Update of /cvsroot/leaf/doc/guide/install-bering
In directory usw-pr-cvs1:/tmp/cvs-serv17919
Added Files:
biabout.xml biaddrm.xml biall.xml bicontent.xml
bidowndistro.xml bidownmod.xml bikeybd.xml binetwork.xml
bipackages.xml bishorwall.xml bumodem.xml
Log Message:
added current bering install xml source
--- NEW FILE: biabout.xml ---
<sect1 id="biabout"><title>About LEAF "Bering"</title>
<sect2><title>What is the LEAF "Bering" distribution ?</title>
<para>The LEAF "Bering" distribution is derived from <ulink
url="http://lrp.steinkuehler.net";>Charles Steinkuehler's</ulink> Dachstein (rc2). It
differs from it on two key elements:</para>
<itemizedlist>
<listitem><para>It is based on a 2.4.x linux kernel</para></listitem>
<listitem><para>It relies on <ulink url="http://www.shorewall.net";>Shorewall</ulink>
for extended firewalling facilities. Check all the Shorewall features <ulink
url="http://www.shorewall.net/shorewall_features.htm";>here</ulink>.</para></listitem>
</itemizedlist>
<para>The main objectives are:</para>
<itemizedlist>
<listitem><para>To benefit from the <ulink
url="http://www.netfilter.org";>netfilter/iptables</ulink> facilities</para></listitem>
<listitem><para>To have access to the latest kernel device drivers &
filesystems</para></listitem>
<listitem><para>To keep everything available on a single floppy for the largest
possible user's base (including serial modem, cable modem or ADSL PPP/PPPOE
users)</para></listitem>
<listitem><para>To keep the simplicity provided by Dachstein</para></listitem>
<listitem><para>To stick to a standard linux kernel as much as possible. This allows
LEAF "Bering" usage and developement in a <ulink
url="http://leaf.sourceforge.net/devel/jnilo/uml.html";>virtual
environment</ulink></para></listitem>
<listitem><para>To stick as much as possible to the Debian distribution
structure</para></listitem>
</itemizedlist>
<para>This work was made possible after having proposed a solution to get rid of the
original kernel LRP patches which do not pass the change introduced in
<filename>initrd</filename> in the 2.4.10 kernel. The interested reader can refer to
the leaf-devel mailing list archives.</para>
</sect2>
<sect2><title>Why Bering ?</title>
<para>The name "Bering" was chosen from the Strait of the same name. A strait is a
nice symbol for a firewall: a lot of traffic and strict navigation rules. Bering was
chosen because it represents the shortest distance between Europe and America where
most of the LEAF community is living. Those interested by the story of the Bering
Island can check <ulink
url="http://www.pbs.org/edens/kamchatka/bering.html";>here</ulink> (Thanks to Matt
Schalit for the reference).</para>
</sect2>
<sect2><title>Feedback</title>
<para>Comment on this package can be sent to the authors:</para>
<para>Jacques Nilo <email>[EMAIL PROTECTED]</email> or Eric Wolzak
<email>[EMAIL PROTECTED]</email>.</para>
</sect2>
<sect2><title>Acknowledgments and thanks</title>
<para>Thanks to everyone who help us on this work and especially the members of the
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel";>leaf-devel</ulink>
and <ulink
url="http://lists.sourceforge.net/lists/listinfo/leaf-user";>leaf-user</ulink> mailing
list. Many thanks also to Tom Eastep <email>[EMAIL PROTECTED]</email> for his
great shorewall package and his dedicated support.</para>
<para>The "Bering" distribution has benefited from many comments, help and suggestions
from Lynn Avants, Chad Carr, Luis F. Correia, Allen Hillery, Christian Hostelet, Tom
Eastep, Jeff Newmiller, Brock Nanson, Thor Nylander, Larry Platzek and Bob
Pocius.</para>
</sect2>
<sect2><title>Changelog</title>
<para>Current version: 1.0-rc3 - June,16 2002</para>
<itemizedlist>
<listitem><para>Bering now supports apm and vlan as modules. New netfilter modules
provided for H323, pptp, sftp and talk.Check available modules <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/net/ipv4/netfilter/";>here</ulink>.</para></listitem>
<listitem><para>Bering kernel now patched with <ulink
url="http://www.grsecurity.net";>grsecurity</ulink> v1.9.4. Kernel compiled with
"medium" level. Check all the details <ulink
url="http://www.grsecurity.org/features.htm";>here</ulink>.</para></listitem>
<listitem><para><ulink url="http://www.shorewall.net";>Shorewall</ulink> updated to
latest 1.3.1 version with the June 15, 2002 errata.</para></listitem>
<listitem><para>Busybox updated to 0.60.3: saves 10k and <emphasis>ls</emphasis>
command output is now in colour :-)</para></listitem>
<listitem><para><filename>root.dev.mk</filename> updated to create mtd, nftla1->4,
lp0, lp1 devices for DoC and parallel printer support</para></listitem>
<listitem><para>In <filename>/lib/POSIXness</filename>,
<filename>POSIXness.text</filename> removed, <filename>POSIXness.mail</filename>
corrected (thanks to K.P. Kirchd�rfer), <filename>POSIXness.system</filename>
cleaned-up and <filename>POSIXness.linuxrouter</filename> modified so that
<emphasis>lrpkg -i /anydir/package.lrp</emphasis> can work.</para></listitem>
<listitem><para><filename>/etc/passwd</filename> and <filename>/etc/group</filename>
updated so that qmail.lrp can now work out of the box</para></listitem>
<listitem><para>bridge scripts in bridge.lrp fixed</para></listitem>
<listitem><para>syslinux updated to version 1.75</para></listitem>
<listitem><para>weblet.lrp updated: sh-httpd has GID 10 (wheels) to be able to run
with grsecurity patch. Correction for layout problems in viewsys and viewnet. Display
of statistiscs improved using the "ip -s link show" command. Memory check changed: now
only the memory in the tmpfs and dev/root are checked. Mounted floppies and cdroms are
ignored.</para></listitem>
<listitem><para><ulink url="busers.html">User's guide</ulink> updated to revision 0.3.
with some editing. Also now available as pdf file in the Bering <ulink
url="http://sourceforge.net/project/showfiles.php?group_id=13751";>download
area</ulink>.</para></listitem>
<listitem><para><ulink url="binstall.html">Installation guide</ulink> updated to
revision 0.7. Also available as pdf file in the Bering <ulink
url="http://sourceforge.net/project/showfiles.php?group_id=13751";>download
area</ulink>.</para></listitem>
</itemizedlist>
<para>Version: 1.0-rc2 - April,22 2002</para>
<itemizedlist>
<listitem><para>Bering now support <ulink url="http://www.freeswan.org";>IPSEC</ulink>
(Freeswan - version 1.97) as a module. ipsec.lrp & ipsec509.lrp packages available.
Thanks to Chad Carr <email>[EMAIL PROTECTED]</email> for his great
work!</para></listitem>
<listitem><para>Bering now support <ulink url="http://www.shorewall.net/PPTP.htm";>pptp
tunnels</ulink>. Kernel was patched accordingly and pppd daemon as
well</para></listitem>
<listitem><para>Bering can now boot from a CD-Rom. The result of a great team work
involving Luis F. Correia <email>[EMAIL PROTECTED]</email>, Allen
Hillery <email>[EMAIL PROTECTED]</email> and Chritian Hostelet
<email>[EMAIL PROTECTED]</email>. Luis also wrote a <ulink url="bucdrom.html">new
section</ulink> of the Bering user's guide explaining how to create the
CD-Rom.</para></listitem>
<listitem><para>Shorewall updated to latest 1.2.12 version. Parameterized
two-interfaces setup removed and replaced by the new two-interfaces sample from Tom.
The Bering's installation manual about Shorewall has been completely
rewritten.</para></listitem>
<listitem><para>PCMCIA kernel mode removed. We now go for pcmcia_cs package and
modules. Seems more robust and also support PCI/PCMCIA bridge</para></listitem>
<listitem><para>Last version (2.21) of the <ulink
url="http://leaf.sourceforge.net/devel/jnilo/manpages/e3.html";>e3 editor</ulink> now
provided</para></listitem>
<listitem><para>Kernel now compiled with serial support (by popular demand
:-))</para></listitem>
<listitem><para>Busybox mount command now works for NFS volumes</para></listitem>
<listitem><para>iptables updated with the last 1.2.6a version</para></listitem>
<listitem><para><ulink url="busers.html">User's guide</ulink> updated to revision 0.2.
with five new chapters and many updates !</para></listitem>
<listitem><para><ulink url="binstall.html">Installation guide</ulink> updated to
revision 0.5.</para></listitem>
</itemizedlist>
<para>Version: 1.0-rc1 - March,16 2002</para>
<itemizedlist>
<listitem><para>Updated with the 2.4.18 linux kernel which fixes the Netfilter/IRC
bug. Support is now provided for Appletalk and IPX through appropriate
modules</para></listitem>
<listitem><para>Shorewall updated version 1.2.9. Allows now MAC addresses
filtering</para></listitem>
<listitem><para>iptables updated with the last 1.2.5 version</para></listitem>
<listitem><para><filename>lrcfg.back.script</filename> updated with the most recent
version from Dachstein which allows partial backup and adatped to work without ctar.
