Re: [leaf-user] dns dies?
On Tuesday 01 July 2003 04:26 pm, Raymond Page wrote: not really sure what the problem is, and could use debugging pointers, ie. look for processes, how to enable and then check relevant logs, so i can be more elaborate with what is wrong. My problem is that after an hour or so of no active internet use, I lose the ability to dns lookups from my Bering box. It can ping nameservers, however the lookup seems to have died. Any ideas why? I'm using dnscache, might tinydns be better? It sounds as if dnscache is hanging on you. There are some sites that simply do not conform to the settings of dnscache. Tinydns is an entirely different beast as it *is* a full dns server, not a caching server. The 'maradns' package would be the next best choice that works around the issues that dnscache has and possibly a better option in your situation. Any loggable problems with dnscache would be found in either /var/log/syslog or /var/log/daemon.log. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problems detecting NIC's
On Tuesday 01 July 2003 05:38 am, Stefaan Van Dooren wrote: Problem solved. I downloaded drivers from ftp://ftp.dlink.co.uk/pub/adapters/dfe-530tx/linux_dlkfet-4.24.tar.gz Compiled them on a test machine I found (different kernel, but also 2.2), put them on the DOC, changed nessecary configs et voilla !!! Module is called rhinefet.o by DLINK instead of via-rhine.o Stefaan, Could you submit the module to the LEAF 'patch-manager' linked off of the LEAF homepage? It may be useful to others down the road. Thx, Lynn -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] How to package ?
Hi ppl, Sorry if this sound as a stupid Questions, but I need your guide.. I just wondering how could I Packages a software that running On other system ( redhat ) into Bering? Can I just copy all the library And configurations file from Redhat to bering and make a full Backup or there was a procuder To do that? May someone give me some pointer on this? As always, thanks in Advances, zamri --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to package ?
On Wednesday 02 July 2003 02:14 am, ijez wrote: Hi ppl, Sorry if this sound as a stupid Questions, but I need your guide.. I just wondering how could I Packages a software that running On other system ( redhat ) into Bering? No you cannot. Read the 'developers guide' section in this document: http://leaf-project.org/doc/guide/ -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Safe transparent proxying via DS1.02 and Squid
Hello Everyone, I needed to perform transparent proxying wherein web clients from both public and private net can access my internal web site. So I rolled a squid.lrp package that came from a redhat6.2, and followed the instructions found here: http://www.flounder.net/ipchains/ipchains-howto.html#8 http://users.gurulink.com/drk/transproxy/transproxy-linux21-squid1.html With the squid package also running at port 80 in my DS1.02 based border router box, I managed to get the entire setup working. Now my problem is that, the setup ended getting abused as it was used to send spam all over. My IP got black listed on some sites and so on. An exact explanation of what happend is found here: http://www.fr2.cyberabuse.org/?page=abuse-proxy My question now is, how do I get this requirement properly set? I needed to do transparent proxying at port 80 and at the same time, avoid getting abused. Any hists on proper firewalling techniques, etc, on this matter is greately appreciated. TIA - VIC --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] natsemi driver..
On Tuesday 01 July 2003 10:12 am, Homer Parker wrote: On Tue, 24 Jun 2003 16:29:31 -0500 Lynn Avants On Tuesday 24 June 2003 04:25 pm, Bibinsa wrote: [...] Kernel modules don't use pci-scan, but the Donald Becker modules do. Different section of the 'modules tree'. Ah-ha!!! I just went rooting around the modules for Bering 1.2, and there are 2 natsemi ;) One is under kernel/drivers/net and the other is just under net.. I guess the later are the Becker drivers? That's what I was saying.. Becker's modules use pci-scan.o, the stock kernel modules do not. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] BeringUclibC 1.2 and sshd.lrp listed on leaf.sourceforge.net
On Tuesday 01 July 2003 01:50 pm, Charles Holbrook wrote: Um never mind I went and downloaded the latest one and now it is loading up without a problem. BTW the leaf.sourceforge.net/ReleasesBranches/Bering-uClibC/packages link to sshd is the one I had the issues with. It was the one off of Jacques Nilo's bering packages page that worked. A pointer towards your missing link would be the fact that JN's binary is linked to glibc-2.0.7. I'm surprised it runs as this binary is not linked against either uclibc or glibc-2.2.5! There may be a problem with the uclibc sshd binary, but I don't see any of JN's packages being a drop-in replacement _unless_ you load a glibc set of libraries. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] How to package ?
Lynn, Thanks for your quick respon.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lynn Avants Sent: Wednesday, July 02, 2003 : ijez : 3:02 PM To: ijez; [EMAIL PROTECTED] Subject: Re: [leaf-user] How to package ? On Wednesday 02 July 2003 02:14 am, ijez wrote: Hi ppl, Sorry if this sound as a stupid Questions, but I need your guide.. I just wondering how could I Packages a software that running On other system ( redhat ) into Bering? No you cannot. Read the 'developers guide' section in this document: http://leaf-project.org/doc/guide/ I will start from there, Thank once again. Regards, Zamri --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Vic At 15:02 02.07.2003 +0800, Victor Berdin wrote: Hello Everyone, I needed to perform transparent proxying wherein web clients from both public and private net can access my internal web site. Transparent proxying AFAIK is nothing but redirection of packets to the relevant port(s) to a proxy server. Relevant is the word here. Now my problem is that, the setup ended getting abused as it was used to send spam all over. My IP got black listed on some sites and so on. An exact explanation of what happend is found here: http://www.fr2.cyberabuse.org/?page=abuse-proxy I am puzzled, I always thought spam was distributed using mail,e.g.SMTP, port 25, how exactly was your server abused? Unless your Gateway was completely compromised I do not see how Squid was used to forward mail. Please enlighten me Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Erich Titl [EMAIL PROTECTED] schrieb: I am puzzled, I always thought spam was distributed using mail,e.g.SMTP, port 25, how exactly was your server abused? Unless your Gateway was completely compromised I do not see how Squid was used to forward mail. It must not become abused in this case. He could get on the abuse list, only because he is a open proxy. THINK [:)] about webmail clients. If you can use his proxy to hack his internal webmail client, the spammer got what he wants. A open proxy can also be used for DoS. Using the CONNECT feature you possibly can connect to any port on a remote machine. Just some ideas... Cu -- written with FeLaMiMail --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VPN solution needed
On Tuesday 01 July 2003 04:32 pm, JamesSturdevant wrote: I am looking for VPN solutions to connect my classroom to my home network. Most of the VPN software indicates that you need to have control of the end points. I do not. I have control of the Mandrake system and the LEAF system shown below. Is there software available to establish a VPN between LEAF and Mandrake? Given the situation that one of the subnets (classroom) is being NAT'ed twice, the best VPN option for you would be to run the latest version of Ipsec with NAT-transversal (likely the only solution in this case). I believe Jacques has the updated ipsec package in his /testing directory and likely someone onlist with experience running NAT-transversal can give you a hand configuring it. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Hello Erich, - Original Message - From: Erich Titl [EMAIL PROTECTED] To: Victor Berdin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 4:08 PM Subject: Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid Vic [snipped] I am puzzled, I always thought spam was distributed using mail,e.g.SMTP, port 25, how exactly was your server abused? Unless your Gateway was completely compromised I do not see how Squid was used to forward mail. Please enlighten me Perhaps it is indeed compromised. Only my logs are no longer available as I'm clearing them automatically via cron (due to ramdisk limitations, ouch!). But I really have no idea how to make use of an open proxy server to send out mail spam. But according to my ISP, that's exactly what happened. I notified my ISP soon as I realized that my bandwith is maxed out and my private net has nothing to do with it. What is physically evident is that, during my tests, my external device kept on blinking like mad. Isuing an 'ifconfig' command shows that RX and TX packets of the external device kept on incrementing while the internal RX/TX isn't moving at all. This shows that unwanted packets are simply flowing into the box then back out again (perhaps to the spam target/s), without touching my private net. Then my ISP forwarded me this: Dear Network Security: (You are receiving this message because your local IP registry and/or DNS showed that you are the owner of this IP address, or that you are the access provider for this IP address. If you are not responsible for the system at this address, PLEASE FORWARD to the responsible party!) One of your users (IP XXX.XXX.XXX.XXX) is running an open proxy server that is being used to forward untold tens of thousands of junk emails daily. PLEASE shut down this abusive user. This user has open proxies running on port 80. The proxycheck program clearly shows the open proxy port: [EMAIL PROTECTED] pck XXX.XXX.XXX.XXX To check: hosts=1, proto:ports=63, host:proto:ports=63 XXX.XXX.XXX.XXX:hc:80: HTTP request successeful (200) XXX.XXX.XXX.XXX hc:80 open NumOpen=1(1) NRead=119 Time=23 Note: There may be other open proxy ports in addition to the ones listed above. This user is so abusive, they have managed to get themselves listed in the MONKEYS.COM open proxy list: http://www.monkeys.com/upl/listed-ip-0.cgi?ip=XXX.XXX.XXX.XXX They have also managed to get themselves blacklisted as an open proxy by NJABL.ORG: http://njabl.org/cgi-bin/lookup.cgi?query=XXX.XXX.XXX.XXX Finally, the investigation of this IP address was triggered by this system port scanning our MTA (a common indicator that a proxy server is about to try to send spam) as shown in the following log record(s): Jun 29 16:54:27 trustem01.trustem.net sendmail[953]: h5TKsQlq000953: [XXX.XXX.XXX.XXX] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA [FURTHER MESSAGES SNIPPED] At present I'm scouring the net for info on how to go about with this. This is really embarassing as I had no idea that having an open proxy server is a no-no. (http://theproxyconnection.com/openproxy.html) But it is my requirement to allow EVERYBODY to be able to access my web server in the private net. Perhaps some more squid howto is the answer. But further tips on tightening a firewall is also very much welcome (TIA). The blacklist is lifted now, but I currently opt to use a backup IP until I get this fixed. :o( TIA - Vic --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Hi again, I notified my ISP soon as I realized that my bandwith is maxed out and my private net has nothing to do with it. This just confirms my previous post. What is physically evident is that, during my tests, my external device kept on blinking like mad. Isuing an 'ifconfig' command shows that RX and TX packets of the external device kept on incrementing while the internal RX/TX isn't moving at all. This shows that unwanted packets are simply flowing into the box then back out again (perhaps to the spam target/s), without touching my private net. Exactly, this also confirms that the webmail system is not affected at all. You have an OPEN RELAY proxy. The abuser just asks for a page (coming traffic in your external interface), the proxy accepts and connects to it (outgoing traffic in the outside interface). The internal interface is not touched at all :) Then my ISP forwarded me this: [...] PLEASE shut down this abusive user. This user has open proxies running on port 80. The proxycheck program clearly shows the open proxy port: [EMAIL PROTECTED] pck XXX.XXX.XXX.XXX To check: hosts=1, proto:ports=63, host:proto:ports=63 XXX.XXX.XXX.XXX:hc:80: HTTP request successeful (200) XXX.XXX.XXX.XXX hc:80 open NumOpen=1(1) NRead=119 Time=23 Your ISP has detected the open relay proxy :) At present I'm scouring the net for info on how to go about with this. This is really embarassing as I had no idea that having an open proxy server is a no-no. (http://theproxyconnection.com/openproxy.html) Please, understand a reverse proxy is not the same than an open relay proxy. A reverse proxy is just a proxy that acts as a web server, listenning in port 80. The difference is it only accepts url behind the proxy. An open relay proxy is configured exactly the same BUT accepts any url. But it is my requirement to allow EVERYBODY to be able to access my web server in the private net. A reverse proxy will do this. Perhaps some more squid howto is the answer. But further tips on tightening a firewall is also very much welcome (TIA). Regards. -- Jaime Nebrera - [EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Hi, I needed to perform transparent proxying wherein web clients from both public and private net can access my internal web site. Why do you need the transparent proxy? Do you need a reverse proxy to speed up web access (local cache), do you need load balancing, do you need extra protection? Now my problem is that, the setup ended getting abused as it was used to send spam all over. Do you run some kind of webmail? If the problem is spam related, most probably your users are using your wemail system to send spam. In that case, a proxy wont help you at all. You have to educate your users, impose some restrictions (like number of emails a day a user can send) or improve your user selection. Still, nothing to do with the proxy. But I believe most probably you have been banned because of an open proxy. In this case, your proxy does its work even with urls that you dont control and this is bad. You have to configure the proxy to allow petitions only for those domains you control and that are BEHIND the reverse proxy. My IP got black listed on some sites and so on. An exact explanation of what happend is found here: http://www.fr2.cyberabuse.org/?page=abuse-proxy Reading this page clarifies ALL. Now my guess was right. You have not been banned because of spam but because you have an OPEN RELAY proxy. Configure it properly. For local users I dont recall right now if SQUID allowed for different behaviour in different interfaces. If yes, configure it properly, if not, try to run two instances of squid or use a different box. My question now is, how do I get this requirement properly set? I needed to do transparent proxying at port 80 and at the same time, avoid getting abused. Any hists on proper firewalling techniques, etc, on this matter is greately appreciated. If you need further profesional assistance with this part we can help you. Just email me privatelly. Regards -- Jaime Nebrera - [EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Hi again, Why do you need the transparent proxy? Do you need a reverse proxy to speed up web access (local cache), do you need load balancing, do you need extra protection? Yes, I'm using it as a reverse proxy. Yes, but why? There are better solution depending of what you want to achieve. -- Jaime Nebrera - [EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Hello once more, - Original Message - From: Jaime Nebrera Herrera [EMAIL PROTECTED] To: Victor Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 5:53 PM Subject: Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid Hi again, Why do you need the transparent proxy? Do you need a reverse proxy to speed up web access (local cache), do you need load balancing, do you need extra protection? Yes, I'm using it as a reverse proxy. Yes, but why? There are better solution depending of what you want to achieve. All I needed is to *securely* open my private web server to the public net. I figured squid can do that via httpd_accel_host _port. Please do point me to other open source solutions if others are more appropriate. TIA - Vic --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Hello Jaime, - Original Message - From: Jaime Nebrera Herrera [EMAIL PROTECTED] To: Victor Berdin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 5:22 PM Subject: Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid [snip] Why do you need the transparent proxy? Do you need a reverse proxy to speed up web access (local cache), do you need load balancing, do you need extra protection? Yes, I'm using it as a reverse proxy. Do you run some kind of webmail? If the problem is spam related, most probably your users