Hi well i am forgetting how to mount an cdrom i have in my fstab an entry for cdrecorder and cdrom which mount ok when i go into kde but i cant seem to mount the cdrom from the console can anyone please tell me thanks! BOB
I've been getting mail for my domain at home on my DSL for about a year now. In preparation for my move away from the DSL I've pointed mail for my domain to one of my collocated boxes. I'd like to be able to retrieve our mail via pop (I'd like to make this seamless for my wife). We will be getting a cable modem and naturally I'll be keeping the internal network set up. Ideally what I'd like to do is have an internal address (ie 10.10.1.2) for which all pop and imap requests would be forwarded via secure tunnel to the server. What's the best way to do this? Tunnel via ssh (that's my first reaction). Stunnel? FreeSwan? thanks- -mab --
Ideally what I'd like to do is have an internal address (ie 10.10.1.2) for which all pop and imap requests would be forwarded via secure tunnel to the server.
What's the best way to do this? Tunnel via ssh (that's my first reaction). Stunnel? FreeSwan? stunnel is the easiest way. Just add an entry like pop3s stream tcp nowait root /usr/sbin/stunnel stunnel -r localhost:110 to your inetd.conf and use the SSL feature for POP in outlook (Netscape unfortunately doesn't support SSL :( If you want to use a better mail program than from microsoft (any other) then it should work to connect with stunnel on your side to the stunnel on the other side, but I have never tried that.
Markus PS: if you use a self-signed certificate for stunnel (very likely) then point your browser to https://your.server.net:995/ and install the certificate, so outlook won't complain about it. -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
At 9:07 AM +0100 11/15/01, Markus Gaugusch wrote:
Ideally what I'd like to do is have an internal address (ie 10.10.1.2) for which all pop and imap requests would be forwarded via secure tunnel to the server.
What's the best way to do this? Tunnel via ssh (that's my first reaction). Stunnel? FreeSwan? stunnel is the easiest way. Just add an entry like pop3s stream tcp nowait root /usr/sbin/stunnel stunnel -r localhost:110 to your inetd.conf and use the SSL feature for POP in outlook (Netscape unfortunately doesn't support SSL :( If you want to use a better mail program than from microsoft (any other) then it should work to connect with stunnel on your side to the stunnel on the other side, but I have never tried that.
Markus PS: if you use a self-signed certificate for stunnel (very likely) then point your browser to https://your.server.net:995/ and install the certificate, so outlook won't complain about it.
Maybe I wasn't being clear. I have a server at a colo. Mail for my domain is now arriving there. At home, I have a private net. I want pop requests from a client on 192.168.1.x to be forwarded via secure tunnel from my Nat host (Suse 7.2) to the colo machine (Suse 7.3). I'm no goot as ascii or I'd draw it. My wife has the good sense to use Macs, and while M$ makes a Mac outlook, she uses Mac OS X's built in mail client, which does not support ssl. I use Eudora on Mac OS X which supports apop but not ssl. I'm not interested in using some funky version of an encrypted protocol. Rather I've always been a big fan of having all traffic encrypted. Free Swan looks overly complex for our needs (now that I loook) so I think I'm looking for a way to tunnel all traffic between my NAT machine and colo machine via SSH, and for my NAT machine to forward pop / imap requests to the colo machine. I have used an ssh tunnel as an end user before (my last employer used it along with secureID as a sort of faux vpn) but have never set this up. Does anyone know where I should start, or do you have a url? Thanks- -mab
-- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--
On 15. November 2001 16:06 wrote Michael Bartosh:
I have used an ssh tunnel as an end user before (my last employer used it along with secureID as a sort of faux vpn) but have never set this up. Does anyone know where I should start, or do you have a url?
"man ssh" ssh -L <localport>:popserver:pop3 tunnelend.example.com "sleep 3600" Peter
On Friday 16 November 2001 10:16 am, Peter Wiersig wrote:
On 15. November 2001 16:06 wrote Michael Bartosh:
I have used an ssh tunnel as an end user before (my last employer used it along with secureID as a sort of faux vpn) but have never set this up. Does anyone know where I should start, or do you have a url?
"man ssh"
ssh -L <localport>:popserver:pop3 tunnelend.example.com "sleep 3600"
Here is a little script that I use to keep a POP3 and SMTP tunnel running more- or-less continuously: ********************** begin ********************** #!/bin/sh # Make an SSH connection to 4th.com so that mail can be directly sent echo "Forwarding localhost:9000 to 4th.com SMTP, localhost:9001 to <remote>.com POP3" echo "Type exit then Control-C (rapidly) when done." while `true`; do ssh -i ~/.ssh/identity -L 9000:localhost:25 -L 9001:localhost:110 <remote>.com echo "Connection will retry in 5 seconds. Hit Control-C to abort." sleep 5 done *************************** end ********************** If the connection is broken, it will wait 5 seconds then re-establish. You need to have used ssh-keygen to create a key pair, and place the public key into the authorized_keys file on the remote host. Take Peter's suggestion and read the ssh and sshd "man" pages for details on the key setup procedure. It's pretty straightforward. Peter's use of the POP3 port on the local end is convenient and correct but requires the script to run as root. I chose two nonprivileged ports (9000 for SMTP and 9001 for POP3) on my local host so that I can run the script as an ordinary user. Rather than sending a "sleep 3600" command, I leave that parameter out so that I get a login shell on the remote. This is personal preference, because my web sites live on this server also and so I often use that shell anyway. You can put the "sleep 3600" command into my version as well, if you wish. Once you have this running, you set up your mail client to receive POP3 from "localhost" on port 9001 and to send mail via SMTP to "localhost" port 9000. Works great with KMail and most other mail clients. Sometimes the connection will break without the local ssh command detecting it for a brief time. In that situation, you'll get a one-time error in your mail client. Just wait a few seconds and try again, because the network traffic that caused that error message also jogged the local ssh command into terminating so that the script loop can restart it. Scott -- -----------------------+------------------------------------------------------ Scott Courtney | "I don't mind Microsoft making money. I mind them courtney@4th.com | having a bad operating system." -- Linus Torvalds http://www.4th.com/ | ("The Rebel Code," NY Times, 21 February 1999)
On Friday 16 November 2001 10:16 am, Peter Wiersig wrote:
On 15. November 2001 16:06 wrote Michael Bartosh:
I have used an ssh tunnel as an end user before (my last employer used it along with secureID as a sort of faux vpn) but have never set this up. Does anyone know where I should start, or do you have a url?
"man ssh"
ssh -L <localport>:popserver:pop3 tunnelend.example.com "sleep 3600"
Here is a little script that I use to keep a POP3 and SMTP tunnel running more- or-less continuously: ********************** begin ********************** #!/bin/sh # Make an SSH connection to <remote>.com so that mail can be directly sent echo "Forwarding localhost:9000 to <remote>.com SMTP, localhost:9001 to <remote>.com POP3" echo "Type exit then Control-C (rapidly) when done." while `true`; do ssh -i ~/.ssh/identity -L 9000:localhost:25 -L 9001:localhost:110 <remote>.com echo "Connection will retry in 5 seconds. Hit Control-C to abort." sleep 5 done *************************** end ********************** If the connection is broken, it will wait 5 seconds then re-establish. You need to have used ssh-keygen to create a key pair, and place the public key into the authorized_keys file on the remote host. Take Peter's suggestion and read the ssh and sshd "man" pages for details on the key setup procedure. It's pretty straightforward. Peter's use of the POP3 port on the local end is convenient and correct but requires the script to run as root. I chose two nonprivileged ports (9000 for SMTP and 9001 for POP3) on my local host so that I can run the script as an ordinary user. Rather than sending a "sleep 3600" command, I leave that parameter out so that I get a login shell on the remote. This is personal preference, because my web sites live on this server also and so I often use that shell anyway. You can put the "sleep 3600" command into my version as well, if you wish. Once you have this running, you set up your mail client to receive POP3 from "localhost" on port 9001 and to send mail via SMTP to "localhost" port 9000. Works great with KMail and most other mail clients. Sometimes the connection will break without the local ssh command detecting it for a brief time. In that situation, you'll get a one-time error in your mail client. Just wait a few seconds and try again, because the network traffic that caused that error message also jogged the local ssh command into terminating so that the script loop can restart it. Scott -- -----------------------+------------------------------------------------------ Scott Courtney | "I don't mind Microsoft making money. I mind them courtney@4th.com | having a bad operating system." -- Linus Torvalds http://www.4th.com/ | ("The Rebel Code," NY Times, 21 February 1999)
participants (5)
-
Bob B
-
Markus Gaugusch
-
Michael Bartosh
-
Peter Wiersig
-
Scott Courtney