RE: [leaf-user] QOS setup under Bering 1.2
Joey I am using tc only (not qos-htb) with the wondershaper as documented on the shorewall site. To start with, it failed too with IIRC similar problems. I finally had to dig into the wondershaper code and found ash arithmetic problems settting up the tc commands. So I believe it is not tc causing the problems. HTH Erich At 01:28 16.12.2003 -0600, Joey Officer wrote: Been doing some reading, and I found a couple of interesting bits. What appears to be a somewhat current HTB home page, with a fair amount of documentation: http://luxik.cdi.cz/~devik/qos/htb/htbfaq.htm Additionally, from the FAQ: RTNETLINK answers: Invalid argument and tc parameters are correct THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Sean At 10:02 15.12.2003 -0500, Sean E. Covel wrote: Please stop me before I go running off down the wrong road!!! Here's the situation: My sister-in-law is dying to get herself a laptop and WIFI. They already have a cable modem and a virus-laden P2P, chat, teenager PC in the house. They have no firewall currently. She can never get on the PC, so she wants a laptop she can use anywhere. Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Only IPSEC connections would be allowed in the DMZ. I'm recommending she go with 802.11g so there is enough bandwidth left after IPSEC to do some useful work. Does this make any sense? Has anybody done it? Can a WAP passthrough IPSEC? I looked into adding a WIFI card to Bering but 802.11g cards are not well supported, AND I don't want to become full-time tech support for this configuration. You can easily use 802.11b, which is currently supported (and cheap), unless you need high speed access to something on your local LAN. I am running an encrypted tunnel between 2 WLAN connected sites on derelict Pentium hardware and I am saturating easily the WAN uplink. Even with 802.11g, a bad radio link does not give you good speed, so you best check out the site. Good propagation conditions is the keywword here, which partially translates to good antennas/cabling. For Windoze IPSEC set up you can look up the freeswan users mailing list (unfortunately down at the time being :-( ) HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Static route
HI At 15:14 12.12.2003 +0100, you wrote: Hallo LEAF World ! Can someone tell me where I should put a static route so that it survives a reboot ? I have a subnet in the internal network - all works fine with Shorewall masquerading but I am not familiar enough with this Linux to know the best place to put my route add... staement. add it to /etc/network/interfaces similar to # Step 2: configure internal interface # Default: eth1 / fixed IP = 192.168.1.254 #auto eth1 iface eth1 inet static address 194.124.158.99 masklen 24 broadcast 194.124.158.255 up ip route add ... HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ot] pcengines purchase pooling
Hi Folks Sorry it you consider this abusive, please don't flame.. slight commercial I am faced with the decision to buy a batch of small router hardware (the pcengines http://www.pcengines.ch/wrap.htm stuff I was flaming about lately on the developers list). Of course OEM prices vary a lot depending on the batch size. So if anyone is interested in pooling orders please let me know. I will pass the naked boards at my own cost. BTW... I am considering the 2 port models. /slight commercial cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] pppoe internet connection terminates -- howto restart/redial
Alex At 09:02 11.12.2003 +0100, you wrote: I'm curious how to get pppd to auto redial when my connection dies. snipalot Just respawning the pppd is not sufficient, I had times when pppd ran and the ppp0 interface was visible but did not have an IP address. IMHO the pppd should be changed that so it never quits, doesn't run twice on the same interface and retries constantly. Any chance running pppd from init, letting it respawn if it goes away? Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: Bering/IPSec/WiFi/Win2K/Shorewall (update)
Lynn, Christopher At 21:51 09.12.2003 -0600, Lynn Avants wrote: On Saturday 06 December 2003 05:37 pm, Christopher Harewood wrote: Lynn: I've read about the differing subnets; in fact, it was your doc that has helped to get me thus far. However, changing the laptop IP to 192.168.3.9 produces the following result: I haven't set the Wifi/Ipsec connection up, But Erich has successfully. I would check the list archives for that conversation, IIRC, he posted some information on how he got this connection working. Indeed I have a connection up to the NET using wifi, this is the network topology, if this is of any use... Big Bad Net | Zywall 65x router NATting to a /29 subnet 192.168.1.1 - subnet 192.168.1.0/29 192.168.1.6 Bering 1.0 router 192.168.10.1 . . Wireless connection using Orinoco cards and directional antennas from hyperlinktech encrypted using FreeSwan 1.96 . . 192.168.10.2 Bering 1.0 router 192.168.20.1 | subnet 192.168.20.0/24 HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] PPPoE Bering qpopper = unable to get emails.
Hi At 21:15 10.12.2003, Dmitri Gofmekler wrote: Hi, Encountered some strange problem, when I'm using Bering and his pppoe package, all connections to my mail server (qpopper installed, server filtered by his own ipchains, opened only 25 and 110 incoming ports) are timed out, seems that authorization is ok, but data does not sends. All other PPPoE soft, includeing rp-pppoe work well, coyotelinux works well and another mail serwers works well to, only this combination. Anyone has an idea? Possibly a MTU size problem. Did you set CLAMPMSS=Yes in /etc/shorewall/shorewall.conf HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (Fwd) IPSEC route question war : Problem with manual IP route commands in
Simon Eric Wolzak wrote the following at 22:39 10.12.2003: Hello SImon, I am not that experienced with the ipsec so U forward this to the list again --- Forwarded message follows --- From: Simon Chalk [EMAIL PROTECTED] To: Eric Wolzak [EMAIL PROTECTED] Subject:RE: [leaf-user] Problem with manual IP route commands in Start file Date sent: Wed, 10 Dec 2003 11:19:35 - Hi Eric, I have now discovered that the shorewall start file is not a good place to put my ip route add commands. I am adding a manual route through the ipsec0 interface and I think shorewall is loading before ipsec, so the ipsec device is not known at this stage. Let me ask you why you need to add an additional route through the tunnel instead of including this in the tunnel definition. IPSec will happily add those routes for you. If this is not possible at all, you will probably have to look at the leftupdown/rightupdown parameter for the connection. Else the FreeSwan list is quite active and has many experts. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] open socket
Felix At 09:28 05.12.2003 +0100, you wrote: Hi Erich, my server is out side. I make connection in my c prog. like this rc = connect(sd, (struct sockaddr *) servAddr, sizeof(servAddr)); before this I called 1. gethostbyname was ok 2. socket also ok 3. bind port was also ok Just the connect is fail... :( What errno? I've already add the rules ACCEPT fw net tcp 90 ACCEPT net fw tcp 90 ACCEPT fw net udp 90 ACCEPT net fw udp 90 but I still get connection reefused. what do I wrong? The shorewall set up should work fine Try telnet myserver.whatever.dom 90 from inside your firewall? This should work in any case and would show that your connection is working at all. Then try your homegrown program from the inside HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] open socket
Felix At 15:01 04.12.2003 +0100, you wrote: Hi Everyone, I've a problem to open a socket from my Bering-Box to my server via IP and Port 90. I can ping to my Server from my Bering-Box. But if I start open the socket I just get connection refused... Does someone can help me? Probably blocked by the firewall Did you read the Shorewall docs? You will have to allow the respective port from the firewall to the destination zone, something like ACCEPT fw loc tcp 90 in /etc/shorewll/rules. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DNS Redirection
Joey Joey Officer wrote the following at 15:45 04.12.2003: I am setting up a wireless card under Bering and I wanted to provide limited access to it. But because I know that eventually the WEP will be cracked and someone will get an IP address from the DHCPd server, I want to know if I can redirect all traffic from (example) 192.168.2.0 except 192.168.2.205 to goatse.cx Basically, I'm setting up a gateway for a friend or two, who I'll assign IP addresses to via MAC address. Anyone else I want to be able to only get to a single point. Has anyone done anything like this? Maybe noCatNet will do this (maybe its overkill) Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] lrpstat and shorewall
Al At 23:53 20.11.2003 -0500, you wrote: I'm trying to get weblet w/lrpstat to work on a Bering 1.2. I have weblet working and I can access the netmon.html page correctly. However, it has no data. If I shutdown Shorewall data starts coming in. I thought they both used the same tcp 80 port but I guess not. I can only guess that a different port is used. Does anyone know what's going on? Only a guess, shorewall will flush its output buffers at shutdown. You will probably have to look at the way lrpstat implements the shorewall status. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] cdrom boot problem
