RE: [leafnode-list] 2.0b8_ma8rc8 - fetchnews blues

["Ben Holness" <ben@xxxxxxxxxxxxxxxxx>]

>
> > it has:
> > 		nntps        563/tcp
> > AND
> > 		nntp		 12546/tcp
> >
> > in that order (I am using non-standard ports for nntp)
>
> That's why fetchnews cannot connect to your upstream. Don't change
> /etc/services, but change the daemon configuration (xinetd.conf or
> something) instead.
>

Because of the way that I have my system, my actual /etc/services now
contains the following lines:

nntp	119/tcp
nntp2 12546/tcp
nntp3 12567/tcp

This may be a little hard to understand, but here is why:

I download news from two servers: One public server (news.zen.co.uk, port
119) and one work based server (port 12546)

I allow access to the public server for my friends and to the work news
server only for me. The newsgroups are accessed over a small LAN that I have
at home.

I want my friends to be able to access any of the newsgroups except for the
work based ones.

Additionally, some of my friends access these (public) newsgroups from work,
where port 119 has been rate limited.

The easiest and most secure way of doing this (that I can think of) is to
have two instances of leafnode, the public one running on port 12546 and the
firewall only let's the IP address of my friends and my home network through
to this port. The work based server runs on port 12567 and the firewall only
lets me through.

This guarantees that no unauthorised people can access the work newsgroups,
while still allowing access to the others. It also makes it very simple to
set up from the users end (they just have to specify a different port to
connect to).

In my xinetd.conf file, I have the following:

# Public news groups for all to access
service nntp2
                {
                        disable 	= no
                        flags           = REUSE
                        socket_type     = stream
                        wait            = no
                        user            = news
                        server          = /usr/local/sbin/leafnode
                        log_on_failure  += USERID
                }

# Private work based news groups
service nntp2
                {
                        disable 	= no
                        flags           = REUSE
                        socket_type     = stream
                        wait            = no
                        user            = news
                        server          = /usr/local/sbin/leafnode2/leafnode
                        log_on_failure  += USERID
                }


> Looks like your libc is hosed. Which operating system and version does
> this happen on?

Mandrake 8.1, glibc 2.2.4-6mdk

> > When I compile, I specify different directories for the
> spool and libdirs as
> > well as different directories for the bin and sbin
> executables. The lockfile
> > has a different name (fetchnews2.lck)
>
> How do you specify this? leafnode-2.0b8_ma8rc8 has gone a
> long way from
> where leafnode 1.9.19 is.

I do configure, make and make install for the public news server
I then make clean, and modify the make file as follows:

# LOCKFILE is the lockfile generated by the leafnode programs
PREFIX_USR = /usr/local
PREFIX_VAR = /var
USRDIR = $(PREFIX_USR)/bin/leafnode2
BINDIR = $(PREFIX_USR)/sbin/leafnode2
MANDIR = $(PREFIX_USR)/man
SPOOLDIR = /var/spool/news2
LIBDIR   = /etc/leafnode2
LOCKFILE = /var/lock/news/fetchnews2.lck
RPMSRC   = none

I then make and make install again.

I think that's everything :)

fetchnews is now working OK, it is just the fetchnews.lck problem.

Cheers,

Ben




-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list