Backup problems experienced in beta-4 should be gone. Eric spent quite some time on
this one :-).</para></listitem>
<listitem><para>New pcmcia.lrp packages (tested and more compact and with a more
detailed documentation).</para></listitem>
<listitem><para>Documentation updated to revision 0.4.</para></listitem>
</itemizedlist>
<para>Version: beta4 - February 2002</para>
<itemizedlist>
<listitem><para>ifupdown program adapted to only use ip addr and ip route commands.
ifconfig removed</para></listitem>
<listitem><para>Shorewall updated to latest 1.2.6 version</para></listitem>
<listitem><para>arp program added to /sbin to have proxy-arp working with Shorewall
(thanks to Yvo Nelemans for noticing this)</para></listitem>
<listitem><para>Beta2 <filename>/usr/sbin/lrcfg.back.initrd</filename> script
restored. Automatic computation of INITRD_SIZE in beta3 was buggy</para></listitem>
<listitem><para>Loading of modules stored in <filename>/boot/lib/modules</filename>
right after initrd is mounted is now working properly</para></listitem>
<listitem><para>ctar removed following a suggestion by S. Caron</para></listitem>
<listitem><para>The pcmcia.lrp configuration list is no more broken</para></listitem>
<listitem><para>Some clean-up in weblet.lrp</para></listitem>
<listitem><para>Documentation updated to revision 0.3.</para></listitem>
</itemizedlist>
<para>Version: beta3 - February 2002</para>
<itemizedlist>
<listitem><para>The distribution has now a name: Bering !</para></listitem>
<listitem><para>Kernel 2.4.16 updated. Check the new <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/beta3/bering-b3.config";>config
file</ulink>. Includes now support for Hard disks, DOC, ext2/ext3/reiserfs
filesystems, PPPOA, IPV6</para></listitem>
<listitem><para>Shorewall updated to latest 1.2.5 version</para></listitem>
<listitem><para>Winimage floppy image now available for Windows users</para></listitem>
<listitem><para>INITRD_SIZE parameter removed:
<filename>/usr/sbin/lrcfg.back.initrd</filename> now computes optimal size of INITRD
filesystem</para></listitem>
<listitem><para><filename>/etc/init.d/netbase</filename> removed and replaced by
<filename>/etc/init.d/inetd</filename>. Portmap will be provided as a separate
package.</para></listitem>
<listitem><para>Some clean-up in the <filename>/etc/init.d</filename> RCDLINKS=
parameters to comply with Debian/Woody</para></listitem>
<listitem><para>Supplemental packages available providing openssh, pcmcia, ppp (with
active-filter enabled) and wireless support. Check the Bering packages <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/packages/";>directory</ulink>.</para></listitem>
<listitem><para>Pump.lrp recompiled with proper options and
<filename>/etc/shorewall.pump</filename> script corrected. Also
<filename>/etc/init.d/pump</filename> script removed: Pump fully controlled by
ifup/down</para></listitem>
<listitem><para><filename>libnsl.so</filename> removed (and <filename>tcpd</filename>
and <filename>sshd</filename> recompiled accordingly). Save about 10K
(compressed).</para></listitem>
<listitem><para><filename>/usr/sbin/ticker</filename> replaced by a shell script
(Thanks Ray !). Save 1,3K (compressed)</para></listitem>
<listitem><para>Documentation updated to revision 0.2. Thanks to L. Avants, T. Eastep
& L. Platzek for their suggestions !</para></listitem>
</itemizedlist>
<para>Version: beta2 - January 2002</para>
<itemizedlist>
<listitem><para>Kernel 2.4.16 now used. New kernel <ulink
url="http://leaf.sourceforge.net/devel/jnilo/kernel-2.4.16/leaf-mini-2416-b2.config";>config
file</ulink>. Includes in particular support for PCMCIA, PPP, PPP/PPPOE, ISDN, USB
and bridging</para></listitem>
<listitem><para>Use <ulink url="http://www.shorewall.net";>shorewall 1.2.2</ulink>
allowing among <ulink url="http://www.shorewall.net/shorewall_features.htm";>many other
things</ulink> traffic shapping & blacklisting</para></listitem>
<listitem><para>Pump (0.8.11-3) being used as default DHCP/BOOTP client to save disk
space (dhclient.lrp still OK)</para></listitem>
<listitem><para>networking script now fully debian/sid compatible. Dachstein's
<filename>/etc/network.conf</filename>, <filename>/etc/ipchains.conf</filename> and
<filename>/etc/init.d/network</filename> files/scripts completely
removed</para></listitem>
<listitem><para>ifconfig (1.4.2) and ifupdown (0.6.4) available</para></listitem>
<listitem><para>new applets in bbox library (0.60.2)</para></listitem>
<listitem><para>new version of iproute2 (010824). tc <ulink
url="http://luxik.cdi.cz/~devik/qos/htb/v2/htb2_tc.diff";>patched</ulink> to allow for
<ulink url="http://luxik.cdi.cz/~devik/qos/htb/";>HTB queuing
discipline</ulink></para></listitem>
<listitem><para>bridge now available as a separate package. Provides brctl from <ulink
url="http://bridge.sourceforge.net/";>bridge-utils</ulink> (0.9.4) </para></listitem>
<listitem><para>ppp.lrp and pppoe.lrp provided in the standard distro for serial/modem
and adsl/pppoe connections. pppoe.lrp provides the PPPoE 2.4.16 kernel plugin. The ppp
daemon is the 2.4.1 version patched for kernel mode PPPoE available <ulink
url="http://www.shoshin.uwaterloo.ca/~mostrows/";>here</ulink>.</para></listitem>
<listitem><para>pon, poff and plog scripts provided in ppp.lrp for ppp on
demand.</para></listitem>
<listitem><para>weblet.lrp modified to handle <filename>iptable</filename> output. Do
not need <filename>netstat</filename> anymore</para></listitem>
<listitem><para>first draft of installation guide available (what your are reading
now)</para></listitem>
</itemizedlist>
<para>version: <ulink
url="http://www.geocrawler.com/archives/3/7232/2001/12/150/7221394/";>2.4.14-b1</ulink>
- 12 December 2001</para>
<para>version: <ulink
url="http://www.geocrawler.com/archives/3/7232/2001/11/50/7219319/";>2.4.14-alpha</ulink>
- 20 November 2001</para>
</sect2>
<sect2><title>Bering download area</title>
<para>All Bering related files, including archives, are available in the LEAF <ulink
url="http://sourceforge.net/project/showfiles.php?group_id=13751";>files
area</ulink>.</para>
</sect2>
<sect2><title>Bering support</title>
<para>Bering is provided with an extensive documentation also available as pdf file in
the LEAF <ulink
url="http://sourceforge.net/project/showfiles.php?group_id=13751";>files
area</ulink>.</para>
<para>Request for support should be directed only to the <ulink
url="http://lists.sourceforge.net/lists/listinfo/leaf-user";>leaf-user mailing
list</ulink>.</para>
</sect2>
</sect1>
--- NEW FILE: biaddrm.xml ---
<sect1 id="biaddrm"><title>Installation - step 3: Add/remove the (un)needed packages
and modules</title>
<para>The LEAF "Bering" floppy disk is provided with package(s) and/or module(s) you
won't necessary need. Get rid of them to begin with.</para>
<para>Check the list of packages provided above to see if you need them. Some examples
follow:</para>
<itemizedlist>
<listitem><para>A US user can remove the keyboard.lrp package</para></listitem>
<listitem><para>A cable modem user with dynamic IP can get rid of the ppp.lrp and
pppoe.lrp packages</para></listitem>
<listitem><para>A user with a fixed external IP does not need
pump.lrp</para></listitem>
<listitem><para>A DSL/PPPoE user will not necessarily need pump.lrp</para></listitem>
</itemizedlist>
<sect2><title>Removing unneeded packages</title>
<para>To remove a given package (say unneeded.lrp) from the LEAF disk, insert it in
your floppy drive and boot it. When you will see the LEAF configuration menu, type q
(quit) to get access to the linux shell. Then execute the following commands:</para>
<screen>
mount -t msdos /dev/fd0u1680 /mnt
cd /mnt
rm unneeded.lrp
cd /
umount /mnt
</screen>
</sect2>
<sect2><title>Edit the <filename>syslinux.cfg</filename> file</title>
<para>Make sure the list of packages that you want to load when the LEAF firewall
floppy is booted correspond to those packages you want to load:</para>
<para>By default the syslinux.cfg file looks like:</para>
<screen>
display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos
PKGPATH=/dev/fd0u1680 LRP=root,etc,local,modules,pump,keyboard,shorwall,dnscache,weblet
</screen>
<para>To edit this file:</para>
<screen>
mount -t msdos /dev/fd0u1680 /mnt
cd /mnt
ae syslinux.cfg
(edit the LRP= list to fit your needs)
(then save and exit)
cd /
umount /mnt
</screen>
<para>Other syslinux parameters:</para>
<itemizedlist>
<listitem><para><emphasis>log_size=</emphasis> Defines the size of the
<filename>/var/log</filename> directory. Default= 2M</para></listitem>
<listitem><para><emphasis>syst_size=</emphasis> Defines the size of the TMPFS
filesystem. Default= 6M.</para></listitem>
<listitem><para><emphasis>tmp_size=</emphasis> Defines the size of the
<filename>/tmp</filename> directory. Default= remaining available
memory</para></listitem>
<listitem><para><emphasis>PKGPATH=</emphasis> Defines location of packages defined in
the <emphasis>LRP=</emphasis> list. I.E. if they are stored on two different floppies,
one will have something like:</para></listitem>
</itemizedlist>
<screen>
display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp log_size=4M init=/linuxrc root=/dev/ram0
boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680,/dev/fd1u1680
LRP=root,etc,local,modules,pump,keyboard,libz,sshd,shorwall,dnscache,weblet
</screen>
<para>In the example above packages not available on the first floppy drive (e.g.
