RE: [leaf-user] QOS setup under Bering 1.2

[Erich Titl]

Joey

I am using tc only (not qos-htb) with the wondershaper as documented on the 
shorewall site.
To start with, it failed too with IIRC similar problems. I finally had to 
dig into the wondershaper code and found ash arithmetic problems settting 
up the tc commands.
So I believe it is not tc causing the problems.

HTH
Erich
At 01:28 16.12.2003 -0600, Joey Officer wrote:
Been doing some reading, and I found a couple of interesting bits.

What appears to be a somewhat current HTB home page, with a fair amount of
documentation:
http://luxik.cdi.cz/~devik/qos/htb/htbfaq.htm
Additionally, from the FAQ:

RTNETLINK answers: Invalid argument and tc parameters are correct
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

[Erich Titl]

Sean

At 10:02 15.12.2003 -0500, Sean E. Covel wrote:
Please stop me before I go running off down the wrong road!!!

Here's the situation:  My sister-in-law is dying to get herself a laptop
and WIFI.  They already have a cable modem and a virus-laden P2P, chat,
teenager PC in the house.  They have no firewall currently.  She can
never get on the PC, so she wants a laptop she can use anywhere.
Here is what I am proposing to do:

Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
|
--- DMZ -- WAP -- Laptop (Windows XP)
The question is, of course, how to secure the WIFI and Laptop.  I was
hoping that the Laptop could establish an IPSEC connection through the
WAP to Bering.  Only IPSEC connections would be allowed in the DMZ.  I'm
recommending she go with 802.11g so there is enough bandwidth left after
IPSEC to do some useful work.
Does this make any sense?  Has anybody done it?  Can a WAP passthrough
IPSEC?
I looked into adding a WIFI card to Bering but 802.11g cards are not
well supported, AND I don't want to become full-time tech support for
this configuration.
You can easily use 802.11b, which is currently supported (and cheap), 
unless you need high speed access to something on your local LAN.
I am running an encrypted tunnel between 2 WLAN connected sites on derelict 
Pentium hardware and I am saturating easily the WAN uplink.
Even with 802.11g, a bad radio link does not give you good speed, so you 
best check out the site. Good propagation conditions is the keywword here, 
which partially translates to good antennas/cabling. For Windoze IPSEC set 
up you can look up the freeswan users mailing list (unfortunately down at 
the time being :-(  )

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Static route

[Erich Titl]

HI

At 15:14 12.12.2003 +0100, you wrote:
Hallo LEAF World !

Can someone tell me where I should put a static route so that it survives a
reboot ?
I have a subnet in the internal network - all works fine with Shorewall 
masquerading but I am not familiar enough with this Linux to know the best
place to put my route add... staement.
add it to  /etc/network/interfaces

similar to

# Step 2: configure  internal interface
# Default: eth1 / fixed IP = 192.168.1.254
#auto eth1
iface eth1 inet static
address 194.124.158.99
masklen 24
broadcast 194.124.158.255
up ip route add ...
HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] [ot] pcengines purchase pooling

[Erich Titl]

Hi Folks

Sorry it you consider this abusive, please don't flame..

slight commercial
I am faced with the decision to buy a batch of small router hardware (the 
pcengines http://www.pcengines.ch/wrap.htm stuff I was flaming about lately 
on the developers list).
Of course OEM prices vary a lot depending on the batch size. So if anyone 
is interested in pooling orders please let me know. I will pass the naked 
boards at my own cost.
BTW... I am considering the 2 port models.
/slight commercial

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] pppoe internet connection terminates -- howto restart/redial

[Erich Titl]

Alex

At 09:02 11.12.2003 +0100, you wrote:
 I'm curious how to get pppd to auto redial when my connection
 dies.
snipalot

Just respawning the pppd is not sufficient, I had times when pppd ran and
the ppp0 interface was visible but did not have an IP address. IMHO the pppd
should be changed that so it never quits, doesn't run twice on the same
interface and retries constantly.
Any chance running pppd from init, letting it respawn if it goes away?

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: Bering/IPSec/WiFi/Win2K/Shorewall (update)

[Erich Titl]

Lynn, Christopher

At 21:51 09.12.2003 -0600, Lynn Avants wrote:
On Saturday 06 December 2003 05:37 pm, Christopher Harewood wrote:
 Lynn:

 I've read about the differing subnets; in fact, it was your doc that has
 helped to get me thus far.  However, changing the laptop IP to
 192.168.3.9 produces the following result:
I haven't set the Wifi/Ipsec connection up, But Erich has successfully.
I would check the list archives for that conversation, IIRC, he posted
some information on how he got this connection working.
Indeed I have a connection up to the NET using wifi, this is the network 
topology, if this is of any use...

Big Bad Net
|
Zywall 65x router NATting to a /29 subnet
192.168.1.1
- subnet 192.168.1.0/29
192.168.1.6
Bering 1.0 router
192.168.10.1
.
.
Wireless connection using Orinoco cards and directional antennas from 
hyperlinktech
encrypted using FreeSwan 1.96
.
.
192.168.10.2
Bering 1.0 router
192.168.20.1
|
 subnet 192.168.20.0/24

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] PPPoE Bering qpopper = unable to get emails.

[Erich Titl]

Hi

At 21:15 10.12.2003, Dmitri Gofmekler wrote:

Hi,

Encountered some strange problem, when I'm using Bering and his pppoe
package, all connections to my mail server (qpopper installed, server
filtered by his own ipchains, opened only 25 and 110 incoming ports) are
timed out, seems that authorization is ok, but data does not sends. All
other PPPoE soft, includeing rp-pppoe work well, coyotelinux works well and
another mail serwers works well to, only this combination. Anyone has an
idea?
Possibly a MTU size problem. Did you set CLAMPMSS=Yes in 
/etc/shorewall/shorewall.conf

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] (Fwd) IPSEC route question war : Problem with manual IP route commands in

[Erich Titl]

Simon

Eric Wolzak wrote the following at 22:39 10.12.2003:
Hello  SImon, I am not that experienced with the ipsec so U forward this 
to the
list again

--- Forwarded message follows ---
From:   Simon Chalk [EMAIL PROTECTED]
To: Eric Wolzak [EMAIL PROTECTED]
Subject:RE: [leaf-user] Problem with manual IP route 
commands in Start file
Date sent:  Wed, 10 Dec 2003 11:19:35 -

Hi Eric,

I have now discovered that the shorewall start file is not a good place to
put my ip route add commands. I am adding a manual route through the ipsec0
interface and I think shorewall is loading before ipsec, so the ipsec device
is not known at this stage.
Let me ask you why you need to add an additional route through the tunnel 
instead of including this in the tunnel definition. IPSec will happily add 
those routes for you.
If this is not possible at all, you will probably have to look at the 
leftupdown/rightupdown parameter for the connection.
Else the FreeSwan list is quite active and has many experts.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] open socket

[Erich Titl]

Felix

At 09:28 05.12.2003 +0100, you wrote:
Hi Erich,

my server is out side.
I make connection in my c prog. like this
rc = connect(sd, (struct sockaddr *) servAddr,
sizeof(servAddr));
before this I called
1. gethostbyname was ok
2. socket also ok
3. bind port was also ok
Just the connect is fail... :(
What errno?


I've already add the rules

ACCEPT fw  net tcp 90
ACCEPT net fw  tcp 90
ACCEPT fw  net udp 90
ACCEPT net fw  udp 90
but I still get connection reefused.

what do I wrong?
The shorewall set up should work fine

Try
telnet myserver.whatever.dom 90 from inside your firewall?
This should work in any case and would show that your connection is working 
at all.
Then try your homegrown program from the inside

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] open socket

[Erich Titl]

Felix

At 15:01 04.12.2003 +0100, you wrote:
Hi Everyone,

I've a problem to open a socket from my Bering-Box to
my server via IP and Port 90.
I can ping to my Server from my Bering-Box.
But if I start open the socket I just get connection
refused...
Does someone can help me?
Probably blocked by the firewall
Did you read the Shorewall docs?
You will have to allow the respective port from the firewall to the 
destination zone, something like

ACCEPT  fw  loc tcp 90

in /etc/shorewll/rules.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] DNS Redirection

[Erich Titl]

Joey

Joey Officer wrote the following at 15:45 04.12.2003:
I am setting up a wireless card under Bering and I wanted to provide limited
access to it.  But because I know that eventually the WEP will be cracked
and someone will get an IP address from the DHCPd server, I want to know if
I can redirect all traffic from (example) 192.168.2.0 except 192.168.2.205
to goatse.cx
Basically, I'm setting up a gateway for a friend or two, who I'll assign IP
addresses to via MAC address.  Anyone else I want to be able to only get to
a single point.  Has anyone done anything like this?
Maybe noCatNet will do this (maybe its overkill)

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] lrpstat and shorewall

[Erich Titl]

Al

At 23:53 20.11.2003 -0500, you wrote:
I'm trying to get weblet w/lrpstat to work on a Bering 1.2. I have
weblet working and I can access the netmon.html page correctly. However,
it has no data. If I shutdown Shorewall data starts coming in. I thought
they both used the same tcp 80 port but I guess not. I can only guess
that a different port is used. Does anyone know what's going on?
Only a guess, shorewall will flush its output buffers at shutdown. You will 
probably have to look at the way lrpstat implements the shorewall status.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] cdrom boot problem

[Erich Titl]

Al

At 18:50 18.11.2003 -0500, ALParada wrote:
Looks like I finally got it booting from the floppies. I do however,
have two errors: I am getting an error just before the login prompt: cp:
unable to close '/etc/dnscache/root/servers/@' : No space left on
device. When I try to restart dnscache I get the same error. When I
ps -aux, dnscache doesn't show up. The second is with squid: I can find
the squid files if I look for them but it doesn't show up as a package.
It does load during boot-up just doesn't show under packages. Squid also
shows up as a backup option. Is this normal?
Do a df on your running system, is there a mounted partition which shows 
100% full? It is possible that the allocated memory for your system disk is 
insufficient.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] cdrom boot problem

