Jim McKinstry and Amy Rich
I have a Linux machine that logged the following error message.
Do you know what it's from or what it means?
kernel: Suspect short first fragment.
kernel: eth0 PROTO=17 OUTSIDE_IP:0 MY_IP:0 L=24 S=0x00 I=57374 \
F=0x2000 T=116 (#0)
A This is your kernel intercepting
a packet that is too short to be valid. IP packets that are too large
can be split into multiple packets, and each part is called a fragment.
The kernel then reassembles all of the fragments to get a full packet.
This kernel message indicates that someone (probably maliciously)
sent you a packet that was too short even to contain the headers for
the fragment. Short fragments are usually signs of an attack on your
Q I was running FreeBSD 4.2-STABLE
on a second partition on my laptop, when the need arose to install
Windows. I put Windows 98 on the primary partition, and, unfortunately,
this overwrote the MBR, and I can no longer boot into my FreeBSD
partition. Can I recover my data? Do I need to reinstall?
A You can easily recover your information,
and even be able to boot off the secondary partition as long as
your Windows install didn't overwrite the partition your FreeBSD
install resides on. You can download the bootinst.exe DOS
and redo the MBR from DOS.
You can also use boot0cfg from FreeBSD. Insert your FreeBSD
boot disk, and press a key when the machine starts to boot. If you
don't have a boot disk, the images can be obtained from:
Once you have the kernel image, you can put it onto disk by doing
the following from a UNIX machine:
dd if=kern.flp of=<whatever your floppy device is>
To create the images from DOS, you need a disk copy program file fdimage:
fdimage kern.flp a:
Insert the kernel floppy into your laptop floppy drive and boot from
it (you may need to change the boot list in your laptop's BIOS).
Interrupt the booting process at the beginning, unload the kernel
from the floppy, and boot determine the location of your kernel image
The lsdev will tell you where your root partition resides.
You can then reset the current location from which to load the kernel
(and actually load the new kernel):
set currdev=<root partition's name determined from lsdev>
Once you have the machine booted, you can redo the MBR by doing the
boot0cfg -B ad0
You should now be able to boot from either partition.
Q I'm using Solaris 2.5.1 on
a Sparc 20 with two identical 2-GB internal disks. I'm trying
to copy one disk to the other using ufsdump, but I'm
getting errors about a corrupted bootblock on the disk I'm
dumping to. Both disks are partitioned as follows:
Total disk cylinders available: 2733 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 root wm 0 - 943 700.62MB (944/0/0) 1434880
1 swap wu 944 - 1288 256.05MB (345/0/0) 524400
2 backup wm 0 - 2732 1.98GB (2733/0/0) 4154160
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 1289 - 2732 1.05GB (1444/0/0) 2194880
6 unassigned wm 0 0 (0/0/0) 0
7 unassigned wm 0 0 (0/0/0) 0
Slice 0 is / and slice 5 is /usr. Then I do the ufsdump:
ufsdump 0uf /dev/rdsk/c0t3d0s0 /dev/dsk/c0t1d0s0
ufsdump 0uf /dev/rdsk/c0t3d0s5 /dev/dsk/c0t1d0s5
When I try to boot off the disk, I get errors about the disk being
unbootable and having a corrupt bootblock. What am I doing wrong?
A There's actually a couple
of issues here. First, you're doing a ufsdump straight
to the second disk device, which causes you to overwrite the bootblock
at cylinder 0. What you really want to do is create the two partitions
with newfs, mount them, dump them, and then do a ufsrestore
mount /dev/dsk/c0t1d0s0 /s0
ufsdump 0f / - |(cd /s0; ufsrestore -)
mount /dev/dsk/c0t1d0s5 /s5
ufsdump 0f /usr - |(cd /s5; ufsrestore -)
You also want to install the bootblocks onto the new disk by doing
installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/c0t1d0s0
Lastly, if you want to boot off this disk and use all of the filesystems
on this disk, you'll need to modify /etc/vfstab to change
any references to c0t3d0 to c0t1d0.
