[Leaf-user] AT&T Transition

Thu, 20 Dec 2001 07:20:57 -0800 

Hey,

We had similar problems with my friend's network, switching from @home to
the rogers.com infrastructure.  What did the trick was booting up his old
windows machine and "releasing" the DHCP lease, powering down, then
hooking up the linux router.  Until the DHCP lease is "released" (I'm
sorry I cannot give you a step by step on that, it was my friend's box),
your account will be locked in with that MAC address, and you will never
authenticate with the DHCP server.... you will see request/response, but
never completion.

KS

On Wed, 19 Dec 2001 [EMAIL PROTECTED] wrote:

> Send Leaf-user mailing list submissions to
>       [EMAIL PROTECTED]
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>       https://lists.sourceforge.net/lists/listinfo/leaf-user
> or, via email, send a message with subject or body 'help' to
>       [EMAIL PROTECTED]
> 
> You can reach the person managing the list at
>       [EMAIL PROTECTED]
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Leaf-user digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: Update: AT&T Transition Woes (Charles Steinkuehler)
>    2. RE: Update: AT&T Transition Woes (gc)
> 
> --__--__--
> 
> Message: 1
> From: "Charles Steinkuehler" <[EMAIL PROTECTED]>
> To: "gc" <[EMAIL PROTECTED]>,
>       <[EMAIL PROTECTED]>
> Subject: Re: [Leaf-user] Update: AT&T Transition Woes
> Date: Wed, 19 Dec 2001 20:55:41 -0600
> 
> > First of all, thanks to all who responded to my initial post.
> > This includes Mark, Scott, Matt, Charles, David, Sean, Michael,
> > and Richard. I've tried pretty much everything that's been
> > suggested: setting various dhclient parameters, setting HOSTNAME
> > and HOSTS0, etc. Unfortunately, I'm still having the same problem.
> > I figured it was time to post a more thorough support request.
> >
> > Problem description: After being transitioned off of home.com to
> > attbi.com, I wasn't able to ping any addresses from my old LRP box.
> > I upgraded to Dachstein 1.0.2, but that didn't seem to make much
> > difference.
> >
> > If I hook my win2k box directly into the cable modem, things work
> > fine. It gets assigned address 12.237.7.206, subnet 255.255.240.0,
> > and default gateway 12.237.0.1.
> >
> > The fact that the router gets such a different configuration makes
> > me suspect its some sort of DHCP problem. But by all appearences,
> > DHCP works fine. It acquires its addresses from 12.237.0.1, which
> > happens to be the default gateway for the win2k box AND appears to
> > be the ONLY address that I can successfully ping from the router.
> 
> So using Dachstein, and the alternate (/28) DHCP settings, you CAN ping
> 12.237.0.1 but nothing else?  This is very odd, and would likely indicate a
> problem on your ISP's end of things...
> 
> > I've included the following information:
> >  . network diagram
> >  . dmesg output
> >  . ip addr show
> >  . ip route show
> >  . ip neighbor show
> >  . ip -s link show
> >  . /etc/network.conf
> >  . /etc/lrp.conf
> >  . /etc/dhclient.conf
> 
> Your config looks OK, but the martian messages are odd...or did you ping the
> network IP (.128) from your firewall?
> 
> Things to try:
> 
> Since you're getting much different DHCP data using linux instead of
> windows, you might try to see if you can change some dhcp settings and get
> something more similar to your working windows config.  First try removing
> any dhcp client leases (in /var/state/dhcp)...shut down dhclient & restart
> (svi dhclient stop/start).  If that doesn't work, try tricking the DHCP
> server by giving your external interface the same MAC address as the card in
> your windows box (just make sure you don't have both interfaces on the same
> ethernet segment...things would get massively confused).  You can do this
> with the ip command (ip link set eth0 address 00:80:c8:ca:ab:11)...repace
> the MAC address with the right one, of course, and make sure you've cleared
> any dhclient leases as well...
> 
> It would also be interesting to see the output dhclinet generates on
> startup, which was not captured by your dmesg output, and the contents of
> your dhcp lease file.  Also, in addition to the networking information you
> provided (ip addr & ip route), the results of the following ping tests
> (using IP addresses, not hostnames)
> firewall to default gateway
> firewall to internet IP
> 
> Charles Steinkuehler
> http://lrp.steinkuehler.net
> http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
> 
> 
> 
> 
> --__--__--
> 
> Message: 2
> From: "gc" <[EMAIL PROTECTED]>
> To: "Cliff Rosenberg" <[EMAIL PROTECTED]>
> Cc: "Leaf Mail List" <[EMAIL PROTECTED]>
> Subject: RE: [Leaf-user] Update: AT&T Transition Woes
> Date: Wed, 19 Dec 2001 21:25:35 -0600
> 
> 
> Yeah, I hear what you're saying, but it just isn't working for me.
> 
> I've tried with and without the "send host-name" in the dhclient.conf.
> I've also tried it with "send client-identifier." No apparent difference.
> 
>  - Gary
> 
> 
> -----Original Message-----
> From: Cliff Rosenberg [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 19, 2001 8:55 PM
> To: gc
> Cc: Leaf Mail List
> Subject: Re: [Leaf-user] Update: AT&T Transition Woes
> 
> 
> Hello-
> 
> I have a cable modem on AT&T (a motorola SB4100) and have been using Charles
> latest Dachstein relase on floppy without any problems.  The disk image it
> totally stock, all I did was edit my DHCP client options (the
> "send-host-name" option needs to be your user id given by AT&T, the
> Cxxxxxxx-A format that it is in).  I am using a P100 w/24 megs ram, 2 3COM
> nic's a 3C905B and a 3C905B-M
> 
> Totally stock otherwise in config files, just added the modules for the
> NIC's, changed "send-host-name", backed up, re-booted, had an IP within
> seconds, running for almost 2 weeks without a hitch.
> 
> Check your DHCP client config, I think thats your problem.  DONT use any of
> the options EXCEPT "send-host-name" and I think you'll be fine...
> 
> Regards,
> Cliff Rosenberg
> [EMAIL PROTECTED]
> 
> 
> ----- Original Message -----
> From: "gc" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, December 19, 2001 9:16 PM
> Subject: [Leaf-user] Update: AT&T Transition Woes
> 
> 
> >
> > First of all, thanks to all who responded to my initial post.
> > This includes Mark, Scott, Matt, Charles, David, Sean, Michael,
> > and Richard. I've tried pretty much everything that's been
> > suggested: setting various dhclient parameters, setting HOSTNAME
> > and HOSTS0, etc. Unfortunately, I'm still having the same problem.
> > I figured it was time to post a more thorough support request.
