Re: [leaf-user] Kernel panic-syslinux.cfg no good
Glenn First of all, which distribution are you referring to? glenn greenfield wrote the following at 02:27 01.06.2003: I thought I had followed the instructions but I apparently missed something here. VFS Can't find Minix blah...on dev 02:00 LINUXRC: Installing - root: root(nf!) etc(nf!) local(nf!) modules(nf!) keyboard(nf!) iptables(nf!) pump(nf!) shorwall(nf!) ulogd(nf!) dnscache(nf!) weblet(nf!) - FINISHED Ok it says here that it cannot find your lrp files. cat: /var/lib/lrpkg/root.pn.links: No such file or directory cat: /var/lib/lrpkg/root.log.links: No such file or directory No real surprise after your previous errors. I'm not booting from cd so I'm not sure how to use that info. and I haven't removed the LRP variable. I am only using one floppy so the PKGPATH should be correct. The disc is in fact a 1680:msdos. It does not only apply to CD lrpkg.cfg. The reason to use lrpkg.cfg is that the configuration line in syslinux.cfg is limited to IIRC 256 characters. If you have many packages this is a real limit. display syslinux.dpy timeout 0 default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680 LRP=root,etc,local,modules,keyboard,iptables,pump,shorwall,ulogd,dnscache,weblet This looks pretty OK to me, so are you certain your hardware (floppy,floppydrive) is OK? Do you have space left on your single floppy? HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] iwconfig version problem
hi since i use the new wisp image my aironet works (the most) with some special commands i have still some problems. # iwconfig netcs0 txpower 10mW Warning: Driver for device netcs0 has been compiled with version 0 of Wireless Extension, while this program is using version 16. Some things may be broken... looks live a compile problem ??... other question is : aironet 350 has two antenna connectors. how can i control this under linux ? any expirience ? thx for your help ! roland _ Aberja - Die Hybridsuchmaschine --- http://www.Aberja.com _ Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB, POP more! http://www.everyone.net/selectmail?campaign=tag --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Shorewall rules and stuff. ;)
Hi all, I'm running a bering firewall on my production system (after upgrading from eigerstien). And very impressed with Bering great job. I managed a complete system upgrade from eigerstein, using wget, and all done remote via ssh, LOT's of planning ahead, *fingers crossed on the first reboot*, and yes I do have a HDD that bering boots from ;o). I have a couple of question about shorewall and stuff I'm running version 1.3 from on the base install of bering. I was reading the shorewall help and have a question about this line. # ORIGINAL DEST (0ptional -- only allowed if ACTION is DNAT or # REDIRECT) If included and different from the IP # address given in the SERVER column, this is an address # on some interface on the firewall and connections to # that address will be forwarded to the IP and port # specified in the DEST column. It says I can't use the ORIGINAL DEST it is an ACCEPT rule? My firewall is located in a remote hosting facility and I need to be able to get to it via the external interface. My external interface has multiple live IPs on it. I wish to secure it so as SSH is only open/avalialbe on one IP address. I would like to be able to do this? ACCEPT net:202.53.xxx.xxx,203.94.xxx.xxx fw tcp 22 - 67.106.XXX.XXX So as when a port scan/security check happens it won't show SSH open (or closed for that matter) on any of the IPs apart from the single firewall one. I also ran some scans on my firewall usind Nessus (www.nessus.org) and it showed up the following. I scanned my firewall IP, not an IP that I'm DNAT through to the DMZ. The remote host does not discard TCP SYN packets which have the FIN flag set. Is this something I have to worry about? Is there away to fix this? I also ran an nmap scan on my firewall IP. Port State Service 22/tcp openssh 113/tcpclosed auth 135/tcpclosed loc-srv I'm have no idea why 113 and 135 are showing as open. These are my firewall rules. #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST ACCEPT fw loc tcp 53 