--------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00000 Date: 09/11/96 From: MIKE BILOW Time: 04:15pm \/To: BARRY RYDER (Read 2 times) Subj: proxy Barry Ryder wrote in a message to Mike Bilow: MB> I suspect that you really want "IP masquerading" rather than proxy MB> services. BR> What I really want is a firewall, as supplied in (or freely BR> available for) other operating systems which are tcp/ip aware. I think you are getting terms confused. A "firewall" is a router which has the ability to selectively block frames on the basis of address, port, protocol, or other consideration. As such, a "firewall" does not necessarily provide "proxy" or "masquerade" services. MB> If this is the case, you might consider setting up a Linux MB> router rather than trying to use OS/2. BR> Or dump the whole OS/2 idea and go with the new version of BR> NT which does everything I need as far as I can see? No, you will find that it doesn't. First, you have the "10 IP addresses in 10 minutes" limitation, which makes NT Workstation unsuitable as a web server, let alone as a proxy agent, and you have to use the much more expensive NT Server instead. Further, NT does not provide masquerading at all, and it only provides proxy services as part of an application such as a web server, so NT puts you in exactly the same boat as OS/2 -- at ten times the price. BR> I dont need voicetype... I do need working comm/net services! I think what you need is a good book on TCP/IP. -- Mike --- * Origin: N1BEE BBS +1 401 944 8498 V.34/V.FC/V.32bis/HST16.8 (1:323/107) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00001 Date: 09/11/96 From: MIKE BILOW Time: 04:24pm \/To: TOM FARRUGIA (Read 2 times) Subj: Help! Tom Farrugia wrote in a message to Mike Bilow: > This is what you get for running DOS BBS software! Seriously, there are a > t > of bugs in NETWKSTA.200, and a lot of fixes. Assuming you have already > brou > OS/2 itself up to FixPack 17 (WR_W017), you need to start by applying > servic > WR08210, which is actually a complete replacement for MPTN. If you are > also > using TCP/IP, you must apply UN00067 immediately after WR08210. Finally, > yo > should apply service IP08250. > > What kind of network card are you using? TF> Actually, I loaded Fix Pack 22 right after installing the TF> Connect software, I had been running OS/2 on the server for TF> some time and it previously had 17 on it. I will use the TF> upgrades you suggested. Can you reccomend an FTP site? My TF> Internet dialer hasnt worked since I upgraded to Connect. TF> :) ftp://service.software.ibm.com/ps/products/... For XR_W022: .../os2/fixes/v3.0warp/english-us/xr_w022 For WR08210: .../mpts/fixes/english-us/wr08210 For UN00067: .../tcpip/fixes/v3.0os2/un00067 For IP08185 (instead of IP08250): .../lan/fixes/ibm.peer This should bring your OS/2 Warp Connect system right up to date. TF> My net card is a Linksys Ether 16 lan card. I bought it TF> because it specified OS/2. I don't think this is your problem. I was just curious. -- Mike --- * Origin: N1BEE BBS +1 401 944 8498 V.34/V.FC/V.32bis/HST16.8 (1:323/107) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00002 Date: 09/11/96 From: MIKE BILOW Time: 04:37pm \/To: CHRIS WOLCOTT (Read 2 times) Subj: proxy vs masquerading Chris Wolcott wrote in a message to Mike Bilow: MB> I suspect that you really want "IP masquerading" rather MB> than proxy services. CW> I have not heard of 'IP MASQUERADING' before, but this is CW> the second reference I've seen today. What is it and how is CW> it different from PROXY and SOCKETS? They are similar, but proxy implies a more sophisticated attempt to emulate or cache the outside world, where masquerade implies more of a raw translation. For example, a proxy might be used for accessing a particular kind of server, usually an HTTP server, but has to know something about the session layer protocol in order to emulate it. A masquerader provides simple transport without needing to know anything deeper. This has practical implications. For example, it is much easier to get UDP to cross a masquerader than a proxy. -- Mike --- * Origin: N1BEE BBS +1 401 944 8498 V.34/V.FC/V.32bis/HST16.8 (1:323/107) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00003 Date: 09/11/96 From: MIKE BILOW Time: 04:43pm \/To: SCOTT BROWN (Read 2 times) Subj: Connect Scott Brown wrote in a message to Mike Bilow: SB> Hi Mike, stay with me here, this may confuse you. OK. SB> Right now, I'm using (can it be said here?) Lantastic/2 on SB> "simple-warp" for my networking. It works fine... I dont SB> *need* anymore, but it doesnt mean I dont want to "move up" SB> to something better supported. Well, if you don't have any problems... MB> If you intend to use one of the machines as a gateway MB> to the outside world, then you would need to set up MB> appropriate routing. OS/2 is capable of acting as an MB> IP router, although this defaults disabled for security MB> reasons. SB> One of the reasons I havent bothered with Connect or LS is SB> that I read durring the IAK installs that during IAK use, SB> TCP/IP