RE: [Leaf-user] Update: AT&T Transition Woes

gc Wed, 19 Dec 2001 19:30:55 -0800


Yeah, I hear what you're saying, but it just isn't working for me.


I've tried with and without the "send host-name" in the dhclient.conf.
I've also tried it with "send client-identifier." No apparent difference.

 - Gary


-----Original Message-----
From: Cliff Rosenberg [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 19, 2001 8:55 PM
To: gc
Cc: Leaf Mail List
Subject: Re: [Leaf-user] Update: AT&T Transition Woes


Hello-

I have a cable modem on AT&T (a motorola SB4100) and have been using Charles
latest Dachstein relase on floppy without any problems.  The disk image it
totally stock, all I did was edit my DHCP client options (the
"send-host-name" option needs to be your user id given by AT&T, the
Cxxxxxxx-A format that it is in).  I am using a P100 w/24 megs ram, 2 3COM
nic's a 3C905B and a 3C905B-M

Totally stock otherwise in config files, just added the modules for the
NIC's, changed "send-host-name", backed up, re-booted, had an IP within
seconds, running for almost 2 weeks without a hitch.

Check your DHCP client config, I think thats your problem.  DONT use any of
the options EXCEPT "send-host-name" and I think you'll be fine...

Regards,
Cliff Rosenberg
[EMAIL PROTECTED]


----- Original Message -----
From: "gc" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 19, 2001 9:16 PM
Subject: [Leaf-user] Update: AT&T Transition Woes


>
> First of all, thanks to all who responded to my initial post.
> This includes Mark, Scott, Matt, Charles, David, Sean, Michael,
> and Richard. I've tried pretty much everything that's been
> suggested: setting various dhclient parameters, setting HOSTNAME
> and HOSTS0, etc. Unfortunately, I'm still having the same problem.
> I figured it was time to post a more thorough support request.
>
> Problem description: After being transitioned off of home.com to
> attbi.com, I wasn't able to ping any addresses from my old LRP box.
> I upgraded to Dachstein 1.0.2, but that didn't seem to make much
> difference.
>
> If I hook my win2k box directly into the cable modem, things work
> fine. It gets assigned address 12.237.7.206, subnet 255.255.240.0,
> and default gateway 12.237.0.1.
>
> The fact that the router gets such a different configuration makes
> me suspect its some sort of DHCP problem. But by all appearences,
> DHCP works fine. It acquires its addresses from 12.237.0.1, which
> happens to be the default gateway for the win2k box AND appears to
> be the ONLY address that I can successfully ping from the router.
>
> I've included the following information:
>  . network diagram
>  . dmesg output
>  . ip addr show
>  . ip route show
>  . ip neighbor show
>  . ip -s link show
>  . /etc/network.conf
>  . /etc/lrp.conf
>  . /etc/dhclient.conf
>
>
>   |
>         ______|______
>        |             |
>        | Cable Modem |
>        |_____________|
>               |
>      _________|________  eth0 DHCP    12.255.173.135
>     |                  |
>     |    LRP  Router   |
>     |__________________|
>                    | eth1 192.168.1.1
>                  __|__
>                 |     |____ win2k PC  192.168.1.x
>                 |  H  |____ win2k PC  192.168.1.y
>                 |  u  |____ printer   192.168.1.z
>                 |  b  |
>                 |_____|
>
> c696585-b: -root-
> # dmesg
> Linux version 2.2.19-3-LEAF (root@debian) (gcc version 2.7.2.3) #1 Sat Dec
1
> 12:15:05 CST 2001
> BIOS-provided physical RAM map:
>  BIOS-88: 000a0000 @ 00000000 (usable)
>  BIOS-88: 00f00000 @ 00100000 (usable)
> Console: colour VGA+ 80x25
> Calibrating delay loop... 33.07 BogoMIPS
> Memory: 14064k/16384k available (732k kernel code, 412k reserved, 432k
data,
> 44k init)
> Checking if this processor honours the WP bit even in supervisor mode...
Ok.
> Dentry hash table entries: 2048 (order 2, 16k)
> Buffer cache hash table entries: 16384 (order 4, 64k)
> Page cache hash table entries: 4096 (order 2, 16k)
> CPU: Intel 486 DX/2 stepping 05
> Checking 386/387 coupling... OK, FPU using exception 16 error reporting.
> Checking 'hlt' instruction... OK.
> POSIX conformance testing by UNIFIX
> PCI: No PCI bus detected
> Linux NET4.0 for Linux 2.2
> Based upon Swansea University Computer Society NET3.039
> NET4: Unix domain sockets 1.0 for Linux NET4.0.
> NET4: Linux TCP/IP 1.0 for NET4.0
> IP Protocols: ICMP, UDP, TCP
> TCP: Hash tables configured (ehash 16384 bhash 16384)
> Initializing RT netlink socket
> Starting kswapd v 1.5
> Software Watchdog Timer: 0.05, timer margin: 60 sec
> Real Time Clock Driver v1.09
> RAM disk driver initialized:  16 RAM disks of 6144K size
> Floppy drive(s): fd0 is 1.44M
> FDC 0 is an 8272A
> RAMDISK: Compressed image found at block 0
> RAMDISK: Uncompressing root archive: done.
> RAMDISK: Auto Filesystem - minix: 2048i 6144bk 68fdz(68) 1024zs
2147483647ms
> VFS: Mounted root (minix filesystem).
> RAMDISK: Extracting root archive: done.
> VFS: Disk change detected on device fd(2,44)
> Freeing unused kernel memory: 44k freed
> ne.c:v1.10 9/23/94 Donald Becker ([EMAIL PROTECTED])
> NE*000 ethercard probe at 0x300: 00 40 05 fa 1b 80
> eth0: NE2000 found at 0x300, using IRQ 10.