are using your wemail system to send spam. In that case, a proxy wont help you at all. You have to educate your users, impose some restrictions (like number of emails a day a user can send) or improve your user selection. Still, nothing to do with the proxy. No that is not that case at all. My internal net lay dormant as my box kept on receiving and automatically forwarding junk packets. But I believe most probably you have been banned because of an open proxy. In this case, your proxy does its work even with urls that you dont control and this is bad. You have to configure the proxy to allow petitions only for those domains you control and that are BEHIND the reverse proxy. http://www.fr2.cyberabuse.org/?page=abuse-proxy Reading this page clarifies ALL. Now my guess was right. You have not been banned because of spam but because you have an OPEN RELAY proxy. Configure it properly. Perhaps, but an e-mail from my ISP details that my box was used to send tons of spam. :o( For local users I dont recall right now if SQUID allowed for different behaviour in different interfaces. If yes, configure it properly, if not, try to run two instances of squid or use a different box. It is highly possible that I'm not setting it up properly. And yeah, the DOCs are my friends. Plus I was so harsh/excited to place the box in the jungle right away soon as I got it up, without doing security tests. :o( I learned my lesson, the challenge now is to fix it. Thanks for your reply, Vic --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Victor Berdin wrote: snip At present I'm scouring the net for info on how to go about with this. This is really embarassing as I had no idea that having an open proxy server is a no-no. (http://theproxyconnection.com/openproxy.html) But it is my requirement to allow EVERYBODY to be able to access my web server in the private net. Perhaps some more squid howto is the answer. But further tips on tightening a firewall is also very much welcome (TIA). If you *REALLY* want to do this using a proxy like squid, you need to put appropriate access rules in place. Start by denying everything. Then enable access *ONLY* to your local web server for all IP's. Finally, you can enable general access for users on your local lan, if necessary. I'm not a squid guru, but the info on setting this up should be in the squid documentation and/or various HOWTOs. I suggest you start with the access control section of the squid manual: http://squid.visolve.com/squid24s1/access_controls.htm Looks like you can control access based on source IP, destination, and protocol...everything you need to lock down the proxy to *JUST* allowing access to your local server, rather than the internet in general. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid
Hello Charles, - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Victor Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 8:07 PM Subject: Re: [leaf-user] Safe transparent proxying via DS1.02 and Squid Victor Berdin wrote: snip At present I'm scouring the net for info on how to go about with this. This is really embarassing as I had no idea that having an open proxy server is a no-no. (http://theproxyconnection.com/openproxy.html) But it is my requirement to allow EVERYBODY to be able to access my web server in the private net. Perhaps some more squid howto is the answer. But further tips on tightening a firewall is also very much welcome (TIA). If you *REALLY* want to do this using a proxy like squid, you need to put appropriate access rules in place. Start by denying everything. Then enable access *ONLY* to your local web server for all IP's. Finally, you can enable general access for users on your local lan, if necessary. I'm not a squid guru, but the info on setting this up should be in the squid documentation and/or various HOWTOs. I suggest you start with the access control section of the squid manual: http://squid.visolve.com/squid24s1/access_controls.htm Looks like you can control access based on source IP, destination, and protocol...everything you need to lock down the proxy to *JUST* allowing access to your local server, rather than the internet in general. -- Charles Steinkuehler [EMAIL PROTECTED] But it is my requirement that I allow both public and private, directing them to a specific web server in my private net. I think I've got it with hints from Jaime. Need to test further though before raising it up again in the harsh public environment ;o) - Vic --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] snmp ?
Hi! I need to query the wisp router parameters over snmp I put the folowing: snmpwalk -v 1 192.168.30.11 public .1.3.6.1.4.1.2021.254 enterprises.ucdavis.254.1.1 = netcs0 enterprises.ucdavis.254.1.2 = netcs1 enterprises.ucdavis.254.2.1 = Gauge32: 0 enterprises.ucdavis.254.2.2 = Gauge32: 0 enterprises.ucdavis.254.3.1 = Gauge32: 0 enterprises.ucdavis.254.3.2 = Gauge32: 0 enterprises.ucdavis.254.4.1 = Gauge32: 0 enterprises.ucdavis.254.4.2 = Gauge32: 0 enterprises.ucdavis.254.5.1 = Gauge32: 0 enterprises.ucdavis.254.5.2 = Gauge32: 0 enterprises.ucdavis.254.6.1 = Counter32: 0 enterprises.ucdavis.254.6.2 = Counter32: 0 enterprises.ucdavis.254.7.1 = Counter32: 0 enterprises.ucdavis.254.7.2 = Counter32: 0 enterprises.ucdavis.254.8.1 = Counter32: 0 enterprises.ucdavis.254.8.2 = Counter32: 0 enterprises.ucdavis.254.9.1 = Counter32: 168 enterprises.ucdavis.254.9.2 = Counter32: 1483 enterprises.ucdavis.254.10.1 = Counter32: 267958 enterprises.ucdavis.254.10.2 = Counter32: 1068393 enterprises.ucdavis.254.11.1 = Counter32: 0 enterprises.ucdavis.254.11.2 = Counter32: 0 enterprises.ucdavis.254.12.1 = Counter32: 268153 enterprises.ucdavis.254.12.2 = Counter32: 1070076 I need the AP parameters clients signal noise (254.11) but the snmpwalk , snmpget not write any information. How can I find the problem ? Robit --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] business proposal.
From: Dr. Muhammed Haruna Director of budget and planning Independent National Electoral Commission (INEC) Lagos - Nigeria Good day to you, It is with a sense of need that I am writing you on this confidential business offer irrespective of the fact that we have not met before. But nevertheless I am determined to communicate with you, with the conviction that you will give my proposal a consideration. As earlier stated I am Dr. Muhammed Haruna, the Director of Budget and Planning of the Independent National Electoral Commission (INEC). My Agency is in charge of conducting all elections in my country Nigeria. By virtue of my unique position in office as the Director of Budget and Planning, I was appointed by the commission to become the chairman of foreign contract tender board committee whose responsibility is to award and supervise foreign contract to ensure it is executed promptly. Consequently, I the chairman of the tender board committee in collaboration with two other top committee members over-invoiced certain contract for the supply of electoral equipment needed for the last elections in April 2003. The initial cost of the contract was pegged at US$50 million. But after the feasibility study was done, while submitting my report to the office of the presidency for final approval, we deliberately inflated the cost to an excess amount of US$20.5 million making the cost to be US$ 70.5 million. Right now, we are constrained to claim the funds due to certain laws enacted by the government guiding the conduct of officials of the civil service, which prohibits top civil servants working under Government establishment from operating offshore or foreign Account. This situation has kept us in a fix to openly come forward to claim the outstanding balance of US$20.5 million. Hence after series of private meetings we decided to make contact in order to get a reliable foreign partner whom we will forward his or her credentials to claim the fund based on mutual trust and agreement. In a nutshell, we need your assistance and support to claim this fund. So that at a later date convenient for us, we will come over to your country after the funds have been transferred. We will meet you and collect our own percentage while you will keep the rest as yours. For your support and total dedication to realize the objectives of this deal, you shall be entitled to 25% of the sum total while 70% of the fund belongs to the three officials involved in the deal. 5% will be used to reimburse any party that incurs any cost in the course of executing this project. Note, you are vividly assured that you will not be subjected to any kind of risk for your support and involvement in this venture hence we have piloted a good strategy to ensure the deal goes smoothly of which we have targeted two weeks duration to accomplish our aim. Kindly treat this matter Absolutely confidential because the officials involved are still in service and some of us intend to resign our appointment immediately after the deal is finalized. I look forward to hearing positively from you while further details will be given as soon as I get your response. Best Regards Dr. Muhammed Haruna --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