is disabled over the local lan. I take it this is SB> what you describe as "defaults disabled for security SB> reasons". (and rightfully so - I dont want to open up the SB> machines on my home lan to all the world to play in). Well, no. The IAK is mutually exclusive with Connect. When you install the TCP/IP stack from Connect, this completely replaces the IAK and provides *both* LAN and dial-out TCP/IP connectivity. You do not install the IAK on Connect, and the documentation warns you about this. When I say that IP routing defaults disabled, I mean that there is a line in a config file (%ETC%\BIN\SETUP.CMD) which reads "ipgate off" and which can be changed to "ipgate on" to enable IP routing. This is also controlled by a checkbox in the TCP/IP Configutation tool. The idea behind the default is so that people don't accidentally set themselves up as routers without knowing it. MB> you do set up TCP/IP, RFC1597 specifies a set of IP MB> addresses which are guaranteed to be unallocated and MB> invisible to the public Internet: MB> The Internet Assigned Numbers Authority (IANA) has reserved the MB> following three blocks of the IP address space for private networks: MB> 10.0.0.0 - 10.255.255.255 MB> 172.16.0.0 - 172.31.255.255 MB> 192.168.0.0 - 192.168.255.255 SB> So what you're saying here is that I >CAN< install connect SB> (or might as well wait for Merlin, right?) and install a SB> TCP/IP lan which can't be accessed externally from my home. SB> I just config my machines as 192.168.0.nnn and I'm off to SB> the races... Well, more or less, yes. I would not depend upon these addresses for strict security, since someone very close to you such as your ISP might be able to compromise them. However, you would achieve reasonable security against people on the other side of the country getting access via IP routing. SB> But how do I go about disabling the IAK from shutting off my SB> local LAN when I dial out? Most of my spare disk space is SB> on a machine other than the one I normally dial out with... SB> so I do need that LAN access... which is why I've stuck with SB> Lantastic. When you run Connect, you set up an IP routing table. Basically, you would have two routes: one for your own LAN using the fakenet (192.168.x.x) through your Ethernet interface, and one for the rest of the world through your dial-out PPP or SLIP interface. You assign a fakenet IP address to your Ethernet interface and assign the IP address assigned by your ISP to your dial-out interface, making your machine "dual-homed." If you enabled IP routing on this dual-homed machine, the machines in your fakenet could send IP frames out, but your ISP would not route anything back for them, and they would be unreachable using their fakenet addresses. However, if you disabled IP routing ("ipgate off") on the dual-homed machine, then *it* would be able to reach onto either the fakenet or the real world, and vice versa, but nothing could go *through* it. -- Mike --- * Origin: N1BEE BBS +1 401 944 8498 V.34/V.FC/V.32bis/HST16.8 (1:323/107) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00004 Date: 09/11/96 From: MIKE BILOW Time: 04:59pm \/To: JOCELYN DOIRE (Read 2 times) Subj: Interface question Jocelyn Doire wrote in a message to Mike Bilow: JD> Yet, I think that the word "resistance" is not that far from JD> being correct. If you were trying to generate the current in a JD> large inductor (for example with a bicycle attached to a JD> dynamo), you would definitely feel resistance when you try to JD> accelerate and when you try to slow down. Yes, but resistance never gives you anything back. :-) JD> Furthermore, when you do the math using complex (imaginary) JD> numbers, inductors and capacitors behave exactly like a JD> resistor. I realize that this is just a mathematical artifact, JD> but still it greatly simplify the calculation, and it JD> accurately reflect reality. I tend to disagree. Try dissipating power in an imaginary impedance! -- Mike --- * Origin: N1BEE BBS +1 401 944 8498 V.34/V.FC/V.32bis/HST16.8 (1:323/107) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00005 Date: 09/11/96 From: MIKE BILOW Time: 05:01pm \/To: PHIL PATTENGALE (Read 2 times) Subj: Connect PHIL PATTENGALE wrote in a message to SCOTT BROWN: -> But how do I go about disabling the IAK from shutting off my local -> LAN when I dial out? Most of my spare disk space is on a machine -> other than the one I normally dial out with... so I do need that LAN -> access... which is why I've stuck with Lantastic. PP> As I understand this, when you dial out w/ the IAK, you set PP> your default name services to your ISP's domain name server PP> (DNS), replacing your own DNS (if you're running one). When the PM dialer (SLIPPM.EXE) runs, it writes a file %ETC%\RESOLV which contains the IP address of the name server. The IP address of the name servers to be queried when in LAN-only mode is contained in %ETC%\RESOLV2. PP> To get around this, you simply need to utilize the PP> /etc/hosts file to define the machines on your local lan, PP> and to check the "Check