> NE*000 ethercard probe at 0x340: 00 40 05 fa 00 52
> eth1: NE2000 found at 0x340, using IRQ 11.
> ip_masq_icq: using TCP port range 60200-61000
> ip_masq_icq: loaded support on port 4000/UDP
> Serial driver version 4.27 with MANY_PORTS MULTIPORT SHARE_IRQ enabled
> ttyS00 at 0x03f8 (irq = 4) is a 16550A
> ttyS01 at 0x02f8 (irq = 3) is a 16550A
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=0 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=1 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=2 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=3 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=4 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=5 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=6 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=7 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=8 F=0x0000 T=64 (#18)
> Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> S=0x00 I=9 F=0x0000 T=64 (#18)
> VFS: Disk change detected on device fd(2,0)
> VFS: Disk change detected on device fd(2,0)
>
> c696585-b: -root-
> # ip addr show
> 1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:40:05:fa:1b:80 brd ff:ff:ff:ff:ff:ff
>     inet 12.255.173.135/28 brd 255.255.255.255 scope global eth0
> 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:40:05:fa:00:52 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
>
> c696585-b: -root-
> # ip route show
> 12.255.173.128/28 dev eth0  proto kernel  scope link  src 12.255.173.135
> 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254
> default via 12.255.173.129 dev eth0
>
> c696585-b: -root-
> # ip neighbor show
>
> c696585-b: -root-
> # ip -s link show
> 1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     RX: bytes  packets  errors  dropped overrun mcast
>     0          0        0       0       0       0
>     TX: bytes  packets  errors  dropped carrier collsns
>     0          0        0       0       0       0
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:40:05:fa:1b:80 brd ff:ff:ff:ff:ff:ff
>     RX: bytes  packets  errors  dropped overrun mcast
>     25458      409      0       0       0       395
>     TX: bytes  packets  errors  dropped carrier collsns
>     5568       53       0       0       0       0
> 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:40:05:fa:00:52 brd ff:ff:ff:ff:ff:ff
>     RX: bytes  packets  errors  dropped overrun mcast
>     0          0        0       0       0       0
>     TX: bytes  packets  errors  dropped carrier collsns
>     0          0        0       0       0       0
>
> #ZZZZZZZZZZZ
> c696585-b: -root-
> # cat /etc/networks  .conf
>
############################################################################
> ###
> # Extended firewall configruation scripts
> # By Charles Steinkuehler
> # Version 1.3.2
> # September 29, 2001
>
############################################################################
> ###
> # Brief instructions for this file
>
############################################################################
> ###
> #
> # VERBOSE=(YES/NO) Default: Yes
> # Be verbose about settings.
> #
> # MAX_LOOP=(int) Default: 10
> # Maximum number of incrementable entries to search for.
> # IE: If you create a DNS7=, and MAX_LOOP=7, it will not be reached.
> # (DNS0 - DNS7 == 8 entires)
> # Setting this value too high will decrease the speed of the configuation
> # system.
> #
> # IPFWDING_KERNEL=(YES/NO/FILTER_ON) Default: NO
> # Enable IP forwarding in the kernel.  FILTER_ON means forwarding will
> # only happen when IP filtering rules are loaded
> #
> # IPALWAYSDEFRAG_KERNEL=(YES/NO) Default: NO
> # Enable IP Global defragmentation in the kernel.
> #
> # **WARNING** - If this was turned on everywhere in a network of routers,
> # it can result in TCP connections failing and TCP connection resets.
> #
> # ONLY turn this on if the box is a firewall or the single point of
> # entry for a network, or an endpoint for port forwarding or a load
> # balancer for a WWW server farm.  DO NOT turn this on if the box is a
> # conventional router as it breaks the TCP/IP RFCes.  This option is
> # needed when using IP NAT, IP masquerading, IP autofw, IP portfw,
> # transperent proxying or other kernel operations that intercept a
> # packet flow and redirect it.
> #
> # It is a usful tool when using a packet filtering router to protect
> # directly attached ethernet networks of servers as it stops fragment
> # attacks on the servers in behind the router. Another use is packet
> # filtering router to protect dial-in Internet users on NASes
> # (Portmasters, TC racks etc) from various SMB and fragment attacks
> # and to redirect all WWW connections into a WWW proxy-caching server.
> #
> # CONFIG_HOSTNAME=(YES/NO) Default: NO
> # Create /etc/hostname file using HOSTNAME entry.
> # Any current hostname file will be **OVERWRITTEN**
> #
> # CONFIG_HOSTSFILE=(YES/NO) Default: NO
> # Create /etc/hosts file using HOSTSx entries.
> # Any current hosts file will be **OVERWRITTEN**
> #
> # CONFIG_DNS=(YES/NO) Default: NO
> # Create /etc/resolv.conf file using DOMAINS and DNSx entries.
> # Any current resolv.conf file will be **OVERWRITTEN**
> #
> # IF_LIST                       Default: "$IF_AUTO"
> # A space seperated list of interfaces that can be ACTIVE on this machine
> # This controls which interfaces can be brought up and down manually.
> #
> # IF_AUTO                       Default: "eth0"
> # A space seperated list of interfaces that get started on boot. Tunneling
> # interfaces like CIPE should be after the raw  interfaces they depend on.
> # The interfaces are started in the order they occur on the list, and are
> # shutdown in the reverse order of IF_LIST.