libz.lrp and sshd.lrp) will be loaded from a 1680K formatted floppy inserted in the
second drive. On the top of that 4M are allocated to <filename>/var/log</filename>
files.</para>
<note>
<para>The LEAF editor is <ulink url="http://www.sax.de/~adlibit/";>e3</ulink>. The
documentation is <ulink
url="http://leaf.sourceforge.net/devel/jnilo/manpages/e3.html";>here</ulink>. Different
emulations are available: vi, ae or e3ws are the most common one.</para>
</note>
</sect2>
<sect2><title>Removing unneeded modules</title>
<para>Once you have removed the unneeded packages, you can remove the unneeded.o
module(s) as follow:</para>
<screen>
cd /lib/modules
rm unneeded.o
lrcfg
</screen>
<para>Once you are back with the LEAF configuration menu select the LEAF packages
backup entry and backup the modules package.</para>
</sect2>
<sect2><title>Adding a new package</title>
<para>To add a new package just copy it to the LEAF floppy and declare the name in the
<filename>syslinux.cfg</filename> LRP= list.</para>
</sect2>
<sect2><title>Adding extra modules in /lib/modules</title>
<para>You can add many features to your LEAF "Bering" distribution by adding extra
kernel modules. Once you know which modules you need, download them from the LEAF
Bering <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules";>modules
directory</ulink> to a standard (1,44M formatted) floppy disk. Boot the LEAF "Bering"
floppy. Once you see the LEAF menu, remove the LEAF floppy and replace it with the
modules floppy. Then issue the following commands:</para>
<screen>
mount -t msdos /dev/fd0 /mnt
cd /mnt
cp needed1.o needed2.o ... /lib/modules
cd /
umount /mnt
lrcfg
</screen>
<para>Through the LEAF Packages configuration menu select "modules" and declare those
modules you need to load in <filename>/etc/modules</filename>.</para>
<para>Remember to save and backup modules.lrp !</para>
<important>
<para>The LEAF "Bering" <filename>/etc/modules</filename> file contains templates to
setup a bridge, to access to an IDE Hard-disk or CD-ROM and to activate USB.</para>
</important>
</sect2>
<sect2><title>Adding extra modules in /boot/lib/modules</title>
<para>You can choose to load those extra kernel modules at the early stage of the boot
process right after initrd filesystem is mounted. This is typically used to get access
to a storage device where the remaining LEAF packages are stored. Once you know which
modules you need, download them from the LEAF Bering <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules";>modules
directory</ulink> to a standard (1,44M formatted) floppy disk. Boot the LEAF "Bering"
floppy. Once you see the LEAF menu, remove the LEAF floppy and replace it with the
modules floppy. Then issue the following commands:</para>
<screen>
mount -t msdos /dev/fd0 /mnt
cd /mnt
cp needed1.o needed2.o ... /boot/lib/modules
cd /
umount /mnt
lrcfg
</screen>
<para>Through the LEAF Packages configuration menu select "initrd" and declare those
modules you need to load in <filename>/boot/etc/modules</filename>.</para>
<para>Remember to save and backup initrd.lrp !</para>
</sect2>
</sect1>
--- NEW FILE: biall.xml ---
<?xml version="1.0" encoding='ISO-8859-1'?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
<!ENTITY biabout SYSTEM "biabout.xml">
<!ENTITY bicontent SYSTEM "bicontent.xml">
<!ENTITY bidowndistro SYSTEM "bidowndistro.xml">
<!ENTITY bidownmod SYSTEM "bidownmod.xml">
<!ENTITY biaddrm SYSTEM "biaddrm.xml">
<!ENTITY bikeybd SYSTEM "bikeybd.xml">
<!ENTITY binetwork SYSTEM "binetwork.xml">
<!ENTITY bishorwall SYSTEM "bishorwall.xml">
<!ENTITY bipackages SYSTEM "bipackages.xml">
]>
<book>
<article id="binstall"><title>LEAF "Bering" installation guide</title>
<articleinfo>
<author><firstname>Jacques</firstname> <surname>Nilo</surname></author>
<author><firstname>Eric</firstname> <surname>Wolzak</surname></author>
<revhistory>
<revision>
<revnumber>0.1</revnumber>
<date>18 January 2002</date>
<revremark>First draft for review</revremark>
</revision>
<revision>
<revnumber>0.2</revnumber>
<date>2 February 2002</date>
<revremark>Second draft for review</revremark>
</revision>
<revision>
<revnumber>0.3</revnumber>
<date>21 February 2002</date>
<revremark>Third draft for review</revremark>
</revision>
<revision>
<revnumber>0.4</revnumber>
<date>19 March 2002</date>
<revremark>Fourth draft for review</revremark>
</revision>
<revision>
<revnumber>0.5</revnumber>
<date>22 April 2002</date>
<revremark>Fifth draft for review</revremark>
</revision>
<revision>
<revnumber>0.6</revnumber>
<date>16 June 2002</date>
<revremark>Sixth draft for review</revremark>
</revision>
</revhistory>
</articleinfo>
&biabout;
&bicontent;
&bidowndistro;
&bidownmod;
&biaddrm;
&bikeybd;
&binetwork;
&bishorwall;
&bipackages;
</article>
</book>
--- NEW FILE: bicontent.xml ---
<sect1 id="bicontent"><title>Available packages on the LEAF "Bering" floppy</title>
<sect2><title>The LEAF "Bering" floppy disk content</title>
<para>The following files are available on the 1680K formatted LEAF "Bering"
floppy:</para>
<screen>
[root@versa root]# ls -la /mnt/floppy/
total 1654
drwxr-xr-x 2 root root 5632 jan 1 1970 ./
drwxr-xr-x 5 root root 4096 mai 19 02:10 ../
-rwxr-xr-x 1 root root 8795 jun 16 15:32 bridge.lrp*
-rwxr-xr-x 1 root root 43768 jun 16 15:32 dhcpd.lrp*
-rwxr-xr-x 1 root root 23821 jun 16 15:32 dnscache.lrp*
-rwxr-xr-x 1 root root 23401 jun 16 15:31 etc.lrp*
-rwxr-xr-x 1 root root 410442 jun 16 15:30 initrd.lrp*
-rwxr-xr-x 1 root root 11855 jun 16 15:32 keyboard.lrp*
-r-xr-xr-x 1 root root 7112 jun 16 12:11 ldlinux.sys*
-rwxr-xr-x 1 root root 495127 jun 9 17:19 linux*
-rwxr-xr-x 1 root root 494 jun 16 15:31 local.lrp*
-rwxr-xr-x 1 root root 296 jun 16 15:37 log.lrp*
-rwxr-xr-x 1 root root 104057 jun 16 15:31 modules.lrp*
-rwxr-xr-x 1 root root 95752 jun 16 15:32 ppp.lrp*
-rwxr-xr-x 1 root root 14125 jun 16 15:33 pppoe.lrp*
-rwxr-xr-x 1 root root 24566 jun 16 15:31 pump.lrp*
-rwxr-xr-x 1 root root 186 jun 16 15:34 readme*
-rwxr-xr-x 1 root root 315097 jun 16 15:31 root.lrp*
-rwxr-xr-x 1 root root 36597 jun 16 15:32 shorwall.lrp*
-rwxr-xr-x 1 root root 205 jun 16 15:35 syslinux.cfg*
-rwxr-xr-x 1 root root 1059 jun 16 15:36 syslinux.dpy*
-rwxr-xr-x 1 root root 41798 jun 16 15:33 tc.lrp*
-rwxr-xr-x 1 root root 19540 jun 16 15:32 weblet.lrp*
[root@versa root]#
</screen>
</sect2>
<sect2><title>Description</title>
<para>The different packages and files are described in the two following
tables:</para>
<table frame='all'>
<title>Available LEAF packages</title>
<tgroup cols='4' align='left'>
<thead>
<row>
<entry>Package name</entry>
<entry>Purpose</entry>
<entry>Version</entry>
<entry>Status</entry>
</row>
</thead>
<tbody>
<row>
<entry>bridge.lrp</entry>
<entry>Provides brctl and bridging facilities</entry>
<entry>0.9.4</entry>
<entry>Optionnal</entry>
</row>
<row>
<entry>dhcpd.lrp</entry>
<entry>Provides a DHCP server to your local network</entry>
<entry></entry>
<entry>Optionnal</entry>
</row>
<row>
<entry>dnscache.lrp</entry>
<entry>Provides D.J. Bernstein fast caching resolver for DNS</entry>
<entry>1.05</entry>