ACCEPT fw loc udp 53 # ACCEPT loc fw tcp 22 ACCEPT net fw tcp 22 # ACCEPT loc fw icmp8 ACCEPT net fw icmp8 # ACCEPT loc fw tcp 80 # Mystique DNATnet loc:10.0.100.32 tcp 80 - 67.106.xxx.xxx DNATnet loc:10.0.100.33 tcp 80 - 67.106.xxx.xxx DNATnet loc:10.0.100.34 tcp 80 - 67.106.xxx.xxx DNATnet loc:10.0.100.35 tcp 80 - 67.106.xxx.xxx DNATnet loc:10.0.100.40 tcp 80 - 67.106.xxx.xxx DNATnet loc:10.0.100.31 tcp 80 - 67.106.xxx.xxx DNATnet loc:10.0.100.30 tcp 80 - 67.106.xxx.xxx DNATnet loc:10.0.100.10 tcp 80 - 67.106.xxx.xxx DNATnet:202.53.xxx.xxx loc:10.0.100.10 tcp 3389- 67.106.xxx.xxx DNATnet loc:10.0.100.10 tcp 53 - 67.106.xxx.xxx DNATnet loc:10.0.100.10 udp 53 - 67.106.xxx.xxx DNATnet:202.53.xxx.xxx,203.94.xxx.xxx,64.28.xxx.xxx loc:10.0.100.20 tcp 1352- 67.106.xxx.xxx DNATnet loc:10.0.100.10 tcp ftp - 67.106.xxx.xxx # # Storm/Rogue DNATnet loc:10.0.100.11 tcp 80 - 67.106.xxx.xxx DNATnet:202.53.xxx.xxx loc:10.0.100.11 tcp 3389- 67.106.xxx.xxx DNATnet loc:10.0.100.11 tcp 53 - 67.106.xxx.xxx DNATnet loc:10.0.100.11 udp 53 - 67.106.xxx.xxx DNATnet:202.53.xxx.xxx,211.34.xxx.xxx loc:10.0.100.21 tcp 1352- 67.106.xxx.xxx DNATnet:202.53.xxx.xxx loc:10.0.100.22 tcp 1352- 67.106.xxx.xxx DNATnet loc:10.0.100.22 tcp 25 - 67.106.xxx.xxx DNATnet loc:10.0.100.21 tcp 25 - 67.106.xxx.xxx # Cyclops DNATnet:202.53.xxx.xxx loc:10.0.100.12 tcp 3389- 67.106.xxx.xxx DNATnet:202.53.xxx.xxx loc:10.0.100.23 tcp 1352- 67.106.xxx.xxx DNATnet loc:10.0.100.36 tcp 80 - 67.106.xxx.xxx # Wolverine DNATnet:202.53.xxx.xxx loc:10.0.100.13 tcp 3389- 67.106.xxx.xxx Any feedback on the above would be muchly appreciated before I go too far and put in the rest of my system configuration (40 more servers :o() I'm also trying to figure out how to setup bering to email me my firewall log's on a dialy basis so I can run them through a scanner. And last but not least I wish to upgrade shorewall to 1.4 but I'm a little scared to do so
[leaf-user] AW: Emissionsreport
RENDITESENSATION Independentfilme schlagen Majorproduktionen --- Finanzexperten raten derzeit fuer ein gewinnbringendes Investment zur genaueren Betrachtung der Medienbranche. Die Aktienwerte aus diesem Segment erlebten in der juengsten Vergangenheit den dramatischsten Werteverfall in der Boersengeschichte. EMTV, Kinowelt, Senator, InMotion oder Internationalmedia schrumpften Ihrer Bewertung von teilweise einigen Milliarden Euro auf ein Bruchteil zusammen. Das obwohl im krassen Gegensatz die Erloese aus DVD/Homevideo oder die Einnahmen an den Kinokassen kontinuierlich gestiegen sind. Der Zeitpunkt ist so guenstig wie nie um in diesen Markt zu investieren. +++ Betrachten Sie die aktuelle Studie der Highflyerkandidaten: http://[EMAIL PROTECTED]/bullbear/infoget.html +++ Einer der erfolgreichsten Maenner in diesem Geschaeft ist T.J. Coleman, er ist einer der erfahrensten Branchenteilnehmer ueberhaupt, er hat in den letzten zwanzig Jahren nachweisbare Erfolge mit den hoechsten ROI für Filmproduktionen (Return on Investment) wie z.B. Teen Wolf oder Valley Girl produziert. Diese Filme spielten das 40-fache bzw. das Hundertfache des eingesetzten Kapitals ein. +++ NEUemission in der Medienbranche - informieren Sie sich HIER: http://[EMAIL PROTECTED]/bullbear/infoget.html +++ Das neue Konzept von T.J. Coleman liegt nun vorwiegend in der Vermarktung von Zweitrechten, die im Moment zu Tiefstpreisen zu haben sind. Dabei wird ein Schwerpunkt auf Spezial- und Kultfilme gelegt, anders als die Releases und Major Distributionen. Die sechs grossen Vertriebsfirmen (Warner, Fox, Sony etc.) Konzentrieren sich nicht auf diesen Nischenmarkt sondern primaer auf neue Majorproduktionen die mit einem enorm hohen Werbebudget an moeglichst breites publikum vermarktet werden muessen. Colemans Konzept ist nicht als Konkurrenz zu den Majors zu sehen, sondern eher als Ergaenzung, da auch Filme der Majors ueber seine Unternehmensstrategie in den Kinos vermarktet werden. Insbesondere wenn ein Major nicht das finanzielle Risiko einer Vollvermarktung tragen moechte. Prospektunterlagen unter: http://[EMAIL PROTECTED]/bullbear/infoget.html -- Diese Nachricht erscheint im Text-Format. Dir grafische Darstellung finden Sie unter http://[EMAIL PROTECTED]/bullbear/infoget.html Sie erhalten diese Mail da Ihre Empfangsadresse in unserer Datenbank registriert ist - zum AUSTRAGEN klicken Sie diesen Link http://[EMAIL PROTECTED]/bullbear/aus.html Disclaimer: Alle Investments haben ein gewisses Risiko, schlimmstenfalls ist ein Totalverlust des eingesetzten Kapitals moeglich. Diese Angaben und Informationen wurden rewissenhaft recherchiert, sind aber frei von jeglicher Gewaehr. (integration blow overcome) --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] iwconfig version problem
