Sorry that I haven't been following this thread from the get go but here
goes:
I know certain ISPs cache the MAC address of the PC that is connected - I
believe that the head end modems at the ISP end can be set up to cache them
for different periods of time - possibly even to what would appear to be a
completely static setting. From working at an @home ISP I know that
generally the IP was statically mapped back to your host id (or client-id
depending on the ISP vernacular) - but this had some drawbacks (say someone
is set up with a static IP cause the @home dhcp servers are flaky and then
the IP block gets reconfigured - IP address conflict). From what I
understand, at least the ISP I used to work for, MAC to IP mapping that is
cached for 3 days has been implemented. A situation similar to yours
happened to a friend of mine - he never got a valid lease much like yourself
- and the IP being offered was strange as well - came from some DHCP server
way out on the @home network... The 3 day cache thing is a pain - but it
has a solution:
IF this is the problem effecting you - connect the 2K box that works to the
Modem, and release your IP ( start -> run -> ipconfig /? ) I'd give you the
exact syntax but I'm not sure how ipconfig references your NIC - or what
model it is. ipconfig /? will give you the correct syntax of the command,
ipconfig /all will give you your NIC name. After you've done that - unplug
the 2K box from the hub (just to make sure it doesn't decide to request its'
IP again). Plug in your router and hopefully you'll get a valid lease.
If this doesn't work - call AT&T tech supp. Ask about MAC caching on the
Router/Headend modem - if 1st level support doesn't know the answer, ask for
2nd level support - either group should be able to tell you about both, and
if they are using proper troubleshooting tools (well at least the ones I
used) they should be able to tell you if you currently have a lease.
S
****Note**** Dhclient 2 (the version on Dachstein) does not allow you to
release your IP - so if you decide to change NICs in your router - you're
gonna have to put it in a M$ or *nix box which allows you to release your
IP.
>From: "gc" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: [Leaf-user] Update: AT&T Transition Woes
>Date: Wed, 19 Dec 2001 20:16:16 -0600
>
>
>First of all, thanks to all who responded to my initial post.
>This includes Mark, Scott, Matt, Charles, David, Sean, Michael,
>and Richard. I've tried pretty much everything that's been
>suggested: setting various dhclient parameters, setting HOSTNAME
>and HOSTS0, etc. Unfortunately, I'm still having the same problem.
>I figured it was time to post a more thorough support request.
>
>Problem description: After being transitioned off of home.com to
>attbi.com, I wasn't able to ping any addresses from my old LRP box.
>I upgraded to Dachstein 1.0.2, but that didn't seem to make much
>difference.
>
>If I hook my win2k box directly into the cable modem, things work
>fine. It gets assigned address 12.237.7.206, subnet 255.255.240.0,
>and default gateway 12.237.0.1.
>
>The fact that the router gets such a different configuration makes
>me suspect its some sort of DHCP problem. But by all appearences,
>DHCP works fine. It acquires its addresses from 12.237.0.1, which
>happens to be the default gateway for the win2k box AND appears to
>be the ONLY address that I can successfully ping from the router.
>
>I've included the following information:
> . network diagram
> . dmesg output
> . ip addr show
> . ip route show
> . ip neighbor show
> . ip -s link show
> . /etc/network.conf
> . /etc/lrp.conf
> . /etc/dhclient.conf
>
>
> |
> ______|______
> | |
> | Cable Modem |
> |_____________|
> |
> _________|________ eth0 DHCP 12.255.173.135
> | |
> | LRP Router |
> |__________________|
> | eth1 192.168.1.1
> __|__
> | |____ win2k PC 192.168.1.x
> | H |____ win2k PC 192.168.1.y
> | u |____ printer 192.168.1.z
> | b |
> |_____|
>
>c696585-b: -root-
># dmesg
>Linux version 2.2.19-3-LEAF (root@debian) (gcc version 2.7.2.3) #1 Sat Dec
>1
>12:15:05 CST 2001
>BIOS-provided physical RAM map:
> BIOS-88: 000a0000 @ 00000000 (usable)
> BIOS-88: 00f00000 @ 00100000 (usable)
>Console: colour VGA+ 80x25
>Calibrating delay loop... 33.07 BogoMIPS
>Memory: 14064k/16384k available (732k kernel code, 412k reserved, 432k
>data,
>44k init)
>Checking if this processor honours the WP bit even in supervisor mode...
>Ok.
>Dentry hash table entries: 2048 (order 2, 16k)
>Buffer cache hash table entries: 16384 (order 4, 64k)
>Page cache hash table entries: 4096 (order 2, 16k)
>CPU: Intel 486 DX/2 stepping 05
>Checking 386/387 coupling... OK, FPU using exception 16 error reporting.
>Checking 'hlt' instruction... OK.
>POSIX conformance testing by UNIFIX
>PCI: No PCI bus detected
>Linux NET4.0 for Linux 2.2
>Based upon Swansea University Computer Society NET3.039
>NET4: Unix domain sockets 1.0 for Linux NET4.0.
>NET4: Linux TCP/IP 1.0 for NET4.0
>IP Protocols: ICMP, UDP, TCP
>TCP: Hash tables configured (ehash 16384 bhash 16384)
>Initializing RT netlink socket
>Starting kswapd v 1.5
>Software Watchdog Timer: 0.05, timer margin: 60 sec
>Real Time Clock Driver v1.09
>RAM disk driver initialized: 16 RAM disks of 6144K size
>Floppy drive(s): fd0 is 1.44M
>FDC 0 is an 8272A
>RAMDISK: Compressed image found at block 0
>RAMDISK: Uncompressing root archive: done.
