: "chamelia.xpm" # KWM_GIMMICK_PIXMAP="" # # SuSEconfig.wm can create a .fvwm2rc, .fvwmrc, .bowmanrc, .fvwm2rc95, # .mwmrc, .ctwmrc, depending on the installed packages. If # you want your systemwide wm config files to be updated after install # / removal of packages set SUSEWM_UPDATE to "yes", otherwise to "no" # SUSEWM_UPDATE="yes" # # This is the (space separated) list of window managers for which you # want to generate the config file. Valid values are: # "fvwm", "fvwm2", "fvwm95", "bowman", "mwm", "ctwm", "kwm", "all". # Default setting is "all" which is for generating files for all wms. # SUSEWM_WM="all" # # If you want the look of the windows similar to mwm say "yes" else "no" # This is only applicable for fvwm derived window managers # if this variable is empty, the default is "no" # SUSEWM_MWM="yes" # # Your fvwm2/95 is slow? Don't want small pixmaps in menus? So set # SUSEWM_XPM to "no", if pixmaps in menus are wanted set it to "yes", # which is the default value. The package 3dpixms has to be installed. # SUSEWM_XPM="yes" # # These are additional source files always to be included # when SuSEconfig.wm is running, e.g. a local configuration # SUSEWM_ADD="" # # If susewm should conform to older versions of susewm, susefvwm or # fvwm95, set this to "yes". Otherwise to "no" # SUSEWM_COMPAT="yes" -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 06:22 PM 03/25/00 +0200, you wrote:
Hello, guys!
Guys only?
Please, guide me of how to setup router. I need my network`s W98 computers see Internet thru my server (SuSE Linux 6.2). I.e., I need my Server work as a gateway.
The current situation is: - from inside Linux Server is able to access both local and external network - W98 workstations are able to access Server only (even ping does not work for other IP)
So your internal network is a 192.168.x.x net? You need to masquerade, correct? what does ipchains -L show? root@SuSE:~ > ipchains -L Chain input (policy ACCEPT): Chain forward (policy ACCEPT): target prot opt source destination ports MASQ all ------ anywhere anywhere n/a Chain output (policy ACCEPT): Not much protection for my machine. All I have setup is the machine to masquerade forwarded packets. You set that up simply by typing: ipchains -A forward -j MASQ -i ppp0 Make sure, of course, the Win98 is set to use your Linux machine as the gateway. I'm starting to belive it's easier to config things by hand instead of trying to figure out what SuSEconfig does. So far I've had to modify the firewall and the wvdial.dod scripts to make them work, create a new sendmail.cf file, fix the default httpd.conf file, and search and replace a bunch of .html files with HREFs pointing to http://localhost of all places.... Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
MMTS Sysadmin wrote:
Hello, guys!
Please, guide me of how to setup router. I need my network`s W98 computers see Internet thru my server (SuSE Linux 6.2). I.e., I need my Server work as a gateway.
On the way to internet another gateway is placed.
The current situation is: - from inside Linux Server is able to access both local and external network - W98 workstations are able to access Server only (even ping does not work for other IP) - naming is configured via SAMBA-WINS
I have tried all the documentation, but I don`t know, what is wrong. Please, see my config files (attached).
I've been flipping through you rc.config. You have to set MSQ_START="yes". I am not sure wether other options have to be set as well, consult your SuSE manual. I've helped to set it up again for collegues at work last week, but I always need to test and can't do it off head. ;-) furthermore, make sure your linux default gateway is the "next" GW on the way to the internet and set the default gateway on you Win boxes to your Linux box (192.168.6.1) Enter your ISP's nameservers in the windows TCPIP options as 195.50.0.161 and 194.158.194.131. (I'd rather recomend to set up at least a caching nameserver on your linux box as well and point to that) Masquerading is done by some firewall rules (that I quite don't understand) This should get you at least a bit closer. Juergen -- =========================================== __ _ Juergen Braukmann juergen.braukmann@gmx.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | /\\ /__/ / _ \/ // /\ \/ / ===========================================_\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
MMTS Sysadmin wrote:
Hello, guys!
Please, guide me of how to setup router. I need my network`s W98 computers see Internet thru my server (SuSE Linux 6.2). I.e., I need my Server work as a gateway.
On the way to internet another gateway is placed.
The current situation is: - from inside Linux Server is able to access both local and external network - W98 workstations are able to access Server only (even ping does not work for other IP) - naming is configured via SAMBA-WINS
I have tried all the documentation, but I don`t know, what is wrong. Please, see my config files (attached).
Hello, It seems to me you have two internal networks.