Al At 18:50 18.11.2003 -0500, ALParada wrote: Looks like I finally got it booting from the floppies. I do however, have two errors: I am getting an error just before the login prompt: cp: unable to close '/etc/dnscache/root/servers/@' : No space left on device. When I try to restart dnscache I get the same error. When I ps -aux, dnscache doesn't show up. The second is with squid: I can find the squid files if I look for them but it doesn't show up as a package. It does load during boot-up just doesn't show under packages. Squid also shows up as a backup option. Is this normal? Do a df on your running system, is there a mounted partition which shows 100% full? It is possible that the allocated memory for your system disk is insufficient. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] cdrom boot problem
Al At 19:23 17.11.2003 -0500, ALParada wrote: Hello, I'm trying to get Bering 1.2 to boot from the CD. I would also like to keep a few packages on the floppy since I'm not finished with them yet and i'm still making changes. I have gotten as far as getting the CD to boot and I have a working config just like the floopies. However when it gets to the point of loading the packages it looks briefly at the FD and then just goes from the CD. I tried adding a package:F to the isolinux file but to no avail. I tried adding an lrpcfg file to the file with the new packages and the same thing. It looks like it goes to read the FD finds nothing and goes on it's merry way. If I use the individual floppies it works and like I said the CD also works. Am I missing something? Does it not work the way I think it does? Below I have included the contents of the isolinux.cfg. And yes it is on one line. I am doing the same, only never specifying the forward vs. reverse order of loading explicitly. It takes a bit more time to load but seems to work correctly. display syslinux.dpy timeout 0 default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/cdrom:iso9660 PKGPATH=/dev/cdrom:iso9660,/dev/fd0:msdos LRP=root,etc:R,local,modules,iptables,libz,sshd,shorwall:R,snort:R,dnsca che,tinyprox:R,sftp,ulogd,weblet:R,squid_2:R - you should probably use /dev/fd0u1680 as floppy device (assuming you are using 1680K floppies) HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN shorewall options
Troy At 19:45 16.11.2003 -0600, Troy Aden wrote: Hello yet again, Sorry to be a bother. I have searched the Freeswan docs for any reference to the fswcert command with no luck. I need to know what command I should be using instead of the fswcert command. I did find a reference to it here http://cert.uni-stuttgart.de/archive/debian/security/2002/04/msg00160.html But that does not tell me much. Read again On Tuesday, 2002-04-09 at 00:03:20 -0400, Noah L. Meyerhans wrote: On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote: the fswcert tool, which is used to extract private key from certificate was before in freeswan package. I was not able to find it in 1.95 version of freeswan. Anyone knows why it has been removed ??? Because it's no longer needed. The Debian freeswan packages can use certs directly. Some stuff in /usr/share/doc/freeswan will help you figure out how to use them. It is no longer needed, current SuperFreeS/Wan (Berin 1.2) versions can handle certificates, no need to extract the key. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering and traffic control
Hi everybody Has anyone succeeded using traffic shaping in Bering 1.2 I am using the wondershaper and try to load it in shorewall. Here is what I get right from the start tc qdisc add dev eth1 root handle 1: htb default 20 RTNETLINK answers: invalid argument Is this tc compatible with the kernel? Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] shorewall set up, was Bering 1.0 - 1.2 Upgrade (continues) 1/2
Hi At 19:45 16.11.2003, Richard Doyle wrote: Paul's original problem was a Shorewall misconfiguration. Bering Shorewall is configured for two ethernet connections: an external connection on eth0 and an internal connection on eth1. Paul has an external connection on ppp0 and an internal connection on eth0. The problem was solved by modifying /etc/shorewall/routestopped and /etc/shorewall/masq to fit his network (replacing eth0 and eth1 with ppp0 and eth0). I would recommend to use the params file for the shorewall set up. Then one can define the interfaces and related parameters in the params file without having to meddle with the setup in the other files at all. This might avoid confusion. my $0.02 Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN shorewall options
Troy At 21:35 13.11.2003, Troy Aden wrote: Thanks for getting back to me. I have run into problems with one command in the IPSec procedure. Snip Make your ipsec server certificate # openssl req -newkey rsa:2048 -keyout serverKey.pem -out serverReq.pem # openssl ca -policy policy_anything -in serverReq.pem -days 1825 -out serverCert.pem -notext # openssl x509 -in serverCert.pem -outform DER -out x509cert.der # fswcert -k serverKey.pem ipsec.secrets Snip The fswcert line gives me an error saying that the command is not found. With recent versions of freeSWan this is not needed anymore, please see the FreeS/Wan docs for details. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF on compact flash
Brock this is kind of late, being off the list for a while... At 23:30 30.10.2003, Brock Nanson wrote: Lynn, I now use the dd command regularly. Once I have a working image, I dd it off the CF for safekeeping, in case I ever need to create another (RSA keys are a PITA to cut and paste etc.) should the first fail. As far as using different size CF, I dd'd an 8MB image onto a 16MB card the other day (none of my 8MB cards could be recognized in this particular box). No issues that I saw. When I took my usual completed copy for backup, the new image was 16MB. Go figure! ;-) So I don't think there are too many issues associated with this. I have yet to have a dd'd CF fail on me. I'd like to hear more about how the earlier poster dealt with the read-only issue. I'd like to find a way to write protect the CF once the config is all done. I believe this was discussed a few times in the past, but I don't know if anything was ever resolved. There are a few HW products which allow write protection, you can find them in the archives. One SW solution which IMHO is pretty attractive is to remove the IDE modules from the kernel and the /boot/modules directory at the end of the init process. This requires the installation of new modules before anything can be done to the IDE devices. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] many non contiguous subnets on the same interface
Lynn maybe my drawing was not completely clear. The outer firewall is NATting whereas the inner is routing to keep the DMZ and the secure network apart. We were planning to provide server hosting for remote networks but the design included dual hosted servers with a SAN device on the seconf dentwork. I thrashed this for secuirity reasons because any attacker on the remote parts of the net would automatically be invited to the sacred shrine. Anyway, last office day today, tomorrow sailing along the Lycian coast. Hope to hear from all of you in 2 weeks time And Thanks Erich At 19:40 23.10.2003, Lynn Avants wrote: On Thursday 23 October 2003 02:50 am, Erich Titl wrote: [...] There is no NAT on the inner firewall, but then there is no NETBIOS traffic either through the firewall. Hmmm... so it is running proxy-arp on the inner firewall (assuming this is the only way you can filter w/o routing). I know that routing is going to be tricky, we will probably drop the extrudet subnet idea as it is too big a security risk to have a subnet extended right into the heart of our secure zone. Yeah, if the firewall is answering a /16, then it is likely not the best idea to keep them on the same subnet. It might be a better idea to proxy-arp the DMZ and route/NAT the internal net which keeps the DMZ on a seperate subnet behind the firewall. -- THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Thompson SpeedTouch 330 USB and Bering
Michelle Michelle Konzack wrote the following at 23:51 23.10.2003: Hello, I have tried to make Bering usabel for the Thompson SpeedTouch 330 USB but the Floppy is too small !!! I have only 120 kByte free on the Floppy. Does anyone has done this and HOW ? Need only the ADSL/USB-Stuff with 3c59x.o, 3c509.o 3c515.o and pcnet32.o I have a Bering system with only one floppy which loads additional packages from a server on the local net at init time. Look for rload in the archives, you can find it at http://cvs.sourceforge.net/viewcvs.py/leaf/devel/etitl/bering/packages/ But there is a second problem: Whenever I try to load the 3c509.o 3c515.o and pcnet32.o I get symbol errors... Maybe release mismatch? HTH Erich (off for a forthnight) THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] many non contiguous subnets on the same interface
Lynn At 23:56 22.10.2003 -0500, Lynn Avants wrote: On Wednesday 22 October 2003 02:26 am, Erich Titl wrote: Hi I am deploying Bering 1.2 systems as firewalls/VPN tunnel endpoints to build what they call extruded subnets in freeswan jargon Here a little bit of ASCII art client net 10.230.60.0/24 (for historical reasons) ¦ 10.230.60.1 Bering / customer VPN endpoint xx.xx.xx.xx (any old public address) internet xx.xx.xx.xx (any old public address) Bering / outer firewall / NAT / VPN endpoint 192.168.180.1 DMZ 192.168.180.0/23 192.168.180.2 Bering / inner firewall / 2 or 3 NICs 192.168.52.1- | internal subnet | 192.168.52.0/22 Your largest problem is going to be routing unless the router is on a 192.168.0.0/16 subnet. Your NetBIOS traffic can't be routed on a /24 or through the second stage of NAT (between the DMZ/internal net) without NAT-transversal. There is no NAT on the inner firewall, but then there is no NETBIOS traffic either through the firewall. I know that routing is going to be tricky, we will probably drop the extrudet subnet idea as it is too big a security risk to have a subnet extended right into the heart of our secure zone. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] many non contiguous subnets on the same interface
