Best of Technical Support
Our experts answer your technical questions.
Configuring ipchains
Current setup: I’m running ipchains as a firewall and to proxy my other machine to the Web via DSL. This Linux firewall has two NIC cards: one with a public IP address, the other on my private 10.100.100 network. I have a web server on the private network (10.100.100.20). How do I configure ipchains to redirect all web requests at my firewall to the web server on my internal network? —Mitchel Vernor, mitboy@hotmail.com
You’ll need to use a port forwarding tool (such as redir or ipmasqadm) to “redirect” all requests that try to connect to port 80 (assuming you are using the default port) of your firewall’s address to the web server’s address. redir is a user-space program that has some limitations, but works with older kernel versions. ipmasqadm (which I recommend) works with 2.2.x (some 2.1.x also) and it is kernel-based.
Assuming all other input, output and forward chains are present, you should simply add:
ipmasqadm portfw -f ipmasqadm portfw -a -P tcp -L EXTERNAL_FIREWALL_IP 80 -R 10.100.100.20 80
to your startup script. —Mario de Mello Bittencourt Neto, mneto@argo.com.br
More information on port forwarding under kernel versions 2.2 and higher, including examples, can be found at www.monmouth.demon.co.uk/ipsubs/portfw-2.2.html. —Chad Robinson, Chad.Robinson@brt.com
If you don’t have ipmasqadm on your system, you can find it here: http://juanjox.kernelnotes.org/. You need at least kernel 2.2.x for this to work (although there are patches for 2.0.x), and your kernel must have IP: ipportfw masq support (EXPERIMENTAL), which is an option you can select only if you checked “Prompt for development and/or incomplete code/drivers” during configuration. —Marc Merlin, marc_bts@valinux.com
PPP Networking
Can I have a PPP connection that supports TCP/IP using a null modem between Win98 and Linux boxes? Any one of the machines needs to dial up to the other. I am using Red Hat 5.2. —Kiran, ajay@cc.usu.edu
Yes, you can. I would set up the Win98 machine to “call” the Linux system by double-clicking on a dial-up connection. I prefer this way, since the Windows machine expects to “log in” to the remote system and the Linux box can provide that “login”. For this to work, you have to take care of the proper setup (pin out) of the serial cable that connects the machines together. Also, depending on the cable setup, it would be a good idea to tell the Windows machine, at the dialup port configuration setup, not to wait for the dial tone before dialing. The Linux box will not provide a dial tone. On the Linux side, you can create a new login ID with a password and configure it to have the PPP daemon as the login shell, instead of the usual bash. Also, you have to set up the serial port on the Linux box to provide the login automatically all the time. A good page that explains this in great detail is www.linuxgazette.com/issue41/smyth.html. —Felipe E. Barousse, fbarousse@piensa.com
Recovery after Partitioning
A friend who uses Debian 2.1 tried to install Red Hat 6.0 into another partition of his hard disk. The installation process of Red Hat has deleted the partition table of his hard drive. We need a way to recover some important files which are in the Debian partition. We can’t access the partition. Can you explain some way to do it? —Alexis Serafin, sith@arrakis.es
If you know exactly what the partition table looked like before the crash, you can simply write a new partition table that looks exactly like the old one, mount the old partitions and back up the data. If the install process was aborted immediately after the new partition table was written, this alone may solve the problem. If all else fails, try this: make a partition that includes the whole disk (say, /dev/hdb1), mount that and raw-copy the entire disk to a big file (on another disk) with something like:
dd if=/dev/hdb1 of=/bigdisk/recovered.data bs=512
Then, try to piece the files together using /bigdisk/recovered.data. Personally, I’ve tried only the dd step, so there may be problems with this approach beyond the fact that stitching up the files manually is awfully difficult. Consider it a desperation strategy. I know it’s never helpful to hear this after the disaster occurs, and please don’t think I’m not sympathetic, but the best way to deal with problems like these is always prevention: keep backups, and print out critical information such as partition tables before you need it. This is the voice of bitter experience speaking. —Scott Maxwell, maxwell@ScottMaxwell.org
While it is hard, you can look for the boot partition signature (55 AA at the end of the block, I believe) and locate the partitions on your disk. The above requires a disk editor, such as diskedit from Norton, and once you have the partition offsets, you can go to the partition table (first block of your disk, apply the partition table view and key in the numbers). Note that it’s not trivial, and having another computer as a model to look at and copy from helps quite a bit. You can also try fixdisktable which automates this (only for primary partitions, though); it can be found at bmrc.berkeley.edu/people/chaffee/fat32.html. —Marc Merlin, marc_bts@valinux.com
Removing Another OS
A frequently asked question is how to remove Linux from a computer. What about removing Windows 98 safely? I had Windows 98 on the first partition of my hard disk (/dev/hda1) and Red Hat 6.0 on logical partitions (/dev/hda5, 6, …). I was able to dual-boot using LILO, which was installed on the master boot record. One day, I decided to part with Windows 98 forever. I ran mke2fs on /dev/hda1 and divided it into three partitions. Now when I boot my computer, LILO does not appear at all, and I need to boot using a floppy.