Am 21:39 2003-06-23 +0200 hat K.-P. Kirchdörfer geschrieben: The main argument was that Dave misused a technical and project site for a political statement - the comment itself has been treated more carefully in terms of free speach - very american - I appreciated that. Unfortunately the archives of LRP aren't accessible anymore. Hello, Because I was since 03/1999 on the mailinglist of http://www.linuxrouter.org/ I have a private archive. I will try to get a cheep 128/64KBit ADSL with dyn-DNS running and put my Archive online. Michelle --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Problems detecting NIC's
Lynn, This should be done now. Request ID 764718. Can you check if I followed the correct procedure ? Stefaan -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Lynn Avants Verzonden: woensdag 2 juli 2003 8:43 Aan: [EMAIL PROTECTED] Onderwerp: Re: [leaf-user] Problems detecting NIC's On Tuesday 01 July 2003 05:38 am, Stefaan Van Dooren wrote: Problem solved. I downloaded drivers from ftp://ftp.dlink.co.uk/pub/adapters/dfe-530tx/linux_dlkfet-4.24.tar.gz Compiled them on a test machine I found (different kernel, but also 2.2), put them on the DOC, changed nessecary configs et voilla !!! Module is called rhinefet.o by DLINK instead of via-rhine.o Stefaan, Could you submit the module to the LEAF 'patch-manager' linked off of the LEAF homepage? It may be useful to others down the road. Thx, Lynn -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] FW: need advice,two interfaces-bering
Sorry if this is a double post. Hi all; I find the leaf project very interesting. I would like to set up a two interface box and then eventually migrate to a 3 interface setup. My goal is to replace a windows proxy machine and have control over port forwarding/firewalling. I'm using a cisco 800 router (from my wireless internet company) that I see internally as 192.168.201.200 . It can be configured to block/forward ports to internal machines. My subnet is 192.168.201.0(255.255.255.0) and the 192.168.201.200 is the default gateway. I want to forward all ports from the router to the bering/shorewall. From the leaf box then forward web and ssh to different machines. Because this is my first attempt using leaf I'm trying to do all testing offline. I'm trying to simulate external access using a machine connected via a cross-over cable connected to eth0 and eth1 connected to my internal network. I configured shorewall to forward web and ssh to 192.168.201.248 (linuxserver). eth1 ip addr is 192.168.201.161 and eth0 is 192.168.1.160 . Changed linuxserver gw to 192.168.201.161 . Configured external machine as 192.168.1.242 . linuxserver can ping leaf box, leaf box can ping both linuxserver and ext machine , ext machine can ping leaf box but if I open a web or ssh session in the ext machine to ip 192.168.1.160 it wont get forwarded to the linuxserver. Can it be tested this way ? I have read a lot of documentation but I'm still a little confused. Any pointers would be appreciated. If this setup is right for testing let me know and I will include the conf files of the leaf box. Thanks to all _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Question regarding tc.lrp and shorewall
To do traffic shaping, does shorewall require tc.lrp? I'd like to do traffic shaping and thought I read shorewall did that, but it didn't mention requiring tc, and reading the Bering-uClibc package list makes it sound like it might be required. Appreciate an answer or pointers to traffic shaping information links. Thanks, Ray --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering often doesn´t connect at startup
Hello I´m using Bering 1.1 floppy firewall. When the firewall starts, the most of the times, the workstations don´t connect. I would appreciate if somebody could give a hint. I don´t know if the problem caused by the firewalll or by my ISP. I check the connection with ping www.yahoo.com in the firewall. The operator has to restart the firewall until the workstations connect well. I have to use ifdown ppp0 and ifup ppp0 one or more times until the firewall connects well. I have set my ISP DNS IPs in /etc/resolv.conf, but the connection also fails. Even if the firewall connects or not, ppp0 is defined. The output of ip add show allways is: 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:20:18:03:65:62 brd ff:ff:ff:ff:ff:ff 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:21:86:92:56 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1 5: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 200.45.216.85 peer 200.3.62.137/32 scope global ppp0 and the ip route show is also the same with a good and a bad connection: = 200.3.62.137 dev ppp0 proto kernel scope link src 200.45.216.85 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 default via 200.3.62.137 dev ppp0 = The daemon.logs are different with a good and a bad connection. Daemon.log with a GOOD connection at startup = Jul 1 11:00:22 firewall pppd[10802]: rcvd [LCP ConfReq id=0x81 mru 1492 auth pap magic 0x7fb977c3] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [LCP ConfAck id=0x81 mru 1492 auth pap magic 0x7fb977c3] Jul 1 11:00:22 firewall pppd[10802]: Couldn't increase MRU to 1500 Jul 1 11:00:22 firewall pppd[10802]: sent [LCP EchoReq id=0x0 magic=0x839a0621] Jul 1 11:00:22 firewall pppd[10802]: sent [PAP AuthReq id=0x1 user=[EMAIL PROTECTED] password=hidden] Jul 1 11:00:22 firewall pppd[10802]: rcvd [LCP EchoRep id=0x0 magic=0x7fb977c3] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: rcvd [PAP AuthAck id=0x1 ] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x1 addr 0.0.0.0] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfReq id=0x25 addr 200.3.62.137] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfAck id=0x25 addr 200.3.62.137] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfNak id=0x1 addr 200.45.216.85] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x2 addr 200.45.216.85] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfAck id=0x2 addr 200.45.216.85] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: local IP address 200.45.216.85 Jul 1 11:00:22 firewall pppd[10802]: remote IP address 200.3.62.137 Jul 1 11:00:22 firewall pppd[10802]: Script /etc/ppp/ip-up started (pid 11683) Jul 1 11:00:23 firewall pppd[10802]: Script /etc/ppp/ip-up finished (pid 11683), status = 0x100 Jul 1 11:00:25 firewall pppd[10802]: rcvd [LCP EchoReq id=0x1 magic=0x7fb977c3 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:25 firewall pppd[10802]: sent [LCP EchoRep id=0x1 magic=0x839a0621 68 6f 61 40] Jul 1 11:00:35 firewall pppd[10802]: rcvd [LCP EchoReq id=0x2 magic=0x7fb977c3 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:35 firewall pppd[10802]: sent [LCP EchoRep id=0x2 magic=0x839a0621 68 6f 61 40] Jul 1 11:00:42 firewall pppd[10802]: sent [LCP EchoReq id=0x1 magic=0x839a0621] Jul 1 11:00:42 firewall pppd[10802]: rcvd [LCP EchoRep id=0x1 magic=0x7fb977c3] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:45 firewall pppd[10802]: rcvd [LCP EchoReq id=0x3 magic=0x7fb977c3 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:45 firewall pppd[10802]: sent [LCP EchoRep id=0x3 magic=0x839a0621 68 6f 61 40] Jul 1 11:00:55 firewall pppd[10802]: rcvd [LCP EchoReq id=0x4 magic=0x7fb977c3 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:55 firewall pppd[10802]: sent [LCP EchoRep id=0x4 magic=0x839a0621 68 6f 61 40] Jul 1 11:01:02 firewall pppd[10802]: sent [LCP EchoReq id=0x2 magic=0x839a0621] Jul 1 11:01:02 firewall pppd[10802]: rcvd [LCP EchoRep id=0x2 magic=0x7fb977c3] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:01:05 firewall pppd[10802]: rcvd [LCP EchoReq id=0x5 magic=0x7fb977c3 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Re: [leaf-user] Question regarding tc.lrp and shorewall
On Wed, 2003-07-02 at 10:19, Raymond Page wrote: To do traffic shaping, does shorewall require tc.lrp? I'd like to do traffic shaping and thought I read shorewall did that, but it didn't mention requiring tc, Shorewall configures traffic shaping by running 'tc' -- it needs that program (which is usually installed as /sbin/tc). -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-user] Bering often doesn´t connect at startup