[Erich Titl]

Al

At 19:23 17.11.2003 -0500, ALParada wrote:
Hello, I'm trying to get Bering 1.2 to boot from the CD. I would also
like to keep a few packages on the floppy since I'm not finished with
them yet and i'm still making changes. I have gotten as far as getting
the CD to boot and I have a working config just like the floopies.
However when it gets to the point of loading the packages it looks
briefly at the FD and then just goes from the CD. I tried adding a
package:F to the isolinux file but to no avail. I tried adding an lrpcfg
file to the file with the new packages and the same thing. It looks like
it goes to read the FD finds nothing and goes on it's merry way. If I
use the individual floppies it works and like I said the CD also works.
Am I missing something? Does it not work the way I think it does? Below
I have included the contents of the isolinux.cfg. And yes it is on one
line.
I am doing the same, only never specifying the forward vs. reverse order of 
loading explicitly. It takes a bit more time to load but seems to work 
correctly.


display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0
boot=/dev/cdrom:iso9660 PKGPATH=/dev/cdrom:iso9660,/dev/fd0:msdos
LRP=root,etc:R,local,modules,iptables,libz,sshd,shorwall:R,snort:R,dnsca
che,tinyprox:R,sftp,ulogd,weblet:R,squid_2:R
- you should probably use /dev/fd0u1680 as floppy device (assuming you are 
using 1680K floppies)

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN shorewall options

[Erich Titl]

Troy

At 19:45 16.11.2003 -0600, Troy Aden wrote:
Hello yet again,

Sorry to be a bother.
I have searched the Freeswan docs for any reference to the fswcert command
with no luck. I need to know what command I should be using instead of the
fswcert command. I did find a reference to it here
http://cert.uni-stuttgart.de/archive/debian/security/2002/04/msg00160.html
But that does not tell me much.
Read again

On Tuesday, 2002-04-09 at 00:03:20 -0400, Noah L. Meyerhans wrote:
 On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
  the fswcert tool, which is used to extract private key from
  certificate was before in freeswan package. I was not able to find it in
  1.95 version of freeswan. Anyone knows why it has been removed ???

 Because it's no longer needed.  The Debian freeswan packages can use
 certs directly.  Some stuff in /usr/share/doc/freeswan will help you
 figure out how to use them.

It is no longer needed, current SuperFreeS/Wan (Berin 1.2) versions can 
handle certificates, no need to extract the key.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering and traffic control

[Erich Titl]

Hi everybody

Has anyone succeeded using traffic shaping in Bering 1.2

I am using the wondershaper and try to load it in shorewall.
Here is what I get right from the start
tc qdisc add dev eth1 root handle 1: htb default 20
RTNETLINK answers: invalid argument
Is this tc compatible with the kernel?

Thanks
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] shorewall set up, was Bering 1.0 - 1.2 Upgrade (continues) 1/2

[Erich Titl]

Hi

At 19:45 16.11.2003, Richard Doyle wrote:
Paul's original problem was a Shorewall misconfiguration. Bering
Shorewall is configured for two ethernet connections: an external
connection on eth0 and an internal connection on eth1. Paul has an
external connection on ppp0  and an internal connection on eth0. The
problem was solved by modifying /etc/shorewall/routestopped and
/etc/shorewall/masq to fit his network (replacing eth0 and eth1 with
ppp0 and eth0).
I would recommend to use the params file for the shorewall set up. Then one 
can define the interfaces and related parameters in the params file without 
having to meddle with the setup in the other files at all. This might avoid 
confusion.

my $0.02

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN shorewall options

[Erich Titl]

Troy

At 21:35 13.11.2003, Troy Aden wrote:
Thanks for getting back to me. I have run into problems with one command in
the IPSec procedure.
Snip

Make your ipsec server certificate

# openssl req -newkey rsa:2048 -keyout serverKey.pem -out serverReq.pem
# openssl ca -policy policy_anything -in serverReq.pem -days 1825 -out
serverCert.pem -notext
# openssl x509 -in serverCert.pem -outform DER -out x509cert.der
# fswcert -k serverKey.pem  ipsec.secrets
Snip

The fswcert line gives me an error saying that the command is not found.


With recent versions of freeSWan this is not needed anymore, please see the 
FreeS/Wan docs for details.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] LEAF on compact flash

[Erich Titl]

Brock

this is kind of late, being off the list for a while...

At 23:30 30.10.2003, Brock Nanson wrote:

Lynn,

I now use the dd command regularly.  Once I have a working image, I dd it 
off the CF for safekeeping, in case I ever need to create another (RSA 
keys are a PITA to cut and paste etc.) should the first fail.

As far as using different size CF, I dd'd an 8MB image onto a 16MB card 
the other day (none of my 8MB cards could be recognized in this particular 
box).  No issues that I saw.  When I took my usual completed copy for 
backup, the new image was 16MB.  Go figure! ;-)

So I don't think there are too many issues associated with this.  I have 
yet to have a dd'd CF fail on me.

I'd like to hear more about how the earlier poster dealt with the 
read-only issue.  I'd like to find a way to write protect the CF once the 
config is all done.  I believe this was discussed a few times in the past, 
but I don't know if anything was ever resolved.
There are a few HW products which allow write protection, you can find them 
in the archives. One SW solution which IMHO is pretty attractive is to 
remove the IDE modules from the kernel and the /boot/modules directory at 
the end of the init process. This requires the installation of new modules 
before anything can be done to the IDE devices.

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] many non contiguous subnets on the same interface

[Erich Titl]

Lynn

maybe my drawing was not completely clear.

The outer firewall is NATting whereas the inner is routing to keep the DMZ 
and the secure network apart. We were planning to provide server hosting 
for remote networks but the design included dual hosted servers with a SAN 
device on the seconf dentwork. I thrashed this for secuirity reasons 
because any attacker on the remote parts of the net would automatically be 
invited to the sacred shrine.

Anyway, last office day today, tomorrow sailing along the Lycian coast.

Hope to hear from all of you in 2 weeks time

And

Thanks

Erich

At 19:40 23.10.2003, Lynn Avants wrote:
On Thursday 23 October 2003 02:50 am, Erich Titl wrote:
[...]
 There is no NAT on the inner firewall, but then there is no NETBIOS traffic
 either through the firewall.
Hmmm... so it is running proxy-arp on the inner firewall (assuming this
is the only way you can filter w/o routing).
 I know that routing is going to be tricky, we will probably drop the
 extrudet subnet idea as it is too big a security risk to have a subnet
 extended right into the heart of our secure zone.
Yeah, if the firewall is answering a /16, then it is likely not the
best idea to keep them on the same subnet. It might be a better idea
to proxy-arp the DMZ and route/NAT the internal net which keeps the
DMZ on a seperate subnet behind the firewall.
--
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Thompson SpeedTouch 330 USB and Bering

[Erich Titl]

Michelle

Michelle Konzack wrote the following at 23:51 23.10.2003:
Hello,

I have tried to make Bering usabel for the Thompson SpeedTouch
330 USB but the Floppy is too small !!! I have only 120 kByte
free on the Floppy.
Does anyone has done this and HOW ?

Need only the ADSL/USB-Stuff with 3c59x.o, 3c509.o 3c515.o and
pcnet32.o
I have a Bering system with only one floppy which loads additional packages 
from a server on the local net at init time.
Look for rload in the archives, you can find it at

http://cvs.sourceforge.net/viewcvs.py/leaf/devel/etitl/bering/packages/


But there is a second problem:

Whenever I try to load the 3c509.o 3c515.o and pcnet32.o I get
symbol errors...
Maybe release mismatch?

HTH
Erich (off for a forthnight)
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] many non contiguous subnets on the same interface

[Erich Titl]

Lynn

At 23:56 22.10.2003 -0500, Lynn Avants wrote:
On Wednesday 22 October 2003 02:26 am, Erich Titl wrote:
 Hi

 I am deploying Bering 1.2 systems as firewalls/VPN tunnel endpoints to
 build what they call extruded subnets in freeswan jargon
 Here a little bit of ASCII art

 client net
 10.230.60.0/24 (for historical reasons)
 ¦
 10.230.60.1
 Bering / customer VPN endpoint
 xx.xx.xx.xx (any old public address)

 internet

 xx.xx.xx.xx (any old public address)
 Bering / outer firewall / NAT / VPN endpoint
 192.168.180.1

 DMZ 192.168.180.0/23

 192.168.180.2
 Bering / inner firewall / 2 or 3 NICs
 192.168.52.1-

 |  internal subnet
 |  192.168.52.0/22
Your largest problem is going to be routing unless the router is on a
192.168.0.0/16 subnet. Your NetBIOS traffic can't be routed on a /24
or through the second stage of NAT (between the DMZ/internal net)
without NAT-transversal.
There is no NAT on the inner firewall, but then there is no NETBIOS traffic 
either through the firewall.

I know that routing is going to be tricky, we will probably drop the 
extrudet subnet idea as it is too big a security risk to have a subnet 
extended right into the heart of our secure zone.

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] many non contiguous subnets on the same interface

[Erich Titl]

Hi

I am deploying Bering 1.2 systems as firewalls/VPN tunnel endpoints to 
build what they call extruded subnets in freeswan jargon
Here a little bit of ASCII art

client net
10.230.60.0/24 (for historical reasons)
¦
10.230.60.1
Bering / customer VPN endpoint
xx.xx.xx.xx (any old public address)
|
internet
|
xx.xx.xx.xx (any old public address)
Bering / outer firewall / NAT / VPN endpoint
192.168.180.1
|
DMZ 192.168.180.0/23
|
192.168.180.2
Bering / inner firewall / 2 or 3 NICs
192.168.52.1-
|  |
|  internal subnet
|  192.168.52.0/22
|
many extruded subnets in the 10.230.xx.xx range
The idea is to route the path to the various extruded subnets from the 
tunnel endpoint on the outer firewall through the DMZ wire to the inner 
firewall and then to the respecive subnet.