>RAMDISK: Auto Filesystem - minix: 2048i 6144bk 68fdz(68) 1024zs
>2147483647ms
>VFS: Mounted root (minix filesystem).
>RAMDISK: Extracting root archive: done.
>VFS: Disk change detected on device fd(2,44)
>Freeing unused kernel memory: 44k freed
>ne.c:v1.10 9/23/94 Donald Becker ([EMAIL PROTECTED])
>NE*000 ethercard probe at 0x300: 00 40 05 fa 1b 80
>eth0: NE2000 found at 0x300, using IRQ 10.
>NE*000 ethercard probe at 0x340: 00 40 05 fa 00 52
>eth1: NE2000 found at 0x340, using IRQ 11.
>ip_masq_icq: using TCP port range 60200-61000
>ip_masq_icq: loaded support on port 4000/UDP
>Serial driver version 4.27 with MANY_PORTS MULTIPORT SHARE_IRQ enabled
>ttyS00 at 0x03f8 (irq = 4) is a 16550A
>ttyS01 at 0x02f8 (irq = 3) is a 16550A
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=0 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=1 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=2 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=3 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=4 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=5 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=6 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=7 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=8 F=0x0000 T=64 (#18)
>Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
>S=0x00 I=9 F=0x0000 T=64 (#18)
>VFS: Disk change detected on device fd(2,0)
>VFS: Disk change detected on device fd(2,0)
>
>c696585-b: -root-
># ip addr show
>1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
>2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:40:05:fa:1b:80 brd ff:ff:ff:ff:ff:ff
> inet 12.255.173.135/28 brd 255.255.255.255 scope global eth0
>3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:40:05:fa:00:52 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
>
>c696585-b: -root-
># ip route show
>12.255.173.128/28 dev eth0 proto kernel scope link src 12.255.173.135
>192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
>default via 12.255.173.129 dev eth0
>
>c696585-b: -root-
># ip neighbor show
>
>c696585-b: -root-
># ip -s link show
>1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> RX: bytes packets errors dropped overrun mcast
> 0 0 0 0 0 0
> TX: bytes packets errors dropped carrier collsns
> 0 0 0 0 0 0
>2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:40:05:fa:1b:80 brd ff:ff:ff:ff:ff:ff
> RX: bytes packets errors dropped overrun mcast
> 25458 409 0 0 0 395
> TX: bytes packets errors dropped carrier collsns
> 5568 53 0 0 0 0
>3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:40:05:fa:00:52 brd ff:ff:ff:ff:ff:ff
> RX: bytes packets errors dropped overrun mcast
> 0 0 0 0 0 0
> TX: bytes packets errors dropped carrier collsns
> 0 0 0 0 0 0
>
>#ZZZZZZZZZZZ
>c696585-b: -root-
># cat /etc/networks� � �.conf
>############################################################################
>###
># Extended firewall configruation scripts
># By Charles Steinkuehler
># Version 1.3.2
># September 29, 2001
>############################################################################
>###
># Brief instructions for this file
>############################################################################
>###
>#
># VERBOSE=(YES/NO) Default: Yes
># Be verbose about settings.
>#
># MAX_LOOP=(int) Default: 10
># Maximum number of incrementable entries to search for.
># IE: If you create a DNS7=, and MAX_LOOP=7, it will not be reached.
># (DNS0 - DNS7 == 8 entires)
># Setting this value too high will decrease the speed of the configuation
># system.
>#
># IPFWDING_KERNEL=(YES/NO/FILTER_ON) Default: NO
># Enable IP forwarding in the kernel. FILTER_ON means forwarding will
># only happen when IP filtering rules are loaded
>#
># IPALWAYSDEFRAG_KERNEL=(YES/NO) Default: NO
># Enable IP Global defragmentation in the kernel.
>#
># **WARNING** - If this was turned on everywhere in a network of routers,
># it can result in TCP connections failing and TCP connection resets.
>#
># ONLY turn this on if the box is a firewall or the single point of
># entry for a network, or an endpoint for port forwarding or a load
># balancer for a WWW server farm. DO NOT turn this on if the box is a
># conventional router as it breaks the TCP/IP RFCes. This option is
># needed when using IP NAT, IP masquerading, IP autofw, IP portfw,
># transperent proxying or other kernel operations that intercept a
># packet flow and redirect it.
>#
># It is a usful tool when using a packet filtering router to protect
># directly attached ethernet networks of servers as it stops fragment
># attacks on the servers in behind the router. Another use is packet
># filtering router to protect dial-in Internet users on NASes
># (Portmasters, TC racks etc) from various SMB and fragment attacks
># and to redirect all WWW connections into a WWW proxy-caching server.
>#
># CONFIG_HOSTNAME=(YES/NO) Default: NO
># Create /etc/hostname file using HOSTNAME entry.
># Any current hostname file will be **OVERWRITTEN**
>#
># CONFIG_HOSTSFILE=(YES/NO) Default: NO
># Create /etc/hosts file using HOSTSx entries.
># Any current hosts file will be **OVERWRITTEN**
>#
># CONFIG_DNS=(YES/NO) Default: NO
># Create /etc/resolv.conf file using DOMAINS and DNSx entries.
># Any current resolv.conf file will be **OVERWRITTEN**
>#
># IF_LIST Default: "$IF_AUTO"
># A space seperated list of interfaces that can be ACTIVE on this machine
># This controls which interfaces can be brought up and down manually.
>#
># IF_AUTO Default: "eth0"
># A space seperated list of interfaces that get started on boot. Tunneling
># interfaces like CIPE should be after the raw interfaces they depend on.