> >
> > Problem description: After being transitioned off of home.com to
> > attbi.com, I wasn't able to ping any addresses from my old LRP box.
> > I upgraded to Dachstein 1.0.2, but that didn't seem to make much
> > difference.
> >
> > If I hook my win2k box directly into the cable modem, things work
> > fine. It gets assigned address 12.237.7.206, subnet 255.255.240.0,
> > and default gateway 12.237.0.1.
> >
> > The fact that the router gets such a different configuration makes
> > me suspect its some sort of DHCP problem. But by all appearences,
> > DHCP works fine. It acquires its addresses from 12.237.0.1, which
> > happens to be the default gateway for the win2k box AND appears to
> > be the ONLY address that I can successfully ping from the router.
> >
> > I've included the following information:
> >  . network diagram
> >  . dmesg output
> >  . ip addr show
> >  . ip route show
> >  . ip neighbor show
> >  . ip -s link show
> >  . /etc/network.conf
> >  . /etc/lrp.conf
> >  . /etc/dhclient.conf
> >
> >
> >   |
> >         ______|______
> >        |             |
> >        | Cable Modem |
> >        |_____________|
> >               |
> >      _________|________  eth0 DHCP    12.255.173.135
> >     |                  |
> >     |    LRP  Router   |
> >     |__________________|
> >                    | eth1 192.168.1.1
> >                  __|__
> >                 |     |____ win2k PC  192.168.1.x
> >                 |  H  |____ win2k PC  192.168.1.y
> >                 |  u  |____ printer   192.168.1.z
> >                 |  b  |
> >                 |_____|
> >
> > c696585-b: -root-
> > # dmesg
> > Linux version 2.2.19-3-LEAF (root@debian) (gcc version 2.7.2.3) #1 Sat Dec
> 1
> > 12:15:05 CST 2001
> > BIOS-provided physical RAM map:
> >  BIOS-88: 000a0000 @ 00000000 (usable)
> >  BIOS-88: 00f00000 @ 00100000 (usable)
> > Console: colour VGA+ 80x25
> > Calibrating delay loop... 33.07 BogoMIPS
> > Memory: 14064k/16384k available (732k kernel code, 412k reserved, 432k
> data,
> > 44k init)
> > Checking if this processor honours the WP bit even in supervisor mode...
> Ok.
> > Dentry hash table entries: 2048 (order 2, 16k)
> > Buffer cache hash table entries: 16384 (order 4, 64k)
> > Page cache hash table entries: 4096 (order 2, 16k)
> > CPU: Intel 486 DX/2 stepping 05
> > Checking 386/387 coupling... OK, FPU using exception 16 error reporting.
> > Checking 'hlt' instruction... OK.
> > POSIX conformance testing by UNIFIX
> > PCI: No PCI bus detected
> > Linux NET4.0 for Linux 2.2
> > Based upon Swansea University Computer Society NET3.039
> > NET4: Unix domain sockets 1.0 for Linux NET4.0.
> > NET4: Linux TCP/IP 1.0 for NET4.0
> > IP Protocols: ICMP, UDP, TCP
> > TCP: Hash tables configured (ehash 16384 bhash 16384)
> > Initializing RT netlink socket
> > Starting kswapd v 1.5
> > Software Watchdog Timer: 0.05, timer margin: 60 sec
> > Real Time Clock Driver v1.09
> > RAM disk driver initialized:  16 RAM disks of 6144K size
> > Floppy drive(s): fd0 is 1.44M
> > FDC 0 is an 8272A
> > RAMDISK: Compressed image found at block 0
> > RAMDISK: Uncompressing root archive: done.
> > RAMDISK: Auto Filesystem - minix: 2048i 6144bk 68fdz(68) 1024zs
> 2147483647ms
> > VFS: Mounted root (minix filesystem).
> > RAMDISK: Extracting root archive: done.
> > VFS: Disk change detected on device fd(2,44)
> > Freeing unused kernel memory: 44k freed
> > ne.c:v1.10 9/23/94 Donald Becker ([EMAIL PROTECTED])
> > NE*000 ethercard probe at 0x300: 00 40 05 fa 1b 80
> > eth0: NE2000 found at 0x300, using IRQ 10.
> > NE*000 ethercard probe at 0x340: 00 40 05 fa 00 52
> > eth1: NE2000 found at 0x340, using IRQ 11.
> > ip_masq_icq: using TCP port range 60200-61000
> > ip_masq_icq: loaded support on port 4000/UDP
> > Serial driver version 4.27 with MANY_PORTS MULTIPORT SHARE_IRQ enabled
> > ttyS00 at 0x03f8 (irq = 4) is a 16550A
> > ttyS01 at 0x02f8 (irq = 3) is a 16550A
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=0 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=1 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=2 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=3 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=4 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=5 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=6 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=7 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=8 F=0x0000 T=64 (#18)
> > Packet log: input DENY eth0 PROTO=1 12.255.173.135:8 12.255.173.128:0 L=84
> > S=0x00 I=9 F=0x0000 T=64 (#18)
> > VFS: Disk change detected on device fd(2,0)
> > VFS: Disk change detected on device fd(2,0)
> >
> > c696585-b: -root-
> > # ip addr show
> > 1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
> >     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >     inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
> > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> >     link/ether 00:40:05:fa:1b:80 brd ff:ff:ff:ff:ff:ff
> >     inet 12.255.173.135/28 brd 255.255.255.255 scope global eth0
> > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> >     link/ether 00:40:05:fa:00:52 brd ff:ff:ff:ff:ff:ff
> >     inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
> >
> > c696585-b: -root-
> > # ip route show
> > 12.255.173.128/28 dev eth0  proto kernel  scope link  src 12.255.173.135
> > 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254
> > default via 12.255.173.129 dev eth0
> >
> > c696585-b: -root-
> > # ip neighbor show
> >
> > c696585-b: -root-
> > # ip -s link show
> > 1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
> >     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >     RX: bytes  packets  errors  dropped overrun mcast
> >     0          0        0       0       0       0
> >     TX: bytes  packets  errors  dropped carrier collsns
> >     0          0        0       0       0       0
> > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> >     link/ether 00:40:05:fa:1b:80 brd ff:ff:ff:ff:ff:ff
> >     RX: bytes  packets  errors  dropped overrun mcast
> >     25458      409      0       0       0       395
> >     TX: bytes  packets  errors  dropped carrier collsns
> >     5568       53       0       0       0       0
> > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> >     link/ether 00:40:05:fa:00:52 brd ff:ff:ff:ff:ff:ff
> >     RX: bytes  packets  errors  dropped overrun mcast
> >     0          0        0       0       0       0
> >     TX: bytes  packets  errors  dropped carrier collsns
> >     0          0        0       0       0       0
> >
> > #ZZZZZZZZZZZ
> > c696585-b: -root-
> > # cat /etc/networks  .conf
> >
> ############################################################################
> > ###
> > # Extended firewall configruation scripts
> > # By Charles Steinkuehler
> > # Version 1.3.2
> > # September 29, 2001
> >
> ############################################################################
> > ###
> > # Brief instructions for this file
> >
> ############################################################################
> > ###
> > #
> > # VERBOSE=(YES/NO) Default: Yes
> > # Be verbose about settings.
