Letters to the Editor
I read with interest Chris Kostick's article in Linux Journal July 1996 (Issue 27). I was a bit disappointed that he concentrated on 1.2.x kernels and didn't mention the advantages of using a 1.3.85+ or pre2.x kernel, and that he didn't explain the use of ipfwadm. For instance, although many ICMP packet programs do not work, with recent kernels ICMP support has been added for some programs such as traceroute (ping still does not, and probably never will work).
I was also bothered by his insistence that you couldn't pass remote X clients to a masqueraded server. I was sure you could, because I remembered doing it! Using ssh (a secure rlogin variant available at http://www.cs.hut.fi/ssh/) to connect to a remote host from the masqueraded server, your X display environment variable is automatically set, and “X11 connection forwarding provides secure X11 sessions !”
So you can pass X clients through a masquerading machine if you initiate a connection from the masqueraded machine using ssh.
—Daniel Morrison firstname.lastname@example.org
At the time I wrote the article, 1.3.57 was the latest “stable” release. The 60's were available but most of them were to be avoided. I was using 1.3.56 so that's what I based the article on, pointing out that 1.2.x kernels were compatible.
Actually, ping could work. ICMP echo request/echo reply messages can be masqueraded for. The key is the identifier field in the ICMP message. The problem is matching replies that come back from the external networks to the originator. The masquerading would function as shown in Figure 1.
The masquerading machine will have to maintain a cache that will map the originating IP_Addr+ID --> ID numbers of the requests originating from the Masq host. The ID numbers start at a value that should not conflict with 'real' ICMP echos from the Masq host. I chose 60000 to keep in concert with the masquerading port numbers. The ICMP code within the kernel would also have to be modified so as not to conflict with internal ID numbers never exceeding 59999.
Matching the replies is a matter of checking the cache for the return mapping, and sending the ICMP echo reply to the original host.
There are other protocol details not discussed here, and I haven't looked at all of the nuances of the protocol so I leave the theory of whether it would really work up for discussion.
I didn't consider passing X (or any other protocol) encapsulated the same as sending the real thing. Therefore because the X client has to identify the address of the server in the DISPLAY variable or -display argument, and the server's address is hidden, it won't work.
—Chris Kostick email@example.com
Thanks again for another great issue of the Linux Journal. On the day it arrives all activity in the house (on my part anyway) stops until I have read it from front to back.
I would like to make a comment on Michael Johnson's article Serving Two Masters. The “Recovery Recipe” that Michael presents was something that I had to discover the hard way myself a month or two ago. The situation had nothing to do with Win95, although it did involve a dual boot PC. This PC runs both Linux and DOS/Win3.1 (thank you LILO), and in one of the DOS sessions I managed to acquire a virus that infected the MBR. No problem says I—I'll just use McAfee Virus Clean, and all will be back to normal. Virus Clean worked fine, but all of a sudden LILO was gone. It appears that (at least with McAfee) the process of cleaning a boot sector virus just restores the DOS flavour MBR. I was not brave enough to re-infect my PC with the same virus to see if other virus cleaning programs act the same way, but I would suspect that they do (as most do not take periodic copies of the MBR to restore from).
I found the second edition of Æleen Frisch's book Essential System Administration (published by O'Reilly) absolutely invaluable in this effort. If you are a Linux user—run, don't walk and get this book!! Make sure that it is the second edition though as the first edition does not really deal with Linux.
—Kris Boyle firstname.lastname@example.org
|Designing Electronics with Linux||May 22, 2013|
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
- Designing Electronics with Linux
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Dynamic DNS—an Object Lesson in Problem Solving
- Validate an E-Mail Address with PHP, the Right Way
- What's the tweeting protocol?
- Mediated Reality: University of Toronto RWM Project
- New Products
- Using Salt Stack and Vagrant for Drupal Development
- Dart: a New Web Programming Experience
- OpenOffice.org Off-the-Wall: ToCs, Indexes and Bibliographies in OOo Writer
59 min 11 sec ago
- Kernel Problem
11 hours 1 min ago
- BASH script to log IPs on public web server
15 hours 28 min ago
19 hours 4 min ago
- Reply to comment | Linux Journal
19 hours 37 min ago
- All the articles you talked
22 hours 45 sec ago
- All the articles you talked
22 hours 3 min ago
- All the articles you talked
22 hours 5 min ago
1 day 2 hours ago
- Keeping track of IP address
1 day 4 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?