># The interfaces are started in the order they occur on the list, and are
># shutdown in the reverse order of IF_LIST.
>#
># IPFILTER_SWITCH=(none|router|firewall) Default: "none"
># Selects the basic IP filtering/firewalling setup of the router. "None"
># is used for a straight through router, "router" for a filtering router
>with
># IP spoof protection and Martian protection and "firewall" for a basic IP
># masquerading/NAT firewall. The basic filter types are provided in
># /etc/ipfilter.conf. If you want more than what is provided read the man
># pages for ipchains or ipfwadm and BE CAREFUL when you edit this!
>#
>############################################################################
>###
># General Settings
>############################################################################
>###
>
>VERBOSE=YES
>MAX_LOOP=10
>
>IPFWDING_KERNEL=FILTER_ON
>
>IPALWAYSDEFRAG_KERNEL=YES
>
>CONFIG_HOSTNAME=YES
>
>CONFIG_HOSTSFILE=YES
>
>CONFIG_DNS=NO
>
>############################################################################
>###
># Interfaces
>############################################################################
>###
>
># Start pppd PPP interfaces first as pppd's use of DNS can delay startup.
>#
># Interfaces to start on boot go here - ie "ppp0 eth0"
># Do NOT include interfaces configured by dhcp!
>IF_AUTO="eth1"
>
># List of all configured interfaces, manual start and boot start
>IF_LIST="$IF_AUTO"
>
># Accept ICMP Redirects on ALL interfaces, also depends on /proc
># per interface IP forwarding flag. - YES/NO
>ALLIF_ACCEPT_REDIRECTS=NO
>
># Need these both for interfaces run by daemons - ie PPP, CIPE, some
># WAN interfaces
># IP spoofing protection by default for interfaces - YES/NO
>DEF_IP_SPOOF=YES
># Kernel logging of spoofed packets by default for interfaces - YES/NO
>DEF_IP_KRNL_LOGMARTIANS=YES
>
># Bridge Setup - Global stuff
>#
># Enable bridging - YES/NO
>BRG_SWITCH=NO
># Exempt ethernet protocol types - type "brcfg list" to find out allowed
># values
>BRG_EXEMPT_PROTOS=""
>
>############################################################################
>###
>
>eth0_IPADDR=1.1.1.2
>eth0_MASKLEN=30
>eth0_BROADCAST=+
># Use this to set the default route if required - ONLY one to be set.
># routed or gated could be used to set this so only use if not running
>these.
>eth0_DEFAULT_GW=1.1.1.1
># Secondary IP addresses/networks on same wire - add them here
>#eth0_IP_EXTRA_ADDRS="192.168.1.193 192.168.2.1/24"
># Additional routes for this interface, if any
># Space seperated list: <PREFIX>[_<more ip route options>]
>#eth0_ROUTES="1.1.1.13 2.2.2.0/24_via_1.1.1.18"
># IP spoofing protection on this interface - YES/NO
>eth0_IP_SPOOF=YES
># Kernel logging of spoofed packets on this interface - YES/NO
>eth0_IP_KRNL_LOGMARTIANS=YES
># This setting affects the processing of ICMP redirects. Setting it to NO
># makes this more secure. Don't turn this off if you have two IP
># networks/subnets on the same media - YES/NO
>eth0_IP_SHARED_MEDIA=NO
># Bridge this interface - YES/NO
>eth0_BRIDGE=NO
># Proxy-arp from this interface, no other config required to turn on proxy
>ARP!
># - YES/NO
>eth0_PROXY_ARP=NO
># Simple QoS/fair queueing support
># Turn on Stochastic Fair Queueing - useful on busy DDS links - YES/NO
>eth0_FAIRQ=NO
># Ethernet Transmit Queue Length
># eth0_TXQLEN=100
># Complex QoS - Enable all of these + above to turn it on
>#eth0_BNDWIDTH=10Mbit # Device bandwidth
>#eth0_HNDL=2 # Queue Handle - must be unique
>#eth0_IABURST=100 # Interactive Burst
>#eth0_IARATE=1Mbit # Interactive Rate
>#eth0_PXMTU=1514 # Physical MTU - includes Link Layer header
>
>############################################################################
>###
>
>eth1_IPADDR=192.168.1.254
>eth1_MASKLEN=24
>eth1_BROADCAST=+
>eth1_IP_SPOOF=YES
>eth1_IP_KRNL_LOGMARTIANS=YES
>eth1_IP_SHARED_MEDIA=NO
>eth1_BRIDGE=NO
>eth1_PROXY_ARP=NO
>eth1_FAIRQ=NO
>
>############################################################################
>###
>
>#eth2_IPADDR=
>#eth2_MASKLEN=
>#eth2_BROADCAST=+
>#eth2_ROUTES=
>#eth2_IP_SPOOF=YES
>#eth2_IP_KRNL_LOGMARTIANS=YES
>#eth2_IP_SHARED_MEDIA=NO
>#eth2_BRIDGE=NO
>#eth2_PROXY_ARP=
>#eth2_FAIRQ=NO
>
>############################################################################
>###
># NAT 'virtual' interface (optional: required only for static-NAT DMZ
>systems)
>############################################################################
>###
># Configured as an interface to allow flexible handling of bringing the
># routing rules up/down in conjunction with the physical interfaces
># interface spec is an indexed list of IP address pairs and a base priority
># number for ip rule creation
>#nat0_BASE_PRI=100 # Unique base value for ip rules
># Indexed list: <public IP> <private DMZ IP>
>#nat0_PAIR0="1.1.2.3 192.168.2.13"
>#nat0_PAIR1="1.1.2.4 192.168.2.14"
>#nat0_PAIR2="1.1.2.5 192.168.2.15"
>
># Sangoma FR example
>#fr498_IPADDR=10.0.10.1
>#fr498_PTPADDR=10.0.10.2
>#fr498_IP_SPOOF=YES
>#fr498_IP_KRNL_LOGMARTIANS=YES
># Simple QoS support
>#fr498_FAIRQ=YES
>#fr498_TXQLEN=50
># Complex FR QoS - Enable ALL of these + above to turn it on
>#fr498_FRBURST=960Kbit # FR Burst capacity (a rate)
>#fr498_BULKRATE=320Kbit # Usually you set this to the CIR
>#fr498_BULKBURST=50 # Number of packets that can burst in bulk class
>#fr498_BNDWIDTH=1920Kbit # The bandwidth of the interface
>#fr498_IABURST=512 # No of Interactive Burst packets
>#fr498_IARATE=640Kbit # Burst capicity bandwith between
> # BURST and CIR
>#fr498_HNDL=2 # The queue handle - must be unique Dialup PPP is 1000+
>#fr498_PXMTU=1508 # The Physical MTU of the interface (data + MAC header)
>
># PPP interface stuff - these apply to all ASYNC ppp interfaces, options
># same as ethernet above.