> > #
> > # MAX_LOOP=(int) Default: 10
> > # Maximum number of incrementable entries to search for.
> > # IE: If you create a DNS7=, and MAX_LOOP=7, it will not be reached.
> > # (DNS0 - DNS7 == 8 entires)
> > # Setting this value too high will decrease the speed of the configuation
> > # system.
> > #
> > # IPFWDING_KERNEL=(YES/NO/FILTER_ON) Default: NO
> > # Enable IP forwarding in the kernel.  FILTER_ON means forwarding will
> > # only happen when IP filtering rules are loaded
> > #
> > # IPALWAYSDEFRAG_KERNEL=(YES/NO) Default: NO
> > # Enable IP Global defragmentation in the kernel.
> > #
> > # **WARNING** - If this was turned on everywhere in a network of routers,
> > # it can result in TCP connections failing and TCP connection resets.
> > #
> > # ONLY turn this on if the box is a firewall or the single point of
> > # entry for a network, or an endpoint for port forwarding or a load
> > # balancer for a WWW server farm.  DO NOT turn this on if the box is a
> > # conventional router as it breaks the TCP/IP RFCes.  This option is
> > # needed when using IP NAT, IP masquerading, IP autofw, IP portfw,
> > # transperent proxying or other kernel operations that intercept a
> > # packet flow and redirect it.
> > #
> > # It is a usful tool when using a packet filtering router to protect
> > # directly attached ethernet networks of servers as it stops fragment
> > # attacks on the servers in behind the router. Another use is packet
> > # filtering router to protect dial-in Internet users on NASes
> > # (Portmasters, TC racks etc) from various SMB and fragment attacks
> > # and to redirect all WWW connections into a WWW proxy-caching server.
> > #
> > # CONFIG_HOSTNAME=(YES/NO) Default: NO
> > # Create /etc/hostname file using HOSTNAME entry.
> > # Any current hostname file will be **OVERWRITTEN**
> > #
> > # CONFIG_HOSTSFILE=(YES/NO) Default: NO
> > # Create /etc/hosts file using HOSTSx entries.
> > # Any current hosts file will be **OVERWRITTEN**
> > #
> > # CONFIG_DNS=(YES/NO) Default: NO
> > # Create /etc/resolv.conf file using DOMAINS and DNSx entries.
> > # Any current resolv.conf file will be **OVERWRITTEN**
> > #
> > # IF_LIST                       Default: "$IF_AUTO"
> > # A space seperated list of interfaces that can be ACTIVE on this machine
> > # This controls which interfaces can be brought up and down manually.
> > #
> > # IF_AUTO                       Default: "eth0"
> > # A space seperated list of interfaces that get started on boot. Tunneling
> > # interfaces like CIPE should be after the raw  interfaces they depend on.
> > # The interfaces are started in the order they occur on the list, and are
> > # shutdown in the reverse order of IF_LIST.
> > #
> > # IPFILTER_SWITCH=(none|router|firewall) Default: "none"
> > # Selects the basic IP filtering/firewalling setup of the router.  "None"
> > # is used for a straight through router, "router" for a filtering router
> > with
> > # IP spoof protection and Martian protection and "firewall" for a basic IP
> > # masquerading/NAT firewall.  The basic filter types are provided in
> > # /etc/ipfilter.conf.  If you want more than what is provided read the man
> > # pages for ipchains or ipfwadm and BE CAREFUL when you edit this!
> > #
> >
> ############################################################################
> > ###
> > # General Settings
> >
> ############################################################################
> > ###
> >
> > VERBOSE=YES
> > MAX_LOOP=10
> >
> > IPFWDING_KERNEL=FILTER_ON
> >
> > IPALWAYSDEFRAG_KERNEL=YES
> >
> > CONFIG_HOSTNAME=YES
> >
> > CONFIG_HOSTSFILE=YES
> >
> > CONFIG_DNS=NO
> >
> >
> ############################################################################
> > ###
> > # Interfaces
> >
> ############################################################################
> > ###
> >
> > # Start pppd PPP interfaces first as pppd's use of DNS can delay startup.
> > #
> > # Interfaces to start on boot go here - ie "ppp0 eth0"
> > # Do NOT include interfaces configured by dhcp!
> > IF_AUTO="eth1"
> >
> > # List of all configured interfaces, manual start and boot start
> > IF_LIST="$IF_AUTO"
> >
> > # Accept ICMP Redirects on ALL interfaces, also depends on /proc
> > # per interface IP forwarding flag. - YES/NO
> > ALLIF_ACCEPT_REDIRECTS=NO
> >
> > # Need these both for interfaces run by daemons - ie PPP, CIPE, some
> > #   WAN interfaces
> > # IP spoofing protection by default for interfaces - YES/NO
> > DEF_IP_SPOOF=YES
> > # Kernel logging of spoofed packets by default for interfaces - YES/NO
> > DEF_IP_KRNL_LOGMARTIANS=YES
> >
> > # Bridge Setup - Global stuff
> > #
> > # Enable bridging - YES/NO
> > BRG_SWITCH=NO
> > # Exempt ethernet protocol types - type "brcfg list" to find out allowed
> > # values
> > BRG_EXEMPT_PROTOS=""
> >
> >
> ############################################################################
> > ###
> >
> > eth0_IPADDR=1.1.1.2
> > eth0_MASKLEN=30
> > eth0_BROADCAST=+
> > # Use this to set the default route if required - ONLY one to be set.
> > # routed or gated could be used to set this so only use if not running
> > these.
> > eth0_DEFAULT_GW=1.1.1.1
> > # Secondary IP addresses/networks on same wire - add them here
> > #eth0_IP_EXTRA_ADDRS="192.168.1.193 192.168.2.1/24"
> > # Additional routes for this interface, if any
> > #   Space seperated list: <PREFIX>[_<more ip route options>]
> > #eth0_ROUTES="1.1.1.13 2.2.2.0/24_via_1.1.1.18"
> > # IP spoofing protection on this interface - YES/NO
> > eth0_IP_SPOOF=YES
> > # Kernel logging of spoofed packets on this interface - YES/NO
> > eth0_IP_KRNL_LOGMARTIANS=YES
> > # This setting affects the processing of ICMP redirects. Setting it to NO
> > # makes this more secure. Don't turn this off if you have two IP
> > # networks/subnets on the same media - YES/NO
> > eth0_IP_SHARED_MEDIA=NO
> > # Bridge this interface - YES/NO
> > eth0_BRIDGE=NO
> > # Proxy-arp from this interface, no other config required to turn on proxy
> > ARP!