<entry>Recommended</entry>
</row>
<row>
<entry>etc.lrp</entry>
<entry>Provides system /etc files</entry>
<entry>v1.0-rc3</entry>
<entry>Required</entry>
</row>
<row>
<entry>initrd.lrp</entry>
<entry>Provides LEAF bootstrap and core system files</entry>
<entry>v1.0-rc3</entry>
<entry>Required</entry>
</row>
<row>
<entry>keyboard.lrp</entry>
<entry>Provides 35 International keyboard layouts</entry>
<entry>0.3</entry>
<entry>Optionnal</entry>
</row>
<row>
<entry>local.lrp</entry>
<entry>Provides system files</entry>
<entry>v1.0-rc3</entry>
<entry>Required</entry>
</row>
<row>
<entry>log.lrp</entry>
<entry>Provides system /var/log files</entry>
<entry>v1.0-rc3</entry>
<entry>Required</entry>
</row>
<row>
<entry>modules.lrp</entry>
<entry>Provides 2.4.18 kernel modules files</entry>
<entry>v1.0-rc3</entry>
<entry>Required</entry>
</row>
<row>
<entry>ppp.lrp</entry>
<entry>Provides the ppp daemon patched for kernel mode PPPoE</entry>
<entry>2.4.1</entry>
<entry>Optionnal</entry>
</row>
<row>
<entry>pppoe.lrp</entry>
<entry>Provides the PPPoE kernel plugin</entry>
<entry>2.4.1</entry>
<entry>Optionnal</entry>
</row>
<row>
<entry>pump.lrp</entry>
<entry>Provides the Redhat DHCP/BOOTP client</entry>
<entry>0.8.11</entry>
<entry>Optionnal</entry>
</row>
<row>
<entry>root.lrp</entry>
<entry>Provides the LEAF system files</entry>
<entry>v1.0-rc3</entry>
<entry>Required</entry>
</row>
<row>
<entry>shorwall.lrp</entry>
<entry>Provides the shorewall firewall</entry>
<entry>1.3.1</entry>
<entry>Required</entry>
</row>
<row>
<entry>tc.lrp</entry>
<entry>Provides the IPROUTE2 tc program for traffic shapping</entry>
<entry>SS010824</entry>
<entry>Optionnal</entry>
</row>
<row>
<entry>weblet.lrp</entry>
<entry>Provides a Web based LEAF monitoring tool</entry>
<entry>1.2.0</entry>
<entry>Optionnal</entry>
</row>
</tbody>
</tgroup>
</table>
<table frame='all'>
<title>Other files</title>
<tgroup cols='4' align='left'>
<thead>
<row>
<entry>File name</entry>
<entry>Purpose</entry>
<entry>Version</entry>
<entry>Status</entry>
</row>
</thead>
<tbody>
<row>
<entry>ldlinux.sys</entry>
<entry>syslinux (boot loader) system file</entry>
<entry>1.75</entry>
<entry>Required</entry>
</row>
<row>
<entry>linux</entry>
<entry>Linux kernel</entry>
<entry>2.4.18</entry>
<entry>Required</entry>
</row>
<row>
<entry>syslinux.cfg</entry>
<entry>syslinux LEAF configuration file</entry>
<entry>1.75</entry>
<entry>Required</entry>
</row>
<row>
<entry>syslinux.dpy</entry>
<entry>syslinux screen logo file</entry>
<entry>1.75</entry>
<entry>Required</entry>
</row>
</tbody>
</tgroup>
</table>
</sect2>
</sect1>
--- NEW FILE: bidowndistro.xml ---
<sect1 id="bidowndistro"><title>Installation - step 1: download the
distribution</title>
<sect2><title>Linux users</title>
<para>As root, download the <ulink
url="http://prdownloads.sourceforge.net/leaf/Bering_1.0-rc3_img_bering_1680.bin";>1680K
disk image</ulink> in your <filename>/tmp</filename> directory and copy it to a 1680K
formatted floppy disk:</para>
<para>Format a blank floppy disk:</para>
<screen>
superformat /dev/fd0u1680
or
fdformat /dev/fd0u1680
</screen>
<para>Copy the disk image on the floppy:</para>
<screen>
dd if=/tmp/Bering_1.0-rc3_img_bering_1680.bin of=/dev/fd0u1680
</screen>
</sect2>
<sect2><title>Windows users</title>
<para>From your favorite browser, download the <ulink
url="http://prdownloads.sourceforge.net/leaf/Bering_1.0-rc3_img_bering_1680.exe";>1680K
Winimage</ulink> in any available directory. Have a blank formatted disk ready. Then
click on the downloaded disk winimage and follow the instructions.</para>
</sect2>
</sect1>
--- NEW FILE: bidownmod.xml ---
<sect1 id="bidownmod"><title>Installation - step 2: download the modules</title>
<para>In order to use the LEAF firewall you will need to install the modules that will
be loaded to complement your kernel. You will need one for your ethernet card(s) in
particular.</para>
<para>Modules can be stored in two different places:</para>
<itemizedlist>
<listitem><para>In <filename>/boot/lib/modules</filename>: these modules will be
loaded at the very begining of the booting process. This facility is used to load
drivers which will be necessary in order to be able to load the remaining of the
packages (CD-ROM or Hard-disk drivers for examples when you are booting off those
media: cf. the <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bubooting.html";>"Booting Bering from
different boot-media"</ulink> section of the Bering user's guide). These modules will
be saved in the initrd.lrp package. None are provided by default in the LEAF
distribution since most users won't need any. If you use this facility, you will also
need to edit <filename>/boot/etc/modules</filename> in order to declare the sequence
of modules you want to load at this stage.</para></listitem>
<listitem><para>In <filename>/lib/modules</filename>: these modules are provided by
the modules.lrp package which is loaded as any other package. This package should
provide most - if not all - of the modules required to have the LEAF firewall working
on your specific hardware. You will also need to edit
<filename>/etc/modules</filename> in order to declare the sequence of modules you want
to load.</para></listitem>
</itemizedlist>
<para>By default, the modules.lrp package of the LEAF "Bering" firewall
provides:</para>
<screen>
[root@versa modules]# ls -la
total 280
drwxr-x--- 2 root root 4096 jun 16 17:20 ./
drwxr-xr-x 3 root root 4096 jun 16 19:46 ../
-rw-r--r-- 1 root root 36120 jun 9 11:02 3c59x.o
-rw-r--r-- 1 root root 8880 jun 9 11:02 8390.o
-rw-r--r-- 1 root root 26320 jun 9 11:02 eepro100.o
-rw-r--r-- 1 root root 5928 jun 9 11:03 ip_conntrack_ftp.o
-rw-r--r-- 1 root root 5720 jun 9 11:03 ip_conntrack_irc.o
-rw-r--r-- 1 root root 4748 jun 9 11:03 ip_nat_ftp.o
-rw-r--r-- 1 root root 4200 jun 9 11:03 ip_nat_irc.o
-rw-r--r-- 1 root root 8528 jun 9 11:02 ne2k-pci.o
-rw-r--r-- 1 root root 8144 jun 9 11:02 ne.o
-rw-r--r-- 1 root root 9816 jun 9 11:02 n_hdlc.o
-rw-r--r-- 1 root root 9968 jun 9 11:02 ppp_async.o
-rw-r--r-- 1 root root 39428 jun 9 11:02 ppp_deflate.o
-rw-r--r-- 1 root root 23736 jun 9 11:02 ppp_generic.o
-rw-r--r-- 1 root root 22536 jun 9 11:02 ppp_mppe.o
-rw-r--r-- 1 root root 11648 jun 9 11:02 pppoe.o
-rw-r--r-- 1 root root 3616 jun 9 11:02 pppox.o
-rw-r--r-- 1 root root 7920 jun 9 11:02 ppp_synctty.o
-rw-r--r-- 1 root root 6744 jun 9 11:02 slhc.o
[root@versa modules]#
</screen>
<para>3c59x, 8390, eepro100, ne and ne2k-pci are drivers for common network
cards.</para>
<para>n_hdlc, ppp_generic, ppp_async, ppp_deflate, ppp_synctty, ppp_mppe, pppoe,
pppox, slhc are ppp and ppp/pppoe related modules.</para>
<para>ip_conntrack_* and ip_nat_* modules are use for masquerading.</para>
<important>
<para>You will probably need to download other modules for your own network card or to
get access to specific functionnalities (bridge.o for bridging, ...). The whole set of
Bering linux kernel modules is available for download <ulink
url="http://prdownloads.sourceforge.net/leaf/Bering_1.0-rc3_modules_2.4.18.tar.gz";>here</ulink>.