>#ppp_BNDWIDTH=30Kbit
>#ppp_FAIRQ=YES
>#ppp_TXQLEN=30
>#ppp_IABURST=20
>#ppp_IARATE=10Kbit
>#ppp_PXMTU=1500
>
>############################################################################
>###
># IP Filter setup - can pull in settings from above
>############################################################################
>###
>
># Set up the basic type of filtering. Can be one of (none|router|firewall)
># You must load the ip_masq_* modules to enable full IP masquerading, and
># ip_masq_portfw if you want to forward external ports pop-3, mtp, www
># to internal machines below.
>IPFILTER_SWITCH=firewall
>
># This set of variables is used with both sets of filters
>SNMP_BLOCK=YES # Block all SNMP (YES/NO)
> # List of IP Nos used for SNMP management
>#SNMP_MANAGER_IPS="10.100.1.2"
># Fair Queuing support
># List of Mark values
>MRK_CRIT=1 # Critical traffic, routing, DNS
>MRK_IA=2 # Interactive traffic - telnet, ssh, IRC
> # List of traffic types and maps to mark values
> # Setting this variable turns on the
> # fairq chain
>CLS_FAIRQ="${MRK_CRIT}_89_0/0 ${MRK_CRIT}_udp_0/0_route
>${MRK_CRIT}_tcp_0/0_bgp ${MRK_CRIT}_tcp_0/0_domain
>${MRK_CRIT}_udp_0/0_domain ${MRK_IA}_tcp_0/0_telnet ${MRK_IA}_tcp_0/0_ssh"
>
># NOTE: Do NOT turn on the DMZ network or ANY external port masquerading/
># port forwarding when EXTERN_DYNADDR is on because some security
># leaks will result. You may also want to limit the external open
># ports to domain (UDP) for DNS. Anyhow, these features are not that
># usable unless you have a static external address
>#
>EXTERN_IF="eth0" # External Interface
>
># Added for DHCP support
># Setting this to YES causes the dhcp client to try to configure the
># interfaces listed in IF_DHCP, and causes EXTERN_IP to be read directly
># from the interfaceB
>EXTERN_DHCP=YES # YES/NO
>
># The interface(s) to configure via dhcp
>IF_DHCP=$EXTERN_IF
>
># If YES, your firewall filters use 0/0 for your IP address, instead of
>your
># actual IP address. Set this to NO for typical ethernet setups, even if
>you
># are using DHCP
>EXTERN_DYNADDR=NO # YES/NO
># - or -
># External Interface IP number...the default should be fine for most folks
>eval EXTERN_IP=\"\${"$EXTERN_IF"_IPADDR:-""}\"
>
># Set EXTERN_IP to "DYNAMIC" if you need the rules to read the IP from the
># interface, but you arn't using DHCP (ie PPPoE and dialup users)
>#EXTERN_IP=DYNAMIC
>
># If external interface IP is dynamic, read the configured IP address
># This should probably be moved to the init.d network script, but I put it
># here for now, as it is more obvious what it is doing, in case it
># messes something else up.
>if [ "$EXTERN_DHCP" = "YES" -o \
> "$EXTERN_DHCP" = "Yes" -o \
> "$EXTERN_DHCP" = "yes" -o \
> "$EXTERN_IP" = "DYNAMIC" ] ; then
>
> # This computes the IP address of $EXTERN_IF
> EXTERN_IP=`ip addr list label $EXTERN_IF | \
> grep inet | sed '1!d' | \
> sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'`
>
> # If the external address is not configured, use a bogus address for the
> # external interface to prevent a bunch of (harmless) errors that spit
>out
> # when the IPCHAINS script is called.