> > # - YES/NO
> > eth0_PROXY_ARP=NO
> > # Simple QoS/fair queueing support
> > # Turn on Stochastic Fair Queueing - useful on busy DDS links - YES/NO
> > eth0_FAIRQ=NO
> > # Ethernet Transmit Queue Length
> > # eth0_TXQLEN=100
> > # Complex QoS - Enable all of these + above to turn it on
> > #eth0_BNDWIDTH=10Mbit   # Device bandwidth
> > #eth0_HNDL=2            # Queue Handle - must be unique
> > #eth0_IABURST=100       # Interactive Burst
> > #eth0_IARATE=1Mbit      # Interactive Rate
> > #eth0_PXMTU=1514        # Physical MTU - includes Link Layer header
> >
> >
> ############################################################################
> > ###
> >
> > eth1_IPADDR=192.168.1.254
> > eth1_MASKLEN=24
> > eth1_BROADCAST=+
> > eth1_IP_SPOOF=YES
> > eth1_IP_KRNL_LOGMARTIANS=YES
> > eth1_IP_SHARED_MEDIA=NO
> > eth1_BRIDGE=NO
> > eth1_PROXY_ARP=NO
> > eth1_FAIRQ=NO
> >
> >
> ############################################################################
> > ###
> >
> > #eth2_IPADDR=
> > #eth2_MASKLEN=
> > #eth2_BROADCAST=+
> > #eth2_ROUTES=
> > #eth2_IP_SPOOF=YES
> > #eth2_IP_KRNL_LOGMARTIANS=YES
> > #eth2_IP_SHARED_MEDIA=NO
> > #eth2_BRIDGE=NO
> > #eth2_PROXY_ARP=
> > #eth2_FAIRQ=NO
> >
> >
> ############################################################################
> > ###
> > # NAT 'virtual' interface (optional: required only for static-NAT DMZ
> > systems)
> >
> ############################################################################
> > ###
> > # Configured as an interface to allow flexible handling of bringing the
> > # routing rules up/down in conjunction with the physical interfaces
> > # interface spec is an indexed list of IP address pairs and a base
> priority
> > # number for ip rule creation
> > #nat0_BASE_PRI=100                       # Unique base value for ip rules
> > # Indexed list: <public IP> <private DMZ IP>
> > #nat0_PAIR0="1.1.2.3 192.168.2.13"
> > #nat0_PAIR1="1.1.2.4 192.168.2.14"
> > #nat0_PAIR2="1.1.2.5 192.168.2.15"
> >
> > # Sangoma FR example
> > #fr498_IPADDR=10.0.10.1
> > #fr498_PTPADDR=10.0.10.2
> > #fr498_IP_SPOOF=YES
> > #fr498_IP_KRNL_LOGMARTIANS=YES
> > # Simple QoS support
> > #fr498_FAIRQ=YES
> > #fr498_TXQLEN=50
> > # Complex FR QoS - Enable ALL of these + above to turn it on
> > #fr498_FRBURST=960Kbit # FR Burst capacity (a rate)
> > #fr498_BULKRATE=320Kbit # Usually you set this to the CIR
> > #fr498_BULKBURST=50 # Number of packets that can burst in bulk class
> > #fr498_BNDWIDTH=1920Kbit # The bandwidth of the interface
> > #fr498_IABURST=512 # No of Interactive Burst packets
> > #fr498_IARATE=640Kbit # Burst capicity bandwith between
> > # BURST and CIR
> > #fr498_HNDL=2 # The queue handle - must be unique Dialup PPP is 1000+
> > #fr498_PXMTU=1508 # The Physical MTU of the interface (data + MAC header)
> >
> > # PPP interface stuff - these apply to all ASYNC ppp interfaces, options
> > # same as ethernet above.
> > #ppp_BNDWIDTH=30Kbit
> > #ppp_FAIRQ=YES
> > #ppp_TXQLEN=30
> > #ppp_IABURST=20
> > #ppp_IARATE=10Kbit
> > #ppp_PXMTU=1500
> >
> >
> ############################################################################
> > ###
> > # IP Filter setup - can pull in settings from above
> >
> ############################################################################
> > ###
> >
> > # Set up the basic type of filtering. Can be one of (none|router|firewall)
> > # You must load the ip_masq_* modules to enable full IP masquerading, and
> > # ip_masq_portfw if you want to forward external ports pop-3, mtp, www
> > # to internal machines below.
> > IPFILTER_SWITCH=firewall
> >
> > # This set of variables is used with both sets of filters
> > SNMP_BLOCK=YES                  # Block all SNMP (YES/NO)
> >                                 # List of IP  Nos used for SNMP management
> > #SNMP_MANAGER_IPS="10.100.1.2"
> > # Fair Queuing support
> > # List of Mark values
> > MRK_CRIT=1 # Critical traffic, routing, DNS
> > MRK_IA=2 # Interactive traffic - telnet, ssh, IRC
> > # List of traffic types and maps to mark values
> > # Setting this variable turns on the
> > # fairq chain
> > CLS_FAIRQ="${MRK_CRIT}_89_0/0 ${MRK_CRIT}_udp_0/0_route
> > ${MRK_CRIT}_tcp_0/0_bgp ${MRK_CRIT}_tcp_0/0_domain
> > ${MRK_CRIT}_udp_0/0_domain ${MRK_IA}_tcp_0/0_telnet ${MRK_IA}_tcp_0/0_ssh"
> >
> > # NOTE: Do NOT turn on the DMZ network or ANY external port masquerading/
> > # port forwarding when EXTERN_DYNADDR is on because some security
> > # leaks will result.  You may also want to limit the external open
> > # ports to domain (UDP) for DNS. Anyhow, these features are not that
> > # usable unless you have a static external address
> > #
> > EXTERN_IF="eth0" # External Interface
> >
> > # Added for DHCP support
> > # Setting this to YES causes the dhcp client to try to configure the
> > # interfaces listed in IF_DHCP, and causes EXTERN_IP to be read directly
> > # from the interfaceB
> > EXTERN_DHCP=YES # YES/NO
> >
> > # The interface(s) to configure via dhcp
> > IF_DHCP=$EXTERN_IF
> >
> > # If YES, your firewall filters use 0/0 for your IP address, instead of
> your
> > # actual IP address.  Set this to NO for typical ethernet setups, even if
> > you
> > # are using DHCP
> > EXTERN_DYNADDR=NO # YES/NO
> > # - or -
> > # External Interface IP number...the default should be fine for most folks
> > eval EXTERN_IP=\"\${"$EXTERN_IF"_IPADDR:-""}\"
> >
> > # Set EXTERN_IP to "DYNAMIC" if you need the rules to read the IP from the
> > # interface, but you arn't using DHCP (ie PPPoE and dialup users)
> > #EXTERN_IP=DYNAMIC
> >
> > # If external interface IP is dynamic, read the configured IP address
> > # This should probably be moved to the init.d network script, but I put it
> > # here for now, as it is more obvious what it is doing, in case it
> > # messes something else up.