- I probably need to assign ip aliases for each subnet to the NIC connected 
to the extruded subnets.
- I need to add routes for each subnet on the outer and the inner firewall

Is there a canonical way to add many routes and many ip aliases to such a box?
Does this make sense at all?
Thanks for comments
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Problem IPSec with Bering

[Erich Titl]

Mikael

At 14:29 17.10.2003 +0200, Mikaël PLOUHINEC wrote:
...
# connection de test entre Bic et Exodus
conn Bic-Exodus
left=%defaultroute
leftsubnet=192.168.1.0/24
leftnexthop=
leave away or enter sensible value...

right=172.16.10.4
rightsubnet=10.0.0.0/8
rightnexthop=gateway of the second router
auto=start
authby=rsasig
leftrsasigkey=0sAQOKGduouVCa7t6wwdgCbdJfT7q7eH59KBU8Cey6Ikohq3FQffLKIhvbihcklXX91ZZXzXADRkagdyDkJ9dqCp7RHiiQOd1gRI3Gf4m1d9ZFHv0gm0oHnVBjqJwA+whugOQDCEh3Ya884y2qdz7cW+2VYfTehWwFVw+JVTMNSKv/hw==

rightrsasigkey=0sAQOH3JtWlFtIDdAmhgcUz2U+jqEP7iyUTz6pO03hB++wQYMY2JI2d5PgC96HTs0DdLrJAgAcwjRJ4vSSOZejifbQVCCIFVmbWImdoh8BB5IOizW/Jkerp6Mr3L+VlBUoUCPAWrx5OvqcBsIuP7ySy9CgtrJc1YkFc0cV9tMQvkbgGQ==



The ipsec.conf on the second router is :

# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls:  none for (almost) none, all for lots.
klipsdebug=none
plutodebug=all
# Use auto= parameters in conn descriptions to control startup 
actions.
plutoload=%search
plutostart=%search



# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0


# connection de test entre Bic et Exodus
conn Bic-Exodus
left=172.16.10.1
leftsubnet=192.168.1.0/24
leftnexthop=gateway of the first router
right=%defaultroute
rightsubnet=10.0.0.0/8
rightnexthop=
leave these away or add sensible values...

auto=start
Make one of the gateways auto=add

HTH

Erich



---
This SF.net email sponsored by: Enterprise Linux Forum Conference  Expo
The Event For Linux Datacenter Solutions  Strategies in The Enterprise
Linux in the Boardroom; in the Front Office;  in the Server Room
http://www.enterpriselinuxforum.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Compiling for Bering 1.2 and Bering uClibc

[Erich Titl]

Hi

At 17:41 16.10.2003, James Neave wrote:
Hello All,

Compiling for Bering 1.2 and uClibc.

Is it *only* possible to compile for Bering 1.2 with a Debian/slink
installation?
Or can I take, say, Mandrake 9 and compile with a target OS? Just tell
it which Glibc to use for instance. And install a different gcc.
Will that work?
Yu have several choices.

1) UML

2) Chroot to the slink environment, look at Lynn Avants' description/tool.

3) Build your own environment with the necessary compiler/library settings.

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Kernel development (module compile)

[Erich Titl]

Hi Sebastian

At 08:14 11.10.2003, Sebastian A. Aresca wrote:
...
debian:/usr/src/super-freeswan-1.99.6.2# make menugo
ok all right. but then what? if i copy the bzImage to the floppy the system
start
but i want to compile the module using the kernel 2.4.20.
cd /src/linux ; make modules

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: ncurses5.lrp in Bering 1.2 (Ray Olszewski)

[Erich Titl]

Felix

At 09:36 10.10.2003, Felix Theodor wrote:
Hallo Ray,

actually I just want to implemented a small programm
that allowed the user easyly to change the provider
information suchs  MSN, REMMSN, USER and PWD.
So I started with...

#include stdio.h
#include stdlib.h
#include curses.h
int main()
{
   initscr();/*curses initialisieren*/
   endwin();
   return 0;
}
in Redhat there is no error. Just when I start it in
Bering 1.2 with ncurses5.lrp I got that error message:
It's been a long time since I last programmed anything using curses but 
whatever, let me try a wild guess.

What do you have in your TERM variable? 'Linux' by any chance?
Do you have terminfo descriptions for 'Linux', be aware of the case 
sensitivity here.
The stock ncurses package only knows 'linux' not 'Linux'.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] running a externel program after LEAF ist starting

[Erich Titl]

Hi

At 09:33 06.10.2003 +, Phuoc Nguen wrote:
Hallo!

I have another question.
ist it possible to start a external programm after starting LEAF?
if possible how can I do this?
You could run it from an /etc/init.d/whatever script.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] running a externel program after LEAF ist starting

[Erich Titl]

Hi

At 15:44 06.10.2003, Phuoc Nguen wrote:

Hi Erich,

can you give me a Example?
I'm absolute beginer...
One that looks pretty basic to me is /etc/init.d/ntpdate...
This is used to run the ntpdate program once at system start.
You can find it in the ntpdate.lrp package
tar tzf ntpdate.lrp etc/init.d/ntpdate will show you the path to this file.
You will need some basic shell scripting knowledge to understand this.

#! /bin/sh
RCDLINKS=2,S51

error () {
echo ntpdate error: $1
exit 1
}
test -f /usr/sbin/ntpdate || error not found
test -f /etc/default/ntp-servers || error ntp-servers file not found
. /etc/default/ntp-servers

test -n $NTPSERVERS || error NTPSERVERS undefined

case $1 in
start|restart|force-reload)
  echo -n Running ntpdate to synchronize clock
  /usr/sbin/ntpdate -u -b -s $NTPSERVERS
  echo .
  ;;
stop)
  ;;
*)
  echo Usage: /etc/init.d/ntpdate {start|stop|restart|force-reload}
  exit 1
esac
exit 0
--
HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Segmentation Fault on Back-Up Attempt?

[Erich Titl]

Joe

could that be a HW problem on the floppy drive?

HTH
Erich
At 00:28 02.10.2003 -0500, you wrote:
Hi all.  I've got the most annoying problem, and I think I'm...well, 
screwed.  Just today I was trying to back up my Bering floppy, when 
lrcfg's back up floppy submenu failed on a segmentation fault.  Ok, I 
thought; I've been playing around with p9100.lrp for printserv duties 
lately, and maybe I screwed something up (never could quite get the 
printer working, anyway - I'm still using uClibc_1.2.1-b3).  So I turned 
to a recent floppy backup, with no printserv modifications, and booted 
from that.  Router works ok, so I try and back _that_ floppy up.  BOOM - 
segfault on this attempt, too.

Weird.  Does anyone think that I might have messed with the actual 
hardware such that Bering is running out of memory?  Some mem 
initializtions from dmesg:
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] IPSEC/shorewall with 2 dynamic IP's

[Erich Titl]

kp

Thanks, I have a copy of your message. The thing I'd like to improve is the 
recovery mechanism. I somehow hate having to run a cron job to check if a 
connection was broken due to IP change. I believe there must be a way for 
IpSec to detect that the other endpoint is not reachable and to restart the 
tunnel. This IMHO would be faster and produce less network pollution than 
polling the remote station.

cheers
Erich
At 23:22 30.09.2003 +0200, you wrote:
Erich;

pls search mailinglist - I described a solution for ipsec between two dynamic
leaf routers 12/2002 or 1/2003.
It seems to work, anyway comments and improvements are welcome
kp
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] IPSEC/shorewall with 2 dynamic IP's

[Erich Titl]

Hi

Has anyone successfully set up an IPSec tunnel with 2 dynamic endpoints. 
Would you mind to share the shorewall and up/down scripts.
I seem to have a problem setting it up because

1) shorewall needs to be up to get the IP address of the remote gateway 
 and
2) shorewall needs the address of the remote gateway to start.

I am afraid to have routestopped in my external interface description.

Thanks
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Modefied script RESOLVED : Bering lost it's NICs

[Erich Titl]

Francois

you are right to look for a generiic solution, I just happened to stumble 
accross this post...

At 20:09 29.09.2003, Francois BERGERET wrote:

But, may be the better way is to do as this FreeSWan user, to modify the 
ip-up.local file to render it more universal without fixed
IP and Gateway values ?

Sure, this will avoid many cron.log lines input (one by minute) ;-)
You would only need one cron line.


The main target is to resolve our default route lost, and, in the two 
cases, it is ok...
I believe that was the main issue of the post on FreeS/Wan


What is the  better way ? I don't know. Who can explain me what case is 
good or better ?
I guess Knuth would know :-)

IMHO

Cron is a generig mechanism to start something at regular intervals. It can 
be used to check sertain system parameters as it is in your case. However, 
even with small intervals you will always have a certain window of non 
connectivity (and uncertainty).

If your problem _is_ related to the post from the FreeS/Wan list then I 
would definitely give it a try.

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Static Route Setup for Bering Firewall

[Erich Titl]

Simon

At 17:11 26.09.2003, Simon Chalk wrote:
Hi All,

Has anyone setup Static routes on Bering 1.2?

I am trying to add the following to the /etc/network/interfaces file

up route -net 1.2.3.4 netmask 255.255.255.248 gw 4.5.6.7

When I do a ip route, I don't see the route above. I have also tried to add
a route using
ip route add  etc.. etc..


Maybe you should tell route what to do

like

ip route add to 1.2.3.0/24 dev eth1 metric 1

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Modefied script RESOLVED : Bering lost it's NICs

[Erich Titl]

Francois

Interesting, only I am puzzled by the fact that you have to run this from 
cron.
I am currently listening on the freeswan list and found something which 
might interest you:

[EMAIL PROTECTED]
..
I've never had this difficulty. I've lost 'net connectivity over my pppoe
connection thanks to a common difficulty: when pppoe disconnects/reconnects,
the ppp0 interface goes away and comes back. As a result, the virtual device
(ipsec0) becomes disconnected and needs to be re-attached. Plus, I've seen
issues with the default gateway route going away.
Sounds complex, but the fix is simple. Here's a link to my copy of
/etc/ppp/ip-up.local. Note that you may need to alter the interface names
(ppp0/ipsec0) and the IP address of your default gateway, if this turns out
to be useful to you.
http://raven.crowgirl.com/ip-up.local
..
/[EMAIL PROTECTED]
Erich

At 16:17 28.09.2003, Francois BERGERET wrote:
Hi all the list.