> if [ x$EXTERN_IP = x ]; then
> EXTERN_IP=192.168.254.254
> fi
>fi
>
># Traffic to completely ignore...define here to prevent filling your logs
># Space seperated list: protocol_srcip[/mask][_dstport]
>#SILENT_DENY="udp_207.235.84.1_route udp_207.235.84.0/24_37"
>
># Extra rule scripts added by Charles Steinkuehler to more easily support
># non-standard extentions of the pre-configured ipchains rules
>IPCH_IN=/etc/ipchains.input
>IPCH_FWD=/etc/ipchains.forward
>IPCH_OUT=/etc/ipchains.output
>
># ICMP types to open
># Indexed list: "SrcAddr/Mask type [ DestAddr[/DestMask] ]"
>#EXTERN_ICMP_PORT0="0/0 : 1.1.1.12"
>
>## UDP Services open to outside world
># Space seperated list: srcip/mask_dstport
># NOTE: bootpc port is used for dhcp client
>EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc"
>
># -or-
># Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
>#EXTERN_UDP_PORT0="0/0 domain"
>#EXTERN_UDP_PORT1="5.6.7.8 500 1.1.1.12"
>
># TCP services open to outside world
># Space seperated list: srcip/mask_dstport
>#EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
>
># -or-
># Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
>#EXTERN_TCP_PORT0="5.6.7.8 domain 1.1.1.12"
>#EXTERN_TCP_PORT1="0/0 www"
>
># Generic Services open to outside world
># Space seperated list: protocol_srcip/mask_dstport
>#EXTERN_PORTS="50_5.6.7.8 51_5.6.7.8"
>
># -or-
># Indexed list: "Protocol SrcAddr/Mask [ DestAddr[/DestMask] ]"
>#EXTERN_PROTO0="50 5.6.7.8/32"
>#EXTERN_PROTO1="51 5.6.7.8/32"
>
>############################################################################
>###
># Internal Interface
>############################################################################
>###
># Comment 3 settings below for no internal network (DMZ only configuration)
>INTERN_IF="eth1" # Internal Interface
>INTERN_NET=192.168.1.0/24 # One (or more) Internal network(s)
>INTERN_IP=192.168.1.254 # IP number of Internal Interface
> # (to allow forwarding to external IP)
>MASQ_SWITCH=YES # Masquerade internal network to outside
> # world - YES/NO
>
># These services are not masqueraded from int to ext/DMZ, preventing access
># Space seperated list: proto_destIP/mask_port
>#NOMASQ_DEST="tcp_0/0_ssh"
>
># Override for above...only the listed dest IP's can be accessed
># Space seperated list: proto_destIP/mask_port
>#NOMASQ_DEST_BYPASS="tcp_10.0.0.1_ssh"
>
>############################################################################
>###
># Port Forwarding
>############################################################################
>###
># Remember to open appropriate holes in the firewall rules, above
>
># Uncomment following for port-forwarded internal services.
># The following is an example of what should be put here.
># Tuples are as follows:
># <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port>
>#INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
>tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp"
>
># These lines use the primary external IP address...if you need to
>port-forward
># an aliased IP address, use the INTERN_SERVERS setting above
>#INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
>#INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
>#INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
>#INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available
>#INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
>#INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
>#EXTERN_SSH_PORT=24 # External port to use for internal SSH access
>
># Advanced settings: parameters passed directly to portfw and autofw
># Indexed list: "<ipmasqadm portfw options>"
>#INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
>#INTERN_SERVER1=""
># Indexed list: "<ipmasqadm autofw options>"
>#INTERN_AUTOFW0="-A -r tcp 20000 20050 -h 192.168.1.1"
>#INTERN_AUTOFW1=""
>
>############################################################################
>###
># DMZ setup (optional)
>############################################################################
>###
># Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
>DMZ_SWITCH=NO
>DMZ_IF="eth2"
>DMZ_NET=192.168.2.0/24
>
># DMZ switches for all flavors except PRIVATE
>############################################################################
>###
># For NAT DMZ's:
># DMZ_NET, above is likely a private IP range...DMZ_SRC should encompass
>the
># public IP range being NAT'd to DMZ_NET. Any systems
>DMZ_SRC=1.1.1.0/27
>
># For Proxy-Arp or NAT DMZ's only:
># For security, any IP's within the DMZ_NET (PROXY) or DMZ_SRC (NAT)
># specification, above, that are NOT remote systems reached via DMZ_IF must
># be listed here. This potentially includes IP's of this LRP system, your
># gateway, and systems connected to your external interface.
>DMZ_EXT_ADDRS="$eth0_DEFAULT_GW $EXTERN_IP"
>
>## Both of the following should be used together - ie if you turn on
>## DMZ_HIGH_TCP_CONNECT - DO specify DMZ_CLOSED_DEST!
>
># Allows inbound connections to high tcp ports (>1023)
># You can also allow to specific machines using 1024: (or a smaller range)
># as the dest port range in DMZ_OPEN_DEST (RECOMMENDED)
>DMZ_HIGH_TCP_CONNECT=NO
>
>## 3306 MySQL, 6000 X, 2049 NFS, 7100 xfs
>DMZ_CLOSED_DEST="tcp_${DMZ_NET}_6000:6004 tcp_${DMZ_NET}_7100"
>
># Inbound services to allow to the DMZ
># <protocol>_<destination IP/network>_<destination port or range>
>DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
> tcp_${DMZ_NET}_domain
> icmp_${DMZ_NET}_:
> tcp_1.1.2.13_www"
>
># PRIVATE DMZ switches
>############################################################################
>###
># Services port-forwarded to the DMZ network
># Indexed list: "Protocol LocalIP LocalPort RemoteIP [ RemotePort ]"
>#DMZ_SERVER0="udp $EXTERN_IP domain 192.168.2.1 domain"
>#DMZ_SERVER1="tcp $EXTERN_IP domain 192.168.2.1 domain"
>#DMZ_SERVER2="tcp 1.2.3.13 www 192.168.2.1 www"
>#DMZ_SERVER3="tcp 1.2.3.13 smtp 192.168.2.1 smtp"
>#DMZ_SERVER4="tcp 1.2.3.12 www 192.168.2.1 8080"
>
># Allow all outbound traffic from DMZ (YES)
># or just traffic from port-forwarded servers (NO)
>#DMZ_OUTBOUND_ALL=YES
>
>############################################################################
>###
># Interface activation/deactivation functions
># Here so that special interface commands can be called and daemons
>started
>#
># Arps can be set up here, network/host routes and so forth.