Hello Herbert I suppose you need a pppoe connection with pap if the ppp0 is there than you have a connection. at least with your provider, if the pppoe start wouldn't be successfull you don't have a ppp0 interface. #comments to connections script inline. I wouldn't use my Providers dns ( but use dnscache) YMMV to test if that is the problem, ping only the ip address of a server that you know should be reachable. I´m using Bering 1.1 floppy firewall. When the firewall starts, the most of the times, the workstations don´t connect. I would appreciate if somebody could give a hint. I don´t know if the problem caused by the firewalll or by my ISP. I check the connection with ping www.yahoo.com in the firewall. The operator has to restart the firewall until the workstations connect well. I have to use ifdown ppp0 and ifup ppp0 one or more times until the firewall connects well. I have set my ISP DNS IPs in /etc/resolv.conf, but the connection also fails. Even if the firewall connects or not, ppp0 is defined. The output of ip add show allways is: 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:20:18:03:65:62 brd ff:ff:ff:ff:ff:ff 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:21:86:92:56 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1 5: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 200.45.216.85 peer 200.3.62.137/32 scope global ppp0 and the ip route show is also the same with a good and a bad connection: = 200.3.62.137 dev ppp0 proto kernel scope link src 200.45.216.85 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 default via 200.3.62.137 dev ppp0 = The daemon.logs are different with a good and a bad connection. Daemon.log with a GOOD connection at startup = Jul 1 11:00:22 firewall pppd[10802]: rcvd [LCP ConfReq id=0x81 mru 1492 auth pap magic 0x7fb977c3] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [LCP ConfAck id=0x81 mru 1492 auth pap magic 0x7fb977c3] # You agree to use pap # and the authentication is succesfull Jul 1 11:00:22 firewall pppd[10802]: rcvd [PAP AuthAck id=0x1 ] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x1 addr 0.0.0.0] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfReq id=0x25 addr 200.3.62.137] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfAck id=0x25 addr 200.3.62.137] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfNak id=0x1 addr 200.45.216.85] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x2 addr 200.45.216.85] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfAck id=0x2 addr 200.45.216.85] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: local IP address 200.45.216.85 Jul 1 11:00:22 firewall pppd[10802]: remote IP address 200.3.62.137 # you got a remote and local IP # and lcp pings are succesfull Jul 1 11:00:25 firewall pppd[10802]: rcvd [LCP EchoReq id=0x1 magic=0x7fb977c3 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:25 firewall pppd[10802]: sent [LCP EchoRep id=0x1 magic=0x839a0621 68 6f 61 40] = Daemon.log with a BAD connection at startup = Jul 2 09:14:24 firewall pppd[5337]: rcvd [LCP EchoRep id=0x0 magic=0x847ea138] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 # # here the pap authentication was succesfull too. Jul 2 09:14:24 firewall pppd[5337]: rcvd [PAP AuthAck id=0x1 ] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Jul 2 09:14:24 firewall pppd[5337]: sent [IPCP ConfReq id=0x1 addr 0.0.0.0] Jul 2 09:14:24 firewall pppd[5337]: rcvd [IPCP ConfReq id=0x19 addr 200.3.62.137] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 2 09:14:24 firewall pppd[5337]: sent [IPCP ConfAck id=0x19 addr 200.3.62.137] Jul 2 09:14:24 firewall pppd[5337]: rcvd [IPCP ConfNak id=0x1 addr 200.82.32.224] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 2 09:14:24 firewall pppd[5337]: sent [IPCP ConfReq id=0x2 addr 200.82.32.224] Jul 2 09:14:24 firewall pppd[5337]: rcvd [IPCP ConfAck id=0x2 addr 200.82.32.224] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 2 09:14:24 firewall pppd[5337]: local IP address 200.82.32.224 Jul 2 09:14:24 firewall pppd[5337]: remote IP address 200.3.62.137 # # you got your address and will have set your route. # Jul 2 09:14:28 firewall pppd[5337]: rcvd [LCP
[leaf-user] Calibrating delay loop
Hi guys, I'm not sure what caused the problem. I rebooted my server, only to find that it now gets stuck at Calibrating delay loop. Using different floppies didn't work. Using different distros (including a clean Bering 1.1 version) didn't work, so I'm inclined to think it's hardware. Any ideas? I've removed the NICs and it still occurs. Replaced them and it still occurs... Thanks. Regards, --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-user] Bering often doesn´t connect at startup
At 02:23 PM 7/2/2003 -0300, Herbert Höhlke wrote: Hello I´m using Bering 1.1 floppy firewall. When the firewall starts, the most of the times, the workstations don´t connect. I would appreciate if somebody could give a hint. I don´t know if the problem caused by the firewalll or by my ISP. I check the connection with ping www.yahoo.com in the firewall. The operator has to restart the firewall until the workstations connect well. I have to use ifdown ppp0 and ifup ppp0 one or more times until the firewall connects well. I have set my ISP DNS IPs in /etc/resolv.conf, but the connection also fails. Before I wade through the distinctions in the LCP output (which I suspect, but do not know, are irrelevant to your problem), I'd like you to describe the symptoms a bit more exactly. First, until the workstations connect well is a bit vague as a characterization of the ping problem ... especially since you are ping'ing by FQN, not IP address. How EXACTLY does ping www.yahoo.com fail? What happens if you rry to ping the other end of the PPP connection (as identified in the log) by IP address? Your own end of the PPP connection? The ISP's gateway (you should be able to get that from the Bering firewall's routing table)? Whatever the router uses to resolve DNS queries (the ISP's servers?)? Whatever the workstations use to resolve DNS queries? Second, you refer to until the firewall connects well. Does this mean the Bering firewall itself cannot ping www.yahoo.com, or does it mean something else? In any case, what are the results of all the above tests when run from the router, not a workstation? Finally, instead of ip addr show, please use ip -s link show, so we (and you) can see packet counts. If the problem is actually with the PPP connection itself, that should show up as error or dropped packets. Oh, is this a PPPoE link or dialup? Even if the firewall connects or not, ppp0 is defined. The output of ip add show allways is: 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:20:18:03:65:62 brd ff:ff:ff:ff:ff:ff 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:21:86:92:56 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1 5: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 200.45.216.85 peer 200.3.62.137/32 scope global ppp0 and the ip route show is also the same with a good and a bad connection: = 200.3.62.137 dev ppp0 proto kernel scope link src 200.45.216.85 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 default via 200.3.62.137 dev ppp0 = The daemon.logs are different with a good and a bad connection. Daemon.log with a GOOD connection at startup = Jul 1 11:00:22 firewall pppd[10802]: rcvd [LCP ConfReq id=0x81 mru 1492 auth pap magic 0x7fb977c3] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [LCP ConfAck id=0x81 mru 1492 auth pap magic 0x7fb977c3] Jul 1 11:00:22 firewall pppd[10802]: Couldn't increase MRU to 1500 Jul 1 11:00:22 firewall pppd[10802]: sent [LCP EchoReq id=0x0 magic=0x839a0621] Jul 1 11:00:22 firewall pppd[10802]: sent [PAP AuthReq id=0x1 user=[EMAIL PROTECTED] password=hidden] Jul 1 11:00:22 firewall pppd[10802]: rcvd [LCP EchoRep id=0x0 magic=0x7fb977c3] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: rcvd [PAP AuthAck id=0x1 ] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x1 addr 0.0.0.0] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfReq id=0x25 addr 200.3.62.137] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfAck id=0x25 addr 200.3.62.137] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfNak id=0x1 addr 200.45.216.85] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x2 addr 200.45.216.85] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfAck id=0x2 addr 200.45.216.85] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: local IP address 200.45.216.85 Jul 1 11:00:22 firewall pppd[10802]: remote IP address 200.3.62.137 Jul 1 11:00:22 firewall pppd[10802]: Script /etc/ppp/ip-up started (pid 11683) Jul 1 11:00:23 firewall pppd[10802]: Script /etc/ppp/ip-up finished (pid 11683), status = 0x100 Jul 1 11:00:25 firewall pppd[10802]: rcvd [LCP EchoReq id=0x1 magic=0x7fb977c3 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:25 firewall pppd[10802]: sent [LCP EchoRep id=0x1 magic=0x839a0621 68 6f 61 40] Jul 1 11:00:35 firewall pppd[10802]: rcvd [LCP