I have added IPSec restart in the script, because it seems not to work 
well without it at each time.
Sorry !
Now, it seems to be ok.
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Kernel compilation errors

[Erich Titl]

Thomas

At 11:36 27.09.2003, Thomas Wille wrote:
..
So my questions, maybe a little bit OT:
where can I find the call for md5sum, so that I can correct it?
why is it called?
If this was related to a crime I'd suggest to 'follow the money trail'

here it is easier, just follow the 'make' trail and you will find in 
/linux/drivers/isdn/hisax

luna  grep md5sum *
Makefile:CERT := $(shell md5sum -c md5sums.asc  /dev/null;echo $$?)
cert.c: printk(KERN_INFO HiSax: because \md5sum\ is not 
available\n);
md5sums.asc:# This are valid md5sums for certificated HiSax driver.
md5sums.asc:# The certification is valid only if the md5sums of all files 
match.
md5sums.asc:# end of md5sums

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Kernel compilation errors

[Erich Titl]

Thomas

At 23:01 24.09.2003 +0200, Thomas Wille wrote:
Erich,

I did all the things I normally do when compiling a new kernel:
- untar the kernel (in this case into my home dirctory)
- as root adjust the link /usr/src/linux so that it points to the kernel
  source to be compiled
- exit from beeing root (in my home directory the user can do everything)
- edit the config file by menuconfig (in this case I took Jaques' original
  config file)
- make dep
- make clean
- make bzImage
While doing this step the mentioned error messages occured.
I see, I just did not grok your statement 'compiling grsecurity'

but there is another error message in the middle of the compiling process:
md5sum: kann hfc_pci. nicht öffnen (cannot open hfc_pci.)
md5sum: kann hfc_pci nicht öffnen (cannot open hfc_pci)
Looks like it cannot be found in the path.


maybe these error message give a hint to the problem, even if hfc_pci
belongs to the hisax-module.
Which IIRC is enabled in the Bering config.


Would it be better to download the original 2.4.20 kernel source and apply
the patches myself?
That's what I did. It's worth a try, even with an unpatched kernel source. 
That way you can easily verify your environment.
The unpatched kernel source is a good reference point to start from.

...
PS: error messages while making modules:
make -C maps modules
You wrote your own makefile, didn't you?

make[3]: Entering directory
/proline/lrp_nfs/Bering1.2/linux-bering-1.2/drivers/mtd/maps'
gcc -D__KERNEL__ -I/proline/lrp_nfs/Bering1.2/linux-bering-1.2/include -Wall
-Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common
-fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i486 -DMODULE
-nostdinc -iwithprefix include -DKBUILD_BASENAME=dilnetpc  -c -o dilnetpc.o
dilnetpc.c
Are you trying to cross compile for that hardware? There are probably a few 
quirks to the make environment to be done.

dilnetpc.c:374: ONFIG_MTD_DILNETPC_BOOTSIZE' undeclared here (not in a
function)
Weird, it looks like there is an empty or undefined $C variable. It eats 
the uppercase C in the declaration?

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] openssh 3.7.1p1

[Erich Titl]

At 18:48 24.09.2003 -0300, Brian Fisher wrote:

Hi All,

I have updated my bering with the new ssh suite.  Here's a bug that I 
want to pass along.

I use putty to ssh into my bering box and all is good except when 
I want to 'break' or end a command.
  for example,   if I start to ping an ip and then want to stop the ping 
I would just use 'ctrl-c' but that command now closes the ssh window !

 Has anyone ran into this problem ?
Yep, no solution yet... sorry

I attributed it to my old environment (RC3) but apparently that is not the 
case.
I had difficulties to run ssh on the system itself to get one hop further. 
The host key of the remote machine was not recognised valid anymore.

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] IPSEc tunnel drops on wireless link

[Erich Titl]

Hi

I have 2 Bering 1.0_stable stations with FreeSwan 1.99 running over a 
wireless link. Occasionally (especially on rainy and stormy days) the 
tunnel breaks down. If I stop ipsec on one end and ping the remote ipsec 
gateway I get good results. Starting the tunnel again removes the 
capability to contact the other gaeway (of course) but the tunnel is not 
operational. Ipsec barf shows a correct SA established.

Any ideas
Thanks a lot
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] ppp filter? (was: Bering (ppp): How to ignore UDP Traffic (135/137)?)

[Erich Titl]

Alex

At 11:37 16.09.2003 +0200, Alex Rhomberg wrote:
 after an uptime of 43 Days ;-)) I go crazy, I must shutdown die
 Internet connection every time by hand, because the IDLE 300 does
 not work.

 I have deconected the Ether-Cabel from my internal Network, but my
 Bering-PPP-Box does not deconnect from the internet...

 Ther is UDP-Traffic on port 135, 137 and 1434 !!!

 What mut I do that my Bering-PPP-Box ignore this Traffic ???
You need to insert an active-filter line in your /etc/ppp/options.
Look for active-filter in the pppd manpage
http://www.routerlinux.com/docs/manual/man8/pppd.8.html
Packets filtered out with active-filter don't count towards activity on the
ppp link.
For that to work, you need a pppd and a kernel that were compiled with
PPP_FILTER defined, which doesn't seem to be the case with Bering.
So you could roll your own kernel and pppd or maybe ask Jacques really
nicely to include ppp-filter in the next version of Bering...
Looking at Jacques current config file, I would say it is enabled

CONFIG_NETFILTER=y
...
CONFIG_FILTER=y
...
CONFIG_PPP_FILTER=y
Regards
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: ppp filter? (was: Bering (ppp): How to ignore UDP Traffic (135/137)?)

[Erich Titl]

MIchelle

At 15:46 16.09.2003 +0200, Michelle Konzack wrote:
On 2003-09-16 11:37:27, Alex Rhomberg wrote:

You need to insert an active-filter line in your /etc/ppp/options.

I know, but only on Kernel 2.4.xx :-/
Bering is based on 2.4.xx, hard to get around that.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Compile module Bering 1.2 how to

[Erich Titl]

Sebastian

Sebastian A. Aresca wrote the following at 20:59 15.09.2003:
Anybody knows about a Bering 1.2 kernel distribution to compile modules HOW
TO.
I just use a separate directory (not /usr/src) and gcc 2.95.x. My native 
compiler is gcc 3.x., so I placed a copy of 2.95.x in /usr/local/bin and 
changed the PATH accordingly.
I built my own Makefile which downloads everything needed and compiles the 
kernel, but IIRC Jacques has prepared a fully blown bering kernel source in 
one downloadable tarball.
The rest can be found in the Kernel HOWTO

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] ez-ipupd not firing in response to DHCP lease change

[Erich Titl]

Eric

At 20:16 10.09.2003 -0700, you wrote:
I'm running Bering 1.2 on an SBC DSL connection.  I use ez-ipupd to
export the dynamic IP address I'm assigned.  Or at least I'd like to.
While ez-ipupd used to work for me (and still works at other
[comcast-based] locations I maintain), now when SBC changes my IP
address the DNS settings are not changed.
ez-ipupd can be run in 2 modes, as a daemon where it somehow detects the ip 
change or just once, depending on the daemon parameter in the config file.
I run mine from dhclient-exit-hooks to update whenever dhclient gets a new 
lease.

Could it be that you have a collision with the shorewall rules not yet 
updated for the new ip address? Check your log files.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Wisp and CS5530 /DoC

[Erich Titl]

Ray  group

Discard my previous mail, CS5530 does not come as a module. It looks 
extremely hidden in the configuration tree, actually the .config (from 
Bering) file shows

# CONFIG_BLK_DEV_CS5530 is not set

I am curious how this is set it at all, browsed menuconfig to no avail.

Sorry about the noise
Erich
At 22:18 09.09.2003 +0930, you wrote:
New to LEAF / Wisp using 2624

ok tried to install latest release of Wisp onto a 5BLMP motherboard with 8M
DoC. (Eon Anything box etc)
Able to get Doc setup, formated , syslinux etc all ok.
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Wisp and CS5530 /DoC

[Erich Titl]

Ray

At 23:32 10.09.2003 +0930, you wrote:
 Erich,
thanks for replying -
I did the install from a Dos formatted hardrive and used the dos based DoC
tools, so,
How do I get into the LRP / Cfs files from dos to specify that the
kernel needs to laod the module - or do I need to load it explicitly
in the syslinux .cfg - if so I need to get the module from somewhere -
The generic Bus Master DMA support is disabled, which in turn disables the 
CS5530 support. You can always download the source package from 
http://www.hazard.maks.net/wisp-dist/downloads/src-kernel-2.4.20.tar.gz, 
unpack it and have a look for yourself. The file you want to look at is 
.config. If you have a linux system you can go to the linux directory and 
run make menuconfig.

Basically you have 2 possibilities

- Ask the maintainer to add the functionality to the kernel.
- Do it yourself.:-( , once you have the kernel sources downloaded it 
should not be that hard.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] reduce load on a bering box

[Erich Titl]

Ronny

For high performance, as your case seems to be, you should probably compile 
your own kernel to make it as slim as possible. Unnecessary features can be 
removed that way. Necessary stuff could be compiled into the kernel instead 
of loading it as a module.

cheers
Erich
At 09:12 03.09.2003 +0200, Ronny Aasen wrote:
On Wed, 2003-09-03 at 09:02, S Mohan wrote:

yes i know.
i have removed the ip_conntrack helper modules there (no nat or masq),
the point is that ip_conntrack is not a module it's in the kernel.
mvh
Ronny Aasen
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering lost it's NICs

[Erich Titl]

Hi

At 09:44 02.09.2003 +0300, J. James wrote:
Hi
It's nice to see someone else also having the same problem... I'm sorry: I 
ust read about a pop star visiting a local jail and the first thing he aid 
to the audience was nice to see so many of you here today  ;-)
 I have the same problem from Bering V1.1 and now Bering V1.2.
All nics ok except eth0 with PPPoE providers, on two differents boxes
...
Are you using PPPoE ?
No. And maybe I should also tell that I've used the same hardware with the 
ld LRP firewall with no problems.
But surely we can't be the only two unlucky Bering users - can we? Any 
help ould be greatly appreciated. After all I chose Linux/Bering for it's 
tability.
I was rather reluctant to move to current Bering releases because I had 
this gut feeling that 1_0.stable was more like it's name implies. Do you 
have the same symptoms with a 1_0.stable ? And if so, which kernel version?