>#
># This appears to be a little messy but is needed to achieve maximum
># functionality and flexibility.
>#
>############################################################################
>###
>
>echo_rtepfx () {
> local IFS='_'
> set -- $1
> echo $1
>}
>
>echo_rteargs () {
> local IFS='_'
> set -- $1
> shift
> echo $@
>}
>
># Function to add a static NAT translation
># $1 = Name of environment variable which contains IP address
># $2 = Action (add or del)
># $3 = Base priority value
># $y = Current walklist index count
>do_nat () {
> local PRIORITY=$(($3 + $y ))
> local ACTION=$2
> eval local args=\$$1
> set -- $args
> ip route $ACTION nat $1 via $2
> ip rule $ACTION prio $PRIORITY from $2 nat $1
>}
>
>if_up () {
> local ADDR
>
> # sort out a few things to make life easier - here so that you
> # can see what is done and so that you can add anything if needed
> eval local IPADDR=\${"$1"_IPADDR:-""} # I am also a good genius
> eval local MASKLEN=\${"$1"_MASKLEN:-""}
> eval local BROADCAST=\${"$1"_BROADCAST:-""}
> eval local PTPADDR=\${"$1"_PTPADDR:-""}
> eval local DEFAULT_GW=\${"$1"_DEFAULT_GW:-""}
> eval local IP_EXTRA_ADDRS=\${"$1"_IP_EXTRA_ADDRS:-""}
> eval local ROUTES=\${"$1"_ROUTES:-""}
> eval local FAIRQ=\${"$1"_FAIRQ:-""}
> eval local TXQLEN=\${"$1"_TXQLEN:-""}
> eval local IP_SPOOF=\${"$1"_IP_SPOOF:-""}
> eval local IP_KRNL_LOGMARTIANS=\${"$1"_IP_KRNL_LOGMARTIANS:-""}
> eval local IP_SHARED_MEDIA=\${"$1"_IP_SHARED_MEDIA:-""}
> eval local BRIDGE=\${"$1"_BRIDGE:-""}
> eval local PROXY_ARP=\${"$1"_PROXY_ARP:-""}
> if [ -n "$BROADCAST" ] ; then
> IFCFG_BROADCAST="broadcast $BROADCAST"
> fi
>
> # Do dee global bridge stuff
> brg_global
>
> # Set default interface flags here - used for PPP and WAN interfaces
> if_setproc default rp_filter $DEF_IP_SPOOF
> if_setproc default log_martians $DEF_IP_KRNL_LOGMARTIANS
> if_setproc all accept_redirects $ALLIF_ACCEPT_REDIRECTS
>
> # Set up each interface
> case $1 in
> ppp0)
> pppd call provider
> ;;
> fr*)
> wanconfig card wanpipe1 dev $1 start
> ip addr add $IPADDR peer $PTPADDR dev $1
> ip link set $1 up
> # Fair queuing - this can be selected for any interface
> ip_frQoS $1
> ;;
> nat*)
> eval local BASE_PRI=\${"$1"_BASE_PRI:-""}
> walk_list $1_PAIR $INIT_INDEX do_nat add $BASE_PRI
> ;;
> *) # default interface startup
> brg_iface $1 up $BRIDGE
> [ -n "$IPADDR" ] \
> && ip addr add $IPADDR/$MASKLEN $IFCFG_BROADCAST dev $1
> for ADDR in $IP_EXTRA_ADDRS; do
> ip addr add $ADDR dev $1
> done
>
> ip link set $1 up
>
> case "$PROXY_ARP" in
> YES|Yes|yes)
> ip route flush dev $1
> ;;
> *)
> ;;
> esac
>
> # Fair queuing - this can be selected for any interface
> ip_QoS $1
> ;;
> esac
>
> for route in $ROUTES; do
> ip route add `echo_rtepfx $route` dev $1 `echo_rteargs $route`
> done
>
> # Do universal interface config items here
> # Default route support
> [ -n "$DEFAULT_GW" ] \
> && ip route replace default via $DEFAULT_GW dev $1
> # Set the TX Queue Length
> [ -n "$TXQLEN" ] \
> && ip link set $1 txqlen $TXQLEN
> # Spoof protection
> if_setproc $1 rp_filter $IP_SPOOF
> # Kernel logging of martians on this interface
> if_setproc $1 log_martians $IP_KRNL_LOGMARTIANS
> # Shared Media stuff
> if_setproc $1 shared_media $IP_SHARED_MEDIA
> # Proxy ARP support
> if_setproc $1 proxy_arp $PROXY_ARP
>
> return 0
>}
>
>if_down () {
>
> # Do Dee global bridge stuff
> brg_global
>
> case $1 in
> ppp*)
> [ -f /var/run/$1.pid ] && qt kill `cat /var/run/$1.pid`
> sleep 5 # Wait for pppd to die
> ;;
> fr*)
> qt ip link set $1 down
> qt ip addr flush dev $1
> qt wanconfig card wanpipe1 dev $1 stop
> ;;
> nat*)
> eval local BASE_PRI=\${"$1"_BASE_PRI:-""}
> walk_list $1_PAIR $INIT_INDEX do_nat del $BASE_PRI
> ;;
> *) # default action
> brg_iface $1 down
> ip link set $1 down # This also kills any routes
> qt ip addr flush dev $1
> ;;
> esac
>
> # Clean up any QoS/fair queuing stuff
> ip_QoSclear $1
>
> true
>
>} #END if_down
>
>############################################################################
>###
># Hostname Requires: CONFIG_HOSTNAME=YES
>############################################################################
>###
>HOSTNAME="c696585-b"
>
>############################################################################
>###
># Hosts file (Static domainname entires) Requires: CONFIG_HOSTSFILE=YES
>############################################################################
>###
># IP FQDN hostname alias1 alias2..