Re: [leaf-user] FW: need advice,two interfaces-bering
At 05:00 PM 7/2/2003 +, Eddie Avila wrote: Sorry if this is a double post. Hi all; I find the leaf project very interesting. I would like to set up a two interface box and then eventually migrate to a 3 interface setup. My goal is to replace a windows proxy machine and have control over port forwarding/firewalling. I'm using a cisco 800 router (from my wireless internet company) that I see internally as 192.168.201.200 . It can be configured to block/forward ports to internal machines. My subnet is 192.168.201.0(255.255.255.0) and the 192.168.201.200 is the default gateway. I want to forward all ports from the router to the bering/shorewall. From the leaf box then forward web and ssh to different machines. Because this is my first attempt using leaf I'm trying to do all testing offline. I'm trying to simulate external access using a machine connected via a cross-over cable connected to eth0 and eth1 connected to my internal network. I configured shorewall to forward web and ssh to 192.168.201.248 (linuxserver). eth1 ip addr is 192.168.201.161 and eth0 is 192.168.1.160 . Changed linuxserver gw to 192.168.201.161 . Configured external machine as 192.168.1.242 . linuxserver can ping leaf box, leaf box can ping both linuxserver and ext machine , ext machine can ping leaf box but if I open a web or ssh session in the ext machine to ip 192.168.1.160 it wont get forwarded to the linuxserver. Can it be tested this way ? I have read a lot of documentation but I'm still a little confused. Any pointers would be appreciated. If this setup is right for testing let me know and I will include the conf files of the leaf box. Thanks to all This is a bit hard to follow (please try using paragraphs and conventional spelling (won't, not wont, for example). In principle, you can test a LEAF setup using what you call a simulated external connection ( I used to do this, back when I was more active on LEAF). In practice, you have to get the details right, and it is not clear whether you did so. As I read what you wrote, you have something like the following: CISCO 800 router (192.168.201.200) | -LAN (192.168.201.0/24)- | | (192.168.201.161)(192.168.201.248) eth1 eth? LEAF router linuxserver eth0 (192.168.1.160) | (192.168.1.161) eth? host that simulates external network If I have this right, you most likely have the routing table on the linuxserver configured incorrectly. Its gateway to the (simulated) Internet is the Bering router's eth1 IP address, not the simulator host at 192.168.1.161 (which it probably has no route to). But wince you didn't include that information, this is more a guess than a firm opinion. A better way to do this sort of test is to treat your LAN as the Bering router's external network, and the 192.168.1.0/24 side as the internal network. If the Bering router NATs the connection (something else you haven't said), stuff on the real LAN and the Internet will not need a route to 192.168.1.0/24, and you should be able to test the ability of the simulator host to access the linuxserver host and, more generally, the Internet. (You will have to allow the use of 192.168.201.0/24 on the external side by disabling RFC1918 firewalling,b ut you already had to do that for the test you tried). If you need further help with these tests, please refer to the SR FAQ before posting, do you will have a better idea of what details you need to include. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] uClibc ssh(d).lrp questions
Hi all, I am using the bering uClibc distro of leaf. I am attempting to setup ssh and sshd. I used makekey to generate the keys. When I try to so an scp from the LEAF to one of the systems on my local net I get: /usr/local/bin/ssh no such file or directory. Lost Connection. If I create a link in /usr/local/bin/ssh pointing to the ssh binary in /usr/local then the scp works. Is there an easy way to fix this short of leaving the link in? Next problem is with sshd. When I try to ssh from one of the machines on my local net I get: (icarus pts8) # ssh -vvv taz OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to taz [192.168.0.8] port 22. debug1: Connection established. debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug3: Not a RSA1 key file /root/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-BEGIN' debug3: key_read: no key found debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug2: key_type_from_name: unknown key type '-END' debug3: key_read: no key found debug1: identity file /root/.ssh/id_dsa type 2 ssh_exchange_identification: Connection closed by remote host debug1: Calling cleanup 0x80674b0(0x0) (icarus pts8) # In the logs I get: Jul 2 15:51:59 taz syslog: refused connect from icarus.rogueind.com Jul 2 15:51:59 taz sshd[44]: debug1: Forked child 25273. Jul 2 15:51:59 taz sshd[25273]: debug1: Connection refused by tcp wrapper In addition if I do /etc/init.d/sshd restart I get the following in the logs: Jul 2 16:37:19 taz sshd[32081]: Received SIGHUP; restarting. Jul 2 16:37:19 taz sshd[32081]: RESTART FAILED: av[0]='/usr/sbin/sshd', error: Bad address. This is bering uClibc 1.2 and the following ssh packages: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/uclibc-0.9/15/ssh.lrp http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/uclibc-0.9/15/sshd.lrp http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/uclibc-0.9/15/sshkey.lrp http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/uclibc-0.9/15/libz.lrp Can someone please help me figure out what the problem is?? -- ..Tom Registered Linux User #14522http://counter.li.org [EMAIL PROTECTED] My current SpamTrap ---[EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Question regarding tc.lrp and shorewall
Le Mercredi 2 Juillet 2003 19:39, Tom Eastep a écrit : On Wed, 2003-07-02 at 10:19, Raymond Page wrote: To do traffic shaping, does shorewall require tc.lrp? I'd like to do traffic shaping and thought I read shorewall did that, but it didn't mention requiring tc, Shorewall configures traffic shaping by running 'tc' -- it needs that program (which is usually installed as /sbin/tc). and which is indeed provided by tc.lrp :-) Jacques --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] uClibc ssh(d).lrp questions
Hi, I am using the bering uClibc distro of leaf. I am attempting to setup ssh and sshd. I used makekey to generate the keys. When I try to so an scp from the LEAF to one of the systems on my local net I get: /usr/local/bin/ssh no such file or directory. Lost Connection. If I create a link in /usr/local/bin/ssh pointing to the ssh binary in /usr/local then the scp works. Is there an easy way to fix this short of leaving the link in? Ok, I just committed a new version into CVS which should resolve that problem (scp seems to hardcode the position of the ssh binary at compile time). Note - viewcvs takes a little time to update, so wait with downloading until the page http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/uclibc-0.9/15/ shows an ssh.lrp that's _not_ 5 weeks old (or, go via real CVS). Next problem is with sshd. When I try to ssh from one of the machines on my local net I get: (...) In the logs I get: Jul 2 15:51:59 taz syslog: refused connect from icarus.rogueind.com Jul 2 15:51:59 taz sshd[44]: debug1: Forked child 25273. Jul 2 15:51:59 taz sshd[25273]: debug1: Connection refused by tcp wrapper Sounds like your hosts-allow doesn't allow for ssh connections from that machine. In addition if I do /etc/init.d/sshd restart I get the following in the logs: Jul 2 16:37:19 taz sshd[32081]: Received SIGHUP; restarting. Jul 2 16:37:19 taz sshd[32081]: RESTART FAILED: av[0]='/usr/sbin/sshd', error: Bad address. I'm guessing the logs would be /var/log/auth.log here, right? Maybe the new binary will help, since all I get when restarting sshd is sshd[20975]: Received signal 15; terminating. sshd[26299]: Server listening on 0.0.0.0 port 22 I hope that somewhat helps. I'll be out of the country as of tomorrow (until the 14th), so I won't be able to respond until I return (just so you know). Martin --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: uClibc ssh(d).lrp questions