That said, it would be much simpler to use Solaris DiskSuite (or
Veritas Volume Manager) to encapsulate the boot disk and mirror
it to the second one. Using DiskSuite will also give you redundant
disk while the machine is live, so you won't need to reboot
off the other disk if one fails (although you will eventually have
to shut down to replace the disk).
Q I have a lot of users that use
UUNET's dial-up pool when they travel. I want to allow them
mail relaying from our mail server, but I don't want to open
it up to the entire UUNET dial-up pool (for obvious spam reasons).
What's the best way to go about this?
A You have a couple of options.
You can do POP-before-SMTP, which requires modifications to the
POP daemon, a couple of utilities, and an addition to the Sendmail
configuration. You can also do SMTPAUTH or STARTTLS
if you're using Sendmail 8.10/8.11. Sendmail's page on
roaming users has information on all of these methods:
Q I'm having a problem editing
root's cron file. I've logged in as root from the console,
and I can edit everyone else's crontab with crontab -e <user>.
When I try this as root, though, all I get is a line saying 1427,
and then my prompt doesn't come back. I can only get out by typing
Control-d. I can look at the file with crontab -l just
fine. What's the problem?
A If you're just seeing a
number when you use crontab -e, it sounds like you're
winding up using ed instead of whatever editor you expected
to be using. You can correct this by doing the following (assuming
you want vi as your editor):
Syntax for Bourne shell variants:
Syntax for C shell variants:
setenv EDITOR vi
setenv VISUAL vi
You'll most likely want to set these variables in one of root's
startup files as well, so you always have the default editor of your
Q I run a Sendmail mail server,
but I need to support a number of Windows clients (specifically
Outlook 2000 and Eudora). I'm really concerned about people
sending Visual Basic attachments with viruses in them. Is there
something I can do to filter on content to protect my Windows users?
A You probably want to take a look
at milter, Sendmail's Perl filter API:
You can write your own filter rules to match whatever criteria you
need. Milter has the ability to modify or discard any parts of both
headers and body. Milter is distributed with versions of Sendmail
8.10.1 and later. One milter that may be of particular interest to
you, depending on what OS you run, is at:
Q I have an organization with shared
email address books in Netscape (by editing prefs.js to point
at a network location). They are getting to a size where this solution
no longer works very well (due to file locking blocking access to
other users), but it makes no sense to get something like Exchange
server so they can have a centralized address book.
It seems to me that it ought to be possible to set up OpenLDAP
running on a Linux box to serve this purpose (much like, say four11
or bigfoot). There are MSWindows clients available to maintain the
database. I'm stuck on how to design the database and schema
to enable all this happen.
A Yes, LDAP works well for a site-wide
email address database. For an introduction on how to design LDAP
schemas, you may want to pick up the book Understanding and Deploying
LDAP Directory Servers, by Timothy A. Howes. Netscape also has
information on designing a directory server at:
In general, give some thought to the design up front so you can define
a schema that has all the variables that you'll want to
be able to store about the employees. Besides designing your LDAP
database just for an email addressbook, also consider designing it
so you can eventually use it as a centralized database for all sorts
of user (and other!) information (HR information, user authentication,
calendaring, mailing lists, etc.). Just be sure when choosing the
unique identifier for your user leaf nodes that you don't use
something confidential like the employee's SSN.
Jim McKinstry is a Senior Sales Engineer for MTI Technology
Corporation (www.mti.com). MTI is a leading international
provider of data storage management products and services. He can
be reached at: firstname.lastname@example.org.
Amy Rich, president of the Boston-based Oceanwave Consulting,
Inc. (http://www.oceanwave.com), has been a UNIX systems
administrator for more than five years. She received a BSCS at Worcester
Polytechnic Institute, and can be reached at: email@example.com.