Hi I am deploying Bering 1.2 systems as firewalls/VPN tunnel endpoints to build what they call extruded subnets in freeswan jargon Here a little bit of ASCII art client net 10.230.60.0/24 (for historical reasons) ¦ 10.230.60.1 Bering / customer VPN endpoint xx.xx.xx.xx (any old public address) | internet | xx.xx.xx.xx (any old public address) Bering / outer firewall / NAT / VPN endpoint 192.168.180.1 | DMZ 192.168.180.0/23 | 192.168.180.2 Bering / inner firewall / 2 or 3 NICs 192.168.52.1- | | | internal subnet | 192.168.52.0/22 | many extruded subnets in the 10.230.xx.xx range The idea is to route the path to the various extruded subnets from the tunnel endpoint on the outer firewall through the DMZ wire to the inner firewall and then to the respecive subnet. - I probably need to assign ip aliases for each subnet to the NIC connected to the extruded subnets. - I need to add routes for each subnet on the outer and the inner firewall Is there a canonical way to add many routes and many ip aliases to such a box? Does this make sense at all? Thanks for comments Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem IPSec with Bering
Mikael At 14:29 17.10.2003 +0200, Mikaël PLOUHINEC wrote: ... # connection de test entre Bic et Exodus conn Bic-Exodus left=%defaultroute leftsubnet=192.168.1.0/24 leftnexthop= leave away or enter sensible value... right=172.16.10.4 rightsubnet=10.0.0.0/8 rightnexthop=gateway of the second router auto=start authby=rsasig leftrsasigkey=0sAQOKGduouVCa7t6wwdgCbdJfT7q7eH59KBU8Cey6Ikohq3FQffLKIhvbihcklXX91ZZXzXADRkagdyDkJ9dqCp7RHiiQOd1gRI3Gf4m1d9ZFHv0gm0oHnVBjqJwA+whugOQDCEh3Ya884y2qdz7cW+2VYfTehWwFVw+JVTMNSKv/hw== rightrsasigkey=0sAQOH3JtWlFtIDdAmhgcUz2U+jqEP7iyUTz6pO03hB++wQYMY2JI2d5PgC96HTs0DdLrJAgAcwjRJ4vSSOZejifbQVCCIFVmbWImdoh8BB5IOizW/Jkerp6Mr3L+VlBUoUCPAWrx5OvqcBsIuP7ySy9CgtrJc1YkFc0cV9tMQvkbgGQ== The ipsec.conf on the second router is : # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: none for (almost) none, all for lots. klipsdebug=none plutodebug=all # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # connection de test entre Bic et Exodus conn Bic-Exodus left=172.16.10.1 leftsubnet=192.168.1.0/24 leftnexthop=gateway of the first router right=%defaultroute rightsubnet=10.0.0.0/8 rightnexthop= leave these away or add sensible values... auto=start Make one of the gateways auto=add HTH Erich --- This SF.net email sponsored by: Enterprise Linux Forum Conference Expo The Event For Linux Datacenter Solutions Strategies in The Enterprise Linux in the Boardroom; in the Front Office; in the Server Room http://www.enterpriselinuxforum.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Compiling for Bering 1.2 and Bering uClibc
Hi At 17:41 16.10.2003, James Neave wrote: Hello All, Compiling for Bering 1.2 and uClibc. Is it *only* possible to compile for Bering 1.2 with a Debian/slink installation? Or can I take, say, Mandrake 9 and compile with a target OS? Just tell it which Glibc to use for instance. And install a different gcc. Will that work? Yu have several choices. 1) UML 2) Chroot to the slink environment, look at Lynn Avants' description/tool. 3) Build your own environment with the necessary compiler/library settings. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Kernel development (module compile)
Hi Sebastian At 08:14 11.10.2003, Sebastian A. Aresca wrote: ... debian:/usr/src/super-freeswan-1.99.6.2# make menugo ok all right. but then what? if i copy the bzImage to the floppy the system start but i want to compile the module using the kernel 2.4.20. cd /src/linux ; make modules HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: ncurses5.lrp in Bering 1.2 (Ray Olszewski)
Felix At 09:36 10.10.2003, Felix Theodor wrote: Hallo Ray, actually I just want to implemented a small programm that allowed the user easyly to change the provider information suchs MSN, REMMSN, USER and PWD. So I started with... #include stdio.h #include stdlib.h #include curses.h int main() { initscr();/*curses initialisieren*/ endwin(); return 0; } in Redhat there is no error. Just when I start it in Bering 1.2 with ncurses5.lrp I got that error message: It's been a long time since I last programmed anything using curses but whatever, let me try a wild guess. What do you have in your TERM variable? 'Linux' by any chance? Do you have terminfo descriptions for 'Linux', be aware of the case sensitivity here. The stock ncurses package only knows 'linux' not 'Linux'. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] running a externel program after LEAF ist starting
Hi At 09:33 06.10.2003 +, Phuoc Nguen wrote: Hallo! I have another question. ist it possible to start a external programm after starting LEAF? if possible how can I do this? You could run it from an /etc/init.d/whatever script. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] running a externel program after LEAF ist starting
Hi At 15:44 06.10.2003, Phuoc Nguen wrote: Hi Erich, can you give me a Example? I'm absolute beginer... One that looks pretty basic to me is /etc/init.d/ntpdate... This is used to run the ntpdate program once at system start. You can find it in the ntpdate.lrp package tar tzf ntpdate.lrp etc/init.d/ntpdate will show you the path to this file. You will need some basic shell scripting knowledge to understand this. #! /bin/sh RCDLINKS=2,S51 error () { echo ntpdate error: $1 exit 1 } test -f /usr/sbin/ntpdate || error not found test -f /etc/default/ntp-servers || error ntp-servers file not found . /etc/default/ntp-servers test -n $NTPSERVERS || error NTPSERVERS undefined case $1 in start|restart|force-reload) echo -n Running ntpdate to synchronize clock /usr/sbin/ntpdate -u -b -s $NTPSERVERS echo . ;; stop) ;; *) echo Usage: /etc/init.d/ntpdate {start|stop|restart|force-reload} exit 1 esac exit 0 -- HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Segmentation Fault on Back-Up Attempt?
Joe could that be a HW problem on the floppy drive? HTH Erich At 00:28 02.10.2003 -0500, you wrote: Hi all. I've got the most annoying problem, and I think I'm...well, screwed. Just today I was trying to back up my Bering floppy, when lrcfg's back up floppy submenu failed on a segmentation fault. Ok, I thought; I've been playing around with p9100.lrp for printserv duties lately, and maybe I screwed something up (never could quite get the printer working, anyway - I'm still using uClibc_1.2.1-b3). So I turned to a recent floppy backup, with no printserv modifications, and booted from that. Router works ok, so I try and back _that_ floppy up. BOOM - segfault on this attempt, too. Weird. Does anyone think that I might have messed with the actual hardware such that Bering is running out of memory? Some mem initializtions from dmesg: THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSEC/shorewall with 2 dynamic IP's
kp Thanks, I have a copy of your message. The thing I'd like to improve is the recovery mechanism. I somehow hate having to run a cron job to check if a connection was broken due to IP change. I believe there must be a way for IpSec to detect that the other endpoint is not reachable and to restart the tunnel. This IMHO would be faster and produce less network pollution than polling the remote station. cheers Erich At 23:22 30.09.2003 +0200, you wrote: Erich; pls search mailinglist - I described a solution for ipsec between two dynamic leaf routers 12/2002 or 1/2003. It seems to work, anyway comments and improvements are welcome kp THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IPSEC/shorewall with 2 dynamic IP's
Hi Has anyone successfully set up an IPSec tunnel with 2 dynamic endpoints. Would you mind to share the shorewall and up/down scripts. I seem to have a problem setting it up because 1) shorewall needs to be up to get the IP address of the remote gateway and 2) shorewall needs the address of the remote gateway to start. I am afraid to have routestopped in my external interface description. Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Modefied script RESOLVED : Bering lost it's NICs
Francois you are right to look for a generiic solution, I just happened to stumble accross this post... At 20:09 29.09.2003, Francois BERGERET wrote: But, may be the better way is to do as this FreeSWan user, to modify the ip-up.local file to render it more universal without fixed IP and Gateway values ? Sure, this will avoid many cron.log lines input (one by minute) ;-) You would only need one cron line. The main target is to resolve our default route lost, and, in the two cases, it is ok... I believe that was the main issue of the post on FreeS/Wan What is the better way ? I don't know. Who can explain me what case is good or better ? I guess Knuth would know :-) IMHO Cron is a generig mechanism to start something at regular intervals. It can be used to check sertain system parameters as it is in your case. However, even with small intervals you will always have a certain window of non connectivity (and uncertainty). If your problem _is_ related to the post from the FreeS/Wan list then I would definitely give it a try. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Static Route Setup for Bering Firewall
Simon At 17:11 26.09.2003, Simon Chalk wrote: Hi All, Has anyone setup Static routes on Bering 1.2? I am trying to add the following to the /etc/network/interfaces file up route -net 1.2.3.4 netmask 255.255.255.248 gw 4.5.6.7 When I do a ip route, I don't see the route above. I have also tried to add a route using ip route add etc.. etc.. Maybe you should tell route what to do like ip route add to 1.2.3.0/24 dev eth1 metric 1 HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Modefied script RESOLVED : Bering lost it's NICs