On Wed, 2 Jul 2003, Martin Hejl wrote: Ok, I just committed a new version into CVS which should resolve that problem (scp seems to hardcode the position of the ssh binary at compile time). Note - viewcvs takes a little time to update, so wait with downloading until the page http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/uclibc-0.9/15/ shows an ssh.lrp that's _not_ 5 weeks old (or, go via real CVS). How do I access real CVS?? Next problem is with sshd. When I try to ssh from one of the machines on my local net I get: (...) In the logs I get: Jul 2 15:51:59 taz syslog: refused connect from icarus.rogueind.com Jul 2 15:51:59 taz sshd[44]: debug1: Forked child 25273. Jul 2 15:51:59 taz sshd[25273]: debug1: Connection refused by tcp wrapper Sounds like your hosts-allow doesn't allow for ssh connections from that machine. Yea Duh!! I should have known. I forgot about that. In addition if I do /etc/init.d/sshd restart I get the following in the logs: Jul 2 16:37:19 taz sshd[32081]: Received SIGHUP; restarting. Jul 2 16:37:19 taz sshd[32081]: RESTART FAILED: av[0]='/usr/sbin/sshd', error: Bad address. I'm guessing the logs would be /var/log/auth.log here, right? Maybe Actually I am having the box do remote logging to a machine on my internal net. That was what was in there. Upon looking in /var/log/auth there is no additional info. the new binary will help, since all I get when restarting sshd is sshd[20975]: Received signal 15; terminating. sshd[26299]: Server listening on 0.0.0.0 port 22 Maybe. I will try it once I get the new binary. I hope that somewhat helps. I'll be out of the country as of tomorrow (until the 14th), so I won't be able to respond until I return (just so you know). Have a good trip and thanks for the help. -- ..Tom Registered Linux User #14522http://counter.li.org [EMAIL PROTECTED] My current SpamTrap ---[EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: [leaf-user] Re: [leaf-user] Bering often doesn´t connect at startup
Thanks Eric I forgot this, in /var/log/messages there are several messages: ... Jul 2 09:19:34 firewall pppd[5337]: Couldn't increase MTU to 1500. Jul 2 09:19:34 firewall pppd[5337]: Couldn't increase MRU to 1500 ... For avoid the preceding messages, I don´t know if uncommenting one of the following lines (mostly the third line) would help. #pty pppoe -I eth0 -T 80 -m 1452 #pty pppoe -I eth0 -T 80 #pty pppoe -I eth0 -T 80 -m 1412 Would this help? I´m not in the firewall location now, so I can´t test it. The sintesis of problem is: 1. The problem allways happens when the firewall starts, the firewall sometimes connects well or sometimes not. 2. If the firewall connects well, it work so for hours without problem until shutdown. 3. There is allways a ppp0 interface. 4. It´s like a DNS or route problem. Could be dnscache the problem? Dnscache should start before shorewall? HH comments inline. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de eric wolzak Enviado el: Miércoles, 02 de Julio de 2003 03:19 p.m. Para: Herbert H hlke; Leaf User Mail List Asunto: [leaf-user] Re: [leaf-user] Bering often doesn´t connect at startup Hello Herbert I suppose you need a pppoe connection with pap if the ppp0 is there than you have a connection. at least with your provider, if the pppoe start wouldn't be successfull you don't have a ppp0 interface. HH ppp0 is allways created. #comments to connections script inline. I wouldn't use my Providers dns ( but use dnscache) YMMV to test if that is the problem, ping only the ip address of a server that you know should be reachable. HH Yes, I changed it only for testing. I will use dnscache. HH With the ISP DNS IPs, ping www.yahoo.com returns the IP (the ISP DNS translates well), but yahoo.com doesn´t replies the pings. HH With dnscache, ping www.yahoo.com doesn´t return the IP and yahoo.com doesn´t replies the pings. HH So, it seems a dnscache or a route problem. Could it be? I´m using Bering 1.1 floppy firewall. When the firewall starts, the most of the times, the workstations don´t connect. I would appreciate if somebody could give a hint. I don´t know if the problem caused by the firewalll or by my ISP. I check the connection with ping www.yahoo.com in the firewall. The operator has to restart the firewall until the workstations connect well. I have to use ifdown ppp0 and ifup ppp0 one or more times until the firewall connects well. I have set my ISP DNS IPs in /etc/resolv.conf, but the connection also fails. Even if the firewall connects or not, ppp0 is defined. The output of ip add show allways is: 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:20:18:03:65:62 brd ff:ff:ff:ff:ff:ff 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:21:86:92:56 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1 5: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 200.45.216.85 peer 200.3.62.137/32 scope global ppp0 and the ip route show is also the same with a good and a bad connection: = 200.3.62.137 dev ppp0 proto kernel scope link src 200.45.216.85 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 default via 200.3.62.137 dev ppp0 = The daemon.logs are different with a good and a bad connection. Daemon.log with a GOOD connection at startup = Jul 1 11:00:22 firewall pppd[10802]: rcvd [LCP ConfReq id=0x81 mru 1492 auth pap magic 0x7fb977c3] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [LCP ConfAck id=0x81 mru 1492 auth pap magic 0x7fb977c3] # You agree to use pap # and the authentication is succesfull Jul 1 11:00:22 firewall pppd[10802]: rcvd [PAP AuthAck id=0x1 ] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x1 addr 0.0.0.0] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfReq id=0x25 addr 200.3.62.137] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfAck id=0x25 addr 200.3.62.137] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfNak id=0x1 addr 200.45.216.85] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x2 addr 200.45.216.85] Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfAck id=0x2 addr 200.45.216.85] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jul 1 11:00:22 firewall pppd[10802]: local IP address 200.45.216.85 Jul 1 11:00:22 firewall pppd[10802]: remote IP address 200.3.62.137 # you got a remote and local IP # and lcp pings are succesfull Jul 1
Re: [leaf-user] Re: uClibc ssh(d).lrp questions
Hi again, Ok, I just committed a new version into CVS which should resolve that problem (scp seems to hardcode the position of the ssh binary at compile time). Note - viewcvs takes a little time to update, so wait with downloading until the page http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/uclibc-0.9/15/ shows an ssh.lrp that's _not_ 5 weeks old (or, go via real CVS). How do I access real CVS?? Follow the instructions at http://sourceforge.net/cvs/?group_id=13751 for anonymous access (you need to have cvs installed on your client) modulename (as referred to on that page) should be bin/packages/uclibc-0.9/15/ssh.lrp (and preferrably the others like sshd.lrp as well, since I've never tested mixing different builds). If you want to (and have the bandwidth) you can simply check out the whole directory (in that case, module name would be bin/packages/uclibc-0.9/15) Next problem is with sshd. When I try to ssh from one of the machines on my local net I get: (...) In the logs I get: Jul 2 15:51:59 taz syslog: refused connect from icarus.rogueind.com Jul 2 15:51:59 taz sshd[44]: debug1: Forked child 25273. Jul 2 15:51:59 taz sshd[25273]: debug1: Connection refused by tcp wrapper Sounds like your hosts-allow doesn't allow for ssh connections from that machine. Yea Duh!! I should have known. I forgot about that. ;-) Happens to all of us. In addition if I do /etc/init.d/sshd restart I get the following in the logs: Jul 2 16:37:19 taz sshd[32081]: Received SIGHUP; restarting. Jul 2 16:37:19 taz sshd[32081]: RESTART FAILED: av[0]='/usr/sbin/sshd', error: Bad address. I'm guessing the logs would be /var/log/auth.log here, right? Maybe Actually I am having the box do remote logging to a machine on my internal net. That was what was in there. Upon looking in /var/log/auth there is no additional info. Ah, ok. I just wanted to make sure I'm not looking at the wrong log. the new binary will help, since all I get when restarting sshd is sshd[20975]: Received signal 15; terminating. sshd[26299]: Server listening on 0.0.0.0 port 22 Maybe. I will try it once I get the new binary. Ok, let me know it it works out. Have a good trip and thanks for the help. Thanks. Martin --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] sql-Client Package.
