Cover V10, I05


Questions and Answers

Jim McKinstry and Amy Rich

I have a Linux machine that logged the following error message. Do you know what it's from or what it means?

kernel: Suspect short first fragment.
kernel: eth0 PROTO=17 OUTSIDE_IP:0 MY_IP:0 L=24 S=0x00 I=57374 \
  F=0x2000 T=116 (#0)
A This is your kernel intercepting a packet that is too short to be valid. IP packets that are too large can be split into multiple packets, and each part is called a fragment. The kernel then reassembles all of the fragments to get a full packet. This kernel message indicates that someone (probably maliciously) sent you a packet that was too short even to contain the headers for the fragment. Short fragments are usually signs of an attack on your machine.

Q I was running FreeBSD 4.2-STABLE on a second partition on my laptop, when the need arose to install Windows. I put Windows 98 on the primary partition, and, unfortunately, this overwrote the MBR, and I can no longer boot into my FreeBSD partition. Can I recover my data? Do I need to reinstall?

A You can easily recover your information, and even be able to boot off the secondary partition as long as your Windows install didn't overwrite the partition your FreeBSD install resides on. You can download the bootinst.exe DOS program from:
and redo the MBR from DOS.

You can also use boot0cfg from FreeBSD. Insert your FreeBSD boot disk, and press a key when the machine starts to boot. If you don't have a boot disk, the images can be obtained from:
Once you have the kernel image, you can put it onto disk by doing the following from a UNIX machine:

dd if=kern.flp of=<whatever your floppy device is>
To create the images from DOS, you need a disk copy program file fdimage:

fdimage kern.flp a:
Insert the kernel floppy into your laptop floppy drive and boot from it (you may need to change the boot list in your laptop's BIOS). Interrupt the booting process at the beginning, unload the kernel from the floppy, and boot determine the location of your kernel image on disk:

lsdev -v
The lsdev will tell you where your root partition resides. You can then reset the current location from which to load the kernel (and actually load the new kernel):

set currdev=<root partition's name determined from lsdev>
load kernel
Once you have the machine booted, you can redo the MBR by doing the following:

boot0cfg -B ad0
You should now be able to boot from either partition.

Q I'm using Solaris 2.5.1 on a Sparc 20 with two identical 2-GB internal disks. I'm trying to copy one disk to the other using ufsdump, but I'm getting errors about a corrupted bootblock on the disk I'm dumping to. Both disks are partitioned as follows:

Total disk cylinders available: 2733 + 2 (reserved cylinders)

Part      Tag    Flag     Cylinders       Size            Blocks
  0       root    wm       0 -  943     700.62MB    (944/0/0)  1434880
  1       swap    wu     944 - 1288     256.05MB    (345/0/0)   524400
  2     backup    wm       0 - 2732       1.98GB    (2733/0/0) 4154160
  3 unassigned    wm       0              0         (0/0/0)          0
  4 unassigned    wm       0              0         (0/0/0)          0
  5 unassigned    wm    1289 - 2732       1.05GB    (1444/0/0) 2194880
  6 unassigned    wm       0              0         (0/0/0)          0
  7 unassigned    wm       0              0         (0/0/0)          0
Slice 0 is / and slice 5 is /usr. Then I do the ufsdump:

ufsdump 0uf /dev/rdsk/c0t3d0s0 /dev/dsk/c0t1d0s0
ufsdump 0uf /dev/rdsk/c0t3d0s5 /dev/dsk/c0t1d0s5
When I try to boot off the disk, I get errors about the disk being unbootable and having a corrupt bootblock. What am I doing wrong?

