gfolkert

I'd have just disabled the USB ports anf umbled through it... and re-enabled em later... Same effect different route.

TinyFugue Documentation Or try to remove any ~/.tinytalk file that exists and re-set it up... BTW, did you change to TF because you had problems with what you WERE using? BTW,again, you should also try and remove the ~/.tfrc as that is the one that it should use...

I am assuming you are using ITABLES and IPCHAINS. This single script will allow you to run a linux machine with the 2.4.12+ kernel (RedHat 7.1+(with errata) fall into this category, as does Debian Woody, Mandrake 8.1+ with errata, Slackware 8.1, and others...) and iptables v1.2.6+ due to some wierdness in rule writing. This script allows one machine to have a DHCP configured Public IP Address on ETH0 (you can change it...) and ETH1 being the Private interface, you run DHCPD on the Private Interface only. It provides anti spoofing, and connection tracking all in one. And to answer your question, the file called /etc/sysconfig/iptables exists so.... it will always read that config. either remove it and "reset" your level... or Reset your level and do: Code: service iptables save He on is the script included... Code: #!/bin/sh## Notes: This shell script is for iptables v1.2.6+ and 2.4.12+ kernels, as# there are glaring problems in previous versions. It may work, but# I would not guarantee it to work completely right.## I am assuming that the public interface is an ISP and the private# interface is static. Firewall serves as Private DHCP server, and# uses DNS from the internet. I included services that some like to# foolishly run... ;) You can comment out mail, ftp and web. I would# leave ssh for obvious reasons## By default this script DROPS everything, the rules allow exception,# using stateful checking and allowing exisiting conversation to# continue, so you can run this script witout interruption of stuff.# Also by default the script trusts the private interface, allows# any traffic or conversation started by the private side. IOW, it# will block anything trying to come in, without you asking for it.# function check#check() { if test ! -x "$1"; then echo "$1 not found or is not executable" exit 1 fi}# function log#log() { if test -x "$LOGGER"; then logger -p info "$1" fi}# exec locations#MODPROBE="/sbin/modprobe"IPTABLES="/sbin/iptables"IP="/sbin/ip"LOGGER="/usr/bin/logger"# making sure they exist# and are executable#check $MODPROBEcheck $IPTABLEScheck $IP# PUB_IF assumed ISP_dynamic#PUB_IF="eth0"#PUB_IP="10.0.0.1"#PUB_SNM="255.0.0.0"#PUB_NET="10.0.0.0"#PUB_SNML="8"# PRIV_IF assumed static#PRIV_IF="eth1"PRIV_IP="192.168.1.1"PRIV_SNM="255.255.255.0"PRIV_NET="192.168.1.0"PRIV_SNML="24"cd /etc || exit 1# sending to syslog#log "Activating firewall script"# turning off forwarding (temp)#echo "0" > /proc/sys/net/ipv4/ip_forward# setting good defaults for traffic#echo 1 > /proc/sys/net/ipv4/conf/all/rp_filterecho 0 > /proc/sys/net/ipv4/conf/all/accept_source_routeecho 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responsesecho 30 > /proc/sys/net/ipv4/tcp_fin_timeoutecho 1800 > /proc/sys/net/ipv4/tcp_keepalive_intvlecho 0 > /proc/sys/net/ipv4/tcp_ecnecho 0 > /proc/sys/net/ipv4/tcp_timestamps# flushing the toilet#$IP -4 neigh flush dev $PRIV_IF# setting default policies of DROP#$IPTABLES -P OUTPUT DROP$IPTABLES -P INPUT DROP$IPTABLES -P FORWARD DROP# getting rid of any exisitng chains and tables#cat /proc/net/ip_tables_names | while read table; do $IPTABLES -t $table -L -n | while read c chain rest; do if test "X$c" = "XChain" ; then $IPTABLES -t $table -F $chain fi done $IPTABLES -t $table -Xdone# loading all the iptables modules#MODULE_DIR="/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/"MODULES=`(cd $MODULE_DIR; ls *_conntrack_* *_nat_* | sed 's/\.o.