I tried to install LILO (by running /sbin/lilo), but in vain. I tried removing LILO and re-installing it, but when I ran /sbin/lilo -u, I got the following error message:
The boot sector of /dev/hda does not have a LILO signature.
I booted the machine using a Windows 98 boot disk, ran fdisk /mbr and reinstalled LILO. Nothing doing.
I got a CD of TurboLinux from the March issue of Linux Journal, installed it on the new partitions I created and had LILO installed in the master boot record. It didn’t work. What should I do to boot using LILO again? —Tam Laying, tamlayin@oupchina.com.hk
Make sure your lilo.conf file looks like this:
boot=/dev/hda compact # faster, but won't work on all systems. ramdisk = 0 map=/boot/map install=/boot/boot.b prompt timeout=100 image=/boot/vmlinuz label=linux root=/dev/hda5 read-only
Then run lilo, and it should install a fresh boot block. Your problem may have been linked to partitions being shifted or renamed when you created the new ones. —Marc Merlin, marc_bts@valinux.com
Film and Video
When playing movie files in Linux, the video is very jumpy and there is no sound. I have set up my Soundblaster Live! which works okay. I also have a Voodoo2 3dfx card—do I have to set this card up to allow trouble-free movie playing? My video card is an ATI all-in-wonder pro with 16MB. The PC is a PII/333 with 128MB RAM. —Graham Bell, grahambell@bigfoot.com
There are many issues when playing video (and audio), not only in Linux but in other operating systems as well. First, if you intend to play video from the Internet, such as streaming video, make sure you get a good connection, the faster the better. This way, the video quality will improve substantially. There may be adjustments on your software related to quality of video vs. video-playback speed: the best image quality may be slower, and some frames may get lost. Also, be sure to check that the formats you are trying to play are consistent according to the software you are using in terms of versions. If your software does not fully support the video formats you want to play, it may not work as expected. I would set up all the hardware and make “local” tests to ensure everything works fine, then I would go watch on-line broadcasts. —Felipe E. Barousse, fbarousse@piensa.com
You did not mention which video program (xanim?) or video format (avi, mpeg, real video) you are using. There are some known issues with each format I’ve mentioned, and the client part available is somewhat limited. Recently, Real Networks released a client (RealPlayer) with better Linux support, and it is running okay. —Mario de Mello Bittencourt Neto, mneto@argo.com.br
Permission to Change
I am connecting a Linux server to a Macintosh. I have installed Netatalk, and everything seems to be running. When I go to the Macintosh, I can see the Linux server and access any file I want from it. However, if I try to save to the Linux server, I get a message telling me I do not have “Make Changes” permission and cannot do that. My Windows 98 machines work fine, so I do not believe it is a chmod issue. I think it is something I am missing in the NetaTalk configuration. —Aime Emery, aemery@northtroyconsulting.com
It looks like there is a problem related to passwords. NetaTalk must be compiled with shadow password support if your Linux uses them. Also, there is a huge variety of options to configure NetaTalk and all its related protocols. A useful web page for you to check on these parameters is http://thehamptons.com/anders/netatalk/. —Felipe E. Barousse, fbarousse@piensa.com
Missing Host Key?
After installing Red Hat Linux, when it is booted, I get:
Failed Message Starting sshd.error Could not load host key: /etc/ssh/ssh_host_key: no such file or directory How do I fix this? —Qamar Ansari, qamar@hotmail.com
sshd tries to find ssh_host_key by looking for the HostKey entry in its configuration file (normally /etc/ssh/sshd_config), falling back to a default of /etc/ssh/ssh_host_key. Ensure the HostKey file name in the configuration file matches the location of the ssh_host_key file you want to use. Some ssh installations put all ssh files directly under /etc, so maybe your file is there for some reason (although this is unlikely). If the ssh_host_key file doesn’t exist at all, you can create a new one by running
ssh-keygen -f /etc/ssh/ssh_host_key
as root. —Scott Maxwell, maxwell@ScottMaxwell.org
Sender Not Receiving
I am unable to receive any e-mail from MSN; however, I can send mail. I am perplexed. I am positive I entered the POP3 server correctly. The problem is consistent with all mail programs I have tried. Although I am disenchanted with Microsoft, my choice of ISPs is limited here. —Frank Elston, felston@msn.com
Any ISP that answers the phone for a reasonable price is a good ISP; there is no shame in using MSN. Try getting your POP e-mail manually. Run the command telnet my.pop.server, where my.pop.server is the POP3 server given to you by MSN. When you connect, type the command USER myusername. Then type the command PASS mypassword. If you receive an error at any point, you will know if you are using the wrong server, user name and/or password. —Chad Robinson, Chad.Robinson@brt.com
First, are you positive about having POP service contracted from your local MSN shop? POP3 has several setup parameters; some of them are security related. Play around with SSL-enabled connections and test if it works by toggling any of these configurations. Besides, MSN should provide you with all relevant information on how to connect to their service, at least from a Windows PC. From that information, you can take what is needed to configure your Linux machine. —Felipe E. Barousse, fbarousse@piensa.com