If you just want to download a specific module go through the Bering modules <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/";>download
area</ulink>.</para>
</important>
</sect1>
--- NEW FILE: bikeybd.xml ---
<sect1 id="bikeybd"><title>Installation - step 4: configure your keyboard</title>
<para>If you are a non US user you will probably need one of the 35 keyboard layouts
provided in the keyboard.lrp package.</para>
<para>To configure keyboard go to the LEAF packages configuration menu and choose
keyboard.</para>
<para>The following menu will appear:</para>
<screen>
keyboard configuration files
1) change keyboard language maps
q) quit
</screen>
<para>Type 1 to get access to the <filename>/etc/init.d/keyboard</filename> script
where you will have to replace the KEYMAP variable (default="us.map") by the
appropriate keyboard setting.</para>
<para>The KEYMAP variable must be chosen among the 35 following entries:</para>
<screen>
# azerty.map cz.map fi.map jp.map ro.map trq.map
# be.map de-latin1.map fr-latin1.map la.map ru.map ua.map
# bg.map de.map fr.map lt.map se.map uk.map
# br-a.map dk.map gr.map mk.map sg.map us.map
# br-l.map dvorak.map hu.map nl.map sk-y.map wangbe.map
# by.map es.map il.map no.map sk-z.map
# cf.map et.map is.map pl.map slovene.map
# croat.map fi-latin1.map it.map pt.map trf.map
</screen>
<para>To activate the new keyboard map get access to the linux shell and type:</para>
<screen>
/etc/init.d/keyboard start
</screen>
<para>You can then remove the keymaps you do not need once you are happy with your
choice. It will strip the keyboard.lrp package to 1k. From the LEAF console simply
run:</para>
<screen>
/etc/init.d/keyboard remove
</screen>
<important>
<para>To save your modification(s) do not forget to backup
<filename>keyboard.lrp</filename>!</para>
</important>
</sect1>
--- NEW FILE: binetwork.xml ---
<sect1 id="binetwork"><title>Installation - step 5: configure your network</title>
<para>You are now going to declare your network configuration through the Network
configuration menu.</para>
<important>
<para>If you want to permanently change any of the following parameters, do not forget
to backup etc.lrp !</para>
</important>
<para>Through the LEAF configuration menu type 1 to access to the Network
configuration menu:</para>
<screen>
Network configuration menu
1) interfaces
2) hosts IP addresses
3) hostname
4) resolv.conf
5) super server daemon configuration (inetd.conf)
6) hosts.allow
7) hosts.deny
8) networks
q) quit
----------------------------------------------------------------------------
Selection:
</screen>
<sect2><title>interfaces</title>
<para>By default, the LEAF "Bering" firewall uses eth0 as the external interface with
a dynamic IP provided by pump.lrp and eth1 as the internal interface at address
192.168.1.254.</para>
<para>Edit 1) interfaces to modify those settings.</para>
<para>Typical LEAF configurations are provided in the <filename>interfaces</filename>
file, simply uncomment what you need and comment (#) what you will not need!</para>
<para>Check the <ulink url="./manpages/interfaces_man.html">interfaces</ulink> man
pages or the Debian network interfaces <ulink
url="./manpages/interfaces_network.examples">examples</ulink> for more complicated
setup.</para>
<para>The network configuration is activated in the
<filename>/etc/init.d/networking</filename> script through the <ulink
url="./manpages/ifup_man.html">ifupdown</ulink> functions.</para>
<para>Once your interfaces are configured, remember to save and backup the etc.lrp
package !</para>
<important>
<para>Be sure that any interface change is reflected in your firewall configuration
(step 6 below). Adjust Shorewall params file accordingly !</para>
</important>
</sect2>
<sect2><title>hosts IP addresses</title>
<para>The <filename>/etc/hosts</filename> file is where you put the name and IP
address of local hosts. If you place a host in this file, then you do not need to
query the domain name server to get its IP Address. The disadvantage of doing this is
that if the IP address for that host changes, you must keep this file up to date
yourself . In a well managed system, the only hostnames that usually appear in this
file are an entry for the loopback interface, and also the local hosts name. By
default:</para>
<screen>
127.0.0.1 localhost
192.168.1.254 firewall
</screen>
<important>
<para>Do not forget to declare the internal address(es) of a ssh client in this file
if you want to connect quickly to your firewall machine!</para>
</important>
</sect2>
<sect2><title>hostname</title>
<para>By default, the name of your machine is:</para>
<screen>
firewall
</screen>
</sect2>
<sect2><title>resolv.conf</title>
<para>The <filename>/etc/resolv.conf</filename> file is the main configuration file
for DNS resolution. Its format is quite simple. It is a text file that has one keyword
per line. There are three keywords typically used by the file. These keywords
are:</para>
<itemizedlist>
<listitem><para><emphasis>domain</emphasis>: This keyword specifies the local domain
name</para></listitem>
<listitem><para><emphasis>search</emphasis>: This keyword specifies a list of
alternate domain names to search for a hostname</para></listitem>
<listitem><para><emphasis>name server</emphasis>: This keyword, which may be used many
times, specifies an IP address of a domain name server to query when resolving
names</para></listitem>
</itemizedlist>
<para>By default this file is set to:</para>
<screen>
nameserver 127.0.0.1
nameserver 192.168.1.254
</screen>
<para>You should not need to change it. The file, by default, shows the address of the
local DNS server (192.168.1.254) provided by dnscache. Pump won't override the address
unless you implicitly allow it. Check the pump documentation below if you want to
change that.</para>
</sect2>
<sect2><title>Super server daemon configuration (inetd.conf)</title>
<para>The <filename>/etc/inetd.conf</filename> file is the configuration file for the
inetd server daemon. Its function is to tell inetd what to do when it receives a
connection request for a particular service. For each service that you wish to accept
connections, you must tell inetd what network server daemon to run (and how to run
it).</para>
<para>Its format is also fairly simple. It is a text file with each line describing a
service that you wish to provide. Any text in a line following a `#' is both ignored,
and it is considered a comment. Each line contains seven fields separated by any
number of whitespace (tab or space) characters.</para>
<para>By default the three following services are open through inetd:</para>
<screen>
ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd -i
www stream tcp nowait sh-httpd /usr/sbin/tcpd /usr/sbin/sh-httpd
stat stream tcp nowait root /usr/sbin/tcpd /usr/sbin/stat.sh
</screen>
</sect2>
<sect2><title>hosts.allow</title>
<para>The <filename>/etc/hosts.allow</filename> file is a configuration file for the
<filename>/usr/sbin/tcpd</filename> program. The <filename>hosts.allow</filename> file
contains rules describing which hosts are allowed access to a service on your
machine.</para>
<para>The default for LEAF is:</para>
<screen>
# /etc/hosts.allow: list of hosts that are allowed to access the system. See
# hosts_access(5) and /usr/doc/net/portmapper.txt
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# Allow anything from the local net
ALL: 192.168.1.0/255.255.255.0
</screen>
<para>Any host from the internal network in the 192.168.1.0/24 IP range will be
allowed to access to ssh, www and stat through inetd.</para>
<para>If you want that only 192.168.1.1 from your internal network can access to the
firewall through ssh and weblet, you will have:</para>
<screen>
ssh: 192.168.1.1/255.255.255.255
www: 192.168.1.1/255.255.255.255
stat: 192.168.1.1/255.255.255.255
</screen>
</sect2>
<sect2><title>hosts.deny</title>
<para>The <filename>/etc/hosts.deny</filename> file is a configuration file for the
<filename>/usr/sbin/tcpd</filename> program. The <filename>hosts.deny</filename> file
contains entries for the rules defining which hosts will NOT be allowed access to a