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering floppy basics

[Erich Titl]

Hi Bino, Steve

At 08:35 28.08.2003 +0700, bino-psn wrote:
Dear All

Just exactly like Steve said.
And Eric .. Yes I got 10 or more Flash-IDE (a.k.a DOM) unused.
I see, for an embedded system I did not even consider a hard disk as an option.
Should you consider swappping DOM's for CF's I might be interested in a few.
cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering 1.2 dhcpd doesn't start with wlan/hostap or other too late interface up

[Erich Titl]

Francois

At 18:19 25.08.2003, Francois BERGERET wrote:
Hi Erich,

Thanks for your response.

I have read quickly your script.
I am not so good to evaluate if this will be ok for my problem.
I am using Eth interfaces with 'eth0' and 'eth1' label and two wlan nics
with 'wlan0' and 'wlan1' labels.
If I understand well, your script is searching 'eth' interfaces ?
What about 'wlan' interfaces labels ?
Is my label wrong for your script ?
Not at all, as you know, this is open software :-)
the script basically looks for eth interfaces, you may well look for 
something else or a combination of several things by adapting the WHAT 
parameter, for example to:
WHAT=-e eth -e wlan

see the grep manpage for the pattern parameter

or else if you know exactly how many interfaces should be up just set them 
with

NICS=4

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering floppy basics

[Erich Titl]

Hi Steve

At 08:50 24.08.2003 +1200, Steve Wright wrote:
On Sun, 2003-08-24 at 03:28, Dave Hunt wrote:
 Look up www.pcengines.ch.

Dave, have you used pcengines embedded PCs ?
I got one of the pre production models to port Bering to it. It basically 
works with one major problem still open, the reboot command does not work 
at all, because the board does not have a keyboard controller.

I am delayed in adapting a driver which will overcome this problem, but it 
is definitely on my list.

cheers

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering UclibC development

[Erich Titl]

Hi kp

Thanks for the info...

At 01:41 23.08.2003 +0200, K.-P. Kirchdörfer wrote:
Am Freitag, 22. August 2003 13:51 schrieb Erich Titl:
.
Anyway, what you are asking for is already available:
Point you're browser to:
http://www.uclibc.org/
look for
30 June March 2003, dev systems updated to uClibc 0.9.20
 The uClibc development systems for i386, powerpc, arm, mips, have been
updated to uClibc 0.9.20. Several problems have been fixed up, gcc has been
updated to version 3.3, and Perl 5.8.0 is now included. 
and follow the links.

Pls note, none of the Bering-uClibc tested it so far, but we are always
interested in results.
Wouldn't it be nice to have a standardised environment for kernel _and_ 
userland compiles? It might be interesting to se how a kernel compiles in 
this environment.

regards
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Operation not supported by device

[Erich Titl]

Darcy

At 10:00 21.08.2003, Darcy Parker wrote:
Good day listers,

I ma trying to set up a leaf-bering (1.2) FW.  I have the following two
NICs


You better read

http://www.scyld.com/network/vortex.html

this is IMHO the definite information source on that driver.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering UclibC development

[Erich Titl]

Hi

At 09:06 22.08.2003 +0100, Luis.F.Correia wrote:
...
The current uClibc development does not use UML.
What is the minimal environment then for:

a) Kernel compile
Is it really different from the Bering standard kernel enviroonment? I 
always thought Kernels are library independent...?

b) userland compile

It would be nice If one could prepare a filesystem which can be chrooted to 
(no UML necessary) to compile the necessary pieces. IMHO it should be 
possible to just loop mount a file, chroot there and do what's needed to 
compile the bits and pieces. You cannot test what you compiled this way but 
that is another matter.

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] comparison passive ftp clients Dachstein vs Bering

[Erich Titl]

Victor

At 12:12 20.08.2003 -0700, you wrote:
My friend is still troubleshooting why Dachstein works with an internal 
passive ftp client SENDING a file and Bering fails.

System is PPPoE

He ran tdpdump in passive ftp mode .
Dachstein  showns the mss at differnt stages of the ftp as 1460 and 1412
In Bering the tcpdump log shows that mss is 1452 and 1460.
Bering has CLAMPMSS = Yes
The internal ftp passive mode client log shows the port that it will send 
the ftp file.

The tcpdump shows that in Dachstien that port is used and the ftp is 
successful.

In Bering the port used by the client shows in the tcpdump file AS ONE 
PORT LOWER THAN THE REQUESTED PORT.

Why would ip_conntrack_ftp assign a passive client one port lower than the 
agreed upon port for transfer.

**
if the ftp log shows that the tcp port for sending the file is supposed to 
be 13780
tcpdump on the Bering firewall shows the packet is sent on port 13779 and 
the ftp fails.
**
Is this a bug in ip_conntrack_ftp that only shows up when a client sends a 
file?
Passive clients probably usually recieve files instead of sending them.
Anyone else seen this problem?  My friend's weather station will not send 
ftp files through the Bering box.  It will send files through the Dactsein 
box.  All hardware, application program , remote ftp server and ISP are 
the same.
Can you verify this behaviour on your own ADSL line? You would not have to 
rely on external information and might be in a position to present real 
data to the group.
I checked passive ftp on Bering 1.0 stable 2.4.18 (without pppoe so this is 
not directly applicable) without problems.

cheers

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Access to FTP to get LRP

[Erich Titl]

Sebastian

At 04:40 10.08.2003, Sebastián Aresca wrote:
Thanks Erich, i bulid a script that use wget (realy i modified your script
=) )
You probably could have done that with just specifying another download 
method in the lrp.conf file. If that is not possible, would you mind to 
tell me what you needed to modify. I believe the rload script could be 
sufficiently abstract to cover most trivial download methods.

And then i download the package from the ftp server then install it and then
reload init.d. Well as soon i finish it and test i will post it on package.
Thanks

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Last package won't load (Bering v 1.2 on CD)

[Erich Titl]

Jeremy

At 01:36 13.08.2003 -0500, Jeremy A Tourville wrote:
Ok, I've followed the directions regarding creating a lrpkg.cfg file and
when the CD boots I get a *.lrp (nf!) error.  I've tried to add a
carriage return at the end of the lrpkg.cfg file and still no luck.  I've
tried switching the order the packages load in and it makes no
difference, the last package listed is the one that will not load.
nf! means not found :-(

Most probably the package is not on the medium.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Compile ADM8211 Linux driver

[Erich Titl]

Sebastian

Actually any Linux system with an appropriate gcc compiler should do. 
Kernels can be cross compiled.
If you are interested I have a Makefile which makes compiling a Bering 
kernel a piece of cake. It's still quite beta but works in my environment 
which is an old patched up SuSe 6.3 with 2.2.18 :-)

You will need at least a Debian filesystem should you want to compile 
userland programs. If you don't want to install UML you can use the 
chrooted environment from Lynn Avants

Erich

At 23:00 11.08.2003 -0300, Sebastián Aresca wrote:
Hi, this not a question. Anybody can compile this driver.
I don't have installed debian on my systems and need to
compile it. Is it used by Micronet SP906B Wireless PCI Adapter.
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Last package won't load (Bering v 1.2 on CD)

[Erich Titl]

Hi

At 19:04 13.08.2003, [EMAIL PROTECTED] wrote:

Erich,
Thank you for your reply.  I have confirmed all packages that are listed 
in my lrpkg.cfg are on the CD.  Let me state again the LAST package listed 
won't load properly. (makes no difference which one)  That is the part 
that confuses me.  If I switch the order for loading package X it is 
always the last one that doesn't work right.  Any other ideas?
This is weird, have you been able to check if there is by chance an 
invisible control character at the end of your lrpkg.cfg file.

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] COMING SOON: WDIST on floppy!!

[Erich Titl]

Sebastian

At 01:49 11.08.2003 -0300, Sebastián Aresca wrote:
Wait, wait, i still working to make WDIST to boot on 3 1/2 floppy disk.
The idea is to make a simple boot with wget.lrp and root.lrp.
After booting it will connect to http or ftp server to download the package
needed.
Then install it and run the daemons. To save the changes it will upload the
package
to the http o ftp server.
You may want to have a look at my modified backup script for this. It uses 
scp to save the files on server, you may have seen the parameters in the 
modified lrp.conf file

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: package list problem

[Erich Titl]

Ted

Theodore Wynnychenko wrote the following at 22:30 09.08.2003:
Erich:

thanks for the reply.  anyway, about switching from fd0 to fd1.  the
packages are loaded at boot, and syslinux.cfg is configured to use both
drives, so everything works as it should without me at a console. (i am not
sure if i answered or understood your question, but i hope the answer is
understandable)
I see, you have 2 drives, that makes a difference...


so, i was doing some looking on the web, and i quess it does matter where
the append line is, so i changed it, and syslinux.cfg became:
I believe having the append line at the end of the file is the canonical 
way, you may want to address the syslinux mailing list for details.


even if it is, any ideas what is going on when the append= line is added
befor the deafult linux line?
This is something the syslinux guys will know.