Hosts File" box in your TCP/IP PP> Config program (under routing?)). This is fine if you have no DNS running on the local LAN. The use of HOSTS files is deprecated because of the difficulty of keeping changes nchronized. PP> I'll be doing much the same myself in the coming weeks. I'm PP> going to have an ISDN connection (full time) to my ISP via a PP> Netopia ISDN router. In that case, you should run your own name server, even if only in slave de. PP> Depending on which arrives first (Merlin or my ISDN lines), PP> I'll have one box running the IAK under the RED non-connect PP> OS/2 version. If the ISDN line comes first, I'll continue PP> to use the IAK to snag some fido stuff via FTP. When Merlin PP> arrives, that machine will be upgraded so that it can access PP> the net (and the rest of my tcp/ip lan) via the ISDN router, PP> rather than the IAK. (confused yet. Me too ) The IAK is mutually exclusive with the Connect TCP/IP stack. Under Connect, its own TCP/IP stack provides both LAN and dial-out connectivity. -- Mike --- * Origin: N1BEE BBS +1 401 944 8498 V.34/V.FC/V.32bis/HST16.8 (1:323/107) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00006 Date: 09/10/96 From: GUSTAVO MUSLERA Time: 04:13am \/To: BARRY RYDER (Read 2 times) Subj: proxy En un mensaje del a Gustavo Muslera (4:850/3.7), escribio: BR> Gustavo Muslera wrote in a message to Barry Ryder: GM> In fact, Warp has a lot of "firewall type" programs... some of IBM, GM> and free. BR> I've yet to find a working firewall for Warp. The ICS is supposed to BR> include this ability, but doesnt seem to. Well, ICS 4.0 has some bugs in its implementation of proxy server, but version 4.1 (or 4.1.1) as far I hear run well. GM> You can use a Socks Daemon, that apparently performs as a [...] GM> and another (more secure) in Hobbes... but I not tried none of GM> this. BR> I've looked for firewall software there and elsewhere. All the ones I've BR> seen so far dont allow a local lan to hide behind a firewall which BR> connects to the outside world via a ppp connection. If you know the BR> filename of one and where it can be had, please paas the information on. I think that the name was something like SOCKSD*.ZIP, in /os2/network/tcpip in Hobbes... perhaps this could be useful in your environment. Saludos Gustavo. --- The-Box Point 0.15- PC * Origin: uuFido (4:850/3.7) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00007 Date: 09/10/96 From: DIRK BUNDIES Time: 08:35pm \/To: ALL (Read 2 times) Subj: NETBIOS over TCP/IP Hi there! I want to test the "NETBIOS over TCP/IP" connection between an OS/2 Warp client and an OS/2 Warp Server (token ring). Therefore I have installed as additional protocol the "NETBIOS over TCP/IP" on the Server (and TCP/IP before) and on the client the "NETBIOS over TCP/IP" protocol only. But this does not work. Does anybody can help me? Thanks ahead Tschuess Dirk Bundies Telefon: 0511/344582 (Q) Fax: 0511/9357149 FIDO: Dirk Bundies@2:241/53 via Internet: Dirk_Bundies@f53.n241.z2.fido.sub.de via CompuServe: INTERNET:Dirk_Bundies@f53.n241.z2.fido.sub.de --- Blue Wave/OS2 v2.30 [NR] * Origin: MoonFlower/2 ISDN: 05137-822412, V.34: -92366 (2:241/53) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00008 Date: 09/11/96 From: CHRIS WOLCOTT Time: 06:17pm \/To: ALL (Read 2 times) Subj: Getting ICS 4.1 to work LAN<->ISP Here is my setup: 3 Warp Connect PCs and 1 WFW, all with TCPIP installed over a TOKEN-RIN G LAN. 1 of the Connect machines via MODEM to ISP. Modem PC running ICS 4.1 setup (Sorta) as a PROXY SERVER and has FORWARD IP checked. On LAN using 200.254.254.* numbers via a HOSTS file. ISP connection is via Dynamic PPP. Everyone can PING each other. Due to use of HOSTS file, DNS LOOKUP in ICS config is set to NO. I have HTTP:* and FTP:* set to PASS. PROBLEM: The ICS 4.1 is setup as an internal web server as well as a PROXY server. (Or at least I want it to be...) No LAN PC can get any pages from it. If I specify a NAME as the URL, I get 'Server will not grant access to requested file' (Words to that effect). If I use the IP address, I get 'Forbiden by Rule'. If I try to access the INet from a LAN machine I get the first message. What have I missed? (If I deselect the PROXY SERVER line in WEB EX 1.1e the problem goes away on the MODEM PC.) Can anyone give me a more detailed and straight forward discription of how to set this up than I seem to get from the GETTING STARTED pages? Thanks! If you want to get a little more technical, you can reach me at CWOLCOTT@PEN.NET --- Maximus/2 3.01 * Origin: The OUTER LIMITS: Another BBS proudly running OS/2 WARP! (1:3612/250) --------------- FIDO MESSAGE AREA==> TOPIC: 207 OS2 LAN Ref: DDG00009 Date: 09/10/96 From: GARY BLYDENBURGH Time: 11:07pm \/To: ALL (Read 2 times) Subj: Win95 Hello ! I am trying to hook up Warp Connect with Win95. I have Os/2 Peer loaded with NE2000 cards in both machines. I also have Netbios loaded only on the OS/2 Machine. Can't get it working. What exactly should I have loaded for protocols on each machine? Gary --- FleetStreet 1.14 NR * Origin: (1:324/126)