service on your machine.</para>
<para>The default in LEAF is:</para>
<screen>
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See hosts_access(5) and /usr/doc/net/portmapper.txt
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
ALL: PARANOID
# Prevent all access not explicitly allowed in hosts.allow
ALL: ALL
</screen>
</sect2>
<sect2><title>network</title>
<para>The <filename>/etc/networks</filename> file has a similar function to that of
the <filename>/etc/hosts</filename> file.This file provides a simple database of
network names against network addresses. Its format differs in that there may be only
two fields per line, and that the fields are coded as:</para>
<para>The default in LEAF is:</para>
<screen>
localnet 127.0.0.0
</screen>
</sect2>
</sect1>
--- NEW FILE: bipackages.xml ---
<sect1 id="bipackages"><title>Information on specific packages</title>
<sect2><title>bridge.lrp</title>
<para>the bridge documentation is available <ulink
url="bridge.html">here</ulink>.</para>
</sect2>
<sect2><title>dnscache.lrp</title>
<para>A full documentation is available <ulink
url="http://leaf.sourceforge.net/devel/jnilo/dnscache.html";>here</ulink>.</para>
</sect2>
<sect2><title>pcmcia.lrp</title>
<para>This package is available in the LEAF "Bering" <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/";>packages
section</ulink>. It is built from <ulink
url="http://pcmcia-cs.sourceforge.net";>pcmcia-cs</ulink> 3.1.33. To configure pcmcia,
go to the LEAF packages configuration menu and select pcmcia.</para>
<para>The functionnalities of this package are limited to network, wireless & serial
setup. The following menu will appear:</para>
<screen> pcmcia configuration files
1) pcmcia default parameters
2) pcmcia configuration
3) wireless configuration
q) quit
----------------------------------------------------------------------------
Selection:
</screen>
<para>Refer to the <ulink
url="http://pcmcia-cs.sourceforge.net/ftp/doc/PCMCIA-HOWTO.html";>PCMCIA How-to</ulink>
for a full explanation of the configuration parameters. The man pages are <ulink
url="http://pcmcia-cs.sourceforge.net/man/index.html";>here</ulink>.</para>
<para>In order to have a working pcmcia package, you need to download in
<filename>/lib/modules/pcmcia</filename> those modules which are necessary for your
own PCMCIA card:</para>
<para>Starting with Bering v1.0-rc2, pcmcia modules come from the pcmcia-cs package
and NOT from the kernel. Non kernel mode PCMCIA support through pcmcia-cs appears more
stable.</para>
<para>The PCMCIA drivers are <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/drivers/pcmcia/";>here</ulink></para>
<para>Two "core" modules are mandatory: pcmcia_core.o and ds.o and are provided with
the pcmcia.lrp package. You will then need a socket driver (tcic.o or i82365.o for
example) and your network card drivers.</para>
<para>The interface provided by your pcmcia hardware (e.g. eth0 and ppp0) should NOT
be put in the <emphasis>auto</emphasis> statement of the
<filename>/etc/interface</filename> file. The <filename>/etc/pcmcia/network</filename>
script will be launched by the cardmgr program which is launched by
<filename>/etc/init.d/pcmcia</filename> script. The interface configuration will be
then read from the interface file. See the Bering <ulink url="bupcmcia.html">user's
guide</ulink> for practical examples.</para>
<para>On the top of the standard <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/pcmcia.lrp";>pcmcia.lrp</ulink>
package provided without any pcmcia kernel modules, three other packages are provided
in the Bering package area:</para>
<itemizedlist>
<listitem><para><ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/pcmcia_full.lrp";>pcmcia_full.lrp</ulink>:
provides all the packages of the original pcmcia_cs packages. Not really tested in a
LEAF environnement and without any pcmcia modules. It is provided for those willing to
adapt the original pcmcia.lrp package to support ide, scsi or
parport.</para></listitem>
<listitem><para><ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/pcmcia_xircom.lrp";>pcmcia_xircom.lrp</ulink>:
provides a ready-to-go pcmcia package for XIRCOM 16 bits PCMCIA cards. The necessary
pcmcia-cs (3.1.33) drivers are included. It has been tested successfully on a RealPort
Ethernet 10/100 + Modem 56k (REM56G-100BTX). This file is stripped to a bare minimum
to save space.</para></listitem>
<listitem><para><ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/pcmcia_orinoco.lrp";>pcmcia_orinoco.lrp</ulink>:
provides a ready-to-go pcmcia package for orinoco cards. The necessary pcmcia-cs
(3.1.33) drivers are included.</para></listitem>
</itemizedlist>
<important>
<para>The previous three packages should be renamed pcmcia.lrp after downloading. Also
make sure that the modules provided with pcmcia_xircom.lrp and pcmcia_orinoco.lrp
correspond to the modules provided with your Bering release !</para>
</important>
</sect2>
<sect2><title>ppp.lrp</title>
<para>ppp.lrp provides the ppp daemon patched to allow for PPPoE connection. It will
also be needed for a standard serial modem connection. To configure ppp go to the LEAF
Packages configuration menu and choose ppp.</para>
<para>The following menu will appear:</para>
<screen>
ppp configuration files
1) ISP pppd options
2) ISP login script
3) System wide pppd options
4) chap secret
5) pap secret
6) pppd daemon script
q) quit
</screen>
<itemizedlist>
<listitem><para>Option 1 give you access to the
<filename>/etc/ppp/peer/provider</filename> file. The sample file is ready to use for
a Compuserve modem dial-up connection. Adjust it to you needs.</para></listitem>
<listitem><para>Option 2 gives you access to the
<filename>/etc/chatscripts/provider</filename>. The sample file is a sample script
file for Compuserve. Adjust it to your needs.</para></listitem>
<listitem><para>Option 3 gives you access to the <filename>/etc/ppp/options</filename>
system wide file</para></listitem>
<listitem><para>Option 4 gives you access to the
<filename>/etc/ppp/chap-secrets</filename> file</para></listitem>
<listitem><para>Option 5 gives you access to the
<filename>/etc/ppp/pap-secrets</filename> file</para></listitem>
<listitem><para>Option 6 gives you access to the <filename>/etc/init.d/ppp</filename>
script file</para></listitem>
</itemizedlist>
<para>The man page for the ppp daemon is available <ulink
url="./manpages/pppd_man.html">here</ulink>.</para>
<important>
<para>The <filename>peer/provider</filename> and
<filename>chatscript/provider</filename> files are the one used by default for a modem
connection. You can ignore those two files if you run ppp.lrp togther with the
pppoe.lrp package. In this case you will edit the two adsl-provider files available
through the pppoe configuration menu.</para>
</important>
<para>The Bering pppd daemon comes from the <ulink
url="ftp://ftp.samba.org/pub/ppp/ppp-2.4.1.tar.gz";>ppp-2.4.1.tar.gz</ulink> package.
This program is patched for <ulink
url="http://www.shoshin.uwaterloo.ca/~mostrows/";>pppoe support</ulink> with the <ulink
url="http://www.shoshin.uwaterloo.ca/~mostrows/ppp-2.4.1-pppoe.patch4";>ppp-2.4.1-pppoe.patch4</ulink>
patch. The result of the compilation gives the "Bering" pppd daemon provided in
ppp.lrp.</para>
<para>If you want support for MSCHAP (pptp tunnels) or for the active-filter pppd
option you will have to replace the pppd daemon provided on the Bering ppp.lrp package
by the appropriate version available <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/pppd/";>here</ulink>.</para>
<para>The following patched pppd daemons are available:</para>
<screen>
pppd-pptp
"Bering" pppd daemon + the two following patches:
ppp-2.4.1-openssl-0.9.6-mppe-patch.gz
ppp-2.4.1-MSCHAPv2-fix.patch.gz
pppd-pptp-reqmppe
pppd-pptp + the following patch:
require-mppe.diff
pppd-pptp-reqmppe-filter
pppd-pptp-reqmppe compiled with the FILTER flag enabled and
statiscally compiled against libpcap.
pppd-filter
"Bering" pppd daemon compiled with the FILTER flag enabled and
statically compiled against libpcap. No pptp support.