> #
> # IPFILTER_SWITCH=(none|router|firewall) Default: "none"
> # Selects the basic IP filtering/firewalling setup of the router.  "None"
> # is used for a straight through router, "router" for a filtering router
> with
> # IP spoof protection and Martian protection and "firewall" for a basic IP
> # masquerading/NAT firewall.  The basic filter types are provided in
> # /etc/ipfilter.conf.  If you want more than what is provided read the man
> # pages for ipchains or ipfwadm and BE CAREFUL when you edit this!
> #
>
############################################################################
> ###
> # General Settings
>
############################################################################
> ###
>
> VERBOSE=YES
> MAX_LOOP=10
>
> IPFWDING_KERNEL=FILTER_ON
>
> IPALWAYSDEFRAG_KERNEL=YES
>
> CONFIG_HOSTNAME=YES
>
> CONFIG_HOSTSFILE=YES
>
> CONFIG_DNS=NO
>
>
############################################################################
> ###
> # Interfaces
>
############################################################################
> ###
>
> # Start pppd PPP interfaces first as pppd's use of DNS can delay startup.
> #
> # Interfaces to start on boot go here - ie "ppp0 eth0"
> # Do NOT include interfaces configured by dhcp!
> IF_AUTO="eth1"
>
> # List of all configured interfaces, manual start and boot start
> IF_LIST="$IF_AUTO"
>
> # Accept ICMP Redirects on ALL interfaces, also depends on /proc
> # per interface IP forwarding flag. - YES/NO
> ALLIF_ACCEPT_REDIRECTS=NO
>
> # Need these both for interfaces run by daemons - ie PPP, CIPE, some
> #   WAN interfaces
> # IP spoofing protection by default for interfaces - YES/NO
> DEF_IP_SPOOF=YES
> # Kernel logging of spoofed packets by default for interfaces - YES/NO
> DEF_IP_KRNL_LOGMARTIANS=YES
>
> # Bridge Setup - Global stuff
> #
> # Enable bridging - YES/NO
> BRG_SWITCH=NO
> # Exempt ethernet protocol types - type "brcfg list" to find out allowed
> # values
> BRG_EXEMPT_PROTOS=""
>
>
############################################################################
> ###
>
> eth0_IPADDR=1.1.1.2
> eth0_MASKLEN=30
> eth0_BROADCAST=+
> # Use this to set the default route if required - ONLY one to be set.
> # routed or gated could be used to set this so only use if not running
> these.
> eth0_DEFAULT_GW=1.1.1.1
> # Secondary IP addresses/networks on same wire - add them here
> #eth0_IP_EXTRA_ADDRS="192.168.1.193 192.168.2.1/24"
> # Additional routes for this interface, if any
> #   Space seperated list: <PREFIX>[_<more ip route options>]
> #eth0_ROUTES="1.1.1.13 2.2.2.0/24_via_1.1.1.18"
> # IP spoofing protection on this interface - YES/NO
> eth0_IP_SPOOF=YES
> # Kernel logging of spoofed packets on this interface - YES/NO
> eth0_IP_KRNL_LOGMARTIANS=YES
> # This setting affects the processing of ICMP redirects. Setting it to NO
> # makes this more secure. Don't turn this off if you have two IP
> # networks/subnets on the same media - YES/NO
> eth0_IP_SHARED_MEDIA=NO
> # Bridge this interface - YES/NO
> eth0_BRIDGE=NO
> # Proxy-arp from this interface, no other config required to turn on proxy
> ARP!
> # - YES/NO
> eth0_PROXY_ARP=NO
> # Simple QoS/fair queueing support
> # Turn on Stochastic Fair Queueing - useful on busy DDS links - YES/NO
> eth0_FAIRQ=NO
> # Ethernet Transmit Queue Length
> # eth0_TXQLEN=100
> # Complex QoS - Enable all of these + above to turn it on
> #eth0_BNDWIDTH=10Mbit   # Device bandwidth
> #eth0_HNDL=2            # Queue Handle - must be unique
> #eth0_IABURST=100       # Interactive Burst
> #eth0_IARATE=1Mbit      # Interactive Rate
> #eth0_PXMTU=1514        # Physical MTU - includes Link Layer header
>
>
############################################################################
> ###
>
> eth1_IPADDR=192.168.1.254
> eth1_MASKLEN=24
> eth1_BROADCAST=+
> eth1_IP_SPOOF=YES
> eth1_IP_KRNL_LOGMARTIANS=YES
> eth1_IP_SHARED_MEDIA=NO
> eth1_BRIDGE=NO
> eth1_PROXY_ARP=NO
> eth1_FAIRQ=NO
>
>
############################################################################
> ###
>
> #eth2_IPADDR=
> #eth2_MASKLEN=
> #eth2_BROADCAST=+
> #eth2_ROUTES=
> #eth2_IP_SPOOF=YES
> #eth2_IP_KRNL_LOGMARTIANS=YES
> #eth2_IP_SHARED_MEDIA=NO
> #eth2_BRIDGE=NO
> #eth2_PROXY_ARP=
> #eth2_FAIRQ=NO
>
>
############################################################################
> ###
> # NAT 'virtual' interface (optional: required only for static-NAT DMZ
> systems)
>
############################################################################
> ###
> # Configured as an interface to allow flexible handling of bringing the
> # routing rules up/down in conjunction with the physical interfaces
> # interface spec is an indexed list of IP address pairs and a base
priority
> # number for ip rule creation
> #nat0_BASE_PRI=100                       # Unique base value for ip rules
> # Indexed list: <public IP> <private DMZ IP>
> #nat0_PAIR0="1.1.2.3 192.168.2.13"
> #nat0_PAIR1="1.1.2.4 192.168.2.14"
> #nat0_PAIR2="1.1.2.5 192.168.2.15"
>
> # Sangoma FR example
> #fr498_IPADDR=10.0.10.1
> #fr498_PTPADDR=10.0.10.2
> #fr498_IP_SPOOF=YES
> #fr498_IP_KRNL_LOGMARTIANS=YES
> # Simple QoS support
> #fr498_FAIRQ=YES
> #fr498_TXQLEN=50
> # Complex FR QoS - Enable ALL of these + above to turn it on
> #fr498_FRBURST=960Kbit # FR Burst capacity (a rate)
> #fr498_BULKRATE=320Kbit # Usually you set this to the CIR
> #fr498_BULKBURST=50 # Number of packets that can burst in bulk class
> #fr498_BNDWIDTH=1920Kbit # The bandwidth of the interface
> #fr498_IABURST=512 # No of Interactive Burst packets
> #fr498_IARATE=640Kbit # Burst capicity bandwith between
> # BURST and CIR
> #fr498_HNDL=2 # The queue handle - must be unique Dialup PPP is 1000+
> #fr498_PXMTU=1508 # The Physical MTU of the interface (data + MAC header)
>
> # PPP interface stuff - these apply to all ASYNC ppp interfaces, options
> # same as ethernet above.