*$//')`for module in $(echo $MODULES); do if [ -e "${MODULE_DIR}/${module}.o" -o -e "${MODULE_DIR}/${module}.o.gz" ]; then $MODPROBE ${module} || exit 1 fidone# Rule NAT#$IPTABLES -t nat -A POSTROUTING -o $PUB_IF -s $PRIV_NET/$PRIV_SNML -j MASQUERADE$IPTABLES -t nat -A POSTROUTING -o $PRIV_IF -s $PRIV_NET/$PRIV_SNML -j SNAT --to-source $PRIV_IP# Setting stateful inspection and allow already# connected conversations to continue#$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT# public interface anti-spoofing rule so baddies claiming# to be from the prviate network interface, can't make it in.#$IPTABLES -A INPUT -i $PUB_IF -s $PRIV_NET/$PRIV_SNML -j DROP$IPTABLES -A FORWARD -i $PUB_IF -s $PRIV_NET/$PRIV_SNML -j DROP# block fragments, a sure sign baddies are trying#$IPTABLES -A OUTPUT -p ip -f -j DROP$IPTABLES -A INPUT -p ip -f -j DROP$IPTABLES -A FORWARD -p ip -f -j DROP# firewall uses DNS server on internet#$IPTABLES -A INPUT -p tcp -s $PRIV_IP --destination-port 53 -m state --state NEW -j ACCEPT$IPTABLES -A INPUT -p udp -s $PRIV_IP --destination-port 53 -m state --state NEW -j ACCEPT$IPTABLES -A OUTPUT -p tcp --destination-port 53 -m state --state NEW -j ACCEPT$IPTABLES -A OUTPUT -p udp --destination-port 53 -m state --state NEW -j ACCEPT# firewall serves as DHCP server for LAN (listen rule)#$IPTABLES -A INPUT -p udp -m multiport -s $PRIV_IP --destination-ports 68,67 -m state --state NEW -j ACCEPT$IPTABLES -A OUTPUT -p udp -m multiport -d $PRIV_IP --destination-ports 68,67 -m state --state NEW -j ACCEPT$IPTABLES -A INPUT -p udp -m multiport -s $PRIV_NET/$PRIV_SNML --destination-ports 68,67 -m state --state NEW -j ACCEPT# firewall serves as DHCP server for LAN (response rule)#$IPTABLES -A INPUT -p udp -m multiport -s $PRIV_IP --destination-ports 68,67 -m state --state NEW -j ACCEPT$IPTABLES -A OUTPUT -p udp -m multiport -d $PRIV_IP --destination-ports 68,67 -m state --state NEW -j ACCEPT$IPTABLES -A OUTPUT -p udp -m multiport -d $PRIV_NET/$PRIV_SNML --destination-ports 68,67 -m state --state NEW -j ACCEPT# 'masquerading' rule#$IPTABLES -A INPUT -s $PRIV_IP -m state --state NEW -j ACCEPT$IPTABLES -A INPUT -s $PRIV_NET/$PRIV_SNML -m state --state NEW -j ACCEPT$IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT$IPTABLES -A FORWARD -s $PRIV_NET/$PRIV_SNML -m state --state NEW -j ACCEPT# firewall serves as mail server (for those that do this)#$IPTABLES -A OUTPUT -p tcp -m multiport -d $PRIV_IP --destination-ports 143,993,110,25,465 -m state --state NEW -j ACCEPT$IPTABLES -A INPUT -p tcp -m multiport --destination-ports 143,993,110,25,465 -m state --state NEW -j ACCEPT# firewall serves as mail relay (for those that do this)#$IPTABLES -A INPUT -p tcp -m multiport -s $PRIV_IP --destination-ports 143,993,110,25,465 -m state --state NEW -j ACCEPT$IPTABLES -A OUTPUT -p tcp -m multiport --destination-ports 143,993,110,25,465 -m state --state NEW -j ACCEPT# firewall serves as web-server (for those that do this)#$IPTABLES -A OUTPUT -p tcp -m multiport -d $PRIV_IP --destination-ports 80,443 -m state --state NEW -j ACCEPT$IPTABLES -A INPUT -p tcp -m multiport --destination-ports 80,443 -m state --state NEW -j ACCEPT# firewall serves as ftp-server (for those that do this)#$IPTABLES -A OUTPUT -p tcp -m multiport -d $PRIV_IP --destination-ports 20,21 -m state --state NEW -j ACCEPT$IPTABLES -A INPUT -p tcp -m multiport --destination-ports 20,21 -m state --state NEW -j ACCEPT# ssh access to firewall (yes it's a global thing)#$IPTABLES -A OUTPUT -p tcp -d $PRIV_IP --destination-port 22 -m state --state NEW -j ACCEPT$IPTABLES -A INPUT -p tcp --destination-port 22 -m state --state NEW -j ACCEPT# 'catch all' rule to make sure#$IPTABLES -A OUTPUT -j DROP$IPTABLES -A INPUT -j DROP$IPTABLES -A FORWARD -j DROP# turning forwarding back on#echo 1 > /proc/sys/net/ipv4/ip_forward