Hi LEAFers. Is there any one have a package (.lrp) of mysql-client libs and tools ? Sincerely -bino- --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Port 1191 still getting slammed
OK, I'm baffled by this. I have Roadrunner cable, which went down for about a day. When it came back up, I noticed my LEAF-Bering (v1.0-stable) firewall was getting hit a lot on udp port 1191 and it just hasn't stopped. I've also got some other hits that I just don't understand - take a look: Jul 2 21:00:02 jericho kernel: Shorewall:net2all:DROP:IN=eth1 OUT= MAC=00:80:c6:fb:63:59:00:08:20:cc:8c:54:08:00 SRC=199.166.24.1 DST=66.56.165.39 LEN=56 TOS=0x00 PREC=0x00 TTL=236 ID=56933 DF PROTO=ICMP TYPE=3 CODE=3 [SRC=66.56.165.39 DST=199.166.24.1 LEN=65 TOS=0x00 PREC=0x00 TTL=49 ID=60613 FRAG:64 PROTO=UDP ] I don't understand the part that's in brackets. My net interface is eth1 at ip address 66.56.165.39. My loc network is 192.168.1.0/24 and my dmz is 192.168.2.0/24. And then here is a port 1191 hit: Jul 2 21:03:27 jericho kernel: Shorewall:net2all:DROP:IN=eth1 OUT= MAC=00:80:c6:fb:63:59:00:08:20:cc:8c:54:08:00 SRC=66.227.182.56 DST=66.56.165.39 LEN=68 TOS=0x00 PREC=0x00 TTL=113 ID=24809 PROTO=UDP SPT=2034 DPT=1191 LEN=48 I tried setting udp1191 to reject (rather than drop), but then then hits started coming in on tcp1191! I've also had a lot of hits on udp3182, and when I tried rejecting those, they started coming in on tcp3182 as well. I just don't know what to make of all this. In the course of a day, I've been getting more than 3000 hits sometimes. None of this, as far as I know, was happening before the outage occurred. Could this be some sort of probe Roadrunner is doing? Sincerely, Jim Hubbard .--. |o_o | |:_/ | // \ \ (| | ) /'\_ _/`\ \___)=(___/ Rockingham County Linux Users Group www.rock.lug.net --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering often doesn´t connect at startup
Herbert, You need to set the clampmss option as suggested before. You have a MTU conflict which is a FAQ for PPPoE connections. There are _tons_ of similar posts in the archives as well suggesting this solution to this error. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: uClibc ssh(d).lrp questions
Hi, On Thu, 3 Jul 2003, Martin Hejl wrote: Ok, I just committed a new version into CVS which should resolve that problem (scp seems to hardcode the position of the ssh binary at compile time). Note - viewcvs takes a little time to update, so wait with downloading until the page http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/uclibc-0.9/15/ shows an ssh.lrp that's _not_ 5 weeks old (or, go via real CVS). Maybe. I will try it once I get the new binary. Ok, let me know it it works out. I just upgraded to the latest CVS version of ssh and friends. I tested scp and the sshd restart as well as anything else I could think of and it all appears to be working fine. Looks like you fixed it. Thanks again for the help and quick response. Looks like I am going to put this in production tomorrow. :-)) -- ..Tom Registered Linux User #14522http://counter.li.org [EMAIL PROTECTED] My current SpamTrap ---[EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] sql-Client Package.
On Wednesday 02 July 2003 08:28 pm, bino-psn wrote: Hi LEAFers. Is there any one have a package (.lrp) of mysql-client libs and tools ? I really doubt it as this is that last thing anyone would put on a firewall/ router which is what most of us are running. You might ckeck the Koon Wong archive, he might have an ancient version. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Oddity with tinydns
I downloaded and installed tinydns. However when I check the logs, it says that it can't find the file /usr/bin/tinydns. I did an ls and the file exists, then I tried to manually run it from the command line. It told me file not found. I cat'ed it and got a bunch of jiberish, so I know it's not zeroed out or something like that. I'm baffled as to why it might do that. Perhaps this also carries over to why I can't run passwd from accounts other than root ? Appreciate any advice, -- PAGE,RAYMOND --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Oddity with tinydns
On Wednesday 02 July 2003 11:52 pm, PAGE,RAYMOND wrote: I downloaded and installed tinydns. However when I check the logs, it says that it can't find the file /usr/bin/tinydns. I did an ls and the file exists, then I tried to manually run it from the command line. It told me file not found. I cat'ed it and got a bunch of jiberish, so I know it's not zeroed out or something like that. I'm baffled as to why it might do that. Perhaps this also carries over to why I can't run passwd from accounts other than root ? Your not running as root? Have you checked file permissions? -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] sql-Client Package.
Hi Lynn - Original Message - From: Lynn Avants [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 03, 2003 11:40 AM Subject: Re: [leaf-user] sql-Client Package. I really doubt it as this is that last thing anyone would put on a firewall/ router which is what most of us are running. You might ckeck the Koon Wong archive, he might have an ancient version. -- Well .. I need to do some IP Accounting. Need to store ipchain -L -V result to remote MySqld for further administration. And Lynn ... I see LEAF can be deployed as platform for any apliance .. not just router/firewall. Lets say .. we can use it as Remote wheather station, remote CAN-bus .. etc etc. LEAF is too powerfull to be restricted as router/firewall only. Sincerely -bino- --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html