> > if [ "$EXTERN_DHCP" = "YES" -o \
> >      "$EXTERN_DHCP" = "Yes" -o \
> >      "$EXTERN_DHCP" = "yes" -o \
> >      "$EXTERN_IP" = "DYNAMIC" ] ; then
> >
> >   # This computes the IP address of $EXTERN_IF
> >   EXTERN_IP=`ip addr list label $EXTERN_IF | \
> >              grep inet | sed '1!d' | \
> >              sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'`
> >
> >   # If the external address is not configured, use a bogus address for the
> >   # external interface to prevent a bunch of (harmless) errors that spit
> out
> >   # when the IPCHAINS script is called.
> >   if [ x$EXTERN_IP = x ]; then
> >     EXTERN_IP=192.168.254.254
> >   fi
> > fi
> >
> > # Traffic to completely ignore...define here to prevent filling your logs
> > # Space seperated list: protocol_srcip[/mask][_dstport]
> > #SILENT_DENY="udp_207.235.84.1_route udp_207.235.84.0/24_37"
> >
> > # Extra rule scripts added by Charles Steinkuehler to more easily support
> > # non-standard extentions of the pre-configured ipchains rules
> > IPCH_IN=/etc/ipchains.input
> > IPCH_FWD=/etc/ipchains.forward
> > IPCH_OUT=/etc/ipchains.output
> >
> > # ICMP types to open
> > # Indexed list: "SrcAddr/Mask type [ DestAddr[/DestMask] ]"
> > #EXTERN_ICMP_PORT0="0/0 : 1.1.1.12"
> >
> > ## UDP Services open to outside world
> > # Space seperated list: srcip/mask_dstport
> > # NOTE: bootpc port is used for dhcp client
> > EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc"
> >
> > # -or-
> > # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
> > #EXTERN_UDP_PORT0="0/0 domain"
> > #EXTERN_UDP_PORT1="5.6.7.8 500 1.1.1.12"
> >
> > # TCP services open to outside world
> > # Space seperated list: srcip/mask_dstport
> > #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> >
> > # -or-
> > # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
> > #EXTERN_TCP_PORT0="5.6.7.8 domain 1.1.1.12"
> > #EXTERN_TCP_PORT1="0/0 www"
> >
> > # Generic Services open to outside world
> > # Space seperated list: protocol_srcip/mask_dstport
> > #EXTERN_PORTS="50_5.6.7.8 51_5.6.7.8"
> >
> > # -or-
> > # Indexed list: "Protocol SrcAddr/Mask [ DestAddr[/DestMask] ]"
> > #EXTERN_PROTO0="50 5.6.7.8/32"
> > #EXTERN_PROTO1="51 5.6.7.8/32"
> >
> >
> ############################################################################
> > ###
> > # Internal Interface
> >
> ############################################################################
> > ###
> > # Comment 3 settings below for no internal network (DMZ only
> configuration)
> > INTERN_IF="eth1" # Internal Interface
> > INTERN_NET=192.168.1.0/24 # One (or more) Internal network(s)
> > INTERN_IP=192.168.1.254 # IP number of Internal Interface
> > # (to allow forwarding to external IP)
> > MASQ_SWITCH=YES # Masquerade internal network to outside
> > # world - YES/NO
> >
> > # These services are not masqueraded from int to ext/DMZ, preventing
> access
> > # Space seperated list: proto_destIP/mask_port
> > #NOMASQ_DEST="tcp_0/0_ssh"
> >
> > # Override for above...only the listed dest IP's can be accessed
> > # Space seperated list: proto_destIP/mask_port
> > #NOMASQ_DEST_BYPASS="tcp_10.0.0.1_ssh"
> >
> >
> ############################################################################
> > ###
> > # Port Forwarding
> >
> ############################################################################
> > ###
> > # Remember to open appropriate holes in the firewall rules, above
> >
> > # Uncomment following for port-forwarded internal services.
> > # The following is an example of what should be put here.
> > # Tuples are as follows:
> > #       <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port>
> > #INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
> > tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp"
> >
> > # These lines use the primary external IP address...if you need to
> > port-forward
> > # an aliased IP address, use the INTERN_SERVERS setting above
> > #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
> > #INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
> > #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
> > #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available
> > #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
> > #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
> > #EXTERN_SSH_PORT=24 # External port to use for internal SSH access
> >
> > # Advanced settings: parameters passed directly to portfw and autofw
> > # Indexed list: "<ipmasqadm portfw options>"
> > #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> > #INTERN_SERVER1=""
> > # Indexed list: "<ipmasqadm autofw options>"
> > #INTERN_AUTOFW0="-A -r tcp 20000 20050 -h 192.168.1.1"
> > #INTERN_AUTOFW1=""
> >
> >
> ############################################################################
> > ###
> > # DMZ setup (optional)
> >
> ############################################################################
> > ###
> > # Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
> > DMZ_SWITCH=NO
> > DMZ_IF="eth2"
> > DMZ_NET=192.168.2.0/24
> >
> > # DMZ switches for all flavors except PRIVATE
> >
> ############################################################################
> > ###
> > # For NAT DMZ's:
> > # DMZ_NET, above is likely a private IP range...DMZ_SRC should encompass
> the
> > # public IP range being NAT'd to DMZ_NET.  Any systems
> > DMZ_SRC=1.1.1.0/27
> >
> > # For Proxy-Arp or NAT DMZ's only:
> > # For security, any IP's within the DMZ_NET (PROXY) or DMZ_SRC (NAT)
> > # specification, above, that are NOT remote systems reached via DMZ_IF
> must
> > # be listed here.  This potentially includes IP's of this LRP system, your
> > # gateway, and systems connected to your external interface.
> > DMZ_EXT_ADDRS="$eth0_DEFAULT_GW $EXTERN_IP"
> >
> > ## Both of the following should be used together - ie if you turn on
> > ## DMZ_HIGH_TCP_CONNECT - DO specify DMZ_CLOSED_DEST!