</screen>
</sect2>
<sect2><title>pppoe.lrp</title>
<para>pppoe.lrp provides the PPPoE 2.4.16 kernel plugin to allow for a kernel based
PPPoE connection. To configure PPPoE, go to the LEAF packages configuration menu and
select pppoe.</para>
<para>The following menu will appear:</para>
<screen>
pppoe configuration files
1) DSL pppd options
2) pap secret
q) quit
</screen>
<itemizedlist>
<listitem><para>Option 1 give you access to the
<filename>/etc/ppp/peer/dsl-provider</filename> file. The sample file is ready to use
for T-DSL. Adjust it to you needs.</para><para>IMPORTANT: be sure to change the user
<emphasis>papname</emphasis> with your valid login name. Usually you need the
@provider.com suffix. This name must be the same as the one in the
<filename>/etc/ppp/pap-secrets</filename> below.</para></listitem>
<listitem><para>Option 2 gives you access to the
<filename>/etc/ppp/pap-secrets</filename> file. The format is
<emphasis>username</emphasis> (the same as above) *
<emphasis>yoursecret</emphasis></para></listitem>
</itemizedlist>
<warning>
<para>The LEAF "Bering" distribution uses the PPPoE kernel mode plugin. Do not use the
instructions for Roaring Penguin pppoe!</para>
</warning>
</sect2>
<sect2><title>pump.lrp</title>
<para>Pump is the DHCP/BOOTP client from Redhat. To configure it go to the LEAF
packages configuration menu and choose pump.</para>
<para>The following menu will appear:</para>
<screen>
pump configuration files
1) pump configuration file
2) pump default config file
3) pump init script
q) quit
</screen>
<itemizedlist>
<listitem><para>Option 1 give you access to the pump configuration file
(<filename>/etc/pump.conf</filename>). Man pages are available <ulink
url="./manpages/pump_man.html">here</ulink>.</para></listitem>
<listitem><para>Option 2 defines default parameters</para></listitem>
<listitem><para>Option 3 gives you access to the <filename>/etc/init.d/pump</filename>
script (experienced users only!)</para></listitem>
</itemizedlist>
</sect2>
<sect2><title>vlan.lrp</title>
<para>This package is available in the LEAF "Bering" <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/";>packages
section</ulink>. It provides the <ulink url="./manpages/vconfig.html">vconfig</ulink>
program and the necessary scripts. The vconfig program comes from the <ulink
url="http://www.candelatech.com/~greear/vlan.html";>vlan linux</ulink> web site where
you will find useful information.</para>
</sect2>
<sect2><title>tc.lrp</title>
<para>The tc.lrp package provides the tc program from the iproute2 utilities used with
LEAF "Bering". There is no configuration file for this program, which is only used if
you want for traffic-shapping through Shorewall. Refer to the <ulink
url="http://www.shorewall.net/traffic_shaping.htm";>shorewall documentation</ulink> if
you are planning to use traffic-shapping.</para>
</sect2>
<sect2><title>wireless.lrp and wireutil.lrp</title>
<para>These packages are available in the LEAF "Bering" <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/";>packages
section</ulink>. They provide the wireless utilities <ulink
url="./manpages/iwconfig.html">iwconfig</ulink>, <ulink
url="./manpages/iwgetid.html">iwgetid</ulink>, <ulink
url="./manpages/iwlist.html">iwlist</ulink>, <ulink url="iwpriv.html">iwpriv</ulink>
and <ulink url="./manpages/iwspy.html">iwspy</ulink>. You need to download the <ulink
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/libm.lrp";>libm.lrp</ulink>
package to have a working wireless.lrp and wireutil.ltrp package. There is no
configuration file for those packages which are typically used in cunjunction with
pcmcia.lrp. In most cases only wireless.lrp will be necessary.</para>
</sect2>
</sect1>
--- NEW FILE: bishorwall.xml ---
<sect1 id="bishorwall"><title>Installation - step 6: configure Shorewall</title>
<para>One of the distintive feature of Bering is that it relies on <ulink
url="http://www.shorewall.net/";>Shorewall</ulink> to provide it's firewall
facility.</para>
<para>The reasons behind this choice are numerous:</para>
<itemizedlist>
<listitem><para><ulink url="http://www.shorewall.net/";>Shorewall</ulink> is an <ulink
url="http://www.netfilter.org/";>iptables</ulink> based firewall which offers many
features (Masquerading/SNAT, Port forwarding, Static NAT, Proxy ARP, VPN support,
Traffic Control/Shaping) which are described in greater detail <ulink
url="http://www.shorewall.net/shorewall_features.htm";>here.</ulink></para></listitem>
<listitem><para>It is a very powerfull tool with which it is "simple to do simple
things" but which also offers a great flexibility.</para></listitem>
<listitem><para>It is very well documented. I strongly recommend that you print out
the full documentation available in pdf format in the Shorewall <ulink
url="http://www.shorewall.net/pub/shorewall";>download area</ulink> and that you spend
the time to understand the concept behind it. A worthwhile effort !</para></listitem>
<listitem><para>It has a nice <ulink
url="http://www.shorewall.net/shorewall_quickstart_guide.htm";>QuickStart Guide</ulink>
which will allow the reader to quickly grasp the basics. A prerequisite reading
!</para></listitem>
<listitem><para>It has a tremendous support from it's developper, Tom Eastep, who
replies very quickly to requests addressed to the <ulink
url="http://www.shorewall.net/mailing_list.htm";>shorewall user's mailing list</ulink>.
Mail archives are also available and searchable.</para></listitem>
</itemizedlist>
<para>The shorwall.lrp package provided on the Bering distro (starting with v1.0-rc2)
is built as follow:</para>
<itemizedlist>
<listitem><para>Download the <ulink
url="http://www.shorewall.net/pub/shorewall/LATEST.lrp";>LATEST.lrp</ulink> package
from Tom's site and rename it shorwall.lrp.</para></listitem>
<listitem><para>Download either the <ulink
url="http://www.shorewall.net/pub/shorewall/LATEST.samples/two-interfaces.tgz";>Two-interfaces</ulink>
Masquerading Firewall or the <ulink
url="http://www.shorewall.net/pub/shorewall/LATEST.samples/three-interfaces.tgz";>Three-interfaces</ulink>
Masquerading Firewall with DMZ depending on your own situation. They will provide you
with default setup for the interfaces, masq, policy, rules and zones files that will
be used in replacement of those provided in Tom's original package.</para></listitem>
<listitem><para>Add two statements in the "rules" file in order to allow query to
dnscache and weblet servers from the internal network. See below.</para></listitem>
<listitem><para>Create an OUTPUT file in <filename>/etc/shorewall</filename>with a
unique statement that will take care of the icmp-dnat netfilter bug
workaround:</para></listitem>
</itemizedlist>
<screen>
# Take care of icmp-dnat netfilter bug workaround
# http://www.netfilter.org/security/2002-04-02-icmp-dnat.html
# JN June 2002. Suggestion by Tom Eastep (Thks Tom !)
run_iptables -I OUTPUT 3 -m state -p icmp --state INVALID -j DROP
</screen>
<para>The four previous steps will allow you to update shorwall.lrp on your own Bering
distro whenever a more recent Shorewall version is released.</para>
<important>
<para>Bering shorwall.lrp package is provided by default with the Two-interfaces
Masquerading Firewall and the two extra rules mentionned earlier. This setup assumes
that eth0 is connected to the Internet via a dynamic IP and that your local network is
interfaced through eth1.</para>
</important>
<para>To configure Shorewall, start the LEAF packages configuration menu and choose
shorwall. The following menu will appear:</para>
<screen>
shorwall configuration files
1) <ulink
url="http://www.shorewall.net/Documentation.htm#Variables";>Params</ulink> Assign
parameter values
2) <ulink url="http://www.shorewall.net/Documentation.htm#Zones";>Zones</ulink>
Partition the network into Zones
3) <ulink
url="http://www.shorewall.net/Documentation.htm#Interfaces";>Ifaces</ulink>
Shorewall Networking Interfaces
4) <ulink url="http://www.shorewall.net/Documentation.htm#Hosts";>Hosts</ulink>
Define specific zones
5) <ulink
url="http://www.shorewall.net/Documentation.htm#Policy";>Policy</ulink> Firewall
high-level policy
6) <ulink url="http://www.shorewall.net/Documentation.htm#Rules";>Rules</ulink>
Exceptions to policy
7) <ulink url="http://www.shorewall.net/Documentation.htm#Masq";>Masq</ulink>
Internal MASQ Server Configuration
8) <ulink
url="http://www.shorewall.net/Documentation.htm#ProxyArp";>ProxyArp</ulink> Proxy ARP
Configuration
9) <ulink url="http://www.shorewall.net/Documentation.htm#Nat";>Nat</ulink>
Static NAT Configuration
10) <ulink
url="http://www.shorewall.net/Documentation.htm#Tunnels";>Tunnels</ulink> Tunnel
Definition (ipsec)
11) <ulink
url="http://www.shorewall.net/traffic_shaping.htm#tcrules";>TCRules</ulink> FWMark
Rules
12) <ulink
url="http://www.shorewall.net/Documentation.htm#Conf";>Config</ulink> Shorewall
Initialization Configuration
13) <ulink
url="http://www.shorewall.net/Documentation.htm#Modules";>Modules</ulink> Netfilter
modules to load
14) <ulink url="http://www.shorewall.net/Documentation.htm#TOS";>TOS</ulink>
Type of Service policy
15) <ulink
url="http://www.shorewall.net/Documentation.htm#Blacklist";>Blacklist</ulink>
Blacklisted hosts
16) <ulink
url="http://www.shorewall.net/Documentation.htm#rfc1918";>RFC1918</ulink> Defines
'norfc1918' interface option
q) quit
----------------------------------------------------------------------------
Selection:
</screen>
<para>Check the hyperlinks above, the <ulink
url="http://www.shorewall.net/shorewall_quickstart_guide.htm";>Quickstart Guide</ulink>
or the Shorewall <ulink
url="http://www.shorewall.net/Documentation_Index.htm";>documentation</ulink> to have a
full explanation on those configuration files.</para>
<para>Four files must be checked absolutely to make sure they fit your needs:</para>
<para>A/ The <filename>zone</filename> file (entry 2). For a two interfaces setting -
Bering's default - it looks like:</para>
<screen>
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local networks
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE a>
</screen>
<para>B/ The <filename>interfaces</filename> file (entry 3) defines your interfaces.
Default in Bering is:</para>
<screen>
(...)
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,routefilter,norfc1918
loc eth1 detect routestopped
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
</screen>
<para>C/ The <filename>rules</filename> file (entry 6) is one of the most important
files in Shorewall. Here is the one from Bering: </para>
<screen>
(...)
# Your entries for this setup would look like:
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
# Bering specific rules:
# allow loc to fw udp/53 for dnscache to work
# allow loc to fw tcp/80 for weblet to work
#
ACCEPT loc fw udp 53
ACCEPT loc fw tcp 80
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
</screen>
<para>As you can notice from above, two rules have been added to the two-interfaces
file. They allow:</para>
<itemizedlist>
<listitem><para>UDP requests from the local network (loc) to the firewall (fw) on port
53. This is the port used by dnscache to listen at dns requests coming from the
internal network.</para></listitem>
<listitem><para>TCP requests from the local network (loc) to the firewall (fw) on port
80. This is the port used by weblet for its web server.</para></listitem>
</itemizedlist>
<para>D/ Finally the <filename>masq</filename> file (entry 7). In Bering it looks
like:</para>
<screen>
(...)