>HOSTS0="$eth1_IPADDR $HOSTNAME.attbi.com $HOSTNAME fw"
>#HOSTS0="$eth1_IPADDR $HOSTNAME.private.network $HOSTNAME fw"
>#HOSTS1="192.168.1.22 host2.private.network host2 h2"
>
>############################################################################
>###
># Domain Search Order and Name Servers Requires: CONFIG_DNS=YES
>############################################################################
>###
>
>DOMAINS="private.network"
>
>DNS0=127.0.0.1
>#DNS0=Your.Primary.DNS.Server
>#DNS1=Your.Secondary.DNS.Server
>
>############################################################################
>###
># QoS/Fariqueing functions
>############################################################################
>###
>
>ip_QoSclear () {
> [ -x /sbin/tc ] \
> && qt tc qdisc del dev $1 root
> return 0
>}
>
>ip_frQoS () {
>
> # Set some vaiables
> eval local FAIRQ=\${"$1"_FAIRQ:-""}
> eval local BULKRATE=\${"$1"_BULKRATE:-""}
> eval local BULKBURST=\${"$1"_BULKBURST:-""}
> eval local FRBURST=\${"$1"_FRBURST:-""}
> eval local HNDL=\${"$1"_HNDL:-""}
> eval local BNDWIDTH=\${"$1"_BNDWIDTH:-""}
> eval local IARATE=\${"$1"_IARATE:-""}
> eval local IABURST=\${"$1"_IABURST:-""}
> eval local PXMTU=\${"$1"_PXMTU:-""}
>
>
> if [ ! -x /sbin/tc ]; then
> return 1
> fi
>
> if [ "$FAIRQ" != "YES" -a "$FAIRQ" != "Yes" -a "$FAIRQ" != "yes" ]
> then
> return 1
> fi
>
> if [ -z "$BULKRATE" -o -z "$FRBURST" -o -z "$HNDL" -o -z "$PXMTU" \
> -o -z "$BNDWIDTH" -o -z "$IARATE" -o -z "$IABURST" \
> -o -z "$BULKBURST" ]; then
> tc qdisc replace dev $1 root sfq
> return 0
> fi
>
> # Attach CBQ to device
> tc qdisc add dev $1 root handle $HNDL: cbq \
> bandwidth $BNDWIDTH avpkt 1000
> # Set up classes
> # Bulk class
> tc class add dev $1 parent $HNDL:0 classid :1 \
> est 1sec 8sec cbq bandwidth $BNDWIDTH \
> rate $BULKRATE allot $PXMTU bounded weight 1 prio 6 \
> avpkt 1000 maxburst $BULKBURST \
> split $HNDL:0 defmap ff7f
> tc qdisc add dev $1 parent $HNDL:1 sfq perturb 15
> # Interactive Class
> tc class add dev $1 parent $HNDL:0 classid :2 \
> est 2sec 16sec cbq bandwidth $BNDWIDTH \
> rate $IARATE allot $PXMTU bounded weight 1 prio 6 \
> avpkt 1000 maxburst $IABURST \
> split $HNDL:0 defmap 80
> tc qdisc add dev $1 parent $HNDL:2 sfq perturb 15
> # Priority class
> tc class add dev $1 parent $HNDL:0 classid :3 \
> est 1sec 8sec cbq bandwidth $BNDWIDTH \
> rate $FRBURST allot $PXMTU bounded weight 1 prio 1 \
> avpkt 1000 maxburst 21
> tc qdisc add dev $1 parent $HNDL:3 pfifo
> # Add filters
> tc filter add dev $1 parent $HNDL:0 protocol ip \
> priority 50 handle $MRK_CRIT fw classid $HNDL:3
> tc filter add dev $1 parent $HNDL:0 protocol ip \
> priority 60 handle $MRK_IA fw classid $HNDL:2
>
> return 0
>}
>
>ip_QoS () {
>
> # Set some vaiables
> eval local HNDL=\${"$1"_HNDL:-""}
> eval local FAIRQ=\${"$1"_FAIRQ:-""}
> if [ -z "$FAIRQ" -a -n "$2" ]; then
> local FAIRQ=$2
> fi
> eval local BNDWIDTH=\${"$1"_BNDWIDTH:-""}
> if [ -z "$BNDWIDTH" -a -n "$3" ]; then
> local BNDWIDTH=$3
> fi
> eval local PXMTU=\${"$1"_PXMTU:-""}
> if [ -z "$PXMTU" -a -n "$4" ]; then
> local PXMTU=$4
> fi
> eval local IARATE=\${"$1"_IARATE:-""}
> if [ -z "$IARATE" -a -n "$5" ]; then
> local IARATE=$5
> fi
> eval local IABURST=\${"$1"_IABURST:-""}
> if [ -z "$IABURST" -a -n "$6" ]; then
> local IABURST=$6
> fi
>
> if [ ! -x /sbin/tc ]; then
> return 1
> fi
>
> if [ "$FAIRQ" != "YES" -a "$FAIRQ" != "Yes" -a "$FAIRQ" != "yes" ]
> then
> return 1
> fi
>
> if [ -z "$BNDWIDTH" -o -z "$IABURST" -o -z "$IARATE" -o -z "$HNDL" \
> -o -z "$PXMTU" ]; then
> tc qdisc replace dev $1 root sfq
> return 0
> fi
>
> # Attach CBQ to device
> tc qdisc add dev $1 root handle $HNDL: cbq \
> bandwidth $BNDWIDTH \
> avpkt 1000
> # Set up classes
> # Bulk class
> tc class add dev $1 parent $HNDL:0 classid :1 est 1sec 8sec \
> cbq bandwidth $BNDWIDTH rate $BNDWIDTH \
> allot $PXMTU avpkt 1000 bounded weight 1 prio 6 \
> split $HNDL:0 defmap ff7f
> tc qdisc add dev $1 parent $HNDL:1 sfq perturb 15
> # Interactive class
> tc class add dev $1 parent $HNDL:0 classid :2 est 2sec 16sec \
> cbq bandwidth $BNDWIDTH rate $IARATE maxburst $IABURST \
> allot $PXMTU avpkt 1000 bounded isolated weight 1 \