> >
> > # Allows inbound connections to high tcp ports (>1023)
> > # You can also allow to specific machines using 1024: (or a smaller range)
> > # as the dest port range in DMZ_OPEN_DEST (RECOMMENDED)
> > DMZ_HIGH_TCP_CONNECT=NO
> >
> > ## 3306 MySQL, 6000 X, 2049 NFS, 7100 xfs
> > DMZ_CLOSED_DEST="tcp_${DMZ_NET}_6000:6004 tcp_${DMZ_NET}_7100"
> >
> > # Inbound services to allow to the DMZ
> > # <protocol>_<destination IP/network>_<destination port or range>
> > DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
> > tcp_${DMZ_NET}_domain
> > icmp_${DMZ_NET}_:
> > tcp_1.1.2.13_www"
> >
> > # PRIVATE DMZ switches
> >
> ############################################################################
> > ###
> > # Services port-forwarded to the DMZ network
> > # Indexed list: "Protocol LocalIP LocalPort RemoteIP [ RemotePort ]"
> > #DMZ_SERVER0="udp $EXTERN_IP domain 192.168.2.1 domain"
> > #DMZ_SERVER1="tcp $EXTERN_IP domain 192.168.2.1 domain"
> > #DMZ_SERVER2="tcp 1.2.3.13 www 192.168.2.1 www"
> > #DMZ_SERVER3="tcp 1.2.3.13 smtp 192.168.2.1 smtp"
> > #DMZ_SERVER4="tcp 1.2.3.12 www 192.168.2.1 8080"
> >
> > # Allow all outbound traffic from DMZ (YES)
> > # or just traffic from port-forwarded servers (NO)
> > #DMZ_OUTBOUND_ALL=YES
> >
> >
> ############################################################################
> > ###
> > # Interface activation/deactivation functions
> > #  Here so that special interface commands can be called and daemons
> started
> > #
> > #  Arps can be set up here, network/host routes and so forth.
> > #
> > #  This appears to be a little messy but is needed to achieve maximum
> > #  functionality and flexibility.
> > #
> >
> ############################################################################
> > ###
> >
> > echo_rtepfx () {
> > local IFS='_'
> > set -- $1
> > echo $1
> > }
> >
> > echo_rteargs () {
> > local IFS='_'
> > set -- $1
> > shift
> > echo $@
> > }
> >
> > # Function to add a static NAT translation
> > # $1 = Name of environment variable which contains IP address
> > # $2 = Action (add or del)
> > # $3 = Base priority value
> > # $y = Current walklist index count
> > do_nat () {
> > local PRIORITY=$(($3 + $y ))
> > local ACTION=$2
> > eval local args=\$$1
> > set -- $args
> > ip route $ACTION nat $1 via $2
> > ip rule $ACTION prio $PRIORITY from $2 nat $1
> > }
> >
> > if_up () {
> > local ADDR
> >
> > # sort out a few things to make life easier - here so that you
> > # can see what is done and so that you can add anything if needed
> > eval local IPADDR=\${"$1"_IPADDR:-""}     # I am also a good genius
> > eval local MASKLEN=\${"$1"_MASKLEN:-""}
> > eval local BROADCAST=\${"$1"_BROADCAST:-""}
> > eval local PTPADDR=\${"$1"_PTPADDR:-""}
> > eval local DEFAULT_GW=\${"$1"_DEFAULT_GW:-""}
> > eval local IP_EXTRA_ADDRS=\${"$1"_IP_EXTRA_ADDRS:-""}
> > eval local ROUTES=\${"$1"_ROUTES:-""}
> > eval local FAIRQ=\${"$1"_FAIRQ:-""}
> > eval local TXQLEN=\${"$1"_TXQLEN:-""}
> > eval local IP_SPOOF=\${"$1"_IP_SPOOF:-""}
> > eval local IP_KRNL_LOGMARTIANS=\${"$1"_IP_KRNL_LOGMARTIANS:-""}
> >         eval local IP_SHARED_MEDIA=\${"$1"_IP_SHARED_MEDIA:-""}
> >         eval local BRIDGE=\${"$1"_BRIDGE:-""}
> >         eval local PROXY_ARP=\${"$1"_PROXY_ARP:-""}
> > if [ -n "$BROADCAST" ] ; then
> > IFCFG_BROADCAST="broadcast $BROADCAST"
> > fi
> >
> >         # Do dee global bridge stuff
> > brg_global
> >
> > # Set default interface flags here - used for PPP and WAN interfaces
> > if_setproc default rp_filter $DEF_IP_SPOOF
> > if_setproc default log_martians $DEF_IP_KRNL_LOGMARTIANS
> > if_setproc all accept_redirects $ALLIF_ACCEPT_REDIRECTS
> >
> > # Set up each interface
> > case $1 in
> > ppp0)
> > pppd call provider
> > ;;
> > fr*)
> > wanconfig card wanpipe1 dev $1 start
> > ip addr add $IPADDR peer $PTPADDR dev $1
> > ip link set $1 up
> > # Fair queuing - this can be selected for any interface
> > ip_frQoS $1
> > ;;
> > nat*)
> > eval local BASE_PRI=\${"$1"_BASE_PRI:-""}
> > walk_list $1_PAIR $INIT_INDEX do_nat add $BASE_PRI
> > ;;
> > *)      # default interface startup
> >                 brg_iface $1 up $BRIDGE
> > [ -n "$IPADDR" ] \
> > && ip addr add $IPADDR/$MASKLEN $IFCFG_BROADCAST dev $1
> > for ADDR in $IP_EXTRA_ADDRS; do
> > ip addr add $ADDR dev $1
> > done
> >
> > ip link set $1 up
> >
> > case "$PROXY_ARP" in
> > YES|Yes|yes)
> > ip route flush dev $1
> > ;;
> > *)
> > ;;
> > esac
> >
> > # Fair queuing - this can be selected for any interface
> > ip_QoS $1
> > ;;
> > esac
> >
> > for route in $ROUTES; do
> > ip route add `echo_rtepfx $route` dev $1 `echo_rteargs $route`
> > done
> >
> > # Do universal interface config items here
> > # Default route support
> > [ -n "$DEFAULT_GW" ] \
> > && ip route replace default via $DEFAULT_GW dev $1
> > # Set the TX Queue Length
> > [ -n "$TXQLEN" ] \
> > && ip link set $1 txqlen $TXQLEN
> > # Spoof protection
> > if_setproc $1 rp_filter $IP_SPOOF
> > # Kernel logging of martians on this interface
> > if_setproc $1 log_martians $IP_KRNL_LOGMARTIANS
> > # Shared Media stuff
> > if_setproc $1 shared_media $IP_SHARED_MEDIA
> > # Proxy ARP support
> > if_setproc $1 proxy_arp $PROXY_ARP
> >
> > return 0
> > }
> >
> > if_down () {
> >
> > # Do Dee global bridge stuff
> > brg_global
> >
> > case $1 in
> > ppp*)
> > [ -f /var/run/$1.pid ] && qt kill `cat /var/run/$1.pid`
> > sleep 5        # Wait for pppd to die
> > ;;
> > fr*)
> > qt ip link set $1 down
> > qt ip addr flush dev $1
> > qt wanconfig card wanpipe1 dev $1 stop
> > ;;
> > nat*)
> > eval local BASE_PRI=\${"$1"_BASE_PRI:-""}
> > walk_list $1_PAIR $INIT_INDEX do_nat del $BASE_PRI
> > ;;
> > *) # default action
> >                 brg_iface $1 down
> > ip link set $1 down    # This also kills any routes
> > qt ip addr flush dev $1
> > ;;
> > esac
> >
> > # Clean up any QoS/fair queuing stuff
> > ip_QoSclear $1
> >
> > true
> >
> > } #END if_down
> >
> >
> ############################################################################
> > ###
> > # Hostname Requires: CONFIG_HOSTNAME=YES
> >
> ############################################################################
> > ###
> > HOSTNAME="c696585-b"
> >
> >
> ############################################################################
> > ###
> > # Hosts file (Static domainname entires) Requires: CONFIG_HOSTSFILE=YES
> >
> ############################################################################
> > ###
> > # IP FQDN hostname alias1 alias2..