#INTERFACE SUBNET
eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
</screen>
<important>
<para>If you change any of the shorewall parameters, remember to backup shorwall.lrp
!</para>
</important>
</sect1>
--- NEW FILE: bumodem.xml ---
<sect1 id="bumodem"><title>Serial Modem configuration</title>
<sect2><title>Objectives</title>
<para>We assume here that you can only get connected to internet through a serial
modem connection and that you want to share that connection with other (internal)
computers in your home or office. What follows describe the configuration of this
dial-up modem router. Your external interface (to the internet) will be ppp0, your
internal interface (to your internal network) is supposed to be done through an
ethernet network card (eth0).</para>
<para>What follows has been tested with Bering v1.0-rc1 on a Pentium 133 machine and a
US Robotics external modem connected to com1 (ttyS0). Lee provided useful additions to
this section</para>
<para>The <ulink
url="http://www.linuxdoc.org/HOWTO/PPP-HOWTO/index.html";>PPP-Howto</ulink> is a useful
reference for this section.</para>
<para>Comments on this section should be addressed to its maintainer: Jacques Nilo
<email>[EMAIL PROTECTED]</email>.</para>
</sect2>
<sect2><title>Step 1: declare the ppp package</title>
<para>Boot a Bering floppy image. Once the LEAF menu appears get access to the linux
shell by (q)uitting the menu. Edit the <filename>syslinux.cfg</filename> file and
replace the pump entry by ppp in the LRP= list of packages to be loaded at boot. Check
the Bering <ulink url="leaffw04.html">installation guide</ulink> to learn how to do
that.</para>
<para>Your <filename>syslinux.cfg</filename> file could look like (adjust to your
tastes):</para>
<screen>display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos
PKGPATH=/dev/fd0u1680
LRP=root,etc,local,modules,ppp,keyboard,shorwall,dnscache,weblet
</screen>
</sect2>
<sect2><title>Step 2: declare the serial and ppp modules</title>
<para>In order to have a modem dialup connection working, you need to have serial and
ppp support enabled through the appropriate kernel modules. You also need to declare
the driver module of the network card assigned to your internal network. In the
following example, this card is supposed to be a standard ne 2000 PCI card.</para>
<para>To configure your modules, go to the LEAF Packages configuration menu and choose
modules. Enter 1) to edit the <filename>/etc/modules</filename> file and enter the
following information:</para>
<screen>
# 8390 based ethernet cards
8390
ne2k-pci
# Modules needed for PPP connection
serial
slhc
ppp_generic
ppp_async
ppp_deflate
# Masquerading 'helper' modules
ip_conntrack_ftp
ip_conntrack_irc
ip_nat_ftp
ip_nat_irc
</screen>
<important>
<para>The sample file above might be different in your own case: you might need
another network module or some extra functionnalities. Adjust to your needs !</para>
</important>
<para>Backup the modules.lrp package.</para>
</sect2>
<sect2><title>Step 3: configure ppp</title>
<para>Connection with your ISP will be handled by PPP. The PPP How-to document will
give you very detailed information about this protocol and how to set-up the numerous
parameters.</para>
<para>Through the LEAF packages configuration get access to ppp configuration. The
following menu will show-up</para>
<screen>
ppp configuration files
1) ISP pppd options
2) ISP login script
3) System wide pppd options
4) chap secret
5) pap secret
6) pppd daemon script
q) quit
----------------------------------------------------------------------------
Selection:
</screen>
<para>Entry 1) allows you to adjust the parameter of your ppp connection through the
<filename>/etc/ppp/peers/provider</filename> file. The most important argument is the
<emphasis>ttySx</emphasis> parameter which defines the serial port to which your modem
is connected.</para>
<tip>
<para>Look at your <filename>/var/log/syslog</filename> file after booting Bering. It
will give you the list of the serial ports recognized by your linux kernel.</para>
</tip>
<para>A working <filename>/etc/ppp/peers/provider</filename> file for a Compuserve
connection could look like:</para>
<screen>
# ISP pppd options file
# What follows is OK for Compuserve
#
noauth
debug # log transaction to /var/log/messages
/dev/ttyS0 # (ttyS0=com1, ttyS1=com2, ...)
115200 # baud rate
modem
crtscts # use hardware flow control
asyncmap 0
defaultroute # ppp becomes default route to the internet
noipdefault
lock # don't let other processes besides PPP use the device
connect "/usr/sbin/chat -v -f /etc/chatscripts/provider"
</screen>
<para>If you plan to dial into a Windows RAS server or a server that uses PAP or CHAP
authentication, you need to add a line to this file. Just above the "connect" command,
on a line of its own, add "name <ISPUserID>" where <ISPUserID> is the login name
your ISP gave you. You need this because ppp has to masquerade the firewall as you
when using PAP or CHAP authentication.</para>
<para>Entry 2) allows you to adjust the communication script which will handle the
connection with your ISP. This script is stored in the
<filename>/etc/chatscripts/provider</filename></para>
<para> If you are not using Compuserve you should also delete all of the lines below
the "comment" line. A few - very few - ISPs require the final "PPP" line these
days.</para>
<para>A working script for a Compuserve connection could look like:</para>
<screen># ISP login script
# What follows is OK for Compuserve
# Adjust to your taste
ABORT "BUSY"
ABORT "NO CARRIER"
ABORT "VOICE"
ABORT "NO DIALTONE"
ABORT "NO ANSWER"
"" ATZ
# ISP telephone number: 124567890
OK ATDT1234567890#
CONNECT ''
Name: CIS
# With compuserve your_login_account=12345,6789
ID: your_login_account/go:pppconnect
Password: your_password
PPP
</screen>
<para>Edit Entry 3) - /etc/ppp/options "System-wide pppd options" if you want the
system to demand dial and to drop the line if idle for a preset time. To do this,
change "persist" to "demand" and add another line below "demand" that says "idle 600",
where 600 is the number of seconds the system should wait before dropping hanging up
if there is no network traffic.</para>
<para>Edit either the PAP (Entry 4) or CHAP (Entry 5) option to set up how your system
authenticates. For PAP authentication, choose the PAP option and add a line saying
"<ISPUserID> * <ISPUserPassword> to the bottom of the file. <ISPUserID> is
the same entry that you made in Entry 1) - the "ISP pppd ptions" file. The
<ISPUserPassword> entry is self-explanatory. The "*" can be replaced with the IP
address or name of the server you are dialling into if you know it. Usually, an
asterisk is sufficient. If you want to authenticate using CHAP, add the same entry to
the CHAP item instead.</para>
<para>Backup the ppp.lrp package.</para>
</sect2>
<sect2><title>Step 4: configure your interface file</title>
<para>Trough the LEAF configuration menu type 1 to access to the network configuration
menu and 1 again to edit your <filename>/etc/network/interfaces</filename> file. Enter
the following information:</para>
<screen>
auto lo ppp0 eth0
iface lo inet loopback
iface ppp0 inet ppp
provider provider
iface eth0 inet static
address 192.168.1.254
masklen 24
broadcast 192.168.1.255
</screen>
<para>The "auto" statement declares all the interfaces that will be automatically set
up at boot time. This job will be carried out by the "ifup -a" statement in the
<filename>/etc/init.d/networking</filename> script.</para>
<para>The syntax if "iface" statements is explained in the Bering's installation
guide.</para>
<para>Backup the etc.lrp package.</para>
</sect2>
<sect2><title>Step 5: configure Shorewall</title>
<para>Through the LEAF packages configuration menu, choose shorwall and check the two
following files:</para>
<para>A/ The <filename>interfaces</filename> file (entry 3) defines your interfaces.
Here connection to the net goes through ppp0. So we must set:</para>
<screen>
(...)
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 - dhcp,routefilter,norfc1918
loc eth1 detect routestopped
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
</screen>
<warning><para>Do not forget the "-" under the BROADCAST heading for the net/ppp0
entry.</para></warning>
<para>B/ The <filename>masq</filename> file (entry 7). With a dial-up modem setup it
should look like:</para>
<screen>
(...)
#INTERFACE SUBNET
ppp0 eth0
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
</screen>
<para>Backup the shorwall.lrp package.</para>
</sect2>
<sect2><title>Step 6: reboot...</title>
<para>Your modem connection should be established automatically. Type
<emphasis>plog</emphasis> to check the login sequence with your ISP. If there is no
output check <filename>/var/log/syslog</filename> to get a clue on potential
problems.</para>
<tip>
<para>If you want to be sure that your modem and/or script parameters are OK before
backing up ppp.lrp, you can launch the connection manually just by typing
<emphasis>pon</emphasis>. Use the <emphasis>plog</emphasis> command to see how the
connection is going and <emphasis>poff</emphasis> to close down your ppp
connection.</para>
</tip>
</sect2>
</sect1>
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Leaf-cvs-commits mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