Glad it works for you

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Access to FTP to get LRP

[Erich Titl]

Sebastian

At 07:15 09.08.2003, Sebastián Aresca wrote:
Anybody thinks about it? ... This is a wonderfull idea ... now i forgot
about this fu.. kbytes in the floppy.
My Bering Router Disk only has the package root, libm and ftp
Then i download it from ftp and it work fine.
I have squid2 (350kb), ssh (250kb), zebra( 350kb), wireless (400kb)
and so much.
But the idea is to build a script that download the package by itself.
If anyone want to help everybody ... well ... post the script.
Here is the link to ftp.lrp and libm.lrp
I wrote an rload.lrp which allows to download additional packeges using a 
method of your choice, I use it on a single floppy firewall which gets the 
additional packages from an internal web server.

You can find it at 
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering/packages/

it requires a little patch to lrp.conf which you can find at 
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering/etc/

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] followup to interfaces / shorewall assist

[Erich Titl]

Greg

Greg Playle wrote the following at 17:31 03.08.2003:
Erich:

The output was something like this:
Variables
eth
/proc/net/dev
60
NICS = 1
Count = 0
Count updated
1
Devs = 1
expr [ 1 -eq 60 -o 1 -eq 1 ]
OK, the loop breaks here because we expect exactly one eth device and we 
found one. Now the question is why.

We get the variable $devs here

devs=`grep ${WHAT} ${WHERE} | wc -l`

and $NICS is

NICS=`grep ${WHAT} /etc/shorewall/interfaces | grep -v ^# | wc -l`

This looks to me like a correct behaviour.
The NICS are defined in the shorewall interfaces file, we are looking for a 
line with 'eth' which is not a comment, I guess that is right in your case, 
now the question stands why we are finding an eth interface in 
/proc/net/dev which would not respect configuration.

This is where you can continue digging should you be so inclined.

Try the following

grep eth /etc/shorewall/interfaces | grep -v ^#

this will give you the line in the shorewall interfaces file whic assert 
looks for. The next you could check is:

grep eth /proc/net/dev

This is the condition we check against. It looks like your set finds an eth 
before it is ready...:-(

Thanks

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] followup to interfaces / shorewall assist

[Erich Titl]

Greg

At 19:32 30.07.2003 -0600, Greg Playle wrote:
This is essentially what I ended up doing.  As Mr. Sturdevant observed,
card services do not come up in time.
I added a script at the end of the boot sequence in rc2.d that restarts
networking, dhcpd and shorewall, and suddenly Bob's your Uncle!
Basically the raison d'etre  for the assert script was exactly to prevent 
the interfaced not up situation. I would be interested on why it apparently 
failed. My own installation consists of 2 PCMCIA adapters, no ppp though, 
so the situation is a bit different. Would you mind to find out how long 
assert waits (if it does wait at all) and if not what happened exactly 
inside that tiny bit of code?

Thanks

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: VPN: How to establish connection with .p12?

[Erich Titl]

Tim

At 09:39 29.07.2003 -0400, [EMAIL PROTECTED] wrote:

...
If it were only that easy...
I'm connecting my Bering firewall to XYZ firewall, having only been given a
.p12 file...
...
Thank you very much for the suggestions.  Unfortunately, there are two
things complicating this:  1) I only have control of my side, and 2) I am
not generating the keys.
You might try to get a CRL from the authority that issued your pkcs#12 file

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] VPN: How to establish connection with .p12?

[Erich Titl]

Tim

you may also want to look into

http://www.drh-consultancy.demon.co.uk/pkcs12faq.html

At 17:14 25.07.2003 -0400, [EMAIL PROTECTED] wrote:

...
My biggest problem right now is how to set up Bering to accept the
certificates.  With SSH Sentinel, I have been given a single .p12 file.
With that, SSH Sentinel has everything that it needs to make the VPN work.
...

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Win32 -- Bering Network file access.

[Erich Titl]

Hi James

At 11:32 28.07.2003 +0100, James Neave wrote:
Hi,

Without using Samba2, what secure ways are there to gain access to files
on our corporate Bering box?
SSH allows us to administer it, but at the moment the only way we can
make print-outs of the rules is hacking it out of the floppy with
WinZip. Can you tranfer files across ssh?
see scp

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] followup to interfaces / shorewall assist

[Erich Titl]

Greg

At 18:14 27.07.2003, Greg Playle wrote:
Tom, Steve and George:
Thank you; the information you gave was helpful.
I checked a bit more; in short, eth0 does not come up on boot, 
but seems
to take a while--perhaps longer than Erich Titl's script allows.  I've got
to check more on the script, as I'm not sure it delays as long as needed.
Restarting networking, esp eth0, brings it up fine, and then I can
manually launch dhcpd, after which all responds as it should.  I'm able to
ping the eth0 address (192.168.1.254) both from itself and from another
machine (which obtained its IP from the dhcp server).
What I'd like to accomplish is having this all come up without 
having to
manually restart eth0 and dhcpd.
What I think is going on is that the version of Erich's script 
I'm using
doesn't wait 60 seconds, but runs to completion in about one second, so
eth0 is still not up before the boot process continues.  Since eth0 isn't
yet up, networking, therefore dhcpd, don't work either.  By the time boot
completes, eth0 is up, and manual restart of networking on eth0 and on
dhcpd work.
I guess you must have modified the assert script as it is written for 2 
interfaces and would run at a wrong init level.
I believe it does not run in your case for some reason difficult to 
diagnose unless you tell us more about the way you implemented it.
I am pretty certain your problems stem from the interface not being up and 
the assert script failing for some reason.
It does not have a backup routine, so it would be saved by etc I guess. So 
here is the stupid question, did you back it up?

regards

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] wireless LAN security

[Erich Titl]

Steve

At 11:24 18.07.2003 +1200, Steve Wright wrote:
Hi Folks,

What are we using to secure single point-to-point links? - viz WEP, but 
actually secure..

AIUI, Ad-Hoc mode must be used for backbones, but this leaves security to 
be done at the IP level - not really good enough.

I have read-up on IPSec, but that seems to be about tunneling all the 
routers to a central point, or maintaining multiple IPsec dedicated links 
per router, which is either horribly wasteful on bandwidth, or horribly 
complicated to configure/maintain.
I did a single tunnel to the internet some time ago using Bering 1.0 and 
FreeSwan 1.97. I intend to do a bit of a write up on that. Search the 
archives for Henry Psenickas set up, he built wireless encrypted PtP 
connections.

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Making DNSCache start before Shorewall

[Erich Titl]

James

At 13:05 09.07.2003 +0100, you wrote:
Hello all,

I'm trying to make DNSCache start before shorewall.
This is because I need DNS lookups in the shorewall rules file.
I spoke to a friend of mine and we changed the RCDLINKS in the init.d
files to the following
DNSCache
RCDLINKS=2,S45 3,S45 6,K45
Shorewall
RCDLINKS=2,S41 3,S41 6,K46
This will start DNSCache after Shorewall in init level 2

To make it start before Shorewall you could use
RCDLINKS=2,S41 3,S41 6,K46
this will result in an entry of

S41DNSCache in your rc2.d directory which should be evaluated before 
S41Shorewall

Make sure your DNSCache can access the uplink DNS server before Shorewall is up

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing  more.
Download  eval WebKing and get a free book.
www.parasoft.com/bulletproofapps

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid

[Erich Titl]

Vic

At 15:02 02.07.2003 +0800, Victor Berdin wrote:
Hello Everyone,

I needed to perform transparent proxying wherein
web clients
from both public and private net can access my
internal web
site.
Transparent proxying AFAIK is nothing but redirection of packets to the 
relevant port(s) to a proxy server. Relevant is the word here.



Now my problem is that, the setup ended getting
abused
as it was used to send spam all over. My IP got
black listed
on some sites and so on. An exact explanation of
what
happend is found here:
http://www.fr2.cyberabuse.org/?page=abuse-proxy
I am puzzled, I always thought spam was distributed using mail,e.g.SMTP, 
port 25, how exactly was your server abused?
Unless your Gateway was completely compromised I do not see how Squid was 
used to forward mail.

Please enlighten me

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] package remote install

[Erich Titl]

Hi everybody

I uploaded the package remote install scripts to  my CVS repository under

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering

In order to use it you need rload.lrp from the packages directory. 
Additionally you will need to patch /etc/lrp.conf and /etc/init.d/modutils. 
The patches can be found in the respective directories in my CVS path above 
(or will be found as soon as CVS gets updated). After installing rload.lrp 
and applying the patches to /etc/lrp.conf and /etc/init.d/modutils 
respectively you can configure rload using the parameters in /etc/lrp.conf. 
The patch to lrp.conf shows an example using wget to fetch the packages 
from a host on the internal network.

You will have to install your network drivers in /boot/lib/modules and 
declare them in /boot/etc/modules as illustrated in 
http://leaf.sourceforge.net/devel/jnilo/biaddrm.html#AEN772

This allows you to run a LEAF box on a single floppy and still have many 
packages loadable. Probably even a 1.44 MB floppy should be sufficient.

Let me know if anything is unclear and have fun

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: Trouble getting started

[Erich Titl]

Chris

Somerlot, Chris wrote the following at 17:21 25.06.2003:
Still can't get it going. I have loaded the module for the 3c509 driver,
(I'm using 2 ISA 3c509B cards) but only get 1 showing up in ip addr:
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:24:12:bd:9c brd ff:ff:ff:ff:ff:ff
No surprise, no address set hence no route

What does your /etc/network/interfaces file look like?`

...

Jun 24 21:53:30 firewall kernel: 3c509.c:1.19 16Oct2002 [EMAIL PROTECTED]
Jun 24 21:53:30 firewall kernel: http://www.scyld.com/network/3c509.html
There should be more here?

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Long time ago...

[Erich Titl]

Michelle

At 03:37 24.06.2003 +0200, you wrote:

I will try to get an 128kBit ADSL connection to put my Network online...
But need to find a dyn-DNS Provider where I can have up to three Domains
and very much more HOSTS... If possibel, with my own master-DNS
I use zoneedit, works OK for me, up to 5 domains are free

http://www.zoneedit.com

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Long time ago...