> > HOSTS0="$eth1_IPADDR $HOSTNAME.attbi.com $HOSTNAME fw"
> > #HOSTS0="$eth1_IPADDR $HOSTNAME.private.network $HOSTNAME fw"
> > #HOSTS1="192.168.1.22 host2.private.network host2 h2"
> >
> >
> ############################################################################
> > ###
> > # Domain Search Order and Name Servers Requires: CONFIG_DNS=YES
> >
> ############################################################################
> > ###
> >
> > DOMAINS="private.network"
> >
> > DNS0=127.0.0.1
> > #DNS0=Your.Primary.DNS.Server
> > #DNS1=Your.Secondary.DNS.Server
> >
> >
> ############################################################################
> > ###
> > # QoS/Fariqueing functions
> >
> ############################################################################
> > ###
> >
> > ip_QoSclear () {
> > [ -x /sbin/tc ] \
> > && qt tc qdisc del dev $1 root
> > return 0
> > }
> >
> > ip_frQoS () {
> >
> > # Set some vaiables
> > eval local FAIRQ=\${"$1"_FAIRQ:-""}
> > eval local BULKRATE=\${"$1"_BULKRATE:-""}
> > eval local BULKBURST=\${"$1"_BULKBURST:-""}
> > eval local FRBURST=\${"$1"_FRBURST:-""}
> > eval local HNDL=\${"$1"_HNDL:-""}
> > eval local BNDWIDTH=\${"$1"_BNDWIDTH:-""}
> > eval local IARATE=\${"$1"_IARATE:-""}
> > eval local IABURST=\${"$1"_IABURST:-""}
> > eval local PXMTU=\${"$1"_PXMTU:-""}
> >
> >
> > if [ ! -x /sbin/tc ]; then
> > return 1
> > fi
> >
> > if [ "$FAIRQ" != "YES" -a "$FAIRQ" != "Yes" -a "$FAIRQ" != "yes" ]
> > then
> > return 1
> > fi
> >
> > if [ -z "$BULKRATE" -o -z "$FRBURST" -o -z "$HNDL" -o -z "$PXMTU" \
> > -o -z "$BNDWIDTH" -o -z "$IARATE" -o -z "$IABURST" \
> > -o -z "$BULKBURST" ]; then
> > tc qdisc replace dev $1 root sfq
> > return 0
> > fi
> >
> > # Attach CBQ  to device
> > tc qdisc add dev $1 root handle $HNDL: cbq \
> > bandwidth $BNDWIDTH avpkt 1000
> > # Set up classes
> > # Bulk class
> > tc class add dev $1 parent $HNDL:0 classid :1 \
> > est 1sec 8sec cbq bandwidth $BNDWIDTH \
> > rate $BULKRATE allot $PXMTU bounded weight 1 prio 6 \
> > avpkt 1000 maxburst $BULKBURST \
> > split $HNDL:0 defmap ff7f
> > tc qdisc add dev $1 parent $HNDL:1 sfq perturb 15
> > # Interactive Class
> > tc class add dev $1 parent $HNDL:0 classid :2 \
> > est 2sec 16sec cbq bandwidth $BNDWIDTH \
> > rate $IARATE allot $PXMTU bounded weight 1 prio 6 \
> > avpkt 1000 maxburst $IABURST \
> > split $HNDL:0 defmap 80
> > tc qdisc add dev $1 parent $HNDL:2 sfq perturb 15
> > # Priority class
> > tc class add dev $1 parent $HNDL:0 classid :3 \
> > est 1sec 8sec cbq bandwidth $BNDWIDTH \
> > rate $FRBURST allot $PXMTU bounded weight 1 prio 1 \
> > avpkt 1000 maxburst 21
> > tc qdisc add dev $1 parent $HNDL:3 pfifo
> > # Add filters
> > tc filter add dev $1 parent $HNDL:0 protocol ip \
> > priority 50 handle $MRK_CRIT fw classid $HNDL:3
> > tc filter add dev $1 parent $HNDL:0 protocol ip \
> > priority 60 handle $MRK_IA fw classid $HNDL:2
> >
> > return 0
> > }
> >
> > ip_QoS () {
> >
> > # Set some vaiables
> > eval local HNDL=\${"$1"_HNDL:-""}
> > eval local FAIRQ=\${"$1"_FAIRQ:-""}
> > if [ -z "$FAIRQ" -a -n "$2" ]; then
> > local FAIRQ=$2
> > fi
> > eval local BNDWIDTH=\${"$1"_BNDWIDTH:-""}
> > if [ -z "$BNDWIDTH" -a -n "$3" ]; then
> > local BNDWIDTH=$3
> > fi
> > eval local PXMTU=\${"$1"_PXMTU:-""}
> > if [ -z "$PXMTU" -a -n "$4" ]; then
> > local PXMTU=$4
> > fi
> > eval local IARATE=\${"$1"_IARATE:-""}
> > if [ -z "$IARATE" -a -n "$5" ]; then
> > local IARATE=$5
> > fi
> > eval local IABURST=\${"$1"_IABURST:-""}
> > if [ -z "$IABURST" -a -n "$6" ]; then
> > local IABURST=$6
> > fi
> >
> > if [ ! -x /sbin/tc ]; then
> > return 1
> > fi
> >
> > if [ "$FAIRQ" != "YES" -a "$FAIRQ" != "Yes" -a "$FAIRQ" != "yes" ]
> > then
> > return 1
> > fi
> >
> > if [ -z "$BNDWIDTH" -o -z "$IABURST" -o -z "$IARATE" -o -z "$HNDL" \
> > -o -z "$PXMTU" ]; then
> > tc qdisc replace dev $1 root sfq
> > return 0
> > fi
> >
> > # Attach CBQ  to device
> > tc qdisc add dev $1 root handle $HNDL: cbq \
> > bandwidth $BNDWIDTH \
> > avpkt 1000
> > # Set up classes
> > # Bulk class
> > tc class add dev $1 parent $HNDL:0 classid :1 est 1sec 8sec \
> > cbq bandwidth $BNDWIDTH rate $BNDWIDTH \
> > allot $PXMTU avpkt 1000 bounded weight 1 prio 6 \
> > split $HNDL:0 defmap ff7f
> > tc qdisc add dev $1 parent $HNDL:1 sfq perturb 15
> > # Interactive class
> > tc class add dev $1 parent $HNDL:0 classid :2 est 2sec 16sec \
> > cbq bandwidth $BNDWIDTH rate $IARATE maxburst $IABURST \
> > allot $PXMTU avpkt 1000 bounded isolated weight 1 \
> > prio 2 split $HNDL:0 defmap 80
> > tc qdisc add dev $1 parent $HNDL:2 sfq perturb 15