> prio 2 split $HNDL:0 defmap 80
> tc qdisc add dev $1 parent $HNDL:2 sfq perturb 15
> # Priority class
> tc class add dev $1 parent $HNDL:0 classid :3 est 1sec 8sec \
> cbq bandwidth $BNDWIDTH rate $BNDWIDTH \
> allot $PXMTU avpkt 1000 bounded weight 1 prio 1
> tc qdisc add dev $1 parent $HNDL:3 pfifo
> # Add filters
> tc filter add dev $1 parent $HNDL:0 protocol ip \
> priority 50 handle $MRK_CRIT fw classid $HNDL:3
> tc filter add dev $1 parent $HNDL:0 protocol ip \
> priority 60 handle $MRK_IA fw classid $HNDL:2 \
>
> return 0
>}
>
>############################################################################
>###
># End
>############################################################################
>###
>
>#ZZZZZZZZZZZ
>c696585-b: -root-
># cat /etc/lrp.conf
>#This is the master config file for systemwide LRP functions.
>#It is referenced by multicron-* and POSIXness.
>
>
># Log files in /var/log/ to rotate. DEPTH == Amount to keep.
>lrp_LOGS_DAILY="daemon.log debug kern.log messages syslog user.log \
> ppp.log pslave.log"
>lrp_LOGS_WEEKLY="auth.log lastlog"
>lrp_LOGS_MONTHLY="wtmp"
>lrp_LOGS_DEPTH=4
>
># Host SMTP server for the 'mail' command. If blank the host 'mail' is
>used.
>#lrp_MAIL_SERVER="smtp.mydomain.net"
>
># Email address to use for notices and alerts. If blank alerts won't be
>sent.
>#lrp_MAIL_ADMIN="[EMAIL PROTECTED]"
>
># Server that will be contacted via 'rdate' for the time service daily.
># Turning this on also updates the CMOS clock
>#lrp_DATE_SERVER="date.mydomain.net"
>
># List of hosts to ping check. ADMIN will be sent mail if any fail.
>#lrp_PING_HOSTS="router1.upstream.com server2.theirnet.org"
>
>
># SPACECHECK, will check the space available on the root device.
># If the remaining free space is <= MINKB or <= MINPER, each level
># of file mask(s) will be wiped, until the minimum available space
># is met or level 5 is reached. Files are individually null'ed
># to 0 size. They are not rm'ed. (syslogd will not be interrupted)
># When the level set in MAIL_LEVEL, is reached or exceeded, an
># alert will be sent to ADMIN. (If set)
>
>lrp_SPACECHECK=NO # YES or NO
>lrp_SC_MINKB=-1 # <= -1 to disable.
>lrp_SC_MINPER=2 # >= 101 to disable. Default 2%.
>lrp_SC_MAIL_LEVEL=2 # >= 6 to disable.
>
>lrp_SC_DEL_L1="/var/log/*[4-9].gz"
>lrp_SC_DEL_L2="/var/log/*[1-3].gz"
>lrp_SC_DEL_L3="/var/log/*.gz"
>lrp_SC_DEL_L4="/var/log/*.0"
>lrp_SC_DEL_L5="/var/log/wtmp"
>
>
>#ZZZZZZZZZZZ
>c696585-b: -root-
># cat /etc/dhclient.conf
># Defaults are OK for most users
>#
># You may have to send a specific host-name or dhcp-client-identifier to
># your ISP, depending on how they assign leases. Note that some ISP's
># assign leases based on physical ethernet addresses, so you may have to
>use
># the interface priovided by your ISP (or ask them to update their records
>to
># match your 'new' network card) in order to use dhcp, even though you
>might
># be able to ping or otherwise send data through your network connection.
># Other ISP's use cable and DSL modems that check for the physical address
># of your network card and you won't even be able to ping through the
>interface
># (or aquire a dhcp lease) without swapping network cards, resetting your
># modem, or perhaps jumping through other hoops. Check with a local linux
># group to get details on service providers in your area.
>#
># If you do need to send a specific host-name or dhcp-client-identifier,
># you can uncomment the appropriate lines below, and change the parameters
># to match your system
>
>#send host-name "c696585-b";
>
># Both forms below are identical. Use whichever is most appropriate
># for the client-identifier you need to send (ascii or colon seperated
># hexadicemal octets)
># send dhcp-client-identifier 43:4c:49:45:4e:54:2d:46:4f:4f;
># send dhcp-client-identifier "CLIENT-FOO";
>
># See the ISC dhcp documentation for more details on this file
>
># Use local DNSCache by default for DNS resolution
>prepend domain-name-servers 127.0.0.1 ;
>
>
>
>
>
>
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>_______________________________________________
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