[Erich Titl]

Michelle

At 03:37 24.06.2003 +0200, you wrote:

I will try to get an 128kBit ADSL connection to put my Network online...
But need to find a dyn-DNS Provider where I can have up to three Domains
and very much more HOSTS... If possibel, with my own master-DNS
I use zoneedit, works OK for me, up to 5 domains are free

http://www.zoneedit.com

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Problems using vlan.lrp and bridge.lrp

[Erich Titl]

Jose

I do not understand much about bridges, so I am surprised that you would 
assign the same subnet 192.168.1.x on the eth1 adapters on both bridges.
I do not know how this could work so please someone enlighten me.
How could you prevent address collisions ths way?

Erich

At 09:02 24.06.2003 +0200, you wrote:
Hi, how everybody is doing?:

 I am having some problems trying to set a vlan with
the Bering rc4 distribution. I going to explain what I
did it and how, to see if anyone can find the problem
or the mistake, because I think I am following the
documentation pretty good.
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Trouble getting started

[Erich Titl]

Chris

please read this and provide the information requested there

http://leaf.sourceforge.net/mod.php?mod=userpagemenu=11page_id=4

thanks

Erich

At 06:09 24.06.2003 -0700, you wrote:
I'm using a P75 w/ 32mb ram and 2 3Com509 cards to try and setup a Bering
1.2 router box. I have one computer (a laptop w/ PCMCIA ethernet card)
attached to eth1 via a crossover cable, and I can't ping back and forth to
the router, or connect to the weblet, the ethernet card lights come on but
don't blink.  How do I know the connection is good, router setup correctly,
etc before I connect my cable modem to the router? The only thing I changed
on the router was to uncomment the 3C509 line in the module conf file,
backup and reboot.
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Booting and installing Bering using PXE

[Erich Titl]

Hi Jacques/Lynn

I was wondering if we could do some kind of hybrid set up which would fetch 
packages from a server (whatever method) after booting from floppy. I 
believe it should be possible to start a minimal LEAF installation, get up 
the NIC's and then load the big packages from the network. This would be 
beneficial for people wit NIC's without PXE and/or PCMCIA adapters.

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] URGENT- Network Card Help

[Erich Titl]

Hi

At 09:38 18.06.2003 +0100, you wrote:
Many thanks for all your help but having a BIG problem writing the Win32
disk images to floppy, just keep getting an error.
That applies to Bering 1.2, 1.1 and the stable release basically all the
ones I've tried. Ran the image.exe on win2K and XP.
Have you checked your drive and media ?

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] File downloads using weblet

[Erich Titl]

Hi Lee

I did this a few years back and had to do a refresh cycle on my memory...
It is important that echo treats all its parameters so the disposition 
needs quotes...

---
#!/bin/sh
echo MIME-Version: 1.0 (just a fake)
echo Content-type: application/octet-stream ; charset=us-ascii
echo Content-disposition: attachment ; filename=foo
echo
cat /etc/foo

of course you should set all as much information as possible in the MIME header

HTH
Erich
At 03:56 11.06.2003, Lee Kimber wrote:
Hi,

I've been tinkering with a weblet cgi script to download logs that I'm 
keeping on a spare hdd in one of my Bering systems. I've put an ash shell 
script in /var/sh-www/cgi-bin/.

I'm close... oh so close... but not quite there!
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] DHCP on PCMCIA interface?

[Erich Titl]

Greg

Greg Playle wrote the following at 22:47 14.06.2003:
This is a followup to earlier traffic, shown below.

My problem now seems to be the DHCP daemon wants to activate before the
PCMCIA card is available, so it cannot find interface eth0.
Running dhcpd at the command line promptly fires it up, and activates the
interface, and begins serving IP addresses.
DHCPD is started at S30 in rc2.d, so normally one would assume there was 
sufficient time to start the interface (done in S13). Unfortunately this is 
not always true. I wrote a script which waits for all interfaces defined 
for shorewall to come up or a certain timeout to not lock your entire 
system. It is run at S40, too late for your purposes but can easily be 
adapted.

You can find it at

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering/etc/init.d/assert

install it as /etc/init.d/assert, you have to change the RCDLINKS line to 
something more apropriate like

RCDLINKS=2,S30 3,S30 6,K30

Do not forget to back /etc up and restart your LEAF router

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Image file too long

[Erich Titl]

Jose

Jose Luis Abuelo Sebio wrote the following at 23:24 15.06.2003:
Hey, what´s up?

  I am using a normal bering 1.2 boot disk, but now I
need to add one module and another package (nicstar.o
and atmtools.lrp) and when I try to back up any
package or the floppy I don´t have space enough
because those files are too big. Is there any way to
make  a boot disk in two floppies, or I need to
install the module and the package everytime I restart
the system.
It's in the docs

http://leaf.sourceforge.net/devel/jnilo/bubooting.html#AEN1125

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] boot floppy to boot Bering cdrom

[Erich Titl]

Hi

At 09:13 11.06.2003 +0200, you wrote:

As far as I know, you can't. But you can always make an ISO-image yourself,
which contains those settings.
Do a search on building an ISO in the archives of this list, it has been
discussed many times.
-Original Message-
From: wing newton [mailto:[EMAIL PROTECTED]
Sent: dinsdag 10 juni 2003 23:52
To: Stefaan Van Dooren; [EMAIL PROTECTED]
Subject: RE: [leaf-user] boot floppy to boot Bering cdrom


Smart BootManager works but I have one of those Sony
VAIO laptop which does the random shutdown. I have to
issue append=apm=off no-hlt.. to make it work. Can I
do with it with Smart BootManager ?
It does not seem to have syslinux.cfg in the smart bootmanager floppy. I
need to add apm=off no-hlt before it starts to boot the ISO  from the CD.
Why is this so, could you not put it in the isolinux.cfg file when building 
the CD?

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] boot floppy to boot Bering cdrom

[Erich Titl]

Hi

At 17:00 09.06.2003 -0700, you wrote:
Greetings,

I don't have space on a single floppy for all the
packages. So, I create a bootable ISO Bering CD but my
pc does not support CDROM boot.
Is there a floppy image available to just allow me to
boot up from the floppy which then in turn to boot up
the Bering ISO from the cdrom ?
Basically all you have to do is to include the ide and cdrom modules in 
/boot/modules and /boot/etc/modules as specified in the Bering docs. You 
can start with a stock bering floppy, strip it down to the barest minimum 
and add the modules, then save initrd back to floppy, configure 
syslinux.conf to load the packages from the appropriate media and you are done.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] LEAF etherboot

[Erich Titl]

Henning

Henning Jebsen wrote the following at 10:39 05.06.2003:
Trying to load an etherboot which enables pcmcia and network drivers to 
load the final initrd/OS from a tftp server. My LEAF box is a notebook 
with only PCMCIA NIC's.


Hi Erich,
I did this before Not with pcmcia cards but normal NIC's. I loaded 
Kernel from floppy(lilo not syslinux)  and the filesystem from a tftp Server.
Feel free to ask ;-)
As far as I have learned until now is that etherboot builds some kind of 
bootstrap which can load a kernel image and other files using tftp or NFS. 
Unfortunately it does not seem to support PCMCIA devices, so it looks as if 
I am stuck with either my 2 floppy set up or find a suitable DoM

Thanks

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Improving wireless link

[Erich Titl]

Charles

As Steve pointed out, distance is one key element. Could you tell us a bit 
more on your installation like distance, antennas used e.t.c.
My installation does not really apply, although I have fine bandwidth with 
Lucent/Avaya cards and 14 dB external antennas. Distance in my case is 
ridiculous, only about 300 metres.

The only additional layer I applied was IPSec to tunnel traffic.

Henry Psenicka posted some Information a few months back and there was an 
article in SysAdmin onhis wireless installation.

cheers

Erich

At 22:51 04.06.2003 -0500, you wrote:
Steve Wright wrote:
Charles,
On the basis that there is some distance involved ;  (an assumption)
My understanding is that some of the cheaper (dlink in particular) 
wireless gear has 'timing issues' when the A/Ps are physically far apart.
In the extreme, you will have to go to a proprietry fix, viz turbocell, 
or replace the A/Ps with something a little more tolerant of distance.
802.11 was never intended to travel great distances.  Indeed it was part 
of the 802.11 specification to actually prevent (ha ha) this from 
happening - the reason for the proprietry RF connectors.
In summary, many standard 802.11 wireless cards will do great distances 
without getting flaky, but I have heard that the dlink gear is not of 
that category.  Other cards such the Orinoco PC-cards combined with 
turbocell work very well indeed at distances up to 20km, and provide true 
data rates in the order of 9MBit/sec (I am told).  I don't like the idea 
of proprietry *anything*, and I wish there was an open-source 'turbocell'.
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] syslinux question: putting bering on a diskonchip

[Erich Titl]

Steve

Steve Wright wrote the following at 20:40 04.06.2003:
Erich Titl wrote:

Have you ever tried that on a PCMCIA card?

Putting an lzdsk boot image on one ?  no.  haven't.  What are you thinking ?
Trying to load an etherboot which enables pcmcia and network drivers to 
load the final initrd/OS from a tftp server. My LEAF box is a notebook with 
only PCMCIA NIC's.

I looked into the etherboot FAQ's and this seems to be an open issue.

cheers
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] bering IDE driver problem

[Erich Titl]

Marc

Marc E. Fiuczynski wrote the following at 18:35 04.06.2003:
I followed the instructions to put the IDE drivers into initrd.lrp of the
bering floppy. Unfortunately, this doesn't seem to work with my disk-on-chip
IDE drive (even though this drive can be accessed just fine via a linux
rescue floppy).
In the dmesg information shown below there are two lines stating detected
chipset, but driver not compiled in!. However, when checking with insmod,
the ide-disk.o, ide-mod.o, and ide-probe-mod.o files have all been loaded.
These modules are listed in the boot modules files, so they should have been
insmod'ed in before the kernel does these tests. Any way, can someone shed
light onto what might be going on or wrong here?




...
Jacques pointed to the DoC drivers, if that is not the proble you might 
want to look at...