> #ppp_BNDWIDTH=30Kbit
> #ppp_FAIRQ=YES
> #ppp_TXQLEN=30
> #ppp_IABURST=20
> #ppp_IARATE=10Kbit
> #ppp_PXMTU=1500
>
>
############################################################################
> ###
> # IP Filter setup - can pull in settings from above
>
############################################################################
> ###
>
> # Set up the basic type of filtering. Can be one of (none|router|firewall)
> # You must load the ip_masq_* modules to enable full IP masquerading, and
> # ip_masq_portfw if you want to forward external ports pop-3, mtp, www
> # to internal machines below.
> IPFILTER_SWITCH=firewall
>
> # This set of variables is used with both sets of filters
> SNMP_BLOCK=YES                  # Block all SNMP (YES/NO)
>                                 # List of IP  Nos used for SNMP management
> #SNMP_MANAGER_IPS="10.100.1.2"
> # Fair Queuing support
> # List of Mark values
> MRK_CRIT=1 # Critical traffic, routing, DNS
> MRK_IA=2 # Interactive traffic - telnet, ssh, IRC
> # List of traffic types and maps to mark values
> # Setting this variable turns on the
> # fairq chain
> CLS_FAIRQ="${MRK_CRIT}_89_0/0 ${MRK_CRIT}_udp_0/0_route
> ${MRK_CRIT}_tcp_0/0_bgp ${MRK_CRIT}_tcp_0/0_domain
> ${MRK_CRIT}_udp_0/0_domain ${MRK_IA}_tcp_0/0_telnet ${MRK_IA}_tcp_0/0_ssh"
>
> # NOTE: Do NOT turn on the DMZ network or ANY external port masquerading/
> # port forwarding when EXTERN_DYNADDR is on because some security
> # leaks will result.  You may also want to limit the external open
> # ports to domain (UDP) for DNS. Anyhow, these features are not that
> # usable unless you have a static external address
> #
> EXTERN_IF="eth0" # External Interface
>
> # Added for DHCP support
> # Setting this to YES causes the dhcp client to try to configure the
> # interfaces listed in IF_DHCP, and causes EXTERN_IP to be read directly
> # from the interfaceB
> EXTERN_DHCP=YES # YES/NO
>
> # The interface(s) to configure via dhcp
> IF_DHCP=$EXTERN_IF
>
> # If YES, your firewall filters use 0/0 for your IP address, instead of
your
> # actual IP address.  Set this to NO for typical ethernet setups, even if
> you
> # are using DHCP
> EXTERN_DYNADDR=NO # YES/NO
> # - or -
> # External Interface IP number...the default should be fine for most folks
> eval EXTERN_IP=\"\${"$EXTERN_IF"_IPADDR:-""}\"
>
> # Set EXTERN_IP to "DYNAMIC" if you need the rules to read the IP from the
> # interface, but you arn't using DHCP (ie PPPoE and dialup users)
> #EXTERN_IP=DYNAMIC
>
> # If external interface IP is dynamic, read the configured IP address
> # This should probably be moved to the init.d network script, but I put it
> # here for now, as it is more obvious what it is doing, in case it
> # messes something else up.
> if [ "$EXTERN_DHCP" = "YES" -o \
>      "$EXTERN_DHCP" = "Yes" -o \
>      "$EXTERN_DHCP" = "yes" -o \
>      "$EXTERN_IP" = "DYNAMIC" ] ; then
>
>   # This computes the IP address of $EXTERN_IF
>   EXTERN_IP=`ip addr list label $EXTERN_IF | \
>              grep inet | sed '1!d' | \
>              sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'`
>
>   # If the external address is not configured, use a bogus address for the
>   # external interface to prevent a bunch of (harmless) errors that spit
out
>   # when the IPCHAINS script is called.