If I were trying to get past this, I'd go into BIOS and DISABLE all USB ports legacy EVERYTHING USB. If you have a USB add-in card, I'd Yank that out... There are known issues with Hot-plug and SuSE 8.1. There are fixes available POST-install ... hope this helps. And BTW, you have to Code: mount -o remount -o rw /dev/that/is/root / In order to have a read-write filesystem the way you are doing it.

Laptop Linux gives you alot of basics and a good place to get started. Only thing they don't have an A31 listed yet... but the A30 and A30P is a very good approximation. A Google search for Laptop Linux give you lots and lots of generic Laptop Linux hints and clues IBM A31 search gives you more specific info... Good luck!!!

you question is not possible... are you saying you can ping the Linux machine from another machine on your network... but you can't ping another machine on Linux? There are immediate questions I have for you. 1) Are loggin in as a user or root on the Linux machine? 2) What kind of a network are we talking about? 3) Are you sure you have this network setup properly? 4) Can you describe the type of install you did on the Linux machine (Kitchen sink install or "Workstation" ) 5) Are you able to get to the Internet on the machine (assuming the network works properly)

This Laptop was made for Windows... BUT I know of several people... being ~100 in number that have this Latop that Dual Boot Linux and W2Kpro or WXPpro with out incident. It is the Best Laptop money can buy for this purpose. Rugged, powerful and it SMOKES! 8)

If you got the "Official" iso images, and properly burned the CD-ROMs you should be able to boot from the first one. If you can't get any further after that, you either have a CD- reader that is not fully ATAPI compliant(assuming it's an IDE) or The CD-ROM itself was burnt too fast or the Media is Bad. Re-Burn the first one at least if that is the case!!! 8)

It is actually on the first CD-ROM under the images directory... you need to use rawrite or rawritewin to write the image to a diskette. These utilities are in the dosutils directory... boot.img is the first one you need. If ALL the system Drivers are not on it... you'll need drvblock.img for any drives that aren't supported on the first diskette. So at most you'll need boot.img and drvblock.img ... and of course the CD-ROMs... You should be good to go as long as you read the text on the screens.

Cheap Bytes offers Extremely reasonable CDs of recent Linux and other ODes.-

Quote: I'm really growing to hate this business of having to compile and maintain two versions of the same library... Just be glad you *CAN* do this. Imagine doing that in the Wonderful World of Full Color Windoze!!!!

a bit of sh work should fix your dilemma: as root, do Code: lsof | grep -e "/dev/st0" | less That should tell you the Process that still has the device open. If it iz zombie'd or won't die... a reboot is about the only thing you can do... Except editing memory space and hash tables manually.... But, I am guessing you are *NOT* a Expert UNIX GEEK like me with 15+ years of *NIX (DEC OSF/1, Tru64, HP-UX, Solaris, AIX, BSDi, *BSD, IRIX, SunOS, Linux... etc...) I'd be nervous doing that...

I'd use VSFTP... You can get it here at it's home Very Secure FTPD I have used it with great success. No exploits either...

Yep... Remote announce as long as you have various sub-net, is what the big deal is. As we all know NetBIOS is not routable. For your best bet, I'd install and run swat (Samba Web Admin Tool), it'll allow you to do your worst using the advanced. options. It has COMPLETE documentation with it... and it just plain works.