# /etc/route.conf 192.168.6.0 0.0.0.0 255.255.255.224 eth0 172.16.0.0 0.0.0.0 255.255.0.0 eth1 default 172.16.0.1
192.168.6.0 is a non-arbitrating network (not public), as s 172.16.0.0, so you route from one private net to another. In this case, you don't need to masquerade, but simply turn routing on, because I figure you have either a proxy or a firewall running on 172.16.0.1 which performs masquerading services. If you don't have a 172.16.0.0-network (you mistyped it or wanted another network), just specify the right number and start masquerading by typing this at the prompt (and optionally in a startup-script): echo 1 > /proc/sys/net/ipv4/ip_forward ipchains -I forward -j MASQ The first line enables IP-forwarding (neccesary to o masquerading), the second line tells the kernel it should masquerade. This could be a security-hole, because it will not only masquerade your 192.168.6.0-network to the outside world, but also vicce-versa, so you could specify some more parameters (man ipchains). If you have a caching nameserver on the 172.16-net, you can specify that on your clients, if not, I too advise you to set one up on your linux box and use that.
# /etc/resolv.conf search nameserver 195.50.0.161 nameserver 194.158.194.131
You will need to specify your local domain after 'search' (wel, you don't have to, but that way you dont have to type the whole hostname). Hope this helped you out some more, Greetings, Rogier -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 12:27 AM 03/27/00 +0200, Rogier Maas wrote:
echo 1 > /proc/sys/net/ipv4/ip_forward ipchains -I forward -j MASQ
The first line enables IP-forwarding (neccesary to o masquerading), the second line tells the kernel it should masquerade. This could be a security-hole, because it will not only masquerade your 192.168.6.0-network to the outside world, but also vicce-versa, so you could specify some more parameters (man ipchains).
Would you be interested in describing the security considerations on the list? I've been through the man ipchains a few times and I'm still learning. But it would be quite helpful to have some of the security risks discussed, and the ipchains commands used to plug those holes. Thanks, Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Bill Moseley wrote:
At 12:27 AM 03/27/00 +0200, Rogier Maas wrote:
echo 1 > /proc/sys/net/ipv4/ip_forward ipchains -I forward -j MASQ
The first line enables IP-forwarding (neccesary to o masquerading), the second line tells the kernel it should masquerade. This could be a security-hole, because it will not only masquerade your 192.168.6.0-network to the outside world, but also vicce-versa, so you could specify some more parameters (man ipchains).
Would you be interested in describing the security considerations on the list?
I've been through the man ipchains a few times and I'm still learning. But it would be quite helpful to have some of the security risks discussed, and the ipchains commands used to plug those holes.
If you tell your kernel it should masquerade, you actually telling him to accept packets on one NIC, and retransmitting them an another, but set his IP as the sending IP address, instead of the actual 192.168.x.x-IP. This way, you can have one computer handle hundreds of requests as if they came from one. If you do this: ipchains -I forward -j ACCEPT you tell your kernel not to set his own IP but just forward them. But if you do this: ipchains -I forward -j MASQ you tell your kernel to fake IP addressess while forwarding packets. The security-hole is in the fact that you don't specify *which* IP it should fake. You are on 192.168.1.2, your router humbly sets the IP address to 1.2.3.4 (it's public IP addy). But if a malicious hacker/cracker wanted to come into your network, it simply does the same exact thing, only the other way around: it would conect to your router with a request like: 'I would like to get packets to the other side please', and your router simply forwards the packets to any of the hosts inside, faking its own IP address. So if you get hacked, you won't even know where it came from, beside your router, because it faked IP addressess. That's why you really should specify what you want. ipchains -I forward -s 192.168.x.x -d 0.0.0.0/0 -j MASQ is a beginning, but you could be more specific. ipchains -I forward -s 192.168.x.x -d 0.0.0.0/0 80 -p tcp -j MASQ would only forward tcp-packets on destination port 80, so that your people can only surf to webservers. This actually won't work, because there's more traffic involved than this (above port 65000), so I always open those ports: ipchains -I forward -s 192.168.x.x 65000-65535 -d 0.0.0.0/0 -p tcp -j MASQ This specifies the source port on tcp, since MASQing is usually done above port 65000 (AFAIK BTW). The client connects like this: IP:192.168.x.x:65223 -> IP:1.2.3.4:80 to surf the web, the webservers answers from a random port to the original port: IP:1.2.3.4:4232 -> IP:192.168.x.x:65223 This, btw, is still kind of a mystery for me, because I always thought masqing was only about originating packets. The ACK(nowledge)-packets just came through without a hassle, but this varies. I always open ports above 65000, because services are rarely beeing run on these high ports. Remember: the MASQing the 'wrong' way isn't an exploit, this is just the way it works: Linux (and others) precicely do what you've told them to do, and sometimes that's more than you want. Also, hackers/crackers rarely come in this way; it's way too difficult, but it IS possible and done by hackers/crackers. Rogier -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (4)
-
icarus@guldennet.nl -
juergen.braukmann@ruhr-west.de -
moseley@hank.org -
yohng@pmail.net