>   if [ x$EXTERN_IP = x ]; then
>     EXTERN_IP=192.168.254.254
>   fi
> fi
>
> # Traffic to completely ignore...define here to prevent filling your logs
> # Space seperated list: protocol_srcip[/mask][_dstport]
> #SILENT_DENY="udp_207.235.84.1_route udp_207.235.84.0/24_37"
>
> # Extra rule scripts added by Charles Steinkuehler to more easily support
> # non-standard extentions of the pre-configured ipchains rules
> IPCH_IN=/etc/ipchains.input
> IPCH_FWD=/etc/ipchains.forward
> IPCH_OUT=/etc/ipchains.output
>
> # ICMP types to open
> # Indexed list: "SrcAddr/Mask type [ DestAddr[/DestMask] ]"
> #EXTERN_ICMP_PORT0="0/0 : 1.1.1.12"
>
> ## UDP Services open to outside world
> # Space seperated list: srcip/mask_dstport
> # NOTE: bootpc port is used for dhcp client
> EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc"
>
> # -or-
> # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
> #EXTERN_UDP_PORT0="0/0 domain"
> #EXTERN_UDP_PORT1="5.6.7.8 500 1.1.1.12"
>
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
>
> # -or-
> # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
> #EXTERN_TCP_PORT0="5.6.7.8 domain 1.1.1.12"
> #EXTERN_TCP_PORT1="0/0 www"
>
> # Generic Services open to outside world
> # Space seperated list: protocol_srcip/mask_dstport
> #EXTERN_PORTS="50_5.6.7.8 51_5.6.7.8"
>
> # -or-
> # Indexed list: "Protocol SrcAddr/Mask [ DestAddr[/DestMask] ]"
> #EXTERN_PROTO0="50 5.6.7.8/32"
> #EXTERN_PROTO1="51 5.6.7.8/32"
>
>
############################################################################
> ###
> # Internal Interface
>
############################################################################
> ###
> # Comment 3 settings below for no internal network (DMZ only
configuration)
> INTERN_IF="eth1" # Internal Interface
> INTERN_NET=192.168.1.0/24 # One (or more) Internal network(s)
> INTERN_IP=192.168.1.254 # IP number of Internal Interface
> # (to allow forwarding to external IP)
> MASQ_SWITCH=YES # Masquerade internal network to outside
> # world - YES/NO
>
> # These services are not masqueraded from int to ext/DMZ, preventing
access
> # Space seperated list: proto_destIP/mask_port
> #NOMASQ_DEST="tcp_0/0_ssh"
>
> # Override for above...only the listed dest IP's can be accessed
> # Space seperated list: proto_destIP/mask_port
> #NOMASQ_DEST_BYPASS="tcp_10.0.0.1_ssh"
>
>
############################################################################
> ###
> # Port Forwarding
>
############################################################################
> ###
> # Remember to open appropriate holes in the firewall rules, above
>
> # Uncomment following for port-forwarded internal services.
> # The following is an example of what should be put here.
> # Tuples are as follows:
> #       <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port>
> #INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
> tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp"
>
> # These lines use the primary external IP address...if you need to
> port-forward
> # an aliased IP address, use the INTERN_SERVERS setting above
> #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
> #INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
> #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
> #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available
> #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
> #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
> #EXTERN_SSH_PORT=24 # External port to use for internal SSH access
>
> # Advanced settings: parameters passed directly to portfw and autofw
> # Indexed list: "<ipmasqadm portfw options>"
> #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> #INTERN_SERVER1=""
> # Indexed list: "<ipmasqadm autofw options>"
> #INTERN_AUTOFW0="-A -r tcp 20000 20050 -h 192.168.1.1"
> #INTERN_AUTOFW1=""
>
>
############################################################################
> ###
> # DMZ setup (optional)
>
############################################################################
> ###
> # Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
> DMZ_SWITCH=NO
> DMZ_IF="eth2"
> DMZ_NET=192.168.2.0/24
>
> # DMZ switches for all flavors except PRIVATE
>
############################################################################
> ###
> # For NAT DMZ's:
> # DMZ_NET, above is likely a private IP range...DMZ_SRC should encompass
the
> # public IP range being NAT'd to DMZ_NET.  Any systems
> DMZ_SRC=1.1.1.0/27
>
> # For Proxy-Arp or NAT DMZ's only:
> # For security, any IP's within the DMZ_NET (PROXY) or DMZ_SRC (NAT)
> # specification, above, that are NOT remote systems reached via DMZ_IF
must
> # be listed here.  This potentially includes IP's of this LRP system, your
> # gateway, and systems connected to your external interface.
> DMZ_EXT_ADDRS="$eth0_DEFAULT_GW $EXTERN_IP"
>
> ## Both of the following should be used together - ie if you turn on
> ## DMZ_HIGH_TCP_CONNECT - DO specify DMZ_CLOSED_DEST!
>
> # Allows inbound connections to high tcp ports (>1023)
> # You can also allow to specific machines using 1024: (or a smaller range)
> # as the dest port range in DMZ_OPEN_DEST (RECOMMENDED)
> DMZ_HIGH_TCP_CONNECT=NO
>
> ## 3306 MySQL, 6000 X, 2049 NFS, 7100 xfs
> DMZ_CLOSED_DEST="tcp_${DMZ_NET}_6000:6004 tcp_${DMZ_NET}_7100"
>
> # Inbound services to allow to the DMZ
> # <protocol>_<destination IP/network>_<destination port or range>
> DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
> tcp_${DMZ_NET}_domain
> icmp_${DMZ_NET}_:
> tcp_1.1.2.13_www"
>
> # PRIVATE DMZ switches
>
############################################################################
> ###
> # Services port-forwarded to the DMZ network
> # Indexed list: "Protocol LocalIP LocalPort RemoteIP [ RemotePort ]"
> #DMZ_SERVER0="udp $EXTERN_IP domain 192.168.2.1 domain"
> #DMZ_SERVER1="tcp $EXTERN_IP domain 192.168.2.1 domain"
> #DMZ_SERVER2="tcp 1.2.3.13 www 192.168.2.1 www"
> #DMZ_SERVER3="tcp 1.2.3.13 smtp 192.168.2.1 smtp"
> #DMZ_SERVER4="tcp 1.2.3.12 www 192.168.2.1 8080"
>
> # Allow all outbound traffic from DMZ (YES)
> # or just traffic from port-forwarded servers (NO)
> #DMZ_OUTBOUND_ALL=YES
>
>
############################################################################
> ###
> # Interface activation/deactivation functions
> #  Here so that special interface commands can be called and daemons
started
> #
> #  Arps can be set up here, network/host routes and so forth.