PIIX: neither IDE port enabled (BIOS)
HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] syslinux question: putting bering on a diskonchip

[Erich Titl]

Hi Marc

Marc E. Fiuczynski wrote the following at 19:27 03.06.2003:
I am using a linux rescue disk to copy over a bering distribution to the
disk-on-chip device.
If the system reconizes the disk as an IDE device, I would believe it. Some 
time ago I had difficulties running syslinux on my bering system. IIRC it 
was due to a permission problem. I used an old DOS disk then to prepare my 
DoM and it went smoothly (actually I am a little ashamed to have to resort 
to a M$product to do that, but then, resources are resources)

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Fwd: Re: [leaf-user] syslinux question: putting bering on a diskonchip

[Erich Titl]

From [EMAIL PROTECTED]  Tue Jun  3 23:06:08 2003
Date: Wed, 04 Jun 2003 09:05:59 +1200
From: Steve Wright [EMAIL PROTECTED]
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513
X-Accept-Language: en-us, en
To: Erich Titl [EMAIL PROTECTED]
Subject: Re: [leaf-user] syslinux question: putting bering on a  diskonchip
Erich Titl wrote:

Hi Marc

Marc E. Fiuczynski wrote the following at 19:27 03.06.2003:

I am using a linux rescue disk to copy over a bering distribution to the
disk-on-chip device.


If the system reconizes the disk as an IDE device, I would believe it. 
Some time ago I had difficulties running syslinux on my bering system. 
IIRC it was due to a permission problem. I used an old DOS disk then to 
prepare my DoM and it went smoothly (actually I am a little ashamed to 
have to resort to a M$product to do that, but then, resources are 
resources)
If people feel strongly about using a ms product to do this (I would), 
then this is what I do.

On my old RedHat 7.3 I have installed LTSP, a thin-client terminal server 
package.  This allows me to boot any old piece of junk on my local LAN as 
a thin client.

I hacked the base LTSP installation so the thin-clients run with a 
modified /etc/passd - with an entry for a root login.

Now it is completely trivial to bring along any i386 LEAF router, plug 
into LAN, etherboot/PXE boot as a thin terminal (local HDD/DOM not used), 
load IDE modules, mount DOM, and copy across what ever I need, unmount, 
sync, reboot, test.  Dead easy, and fast.

Further hacking of the LTSP code would likely render a complete 
development environment for DOM-type routers.  /niiice/.  If anyone wants 
to build such a thing, I would be happy to assist as I know LTSP quite 
well.  I'm a bit busy to do it ALL myself right now.  8-)

http://ltsp.org
http://k12ltsp.org

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Kernel panic-syslinux.cfg no good

[Erich Titl]

Glenn

First of all, which distribution are you referring to?

glenn greenfield wrote the following at 02:27 01.06.2003:
I thought I had followed the instructions but I apparently missed 
something here.

VFS Can't find Minix blah...on dev 02:00
LINUXRC: Installing - root: root(nf!) etc(nf!) local(nf!) modules(nf!) 
keyboard(nf!) iptables(nf!) pump(nf!) shorwall(nf!) ulogd(nf!) dnscache(nf!)
weblet(nf!) - FINISHED
Ok it says here that it cannot find your lrp files.

cat: /var/lib/lrpkg/root.pn.links: No such file or directory
cat: /var/lib/lrpkg/root.log.links: No such file or directory
No real surprise after your previous errors.

I'm not booting from cd so I'm not sure how to use that info. and I 
haven't removed the LRP variable.  I am only using one floppy so the PKGPATH
should be correct.  The disc is in fact a 1680:msdos.
It does not only apply to CD lrpkg.cfg. The reason to use lrpkg.cfg is that 
the configuration line in syslinux.cfg is limited to IIRC 256 characters. 
If you have many packages this is a real limit.

display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 
boot=dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680
LRP=root,etc,local,modules,keyboard,iptables,pump,shorwall,ulogd,dnscache,weblet
This looks pretty OK to me, so are you certain your hardware 
(floppy,floppydrive) is OK? Do you have space left on your single floppy?

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Problem using ftp!

[Erich Titl]

Hi Samuel

Samuel Abreu de Paula wrote the following at 22:01 30.05.2003:
Hi, i have 2 station connected to each other via Orinoco Wireless cards, 
using Bering 1.0...
But the problem is i can't list directories in ftp connections!

Im not denying nothing, and the Bering 1.0 has the ip_nat_ftp modules of 
netfilter right???

What can be the problem???
Did you look at the shorewall logs? It might be that there is traffic blocked.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] add PCI USB expansion card, USB memory stick to Bering box

[Erich Titl]

Hi

Apacer has the Europe headquarters in the Netherlands, you could probably 
get a DOM easily there and that is the most versatile storage I can think 
of in a LEAF box.

Erich

H.G. Bekker wrote the following at 19:29 30.05.2003:
Hi,

That might be an alternative. However I have some problems locating the
equipment in the Netherlands. But I will keep it in mind. Thanks!
Chera Bekker
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Problem with iptables

[Erich Titl]

Tom

At 15:31 27.05.2003, Tom Eastep wrote:
On Tue, 27 May 2003 15:14:32 +0200, Erich Titl [EMAIL PROTECTED] wrote:

Christophe

At 15:05 27.05.2003 +0200, you wrote:
On Tue, 27 May 2003 14:52:40 +0200
Erich Titl [EMAIL PROTECTED] wrote:
 I am not aware that you can use a parameter in the rules file.
You can use shell variables in ANY Shorewall configuration file...
Thanks for making that clear

Erich


-Tom
--
Tom Eastep\ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA  \ [EMAIL PROTECTED]
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] ipsec.lrp and KLIPS

[Erich Titl]

Hi

You will have to load ipsec.o from the corresponding module tree. Maybe 
another request to put this into ipsec.lrp helps.

HTH

Erich

Charles Steinkuehler wrote the following at 18:53 05.04.2003:
Steve Bihari wrote:
Hi All,
When I try to load ipsec.lrp I get a message about the kernel not having
KLIPS compiled in.  I didn't think this was required for S/WAN.  Also,
it complains that it can't find ipsec.o   I currently compiled ipsec
support directly into the kernel.  Can I not avoid having to use the
module?
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] orinoco stuff for 2.4.18

[Erich Titl]

Hi

has anyone compiled the (latest) orinoco drivers (hermes.c orinoco.c 
orinoco_cs.c) for Bering1.0-stable kernel 2.4.18. I believe I need the 
latest drivers for the 8.72 firmware.

Thanks

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Booting VIA EPIA Mobo with Isolinux

[Erich Titl]

Julian

Julian Church wrote the following at 17:24 04.04.2003:
At 00:06 04/04/03 +0200, Erich Titl wrote:
...
Victor McAlistair pointed me at a post he produced about a month ago that 
explains another method for making a Bering boot CD - I think that should work.

The syslinux guys will certainly have more experience as this is not 
strictly a LEAF problem but one of a rather generic nature.
Thanks - I just joined the Syslinux list.  It sounds pretty hopeful that 
I'll work something out soon.

please let the list know, we all may run into such a board one day.

good luck
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering Ipsec and Shorewall rules

[Erich Titl]

Simon

At 14:07 03.04.2003 +0100, you wrote:
Please can someone confirm whether the Shorewall Tunnels file internally
manages the UDP Port 500 and Protocols 50 and 51?
Or do I need to create rules?

I have created the tunnel files as per documentation on the Bering site and
Shorewall. But I am currently unable to get ipsec working between two
firewalls. I am assuming at this point that something is blocking the path.


It is best if you tell the list what _exactly_ you did. Even if you made no 
errors at all (to the best of your knowledge) it is quite difficult to 
answer such a general question without knowledge what happens _exactly_.
Being unable to get ipsec working is not what I would call an exact 
description of an error.

Maybe you should consult your log file for shorewall entries, and you may 
want to reset the counters in the iptables and see where messages go through.

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering Ipsec and Shorewall rules

[Erich Titl]

Simon

Simon Chalk wrote the following at 22:33 03.04.2003:
Hi Erich,

I did not want to go into detail, until I understood the operation of both
shorewall and ipsec. I am still a little confused about shorewall, but the
key seems to be the tunnels file.
ipsec was failing and I assumed it was shorewall. It turns out that it
wasn't shorewall at all, but the configuration of ipsec.conf.
I believe everyone setting up ipsec for the first time is in the same 
league, as an earlier post today mentionned you really have to follow the 
instructions to the letter. My first attempt was of course one that no 
textbook mentioned to start with, connecting to a commercial low end 
firewall (Zywall). You can imagine how many hours I poked my nose in the 
process.

Glad you got it up working.

Good luck
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Booting VIA EPIA Mobo with Isolinux

[Erich Titl]

Julian

Julian Church wrote the following at 16:37 03.04.2003:
Hi All

I'm attempting to put together a CD-based Bering firewall on a computer 
based around a VIA EPIA 5000 motherboard.

To try out my new motherboard, I tried an existing Bering CD from another 
firewall I use (Bering 1.0 I think).  I get the following error very early 
in the boot process:

...

Otherwise, can anyone give me any general pointers?
Would a newer version of isolinux help?  How about varying the isolinux 
settings when I generate the disk image?
How about alternatives to isolinux?
I don't know how you created the CD, but there are certainly several 
possibilities you can play with, either in native (isolinux) mode or to use 
a cd boot image. The syslinux guys will certainly have more experience as 
this is not strictly a LEAF problem but one of a rather generic nature.

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering Ipsec and Shorewall rules

[Erich Titl]

Simon

Tom has really written a very nice documentation, read more

Simon Chalk wrote the following at 23:54 02.04.2003:
Hi Tom,

I had read this doc prior to posting. It reads

a) Open the firewall so that the IPSEC tunnel can be established (allow the
ESP and AH protocols and UDP Port 500).
a) Open the firewall so that the IPSEC tunnel can be established (allow the 
ESP and AH protocols and UDP Port 500).

b) Allow traffic through the tunnel.

Opening the firewall for the IPSEC tunnel is accomplished by adding an 
entry to the /etc/shorewall/tunnels file.

...more explanation

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html