> > # Priority class
> > tc class add dev $1 parent $HNDL:0 classid :3 est 1sec 8sec \
> > cbq bandwidth $BNDWIDTH rate $BNDWIDTH \
> > allot $PXMTU avpkt 1000 bounded weight 1 prio 1
> > tc qdisc add dev $1 parent $HNDL:3 pfifo
> > # Add filters
> > tc filter add dev $1 parent $HNDL:0 protocol ip \
> > priority 50 handle $MRK_CRIT fw classid $HNDL:3
> > tc filter add dev $1 parent $HNDL:0 protocol ip \
> > priority 60 handle $MRK_IA fw classid $HNDL:2 \
> >
> > return 0
> > }
> >
> >
> ############################################################################
> > ###
> > # End
> >
> ############################################################################
> > ###
> >
> > #ZZZZZZZZZZZ
> > c696585-b: -root-
> > # cat /etc/lrp.conf
> > #This is the master config file for systemwide LRP functions.
> > #It is referenced by multicron-* and POSIXness.
> >
> >
> > # Log files in /var/log/ to rotate. DEPTH == Amount to keep.
> > lrp_LOGS_DAILY="daemon.log debug kern.log messages syslog user.log \
> > ppp.log pslave.log"
> > lrp_LOGS_WEEKLY="auth.log lastlog"
> > lrp_LOGS_MONTHLY="wtmp"
> > lrp_LOGS_DEPTH=4
> >
> > # Host SMTP server for the 'mail' command. If blank the host 'mail' is
> used.
> > #lrp_MAIL_SERVER="smtp.mydomain.net"
> >
> > # Email address to use for notices and alerts. If blank alerts won't be
> > sent.
> > #lrp_MAIL_ADMIN="[EMAIL PROTECTED]"
> >
> > # Server that will be contacted via 'rdate' for the time service daily.
> > # Turning this on also updates the CMOS clock
> > #lrp_DATE_SERVER="date.mydomain.net"
> >
> > # List of hosts to ping check. ADMIN will be sent mail if any fail.
> > #lrp_PING_HOSTS="router1.upstream.com server2.theirnet.org"
> >
> >
> > # SPACECHECK, will check the space available on the root device.
> > # If the remaining free space is <= MINKB or <= MINPER, each level
> > # of file mask(s) will be wiped, until the minimum available space
> > # is met or level 5 is reached. Files are individually null'ed
> > # to 0 size. They are not rm'ed. (syslogd will not be interrupted)
> > # When the level set in MAIL_LEVEL, is reached or exceeded, an
> > # alert will be sent to ADMIN. (If set)
> >
> > lrp_SPACECHECK=NO # YES or NO
> > lrp_SC_MINKB=-1 # <= -1 to disable.
> > lrp_SC_MINPER=2 # >= 101 to disable. Default 2%.
> > lrp_SC_MAIL_LEVEL=2 # >= 6 to disable.
> >
> > lrp_SC_DEL_L1="/var/log/*[4-9].gz"
> > lrp_SC_DEL_L2="/var/log/*[1-3].gz"
> > lrp_SC_DEL_L3="/var/log/*.gz"
> > lrp_SC_DEL_L4="/var/log/*.0"
> > lrp_SC_DEL_L5="/var/log/wtmp"
> >
> >
> > #ZZZZZZZZZZZ
> > c696585-b: -root-
> > # cat /etc/dhclient.conf
> > # Defaults are OK for most users
> > #
> > # You may have to send a specific host-name or dhcp-client-identifier to
> > # your ISP, depending on how they assign leases.  Note that some ISP's
> > # assign leases based on physical ethernet addresses, so you may have to
> use
> > # the interface priovided by your ISP (or ask them to update their records
> > to
> > # match your 'new' network card) in order to use dhcp, even though you
> might
> > # be able to ping or otherwise send data through your network connection.
> > # Other ISP's use cable and DSL modems that check for the physical address
> > # of your network card and you won't even be able to ping through the
> > interface
> > # (or aquire a dhcp lease) without swapping network cards, resetting your
> > # modem, or perhaps jumping through other hoops.  Check with a local linux
> > # group to get details on service providers in your area.
> > #
> > # If you do need to send a specific host-name or dhcp-client-identifier,
> > # you can uncomment the appropriate lines below, and change the parameters
> > # to match your system
> >
> > #send host-name "c696585-b";
> >
> > # Both forms below are identical.  Use whichever is most appropriate
> > # for the client-identifier you need to send (ascii or colon seperated
> > # hexadicemal octets)
> > # send dhcp-client-identifier 43:4c:49:45:4e:54:2d:46:4f:4f;
> > # send dhcp-client-identifier "CLIENT-FOO";
> >
> > # See the ISC dhcp documentation for more details on this file
> >
> > # Use local DNSCache by default for DNS resolution
> > prepend domain-name-servers 127.0.0.1 ;
> >
> >
> >
> >
> >
> >
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> >
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> >
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> 
> 
> 
> --__--__--
> 
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 
> 
> End of Leaf-user Digest
> 


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to