> #
> #  This appears to be a little messy but is needed to achieve maximum
> #  functionality and flexibility.
> #
>
############################################################################
> ###
>
> echo_rtepfx () {
> local IFS='_'
> set -- $1
> echo $1
> }
>
> echo_rteargs () {
> local IFS='_'
> set -- $1
> shift
> echo $@
> }
>
> # Function to add a static NAT translation
> # $1 = Name of environment variable which contains IP address
> # $2 = Action (add or del)
> # $3 = Base priority value
> # $y = Current walklist index count
> do_nat () {
> local PRIORITY=$(($3 + $y ))
> local ACTION=$2
> eval local args=\$$1
> set -- $args
> ip route $ACTION nat $1 via $2
> ip rule $ACTION prio $PRIORITY from $2 nat $1
> }
>
> if_up () {
> local ADDR
>
> # sort out a few things to make life easier - here so that you
> # can see what is done and so that you can add anything if needed
> eval local IPADDR=\${"$1"_IPADDR:-""}     # I am also a good genius
> eval local MASKLEN=\${"$1"_MASKLEN:-""}
> eval local BROADCAST=\${"$1"_BROADCAST:-""}
> eval local PTPADDR=\${"$1"_PTPADDR:-""}
> eval local DEFAULT_GW=\${"$1"_DEFAULT_GW:-""}
> eval local IP_EXTRA_ADDRS=\${"$1"_IP_EXTRA_ADDRS:-""}
> eval local ROUTES=\${"$1"_ROUTES:-""}
> eval local FAIRQ=\${"$1"_FAIRQ:-""}
> eval local TXQLEN=\${"$1"_TXQLEN:-""}
> eval local IP_SPOOF=\${"$1"_IP_SPOOF:-""}
> eval local IP_KRNL_LOGMARTIANS=\${"$1"_IP_KRNL_LOGMARTIANS:-""}
>         eval local IP_SHARED_MEDIA=\${"$1"_IP_SHARED_MEDIA:-""}
>         eval local BRIDGE=\${"$1"_BRIDGE:-""}
>         eval local PROXY_ARP=\${"$1"_PROXY_ARP:-""}
> if [ -n "$BROADCAST" ] ; then
> IFCFG_BROADCAST="broadcast $BROADCAST"
> fi
>
>         # Do dee global bridge stuff
> brg_global
>
> # Set default interface flags here - used for PPP and WAN interfaces
> if_setproc default rp_filter $DEF_IP_SPOOF
> if_setproc default log_martians $DEF_IP_KRNL_LOGMARTIANS
> if_setproc all accept_redirects $ALLIF_ACCEPT_REDIRECTS
>
> # Set up each interface
> case $1 in
> ppp0)
> pppd call provider
> ;;
> fr*)
> wanconfig card wanpipe1 dev $1 start
> ip addr add $IPADDR peer $PTPADDR dev $1
> ip link set $1 up
> # Fair queuing - this can be selected for any interface
> ip_frQoS $1
> ;;
> nat*)
> eval local BASE_PRI=\${"$1"_BASE_PRI:-""}
> walk_list $1_PAIR $INIT_INDEX do_nat add $BASE_PRI
> ;;
> *)      # default interface startup
>                 brg_iface $1 up $BRIDGE
> [ -n "$IPADDR" ] \
> && ip addr add $IPADDR/$MASKLEN $IFCFG_BROADCAST dev $1
> for ADDR in $IP_EXTRA_ADDRS; do
> ip addr add $ADDR dev $1
> done
>
> ip link set $1 up
>
> case "$PROXY_ARP" in
> YES|Yes|yes)
> ip route flush dev $1
> ;;
> *)
> ;;
> esac
>
> # Fair queuing - this can be selected for any interface
> ip_QoS $1
> ;;
> esac
>
> for route in $ROUTES; do
> ip route add `echo_rtepfx $route` dev $1 `echo_rteargs $route`
> done
>
> # Do universal interface config items here
> # Default route support
> [ -n "$DEFAULT_GW" ] \
> && ip route replace default via $DEFAULT_GW dev $1
> # Set the TX Queue Length
> [ -n "$TXQLEN" ] \
> && ip link set $1 txqlen $TXQLEN
> # Spoof protection
> if_setproc $1 rp_filter $IP_SPOOF
> # Kernel logging of martians on this interface
> if_setproc $1 log_martians $IP_KRNL_LOGMARTIANS
> # Shared Media stuff
> if_setproc $1 shared_media $IP_SHARED_MEDIA
> # Proxy ARP support
> if_setproc $1 proxy_arp $PROXY_ARP
>
> return 0
> }
>
> if_down () {
>
> # Do Dee global bridge stuff
> brg_global
>
> case $1 in
> ppp*)
> [ -f /var/run/$1.pid ] && qt kill `cat /var/run/$1.pid`
> sleep 5        # Wait for pppd to die
> ;;
> fr*)
> qt ip link set $1 down
> qt ip addr flush dev $1
> qt wanconfig card wanpipe1 dev $1 stop
> ;;
> nat*)
> eval local BASE_PRI=\${"$1"_BASE_PRI:-""}
> walk_list $1_PAIR $INIT_INDEX do_nat del $BASE_PRI
> ;;
> *) # default action
>                 brg_iface $1 down
> ip link set $1 down    # This also kills any routes
> qt ip addr flush dev $1
> ;;
> esac
>
> # Clean up any QoS/fair queuing stuff
> ip_QoSclear $1
>
> true
>
> } #END if_down
>
>
############################################################################
> ###
> # Hostname Requires: CONFIG_HOSTNAME=YES
>
############################################################################
> ###
> HOSTNAME="c696585-b"
>
>
############################################################################
> ###
> # Hosts file (Static domainname entires) Requires: CONFIG_HOSTSFILE=YES
>
############################################################################
> ###
> # IP FQDN hostname alias1 alias2..
