Hi All,
OK, I'll explain registration.
If an unidentified MAC asks the cable box (STB) for an IP through DHCP, it is assigned a 10.0.0.0/8 address and every DNS request is redirected to the address of start.ntl. So all you need is a java capable browser to register a MAC address. Currently you can't register Bering boxes by NAT'ing though them because they use their root DNS servers, not the ones passed through DHCP.
OK. If memory serves, there is no "java capable browser" that runs on Bering, so you also cannot register in Bering NIC without NAT ... a bit of a Catch-22.
The natural workaround, I think, is to set up the Bering machine as a NAT'ing router, but tell the NAT'd client (not Bering itself) to use the ISP's nameservers, not the root nameservers (or Bering as forwarder to them). These address are, I'd imagine, reasonably stable, so you can get the info either from your successful Win98 registration or from a successful acquisition of a 10.0.0.0/8 address by the Bering router. (DHCP clients normally write lease information in human-readable form somewhere; I forget where pump does it, but surely its man page tells you.)
Following this approach still requires, of course, that you get a "local" (10.0.0.0/8) lease from an ISP DHCP server. See below for commentary on that part.
> "Is it possible that you have your firewalling set to block access to > private-address network ranges (including 10.0.0.0/8)?"
Is the firewall blocking rfc1918? Wait a minute, isn't there something somewhere that blocks ALL rfc1918 addresses in shorewall? That norfc switch in shorewalls, erm, one of the shorewall files? I know that NTL uses many rfc1918 networks, so would shorewall block packets from a DHCP server with that address?
In short, yes. Shorewall doesn't block "many" rfc1918 networks; it blobks ALL rfc1928 networks (at least all the ones Tom knows about, and I don't know of any that he's missed).
> "Do you "clear" shorewall, *then* run ifup (or pump directly) from the
> command line?"
Yes, I run shorewall clear then pump.
> "At this point, what ruleset information does Shorewall report?"
I don't know, how would I find that out/dump it to a file?
I believe "shorewall show" will report enough to tell you if you still have rfc1918 filtering in operation.
> "And what does "ip" tell you about your interfaces?"
"ip addr show" shows me lo, eho0 and eth1.
Both adaptors have the usual info. eth0 has no IP address. eth1 is fine.
I've been assuming that even with these problems, LAN clients can communicate with the router (ping it, ssh to it, whatever you have enabled). If I'm wrong, please correct me.
Now, uClibc.
After all that, last night I have re-established connectivity. I spoofed my external MAC on a Win98 box and I know that the clean uClibc disk that I was testing with works (except DNS, does this need configuration with 2.2?).
Probably not, if you are able to use the root servers. If you need to use your ISP's nameservers, or course it needs configuring.
Now, until I get back tonight, I won't be able to test my Bering 1.2 disks with this registered setup. If it works, then I guess I was blocking rfc1918 addresses somewhere and the net DHCP server was 10.0.0.0/8.
Regardless, no, my Bering 1.2 disks are stock and have had no security updates applied. Currently, how bad is this?
One of the Bering developers will have to answer this one; I don't track Bering security updates.
I would have some things to move over to a new system, vtun tunnels, wondershaper. I don't know if B-uC 2.2 supports those yet. But I *would* get it back on one disk again. Two is a hassle and so slow to load.
And what's up with all these changes to shorewall? Is that a new version or just a custom config that comes with B-uC 2.2?
Right, I think that's everything. Thanks Ray.
[old stuff and junk deleted]
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