Francois Interesting, only I am puzzled by the fact that you have to run this from cron. I am currently listening on the freeswan list and found something which might interest you: [EMAIL PROTECTED] .. I've never had this difficulty. I've lost 'net connectivity over my pppoe connection thanks to a common difficulty: when pppoe disconnects/reconnects, the ppp0 interface goes away and comes back. As a result, the virtual device (ipsec0) becomes disconnected and needs to be re-attached. Plus, I've seen issues with the default gateway route going away. Sounds complex, but the fix is simple. Here's a link to my copy of /etc/ppp/ip-up.local. Note that you may need to alter the interface names (ppp0/ipsec0) and the IP address of your default gateway, if this turns out to be useful to you. http://raven.crowgirl.com/ip-up.local .. /[EMAIL PROTECTED] Erich At 16:17 28.09.2003, Francois BERGERET wrote: Hi all the list. I have added IPSec restart in the script, because it seems not to work well without it at each time. Sorry ! Now, it seems to be ok. THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Kernel compilation errors
Thomas At 11:36 27.09.2003, Thomas Wille wrote: .. So my questions, maybe a little bit OT: where can I find the call for md5sum, so that I can correct it? why is it called? If this was related to a crime I'd suggest to 'follow the money trail' here it is easier, just follow the 'make' trail and you will find in /linux/drivers/isdn/hisax luna grep md5sum * Makefile:CERT := $(shell md5sum -c md5sums.asc /dev/null;echo $$?) cert.c: printk(KERN_INFO HiSax: because \md5sum\ is not available\n); md5sums.asc:# This are valid md5sums for certificated HiSax driver. md5sums.asc:# The certification is valid only if the md5sums of all files match. md5sums.asc:# end of md5sums HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Kernel compilation errors
Thomas At 23:01 24.09.2003 +0200, Thomas Wille wrote: Erich, I did all the things I normally do when compiling a new kernel: - untar the kernel (in this case into my home dirctory) - as root adjust the link /usr/src/linux so that it points to the kernel source to be compiled - exit from beeing root (in my home directory the user can do everything) - edit the config file by menuconfig (in this case I took Jaques' original config file) - make dep - make clean - make bzImage While doing this step the mentioned error messages occured. I see, I just did not grok your statement 'compiling grsecurity' but there is another error message in the middle of the compiling process: md5sum: kann hfc_pci. nicht öffnen (cannot open hfc_pci.) md5sum: kann hfc_pci nicht öffnen (cannot open hfc_pci) Looks like it cannot be found in the path. maybe these error message give a hint to the problem, even if hfc_pci belongs to the hisax-module. Which IIRC is enabled in the Bering config. Would it be better to download the original 2.4.20 kernel source and apply the patches myself? That's what I did. It's worth a try, even with an unpatched kernel source. That way you can easily verify your environment. The unpatched kernel source is a good reference point to start from. ... PS: error messages while making modules: make -C maps modules You wrote your own makefile, didn't you? make[3]: Entering directory /proline/lrp_nfs/Bering1.2/linux-bering-1.2/drivers/mtd/maps' gcc -D__KERNEL__ -I/proline/lrp_nfs/Bering1.2/linux-bering-1.2/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i486 -DMODULE -nostdinc -iwithprefix include -DKBUILD_BASENAME=dilnetpc -c -o dilnetpc.o dilnetpc.c Are you trying to cross compile for that hardware? There are probably a few quirks to the make environment to be done. dilnetpc.c:374: ONFIG_MTD_DILNETPC_BOOTSIZE' undeclared here (not in a function) Weird, it looks like there is an empty or undefined $C variable. It eats the uppercase C in the declaration? HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] openssh 3.7.1p1
At 18:48 24.09.2003 -0300, Brian Fisher wrote: Hi All, I have updated my bering with the new ssh suite. Here's a bug that I want to pass along. I use putty to ssh into my bering box and all is good except when I want to 'break' or end a command. for example, if I start to ping an ip and then want to stop the ping I would just use 'ctrl-c' but that command now closes the ssh window ! Has anyone ran into this problem ? Yep, no solution yet... sorry I attributed it to my old environment (RC3) but apparently that is not the case. I had difficulties to run ssh on the system itself to get one hop further. The host key of the remote machine was not recognised valid anymore. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IPSEc tunnel drops on wireless link
Hi I have 2 Bering 1.0_stable stations with FreeSwan 1.99 running over a wireless link. Occasionally (especially on rainy and stormy days) the tunnel breaks down. If I stop ipsec on one end and ping the remote ipsec gateway I get good results. Starting the tunnel again removes the capability to contact the other gaeway (of course) but the tunnel is not operational. Ipsec barf shows a correct SA established. Any ideas Thanks a lot Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ppp filter? (was: Bering (ppp): How to ignore UDP Traffic (135/137)?)
Alex At 11:37 16.09.2003 +0200, Alex Rhomberg wrote: after an uptime of 43 Days ;-)) I go crazy, I must shutdown die Internet connection every time by hand, because the IDLE 300 does not work. I have deconected the Ether-Cabel from my internal Network, but my Bering-PPP-Box does not deconnect from the internet... Ther is UDP-Traffic on port 135, 137 and 1434 !!! What mut I do that my Bering-PPP-Box ignore this Traffic ??? You need to insert an active-filter line in your /etc/ppp/options. Look for active-filter in the pppd manpage http://www.routerlinux.com/docs/manual/man8/pppd.8.html Packets filtered out with active-filter don't count towards activity on the ppp link. For that to work, you need a pppd and a kernel that were compiled with PPP_FILTER defined, which doesn't seem to be the case with Bering. So you could roll your own kernel and pppd or maybe ask Jacques really nicely to include ppp-filter in the next version of Bering... Looking at Jacques current config file, I would say it is enabled CONFIG_NETFILTER=y ... CONFIG_FILTER=y ... CONFIG_PPP_FILTER=y Regards Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: ppp filter? (was: Bering (ppp): How to ignore UDP Traffic (135/137)?)
MIchelle At 15:46 16.09.2003 +0200, Michelle Konzack wrote: On 2003-09-16 11:37:27, Alex Rhomberg wrote: You need to insert an active-filter line in your /etc/ppp/options. I know, but only on Kernel 2.4.xx :-/ Bering is based on 2.4.xx, hard to get around that. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Compile module Bering 1.2 how to
Sebastian Sebastian A. Aresca wrote the following at 20:59 15.09.2003: Anybody knows about a Bering 1.2 kernel distribution to compile modules HOW TO. I just use a separate directory (not /usr/src) and gcc 2.95.x. My native compiler is gcc 3.x., so I placed a copy of 2.95.x in /usr/local/bin and changed the PATH accordingly. I built my own Makefile which downloads everything needed and compiles the kernel, but IIRC Jacques has prepared a fully blown bering kernel source in one downloadable tarball. The rest can be found in the Kernel HOWTO HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ez-ipupd not firing in response to DHCP lease change
Eric At 20:16 10.09.2003 -0700, you wrote: I'm running Bering 1.2 on an SBC DSL connection. I use ez-ipupd to export the dynamic IP address I'm assigned. Or at least I'd like to. While ez-ipupd used to work for me (and still works at other [comcast-based] locations I maintain), now when SBC changes my IP address the DNS settings are not changed. ez-ipupd can be run in 2 modes, as a daemon where it somehow detects the ip change or just once, depending on the daemon parameter in the config file. I run mine from dhclient-exit-hooks to update whenever dhclient gets a new lease. Could it be that you have a collision with the shorewall rules not yet updated for the new ip address? Check your log files. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Wisp and CS5530 /DoC
Ray group Discard my previous mail, CS5530 does not come as a module. It looks extremely hidden in the configuration tree, actually the .config (from Bering) file shows # CONFIG_BLK_DEV_CS5530 is not set I am curious how this is set it at all, browsed menuconfig to no avail. Sorry about the noise Erich At 22:18 09.09.2003 +0930, you wrote: New to LEAF / Wisp using 2624 ok tried to install latest release of Wisp onto a 5BLMP motherboard with 8M DoC. (Eon Anything box etc) Able to get Doc setup, formated , syslinux etc all ok. THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Wisp and CS5530 /DoC
Ray At 23:32 10.09.2003 +0930, you wrote: Erich, thanks for replying - I did the install from a Dos formatted hardrive and used the dos based DoC tools, so, How do I get into the LRP / Cfs files from dos to specify that the kernel needs to laod the module - or do I need to load it explicitly in the syslinux .cfg - if so I need to get the module from somewhere - The generic Bus Master DMA support is disabled, which in turn disables the CS5530 support. You can always download the source package from http://www.hazard.maks.net/wisp-dist/downloads/src-kernel-2.4.20.tar.gz, unpack it and have a look for yourself. The file you want to look at is .config. If you have a linux system you can go to the linux directory and run make menuconfig. Basically you have 2 possibilities - Ask the maintainer to add the functionality to the kernel. - Do it yourself.:-( , once you have the kernel sources downloaded it should not be that hard. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] reduce load on a bering box
Ronny For high performance, as your case seems to be, you should probably compile your own kernel to make it as slim as possible. Unnecessary features can be removed that way. Necessary stuff could be compiled into the kernel instead of loading it as a module. cheers Erich At 09:12 03.09.2003 +0200, Ronny Aasen wrote: On Wed, 2003-09-03 at 09:02, S Mohan wrote: yes i know. i have removed the ip_conntrack helper modules there (no nat or masq), the point is that ip_conntrack is not a module it's in the kernel. mvh Ronny Aasen THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering lost it's NICs
Hi At 09:44 02.09.2003 +0300, J. James wrote: Hi It's nice to see someone else also having the same problem... I'm sorry: I ust read about a pop star visiting a local jail and the first thing he aid to the audience was nice to see so many of you here today ;-) I have the same problem from Bering V1.1 and now Bering V1.2. All nics ok except eth0 with PPPoE providers, on two differents boxes ... Are you using PPPoE ? No. And maybe I should also tell that I've used the same hardware with the ld LRP firewall with no problems. But surely we can't be the only two unlucky Bering users - can we? Any help ould be greatly appreciated. After all I chose Linux/Bering for it's tability. I was rather reluctant to move to current Bering releases because I had this gut feeling that 1_0.stable was more like it's name implies. Do you have the same symptoms with a 1_0.stable ? And if so, which kernel version? cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering floppy basics
Hi Bino, Steve At 08:35 28.08.2003 +0700, bino-psn wrote: Dear All Just exactly like Steve said. And Eric .. Yes I got 10 or more Flash-IDE (a.k.a DOM) unused. I see, for an embedded system I did not even consider a hard disk as an option. Should you consider swappping DOM's for CF's I might be interested in a few. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering 1.2 dhcpd doesn't start with wlan/hostap or other too late interface up
Francois At 18:19 25.08.2003, Francois BERGERET wrote: Hi Erich, Thanks for your response. I have read quickly your script. I am not so good to evaluate if this will be ok for my problem. I am using Eth interfaces with 'eth0' and 'eth1' label and two wlan nics with 'wlan0' and 'wlan1' labels. If I understand well, your script is searching 'eth' interfaces ? What about 'wlan' interfaces labels ? Is my label wrong for your script ? Not at all, as you know, this is open software :-) the script basically looks for eth interfaces, you may well look for something else or a combination of several things by adapting the WHAT parameter, for example to: WHAT=-e eth -e wlan see the grep manpage for the pattern parameter or else if you know exactly how many interfaces should be up just set them with NICS=4 cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering floppy basics
Hi Steve At 08:50 24.08.2003 +1200, Steve Wright wrote: On Sun, 2003-08-24 at 03:28, Dave Hunt wrote: Look up www.pcengines.ch. Dave, have you used pcengines embedded PCs ? I got one of the pre production models to port Bering to it. It basically works with one major problem still open, the reboot command does not work at all, because the board does not have a keyboard controller. I am delayed in adapting a driver which will overcome this problem, but it is definitely on my list. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering UclibC development
Hi kp Thanks for the info... At 01:41 23.08.2003 +0200, K.-P. Kirchdörfer wrote: Am Freitag, 22. August 2003 13:51 schrieb Erich Titl: . Anyway, what you are asking for is already available: Point you're browser to: http://www.uclibc.org/ look for 30 June March 2003, dev systems updated to uClibc 0.9.20 The uClibc development systems for i386, powerpc, arm, mips, have been updated to uClibc 0.9.20. Several problems have been fixed up, gcc has been updated to version 3.3, and Perl 5.8.0 is now included. and follow the links. Pls note, none of the Bering-uClibc tested it so far, but we are always interested in results. Wouldn't it be nice to have a standardised environment for kernel _and_ userland compiles? It might be interesting to se how a kernel compiles in this environment. regards Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Operation not supported by device
Darcy At 10:00 21.08.2003, Darcy Parker wrote: Good day listers, I ma trying to set up a leaf-bering (1.2) FW. I have the following two NICs You better read http://www.scyld.com/network/vortex.html this is IMHO the definite information source on that driver. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering UclibC development
Hi At 09:06 22.08.2003 +0100, Luis.F.Correia wrote: ... The current uClibc development does not use UML. What is the minimal environment then for: a) Kernel compile Is it really different from the Bering standard kernel enviroonment? I always thought Kernels are library independent...? b) userland compile It would be nice If one could prepare a filesystem which can be chrooted to (no UML necessary) to compile the necessary pieces. IMHO it should be possible to just loop mount a file, chroot there and do what's needed to compile the bits and pieces. You cannot test what you compiled this way but that is another matter. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] comparison passive ftp clients Dachstein vs Bering
Victor At 12:12 20.08.2003 -0700, you wrote: My friend is still troubleshooting why Dachstein works with an internal passive ftp client SENDING a file and Bering fails. System is PPPoE He ran tdpdump in passive ftp mode . Dachstein showns the mss at differnt stages of the ftp as 1460 and 1412 In Bering the tcpdump log shows that mss is 1452 and 1460. Bering has CLAMPMSS = Yes The internal ftp passive mode client log shows the port that it will send the ftp file. The tcpdump shows that in Dachstien that port is used and the ftp is successful. In Bering the port used by the client shows in the tcpdump file AS ONE PORT LOWER THAN THE REQUESTED PORT. Why would ip_conntrack_ftp assign a passive client one port lower than the agreed upon port for transfer. ** if the ftp log shows that the tcp port for sending the file is supposed to be 13780 tcpdump on the Bering firewall shows the packet is sent on port 13779 and the ftp fails. ** Is this a bug in ip_conntrack_ftp that only shows up when a client sends a file? Passive clients probably usually recieve files instead of sending them. Anyone else seen this problem? My friend's weather station will not send ftp files through the Bering box. It will send files through the Dactsein box. All hardware, application program , remote ftp server and ISP are the same. Can you verify this behaviour on your own ADSL line? You would not have to rely on external information and might be in a position to present real data to the group. I checked passive ftp on Bering 1.0 stable 2.4.18 (without pppoe so this is not directly applicable) without problems. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Access to FTP to get LRP
Sebastian At 04:40 10.08.2003, Sebastián Aresca wrote: Thanks Erich, i bulid a script that use wget (realy i modified your script =) ) You probably could have done that with just specifying another download method in the lrp.conf file. If that is not possible, would you mind to tell me what you needed to modify. I believe the rload script could be sufficiently abstract to cover most trivial download methods. And then i download the package from the ftp server then install it and then reload init.d. Well as soon i finish it and test i will post it on package. Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Last package won't load (Bering v 1.2 on CD)
Jeremy At 01:36 13.08.2003 -0500, Jeremy A Tourville wrote: Ok, I've followed the directions regarding creating a lrpkg.cfg file and when the CD boots I get a *.lrp (nf!) error. I've tried to add a carriage return at the end of the lrpkg.cfg file and still no luck. I've tried switching the order the packages load in and it makes no difference, the last package listed is the one that will not load. nf! means not found :-( Most probably the package is not on the medium. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Compile ADM8211 Linux driver
Sebastian Actually any Linux system with an appropriate gcc compiler should do. Kernels can be cross compiled. If you are interested I have a Makefile which makes compiling a Bering kernel a piece of cake. It's still quite beta but works in my environment which is an old patched up SuSe 6.3 with 2.2.18 :-) You will need at least a Debian filesystem should you want to compile userland programs. If you don't want to install UML you can use the chrooted environment from Lynn Avants Erich At 23:00 11.08.2003 -0300, Sebastián Aresca wrote: Hi, this not a question. Anybody can compile this driver. I don't have installed debian on my systems and need to compile it. Is it used by Micronet SP906B Wireless PCI Adapter. THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Last package won't load (Bering v 1.2 on CD)
Hi At 19:04 13.08.2003, [EMAIL PROTECTED] wrote: Erich, Thank you for your reply. I have confirmed all packages that are listed in my lrpkg.cfg are on the CD. Let me state again the LAST package listed won't load properly. (makes no difference which one) That is the part that confuses me. If I switch the order for loading package X it is always the last one that doesn't work right. Any other ideas? This is weird, have you been able to check if there is by chance an invisible control character at the end of your lrpkg.cfg file. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] COMING SOON: WDIST on floppy!!
Sebastian At 01:49 11.08.2003 -0300, Sebastián Aresca wrote: Wait, wait, i still working to make WDIST to boot on 3 1/2 floppy disk. The idea is to make a simple boot with wget.lrp and root.lrp. After booting it will connect to http or ftp server to download the package needed. Then install it and run the daemons. To save the changes it will upload the package to the http o ftp server. You may want to have a look at my modified backup script for this. It uses scp to save the files on server, you may have seen the parameters in the modified lrp.conf file Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: package list problem
Ted Theodore Wynnychenko wrote the following at 22:30 09.08.2003: Erich: thanks for the reply. anyway, about switching from fd0 to fd1. the packages are loaded at boot, and syslinux.cfg is configured to use both drives, so everything works as it should without me at a console. (i am not sure if i answered or understood your question, but i hope the answer is understandable) I see, you have 2 drives, that makes a difference... so, i was doing some looking on the web, and i quess it does matter where the append line is, so i changed it, and syslinux.cfg became: I believe having the append line at the end of the file is the canonical way, you may want to address the syslinux mailing list for details. even if it is, any ideas what is going on when the append= line is added befor the deafult linux line? This is something the syslinux guys will know. Glad it works for you Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Access to FTP to get LRP
Sebastian At 07:15 09.08.2003, Sebastián Aresca wrote: Anybody thinks about it? ... This is a wonderfull idea ... now i forgot about this fu.. kbytes in the floppy. My Bering Router Disk only has the package root, libm and ftp Then i download it from ftp and it work fine. I have squid2 (350kb), ssh (250kb), zebra( 350kb), wireless (400kb) and so much. But the idea is to build a script that download the package by itself. If anyone want to help everybody ... well ... post the script. Here is the link to ftp.lrp and libm.lrp I wrote an rload.lrp which allows to download additional packeges using a method of your choice, I use it on a single floppy firewall which gets the additional packages from an internal web server. You can find it at http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering/packages/ it requires a little patch to lrp.conf which you can find at http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering/etc/ HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] followup to interfaces / shorewall assist
Greg Greg Playle wrote the following at 17:31 03.08.2003: Erich: The output was something like this: Variables eth /proc/net/dev 60 NICS = 1 Count = 0 Count updated 1 Devs = 1 expr [ 1 -eq 60 -o 1 -eq 1 ] OK, the loop breaks here because we expect exactly one eth device and we found one. Now the question is why. We get the variable $devs here devs=`grep ${WHAT} ${WHERE} | wc -l` and $NICS is NICS=`grep ${WHAT} /etc/shorewall/interfaces | grep -v ^# | wc -l` This looks to me like a correct behaviour. The NICS are defined in the shorewall interfaces file, we are looking for a line with 'eth' which is not a comment, I guess that is right in your case, now the question stands why we are finding an eth interface in /proc/net/dev which would not respect configuration. This is where you can continue digging should you be so inclined. Try the following grep eth /etc/shorewall/interfaces | grep -v ^# this will give you the line in the shorewall interfaces file whic assert looks for. The next you could check is: grep eth /proc/net/dev This is the condition we check against. It looks like your set finds an eth before it is ready...:-( Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] followup to interfaces / shorewall assist
Greg At 19:32 30.07.2003 -0600, Greg Playle wrote: This is essentially what I ended up doing. As Mr. Sturdevant observed, card services do not come up in time. I added a script at the end of the boot sequence in rc2.d that restarts networking, dhcpd and shorewall, and suddenly Bob's your Uncle! Basically the raison d'etre for the assert script was exactly to prevent the interfaced not up situation. I would be interested on why it apparently failed. My own installation consists of 2 PCMCIA adapters, no ppp though, so the situation is a bit different. Would you mind to find out how long assert waits (if it does wait at all) and if not what happened exactly inside that tiny bit of code? Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: VPN: How to establish connection with .p12?
Tim At 09:39 29.07.2003 -0400, [EMAIL PROTECTED] wrote: ... If it were only that easy... I'm connecting my Bering firewall to XYZ firewall, having only been given a .p12 file... ... Thank you very much for the suggestions. Unfortunately, there are two things complicating this: 1) I only have control of my side, and 2) I am not generating the keys. You might try to get a CRL from the authority that issued your pkcs#12 file Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VPN: How to establish connection with .p12?
Tim you may also want to look into http://www.drh-consultancy.demon.co.uk/pkcs12faq.html At 17:14 25.07.2003 -0400, [EMAIL PROTECTED] wrote: ... My biggest problem right now is how to set up Bering to accept the certificates. With SSH Sentinel, I have been given a single .p12 file. With that, SSH Sentinel has everything that it needs to make the VPN work. ... HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Win32 -- Bering Network file access.
Hi James At 11:32 28.07.2003 +0100, James Neave wrote: Hi, Without using Samba2, what secure ways are there to gain access to files on our corporate Bering box? SSH allows us to administer it, but at the moment the only way we can make print-outs of the rules is hacking it out of the floppy with WinZip. Can you tranfer files across ssh? see scp HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] followup to interfaces / shorewall assist
Greg At 18:14 27.07.2003, Greg Playle wrote: Tom, Steve and George: Thank you; the information you gave was helpful. I checked a bit more; in short, eth0 does not come up on boot, but seems to take a while--perhaps longer than Erich Titl's script allows. I've got to check more on the script, as I'm not sure it delays as long as needed. Restarting networking, esp eth0, brings it up fine, and then I can manually launch dhcpd, after which all responds as it should. I'm able to ping the eth0 address (192.168.1.254) both from itself and from another machine (which obtained its IP from the dhcp server). What I'd like to accomplish is having this all come up without having to manually restart eth0 and dhcpd. What I think is going on is that the version of Erich's script I'm using doesn't wait 60 seconds, but runs to completion in about one second, so eth0 is still not up before the boot process continues. Since eth0 isn't yet up, networking, therefore dhcpd, don't work either. By the time boot completes, eth0 is up, and manual restart of networking on eth0 and on dhcpd work. I guess you must have modified the assert script as it is written for 2 interfaces and would run at a wrong init level. I believe it does not run in your case for some reason difficult to diagnose unless you tell us more about the way you implemented it. I am pretty certain your problems stem from the interface not being up and the assert script failing for some reason. It does not have a backup routine, so it would be saved by etc I guess. So here is the stupid question, did you back it up? regards Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] wireless LAN security
Steve At 11:24 18.07.2003 +1200, Steve Wright wrote: Hi Folks, What are we using to secure single point-to-point links? - viz WEP, but actually secure.. AIUI, Ad-Hoc mode must be used for backbones, but this leaves security to be done at the IP level - not really good enough. I have read-up on IPSec, but that seems to be about tunneling all the routers to a central point, or maintaining multiple IPsec dedicated links per router, which is either horribly wasteful on bandwidth, or horribly complicated to configure/maintain. I did a single tunnel to the internet some time ago using Bering 1.0 and FreeSwan 1.97. I intend to do a bit of a write up on that. Search the archives for Henry Psenickas set up, he built wireless encrypted PtP connections. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Making DNSCache start before Shorewall
James At 13:05 09.07.2003 +0100, you wrote: Hello all, I'm trying to make DNSCache start before shorewall. This is because I need DNS lookups in the shorewall rules file. I spoke to a friend of mine and we changed the RCDLINKS in the init.d files to the following DNSCache RCDLINKS=2,S45 3,S45 6,K45 Shorewall RCDLINKS=2,S41 3,S41 6,K46 This will start DNSCache after Shorewall in init level 2 To make it start before Shorewall you could use RCDLINKS=2,S41 3,S41 6,K46 this will result in an entry of S41DNSCache in your rc2.d directory which should be evaluated before S41Shorewall Make sure your DNSCache can access the uplink DNS server before Shorewall is up HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing more. Download eval WebKing and get a free book. www.parasoft.com/bulletproofapps leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Vic At 15:02 02.07.2003 +0800, Victor Berdin wrote: Hello Everyone, I needed to perform transparent proxying wherein web clients from both public and private net can access my internal web site. Transparent proxying AFAIK is nothing but redirection of packets to the relevant port(s) to a proxy server. Relevant is the word here. Now my problem is that, the setup ended getting abused as it was used to send spam all over. My IP got black listed on some sites and so on. An exact explanation of what happend is found here: http://www.fr2.cyberabuse.org/?page=abuse-proxy I am puzzled, I always thought spam was distributed using mail,e.g.SMTP, port 25, how exactly was your server abused? Unless your Gateway was completely compromised I do not see how Squid was used to forward mail. Please enlighten me Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] package remote install
Hi everybody I uploaded the package remote install scripts to my CVS repository under http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering In order to use it you need rload.lrp from the packages directory. Additionally you will need to patch /etc/lrp.conf and /etc/init.d/modutils. The patches can be found in the respective directories in my CVS path above (or will be found as soon as CVS gets updated). After installing rload.lrp and applying the patches to /etc/lrp.conf and /etc/init.d/modutils respectively you can configure rload using the parameters in /etc/lrp.conf. The patch to lrp.conf shows an example using wget to fetch the packages from a host on the internal network. You will have to install your network drivers in /boot/lib/modules and declare them in /boot/etc/modules as illustrated in http://leaf.sourceforge.net/devel/jnilo/biaddrm.html#AEN772 This allows you to run a LEAF box on a single floppy and still have many packages loadable. Probably even a 1.44 MB floppy should be sufficient. Let me know if anything is unclear and have fun Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: Trouble getting started
Chris Somerlot, Chris wrote the following at 17:21 25.06.2003: Still can't get it going. I have loaded the module for the 3c509 driver, (I'm using 2 ISA 3c509B cards) but only get 1 showing up in ip addr: 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:a0:24:12:bd:9c brd ff:ff:ff:ff:ff:ff No surprise, no address set hence no route What does your /etc/network/interfaces file look like?` ... Jun 24 21:53:30 firewall kernel: 3c509.c:1.19 16Oct2002 [EMAIL PROTECTED] Jun 24 21:53:30 firewall kernel: http://www.scyld.com/network/3c509.html There should be more here? cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Long time ago...
Michelle At 03:37 24.06.2003 +0200, you wrote: I will try to get an 128kBit ADSL connection to put my Network online... But need to find a dyn-DNS Provider where I can have up to three Domains and very much more HOSTS... If possibel, with my own master-DNS I use zoneedit, works OK for me, up to 5 domains are free http://www.zoneedit.com HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Long time ago...
Michelle At 03:37 24.06.2003 +0200, you wrote: I will try to get an 128kBit ADSL connection to put my Network online... But need to find a dyn-DNS Provider where I can have up to three Domains and very much more HOSTS... If possibel, with my own master-DNS I use zoneedit, works OK for me, up to 5 domains are free http://www.zoneedit.com HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problems using vlan.lrp and bridge.lrp
Jose I do not understand much about bridges, so I am surprised that you would assign the same subnet 192.168.1.x on the eth1 adapters on both bridges. I do not know how this could work so please someone enlighten me. How could you prevent address collisions ths way? Erich At 09:02 24.06.2003 +0200, you wrote: Hi, how everybody is doing?: I am having some problems trying to set a vlan with the Bering rc4 distribution. I going to explain what I did it and how, to see if anyone can find the problem or the mistake, because I think I am following the documentation pretty good. THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Trouble getting started
Chris please read this and provide the information requested there http://leaf.sourceforge.net/mod.php?mod=userpagemenu=11page_id=4 thanks Erich At 06:09 24.06.2003 -0700, you wrote: I'm using a P75 w/ 32mb ram and 2 3Com509 cards to try and setup a Bering 1.2 router box. I have one computer (a laptop w/ PCMCIA ethernet card) attached to eth1 via a crossover cable, and I can't ping back and forth to the router, or connect to the weblet, the ethernet card lights come on but don't blink. How do I know the connection is good, router setup correctly, etc before I connect my cable modem to the router? The only thing I changed on the router was to uncomment the 3C509 line in the module conf file, backup and reboot. THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Booting and installing Bering using PXE
Hi Jacques/Lynn I was wondering if we could do some kind of hybrid set up which would fetch packages from a server (whatever method) after booting from floppy. I believe it should be possible to start a minimal LEAF installation, get up the NIC's and then load the big packages from the network. This would be beneficial for people wit NIC's without PXE and/or PCMCIA adapters. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] URGENT- Network Card Help
Hi At 09:38 18.06.2003 +0100, you wrote: Many thanks for all your help but having a BIG problem writing the Win32 disk images to floppy, just keep getting an error. That applies to Bering 1.2, 1.1 and the stable release basically all the ones I've tried. Ran the image.exe on win2K and XP. Have you checked your drive and media ? HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] File downloads using weblet
Hi Lee I did this a few years back and had to do a refresh cycle on my memory... It is important that echo treats all its parameters so the disposition needs quotes... --- #!/bin/sh echo MIME-Version: 1.0 (just a fake) echo Content-type: application/octet-stream ; charset=us-ascii echo Content-disposition: attachment ; filename=foo echo cat /etc/foo of course you should set all as much information as possible in the MIME header HTH Erich At 03:56 11.06.2003, Lee Kimber wrote: Hi, I've been tinkering with a weblet cgi script to download logs that I'm keeping on a spare hdd in one of my Bering systems. I've put an ash shell script in /var/sh-www/cgi-bin/. I'm close... oh so close... but not quite there! THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP on PCMCIA interface?
Greg Greg Playle wrote the following at 22:47 14.06.2003: This is a followup to earlier traffic, shown below. My problem now seems to be the DHCP daemon wants to activate before the PCMCIA card is available, so it cannot find interface eth0. Running dhcpd at the command line promptly fires it up, and activates the interface, and begins serving IP addresses. DHCPD is started at S30 in rc2.d, so normally one would assume there was sufficient time to start the interface (done in S13). Unfortunately this is not always true. I wrote a script which waits for all interfaces defined for shorewall to come up or a certain timeout to not lock your entire system. It is run at S40, too late for your purposes but can easily be adapted. You can find it at http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/etitl/bering/etc/init.d/assert install it as /etc/init.d/assert, you have to change the RCDLINKS line to something more apropriate like RCDLINKS=2,S30 3,S30 6,K30 Do not forget to back /etc up and restart your LEAF router HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Image file too long
Jose Jose Luis Abuelo Sebio wrote the following at 23:24 15.06.2003: Hey, what´s up? I am using a normal bering 1.2 boot disk, but now I need to add one module and another package (nicstar.o and atmtools.lrp) and when I try to back up any package or the floppy I don´t have space enough because those files are too big. Is there any way to make a boot disk in two floppies, or I need to install the module and the package everytime I restart the system. It's in the docs http://leaf.sourceforge.net/devel/jnilo/bubooting.html#AEN1125 HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] boot floppy to boot Bering cdrom
Hi At 09:13 11.06.2003 +0200, you wrote: As far as I know, you can't. But you can always make an ISO-image yourself, which contains those settings. Do a search on building an ISO in the archives of this list, it has been discussed many times. -Original Message- From: wing newton [mailto:[EMAIL PROTECTED] Sent: dinsdag 10 juni 2003 23:52 To: Stefaan Van Dooren; [EMAIL PROTECTED] Subject: RE: [leaf-user] boot floppy to boot Bering cdrom Smart BootManager works but I have one of those Sony VAIO laptop which does the random shutdown. I have to issue append=apm=off no-hlt.. to make it work. Can I do with it with Smart BootManager ? It does not seem to have syslinux.cfg in the smart bootmanager floppy. I need to add apm=off no-hlt before it starts to boot the ISO from the CD. Why is this so, could you not put it in the isolinux.cfg file when building the CD? cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] boot floppy to boot Bering cdrom
Hi At 17:00 09.06.2003 -0700, you wrote: Greetings, I don't have space on a single floppy for all the packages. So, I create a bootable ISO Bering CD but my pc does not support CDROM boot. Is there a floppy image available to just allow me to boot up from the floppy which then in turn to boot up the Bering ISO from the cdrom ? Basically all you have to do is to include the ide and cdrom modules in /boot/modules and /boot/etc/modules as specified in the Bering docs. You can start with a stock bering floppy, strip it down to the barest minimum and add the modules, then save initrd back to floppy, configure syslinux.conf to load the packages from the appropriate media and you are done. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LEAF etherboot
Henning Henning Jebsen wrote the following at 10:39 05.06.2003: Trying to load an etherboot which enables pcmcia and network drivers to load the final initrd/OS from a tftp server. My LEAF box is a notebook with only PCMCIA NIC's. Hi Erich, I did this before Not with pcmcia cards but normal NIC's. I loaded Kernel from floppy(lilo not syslinux) and the filesystem from a tftp Server. Feel free to ask ;-) As far as I have learned until now is that etherboot builds some kind of bootstrap which can load a kernel image and other files using tftp or NFS. Unfortunately it does not seem to support PCMCIA devices, so it looks as if I am stuck with either my 2 floppy set up or find a suitable DoM Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Improving wireless link
Charles As Steve pointed out, distance is one key element. Could you tell us a bit more on your installation like distance, antennas used e.t.c. My installation does not really apply, although I have fine bandwidth with Lucent/Avaya cards and 14 dB external antennas. Distance in my case is ridiculous, only about 300 metres. The only additional layer I applied was IPSec to tunnel traffic. Henry Psenicka posted some Information a few months back and there was an article in SysAdmin onhis wireless installation. cheers Erich At 22:51 04.06.2003 -0500, you wrote: Steve Wright wrote: Charles, On the basis that there is some distance involved ; (an assumption) My understanding is that some of the cheaper (dlink in particular) wireless gear has 'timing issues' when the A/Ps are physically far apart. In the extreme, you will have to go to a proprietry fix, viz turbocell, or replace the A/Ps with something a little more tolerant of distance. 802.11 was never intended to travel great distances. Indeed it was part of the 802.11 specification to actually prevent (ha ha) this from happening - the reason for the proprietry RF connectors. In summary, many standard 802.11 wireless cards will do great distances without getting flaky, but I have heard that the dlink gear is not of that category. Other cards such the Orinoco PC-cards combined with turbocell work very well indeed at distances up to 20km, and provide true data rates in the order of 9MBit/sec (I am told). I don't like the idea of proprietry *anything*, and I wish there was an open-source 'turbocell'. THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] syslinux question: putting bering on a diskonchip
Steve Steve Wright wrote the following at 20:40 04.06.2003: Erich Titl wrote: Have you ever tried that on a PCMCIA card? Putting an lzdsk boot image on one ? no. haven't. What are you thinking ? Trying to load an etherboot which enables pcmcia and network drivers to load the final initrd/OS from a tftp server. My LEAF box is a notebook with only PCMCIA NIC's. I looked into the etherboot FAQ's and this seems to be an open issue. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering IDE driver problem
Marc Marc E. Fiuczynski wrote the following at 18:35 04.06.2003: I followed the instructions to put the IDE drivers into initrd.lrp of the bering floppy. Unfortunately, this doesn't seem to work with my disk-on-chip IDE drive (even though this drive can be accessed just fine via a linux rescue floppy). In the dmesg information shown below there are two lines stating detected chipset, but driver not compiled in!. However, when checking with insmod, the ide-disk.o, ide-mod.o, and ide-probe-mod.o files have all been loaded. These modules are listed in the boot modules files, so they should have been insmod'ed in before the kernel does these tests. Any way, can someone shed light onto what might be going on or wrong here? ... Jacques pointed to the DoC drivers, if that is not the proble you might want to look at... PIIX: neither IDE port enabled (BIOS) HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] syslinux question: putting bering on a diskonchip