> HOSTS0="$eth1_IPADDR $HOSTNAME.attbi.com $HOSTNAME fw"
> #HOSTS0="$eth1_IPADDR $HOSTNAME.private.network $HOSTNAME fw"
> #HOSTS1="192.168.1.22 host2.private.network host2 h2"
>
>
############################################################################
> ###
> # Domain Search Order and Name Servers Requires: CONFIG_DNS=YES
>
############################################################################
> ###
>
> DOMAINS="private.network"
>
> DNS0=127.0.0.1
> #DNS0=Your.Primary.DNS.Server
> #DNS1=Your.Secondary.DNS.Server
>
>
############################################################################
> ###
> # QoS/Fariqueing functions
>
############################################################################
> ###
>
> ip_QoSclear () {
> [ -x /sbin/tc ] \
> && qt tc qdisc del dev $1 root
> return 0
> }
>
> ip_frQoS () {
>
> # Set some vaiables
> eval local FAIRQ=\${"$1"_FAIRQ:-""}
> eval local BULKRATE=\${"$1"_BULKRATE:-""}
> eval local BULKBURST=\${"$1"_BULKBURST:-""}
> eval local FRBURST=\${"$1"_FRBURST:-""}
> eval local HNDL=\${"$1"_HNDL:-""}
> eval local BNDWIDTH=\${"$1"_BNDWIDTH:-""}
> eval local IARATE=\${"$1"_IARATE:-""}
> eval local IABURST=\${"$1"_IABURST:-""}
> eval local PXMTU=\${"$1"_PXMTU:-""}
>
>
> if [ ! -x /sbin/tc ]; then
> return 1
> fi
>
> if [ "$FAIRQ" != "YES" -a "$FAIRQ" != "Yes" -a "$FAIRQ" != "yes" ]
> then
> return 1
> fi
>
> if [ -z "$BULKRATE" -o -z "$FRBURST" -o -z "$HNDL" -o -z "$PXMTU" \
> -o -z "$BNDWIDTH" -o -z "$IARATE" -o -z "$IABURST" \
> -o -z "$BULKBURST" ]; then
> tc qdisc replace dev $1 root sfq
> return 0
> fi
>
> # Attach CBQ  to device
> tc qdisc add dev $1 root handle $HNDL: cbq \
> bandwidth $BNDWIDTH avpkt 1000
> # Set up classes
> # Bulk class
> tc class add dev $1 parent $HNDL:0 classid :1 \
> est 1sec 8sec cbq bandwidth $BNDWIDTH \
> rate $BULKRATE allot $PXMTU bounded weight 1 prio 6 \
> avpkt 1000 maxburst $BULKBURST \
> split $HNDL:0 defmap ff7f
> tc qdisc add dev $1 parent $HNDL:1 sfq perturb 15
> # Interactive Class
> tc class add dev $1 parent $HNDL:0 classid :2 \
> est 2sec 16sec cbq bandwidth $BNDWIDTH \
> rate $IARATE allot $PXMTU bounded weight 1 prio 6 \
> avpkt 1000 maxburst $IABURST \
> split $HNDL:0 defmap 80
> tc qdisc add dev $1 parent $HNDL:2 sfq perturb 15
> # Priority class
> tc class add dev $1 parent $HNDL:0 classid :3 \
> est 1sec 8sec cbq bandwidth $BNDWIDTH \
> rate $FRBURST allot $PXMTU bounded weight 1 prio 1 \
> avpkt 1000 maxburst 21
> tc qdisc add dev $1 parent $HNDL:3 pfifo
> # Add filters
> tc filter add dev $1 parent $HNDL:0 protocol ip \
> priority 50 handle $MRK_CRIT fw classid $HNDL:3
> tc filter add dev $1 parent $HNDL:0 protocol ip \
> priority 60 handle $MRK_IA fw classid $HNDL:2
>
> return 0
> }
>
> ip_QoS () {
>
> # Set some vaiables
> eval local HNDL=\${"$1"_HNDL:-""}
> eval local FAIRQ=\${"$1"_FAIRQ:-""}
> if [ -z "$FAIRQ" -a -n "$2" ]; then
> local FAIRQ=$2
> fi
> eval local BNDWIDTH=\${"$1"_BNDWIDTH:-""}
> if [ -z "$BNDWIDTH" -a -n "$3" ]; then
> local BNDWIDTH=$3
> fi
> eval local PXMTU=\${"$1"_PXMTU:-""}
> if [ -z "$PXMTU" -a -n "$4" ]; then
> local PXMTU=$4
> fi
> eval local IARATE=\${"$1"_IARATE:-""}
> if [ -z "$IARATE" -a -n "$5" ]; then
> local IARATE=$5
> fi
> eval local IABURST=\${"$1"_IABURST:-""}
> if [ -z "$IABURST" -a -n "$6" ]; then
> local IABURST=$6
> fi
>
> if [ ! -x /sbin/tc ]; then
> return 1
> fi
>
> if [ "$FAIRQ" != "YES" -a "$FAIRQ" != "Yes" -a "$FAIRQ" != "yes" ]
> then
> return 1
> fi
>
> if [ -z "$BNDWIDTH" -o -z "$IABURST" -o -z "$IARATE" -o -z "$HNDL" \
> -o -z "$PXMTU" ]; then
> tc qdisc replace dev $1 root sfq
> return 0
> fi
>
> # Attach CBQ  to device
> tc qdisc add dev $1 root handle $HNDL: cbq \
> bandwidth $BNDWIDTH \
> avpkt 1000
> # Set up classes
> # Bulk class
> tc class add dev $1 parent $HNDL:0 classid :1 est 1sec 8sec \
> cbq bandwidth $BNDWIDTH rate $BNDWIDTH \
> allot $PXMTU avpkt 1000 bounded weight 1 prio 6 \
> split $HNDL:0 defmap ff7f
> tc qdisc add dev $1 parent $HNDL:1 sfq perturb 15
> # Interactive class
> tc class add dev $1 parent $HNDL:0 classid :2 est 2sec 16sec \
> cbq bandwidth $BNDWIDTH rate $IARATE maxburst $IABURST \
> allot $PXMTU avpkt 1000 bounded isolated weight 1 \