Roland Frei wrote: hi since i use the new wisp image my aironet works (the most) with some special commands i have still some problems. # iwconfig netcs0 txpower 10mW Warning: Driver for device netcs0 has been compiled with version 0 of Wireless Extension, while this program is using version 16. Some things may be broken... looks live a compile problem ??... It looks to be a driver problem, actually. other question is : aironet 350 has two antenna connectors. how can i control this under linux ? any expirience ? WISP-Dist already sets the diversity to the right one; you can control it in /proc/driver/aironet. The code which sets the diversity is in /etc/network/wireless-start thx for your help ! roland _ Aberja - Die Hybridsuchmaschine --- http://www.Aberja.com _ Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB, POP more! http://www.everyone.net/selectmail?campaign=tag --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Best Regards, Vladimir Ivaschenko Thunderworx - Senior Systems Engineer (RHCE) --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] some help please .
hello all i have now my shapping control running ( i hope , because shorewall start without any boot error message). I appreciate Any help to find whats wrong in my setting. Thanks i just discovered the weblet interface. The firewall status are in Error ( just 5min after rebooting): firewall Firewall Status: error You have 518 denied or rejected packets in your recent packet logs. ::Hits sorted by porttype:: hits port Service 134 80 www 119 137 netbios-ns 110 138 netbios-dgm 28 1214 27 1428 20 1900 18 28431 7 5499 7 27024 7 27023 ## After 1 hour : i have that firewall Firewall Status: error You have 2637 denied or rejected packets in your recent packet logs. ::Hits sorted by porttype:: hits port Service 422 137 netbios-ns 335 138 netbios-dgm 295 80 www 127 27015 118 27024 118 27023 118 27022 118 27021 118 27020 118 27019 118 27018 118 27017 118 27016 There are some of my Shorewall setting. ALL THE REST ARE DEFAULT ## Shorewall.conf ADD_IP_ALIASES=Yes (because i am usint SNAT) MANGLE_ENABLED=Yes TC_ENABLED=Yes CLEAR_TC=No MARK_IN_FORWARD_CHAIN=Yes ## TCRULES: #MARK SOURCE DESTPROTO PORT(S) CLIENT PORT(S) 1 eth10.0.0.0 all 2 fw 0.0.0.0 all 3 fw 0.0.0.0 tcp 80 4 fw 0.0.0.0 tcp 20 4 fw 0.0.0.0 tcp 21 4 fw 0.0.0.0 tcp 1214- 4 fw 0.0.0.0 tcp 4329 4 fw 0.0.0.0 tcp 4661:4665 4 fw 0.0.0.0 tcp 412 ## TOS: #SOURCE DESTPROTOCOLSOURCE PORTSDEST PORTS TOS all all tcp - ssh 16 all all tcp ssh - 16 all all tcp - ftp 4 all all tcp ftp - 4 all all tcp 80 80 16 all all tcp ftp-data- 2 all all tcp - ftp-data2 all all tcp - 12142 all all tcp 1214- 2 all all tcp 4329- 2 all all tcp - 43292 all all tcp 4661:4665 - 2 all all tcp - 4661:4665 2 all all tcp 412 - 2 all all tcp - 412 2 ## RULES: # Playing Games online : Camelot # ACCEPT fw net:193.252.123.0/24tcp 1280 ACCEPT fw net:193.252.123.0/24tcp 10500:10504 ACCEPT fw net:193.252.123.0/24tcp 10622:10624 ## TCSTART run_tc qdisc add dev eth0 root handle 1: htb default 30 run_tc class add dev eth0 parent 1: classid 1:1 htb rate 128kbps ceil 128kbps run_tc class add dev eth0 parent 1:1 classid 1:10 htb rate 72kbps ceil 128kbps burst 2k prio 1 run_tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbps ceil 128kbps prio 2 run_tc class add dev eth0 parent 1:1 classid 1:12 htb rate 24kbps ceil 128kbps prio 3 run_tc filter add dev eth0 protocol ip parent 1:0 prio 4 handle 2 fw classid 1:10 run_tc filter add dev eth0 protocol ip parent 1:0 prio 5 handle 3 fw classid 1:11 run_tc filter add dev eth0 protocol ip parent 1:0 prio 6 handle 4 fw classid 1:12 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html