Hi Marc Marc E. Fiuczynski wrote the following at 19:27 03.06.2003: I am using a linux rescue disk to copy over a bering distribution to the disk-on-chip device. If the system reconizes the disk as an IDE device, I would believe it. Some time ago I had difficulties running syslinux on my bering system. IIRC it was due to a permission problem. I used an old DOS disk then to prepare my DoM and it went smoothly (actually I am a little ashamed to have to resort to a M$product to do that, but then, resources are resources) HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Fwd: Re: [leaf-user] syslinux question: putting bering on a diskonchip
From [EMAIL PROTECTED] Tue Jun 3 23:06:08 2003 Date: Wed, 04 Jun 2003 09:05:59 +1200 From: Steve Wright [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513 X-Accept-Language: en-us, en To: Erich Titl [EMAIL PROTECTED] Subject: Re: [leaf-user] syslinux question: putting bering on a diskonchip Erich Titl wrote: Hi Marc Marc E. Fiuczynski wrote the following at 19:27 03.06.2003: I am using a linux rescue disk to copy over a bering distribution to the disk-on-chip device. If the system reconizes the disk as an IDE device, I would believe it. Some time ago I had difficulties running syslinux on my bering system. IIRC it was due to a permission problem. I used an old DOS disk then to prepare my DoM and it went smoothly (actually I am a little ashamed to have to resort to a M$product to do that, but then, resources are resources) If people feel strongly about using a ms product to do this (I would), then this is what I do. On my old RedHat 7.3 I have installed LTSP, a thin-client terminal server package. This allows me to boot any old piece of junk on my local LAN as a thin client. I hacked the base LTSP installation so the thin-clients run with a modified /etc/passd - with an entry for a root login. Now it is completely trivial to bring along any i386 LEAF router, plug into LAN, etherboot/PXE boot as a thin terminal (local HDD/DOM not used), load IDE modules, mount DOM, and copy across what ever I need, unmount, sync, reboot, test. Dead easy, and fast. Further hacking of the LTSP code would likely render a complete development environment for DOM-type routers. /niiice/. If anyone wants to build such a thing, I would be happy to assist as I know LTSP quite well. I'm a bit busy to do it ALL myself right now. 8-) http://ltsp.org http://k12ltsp.org THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Kernel panic-syslinux.cfg no good
Glenn First of all, which distribution are you referring to? glenn greenfield wrote the following at 02:27 01.06.2003: I thought I had followed the instructions but I apparently missed something here. VFS Can't find Minix blah...on dev 02:00 LINUXRC: Installing - root: root(nf!) etc(nf!) local(nf!) modules(nf!) keyboard(nf!) iptables(nf!) pump(nf!) shorwall(nf!) ulogd(nf!) dnscache(nf!) weblet(nf!) - FINISHED Ok it says here that it cannot find your lrp files. cat: /var/lib/lrpkg/root.pn.links: No such file or directory cat: /var/lib/lrpkg/root.log.links: No such file or directory No real surprise after your previous errors. I'm not booting from cd so I'm not sure how to use that info. and I haven't removed the LRP variable. I am only using one floppy so the PKGPATH should be correct. The disc is in fact a 1680:msdos. It does not only apply to CD lrpkg.cfg. The reason to use lrpkg.cfg is that the configuration line in syslinux.cfg is limited to IIRC 256 characters. If you have many packages this is a real limit. display syslinux.dpy timeout 0 default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680 LRP=root,etc,local,modules,keyboard,iptables,pump,shorwall,ulogd,dnscache,weblet This looks pretty OK to me, so are you certain your hardware (floppy,floppydrive) is OK? Do you have space left on your single floppy? HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem using ftp!
Hi Samuel Samuel Abreu de Paula wrote the following at 22:01 30.05.2003: Hi, i have 2 station connected to each other via Orinoco Wireless cards, using Bering 1.0... But the problem is i can't list directories in ftp connections! Im not denying nothing, and the Bering 1.0 has the ip_nat_ftp modules of netfilter right??? What can be the problem??? Did you look at the shorewall logs? It might be that there is traffic blocked. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] add PCI USB expansion card, USB memory stick to Bering box
Hi Apacer has the Europe headquarters in the Netherlands, you could probably get a DOM easily there and that is the most versatile storage I can think of in a LEAF box. Erich H.G. Bekker wrote the following at 19:29 30.05.2003: Hi, That might be an alternative. However I have some problems locating the equipment in the Netherlands. But I will keep it in mind. Thanks! Chera Bekker THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem with iptables
Tom At 15:31 27.05.2003, Tom Eastep wrote: On Tue, 27 May 2003 15:14:32 +0200, Erich Titl [EMAIL PROTECTED] wrote: Christophe At 15:05 27.05.2003 +0200, you wrote: On Tue, 27 May 2003 14:52:40 +0200 Erich Titl [EMAIL PROTECTED] wrote: I am not aware that you can use a parameter in the rules file. You can use shell variables in ANY Shorewall configuration file... Thanks for making that clear Erich -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ipsec.lrp and KLIPS
Hi You will have to load ipsec.o from the corresponding module tree. Maybe another request to put this into ipsec.lrp helps. HTH Erich Charles Steinkuehler wrote the following at 18:53 05.04.2003: Steve Bihari wrote: Hi All, When I try to load ipsec.lrp I get a message about the kernel not having KLIPS compiled in. I didn't think this was required for S/WAN. Also, it complains that it can't find ipsec.o I currently compiled ipsec support directly into the kernel. Can I not avoid having to use the module? THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] orinoco stuff for 2.4.18
Hi has anyone compiled the (latest) orinoco drivers (hermes.c orinoco.c orinoco_cs.c) for Bering1.0-stable kernel 2.4.18. I believe I need the latest drivers for the 8.72 firmware. Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Booting VIA EPIA Mobo with Isolinux
Julian Julian Church wrote the following at 17:24 04.04.2003: At 00:06 04/04/03 +0200, Erich Titl wrote: ... Victor McAlistair pointed me at a post he produced about a month ago that explains another method for making a Bering boot CD - I think that should work. The syslinux guys will certainly have more experience as this is not strictly a LEAF problem but one of a rather generic nature. Thanks - I just joined the Syslinux list. It sounds pretty hopeful that I'll work something out soon. please let the list know, we all may run into such a board one day. good luck Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering Ipsec and Shorewall rules
Simon At 14:07 03.04.2003 +0100, you wrote: Please can someone confirm whether the Shorewall Tunnels file internally manages the UDP Port 500 and Protocols 50 and 51? Or do I need to create rules? I have created the tunnel files as per documentation on the Bering site and Shorewall. But I am currently unable to get ipsec working between two firewalls. I am assuming at this point that something is blocking the path. It is best if you tell the list what _exactly_ you did. Even if you made no errors at all (to the best of your knowledge) it is quite difficult to answer such a general question without knowledge what happens _exactly_. Being unable to get ipsec working is not what I would call an exact description of an error. Maybe you should consult your log file for shorewall entries, and you may want to reset the counters in the iptables and see where messages go through. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering Ipsec and Shorewall rules
Simon Simon Chalk wrote the following at 22:33 03.04.2003: Hi Erich, I did not want to go into detail, until I understood the operation of both shorewall and ipsec. I am still a little confused about shorewall, but the key seems to be the tunnels file. ipsec was failing and I assumed it was shorewall. It turns out that it wasn't shorewall at all, but the configuration of ipsec.conf. I believe everyone setting up ipsec for the first time is in the same league, as an earlier post today mentionned you really have to follow the instructions to the letter. My first attempt was of course one that no textbook mentioned to start with, connecting to a commercial low end firewall (Zywall). You can imagine how many hours I poked my nose in the process. Glad you got it up working. Good luck Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Booting VIA EPIA Mobo with Isolinux
Julian Julian Church wrote the following at 16:37 03.04.2003: Hi All I'm attempting to put together a CD-based Bering firewall on a computer based around a VIA EPIA 5000 motherboard. To try out my new motherboard, I tried an existing Bering CD from another firewall I use (Bering 1.0 I think). I get the following error very early in the boot process: ... Otherwise, can anyone give me any general pointers? Would a newer version of isolinux help? How about varying the isolinux settings when I generate the disk image? How about alternatives to isolinux? I don't know how you created the CD, but there are certainly several possibilities you can play with, either in native (isolinux) mode or to use a cd boot image. The syslinux guys will certainly have more experience as this is not strictly a LEAF problem but one of a rather generic nature. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering Ipsec and Shorewall rules
Simon Tom has really written a very nice documentation, read more Simon Chalk wrote the following at 23:54 02.04.2003: Hi Tom, I had read this doc prior to posting. It reads a) Open the firewall so that the IPSEC tunnel can be established (allow the ESP and AH protocols and UDP Port 500). a) Open the firewall so that the IPSEC tunnel can be established (allow the ESP and AH protocols and UDP Port 500). b) Allow traffic through the tunnel. Opening the firewall for the IPSEC tunnel is accomplished by adding an entry to the /etc/shorewall/tunnels file. ...more explanation HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html