> prio 2 split $HNDL:0 defmap 80
> tc qdisc add dev $1 parent $HNDL:2 sfq perturb 15
> # Priority class
> tc class add dev $1 parent $HNDL:0 classid :3 est 1sec 8sec \
> cbq bandwidth $BNDWIDTH rate $BNDWIDTH \
> allot $PXMTU avpkt 1000 bounded weight 1 prio 1
> tc qdisc add dev $1 parent $HNDL:3 pfifo
> # Add filters
> tc filter add dev $1 parent $HNDL:0 protocol ip \
> priority 50 handle $MRK_CRIT fw classid $HNDL:3
> tc filter add dev $1 parent $HNDL:0 protocol ip \
> priority 60 handle $MRK_IA fw classid $HNDL:2 \
>
> return 0
> }
>
>
############################################################################
> ###
> # End
>
############################################################################
> ###
>
> #ZZZZZZZZZZZ
> c696585-b: -root-
> # cat /etc/lrp.conf
> #This is the master config file for systemwide LRP functions.
> #It is referenced by multicron-* and POSIXness.
>
>
> # Log files in /var/log/ to rotate. DEPTH == Amount to keep.
> lrp_LOGS_DAILY="daemon.log debug kern.log messages syslog user.log \
> ppp.log pslave.log"
> lrp_LOGS_WEEKLY="auth.log lastlog"
> lrp_LOGS_MONTHLY="wtmp"
> lrp_LOGS_DEPTH=4
>
> # Host SMTP server for the 'mail' command. If blank the host 'mail' is
used.
> #lrp_MAIL_SERVER="smtp.mydomain.net"
>
> # Email address to use for notices and alerts. If blank alerts won't be
> sent.
> #lrp_MAIL_ADMIN="[EMAIL PROTECTED]"
>
> # Server that will be contacted via 'rdate' for the time service daily.
> # Turning this on also updates the CMOS clock
> #lrp_DATE_SERVER="date.mydomain.net"
>
> # List of hosts to ping check. ADMIN will be sent mail if any fail.
> #lrp_PING_HOSTS="router1.upstream.com server2.theirnet.org"
>
>
> # SPACECHECK, will check the space available on the root device.
> # If the remaining free space is <= MINKB or <= MINPER, each level
> # of file mask(s) will be wiped, until the minimum available space
> # is met or level 5 is reached. Files are individually null'ed
> # to 0 size. They are not rm'ed. (syslogd will not be interrupted)
> # When the level set in MAIL_LEVEL, is reached or exceeded, an
> # alert will be sent to ADMIN. (If set)
>
> lrp_SPACECHECK=NO # YES or NO
> lrp_SC_MINKB=-1 # <= -1 to disable.
> lrp_SC_MINPER=2 # >= 101 to disable. Default 2%.
> lrp_SC_MAIL_LEVEL=2 # >= 6 to disable.
>
> lrp_SC_DEL_L1="/var/log/*[4-9].gz"
> lrp_SC_DEL_L2="/var/log/*[1-3].gz"
> lrp_SC_DEL_L3="/var/log/*.gz"
> lrp_SC_DEL_L4="/var/log/*.0"
> lrp_SC_DEL_L5="/var/log/wtmp"
>
>
> #ZZZZZZZZZZZ
> c696585-b: -root-
> # cat /etc/dhclient.conf
> # Defaults are OK for most users
> #
> # You may have to send a specific host-name or dhcp-client-identifier to
> # your ISP, depending on how they assign leases.  Note that some ISP's
> # assign leases based on physical ethernet addresses, so you may have to
use
> # the interface priovided by your ISP (or ask them to update their records
> to
> # match your 'new' network card) in order to use dhcp, even though you
might
> # be able to ping or otherwise send data through your network connection.
> # Other ISP's use cable and DSL modems that check for the physical address
> # of your network card and you won't even be able to ping through the
> interface
> # (or aquire a dhcp lease) without swapping network cards, resetting your
> # modem, or perhaps jumping through other hoops.  Check with a local linux
> # group to get details on service providers in your area.
> #
> # If you do need to send a specific host-name or dhcp-client-identifier,
> # you can uncomment the appropriate lines below, and change the parameters
> # to match your system
>
> #send host-name "c696585-b";
>
> # Both forms below are identical.  Use whichever is most appropriate
> # for the client-identifier you need to send (ascii or colon seperated
> # hexadicemal octets)
> # send dhcp-client-identifier 43:4c:49:45:4e:54:2d:46:4f:4f;
> # send dhcp-client-identifier "CLIENT-FOO";
>
> # See the ISC dhcp documentation for more details on this file
>
> # Use local DNSCache by default for DNS resolution
> prepend domain-name-servers 127.0.0.1 ;
>
>
>
>
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Update: AT&T Transition Woes

Reply via email to