A There's actually a couple of issues here. First, you're doing a ufsdump straight to the second disk device, which causes you to overwrite the bootblock at cylinder 0. What you really want to do is create the two partitions with newfs, mount them, dump them, and then do a ufsrestore as follows:

newfs /dev/rdsk/c0t1d0s0
mkdir /s0
mount /dev/dsk/c0t1d0s0 /s0
ufsdump 0f / - |(cd /s0; ufsrestore -)
umount /s0
rmdir /s0

newfs /dev/rdsk/c0t1d0s5
mkdir /s5
mount /dev/dsk/c0t1d0s5 /s5
ufsdump 0f /usr - |(cd /s5; ufsrestore -)
umount /s5
rmdir /s5
You also want to install the bootblocks onto the new disk by doing the following:

installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/c0t1d0s0
Lastly, if you want to boot off this disk and use all of the filesystems on this disk, you'll need to modify /etc/vfstab to change any references to c0t3d0 to c0t1d0.

That said, it would be much simpler to use Solaris DiskSuite (or Veritas Volume Manager) to encapsulate the boot disk and mirror it to the second one. Using DiskSuite will also give you redundant disk while the machine is live, so you won't need to reboot off the other disk if one fails (although you will eventually have to shut down to replace the disk).

Q I have a lot of users that use UUNET's dial-up pool when they travel. I want to allow them mail relaying from our mail server, but I don't want to open it up to the entire UUNET dial-up pool (for obvious spam reasons). What's the best way to go about this?

A You have a couple of options. You can do POP-before-SMTP, which requires modifications to the POP daemon, a couple of utilities, and an addition to the Sendmail configuration. You can also do SMTPAUTH or STARTTLS if you're using Sendmail 8.10/8.11. Sendmail's page on roaming users has information on all of these methods:
Q I'm having a problem editing root's cron file. I've logged in as root from the console, and I can edit everyone else's crontab with crontab -e <user>. When I try this as root, though, all I get is a line saying 1427, and then my prompt doesn't come back. I can only get out by typing Control-d. I can look at the file with crontab -l just fine. What's the problem?

A If you're just seeing a number when you use crontab -e, it sounds like you're winding up using ed instead of whatever editor you expected to be using. You can correct this by doing the following (assuming you want vi as your editor):

Syntax for Bourne shell variants:

export EDITOR=vi
export VISUAL=vi
Syntax for C shell variants:

setenv EDITOR vi
setenv VISUAL vi
You'll most likely want to set these variables in one of root's startup files as well, so you always have the default editor of your choice.

Q I run a Sendmail mail server, but I need to support a number of Windows clients (specifically Outlook 2000 and Eudora). I'm really concerned about people sending Visual Basic attachments with viruses in them. Is there something I can do to filter on content to protect my Windows users?

A You probably want to take a look at milter, Sendmail's Perl filter API:
You can write your own filter rules to match whatever criteria you need. Milter has the ability to modify or discard any parts of both headers and body. Milter is distributed with versions of Sendmail 8.10.1 and later. One milter that may be of particular interest to you, depending on what OS you run, is at:
Q I have an organization with shared email address books in Netscape (by editing prefs.js to point at a network location). They are getting to a size where this solution no longer works very well (due to file locking blocking access to other users), but it makes no sense to get something like Exchange server so they can have a centralized address book.

It seems to me that it ought to be possible to set up OpenLDAP running on a Linux box to serve this purpose (much like, say four11 or bigfoot). There are MSWindows clients available to maintain the database. I'm stuck on how to design the database and schema to enable all this happen.

A Yes, LDAP works well for a site-wide email address database. For an introduction on how to design LDAP schemas, you may want to pick up the book Understanding and Deploying LDAP Directory Servers, by Timothy A. Howes. Netscape also has information on designing a directory server at:
In general, give some thought to the design up front so you can define a schema that has all the variables that you'll want to be able to store about the employees. Besides designing your LDAP database just for an email addressbook, also consider designing it so you can eventually use it as a centralized database for all sorts of user (and other!) information (HR information, user authentication, calendaring, mailing lists, etc.). Just be sure when choosing the unique identifier for your user leaf nodes that you don't use something confidential like the employee's SSN.

Jim McKinstry is a Senior Sales Engineer for MTI Technology Corporation ( MTI is a leading international provider of data storage management products and services. He can be reached at:

Amy Rich, president of the Boston-based Oceanwave Consulting, Inc. (, has been a UNIX systems administrator for more than five years. She received a BSCS at Worcester Polytechnic Institute, and can be reached at: