[leaf-user] sourceforge message
got a link from sourceforge to click if want to continue getting e-mails from LEAF. I distrust clicking on links. Is this legitimate? Victor -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] install to FAT partition
on a later LEAF ISO, lrcfg contains an new menu item: "Install to FAT partition, experimental" It lists the available partitions, formats, installs syslinux and the MBR code. I have used this to prepare a Compact flash and then answer N to copying files. Thanks to the developers, this works and is an easy way to prepare a Compact Flash for later copying the LEAF files. Victor -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] prevent Iot from the net
For now, I am just keeping the rule to DROP traffic from certain loc devices to the net. I added the word NFLOG(4) to the DROP line and shorewall compiles ok. Victor log, On 11/4/2016 1:28 AM, David M Brooke wrote: > For the new house I’m commissioning I face a similar challenge - various > automation devices which communicate using TCP/IP but which probably don’t > have the best security hardening and don’t get regular patch updates from the > manufacturers to fix security vulnerabilities. Some of these are doing > sensitive roles like managing access control and interfacing with the > intruder alarm system. > > In line with Dave’s advice I’ve set up multiple VLANs and mapped those to > separate Shorewall Zones with different sets of Policies and Rules at the > Zone level. I also have multiple WiFi SSIDs which each map to separate VLANs > so they can have different policies applied - so e.g. my own WiFi devices use > 802.1X authentication (against a RADIUS server) on one SSID and are allowed > to access the local wired networks whereas there’s a separate SSID for > Visitors, and that’s only allowed to access the Internet and not the local > wired networks. > > The main requirement is a VLAN-capable network switch. I currently use a > Unifi model from ubnt.com but companies like Netgear make small, VLAN-capable > switches which are relatively inexpensive. On Bering-uClibc you set up a > sub-NIC per VLAN (e.g. eth1.112) and map each sub-NIC to a Shorewall Zone. > > A useful trick for devices which need NTP access and hard-code an FQDN for > that is to use the “address” entry in dnsmasq.conf to tell a white lie and > return a local NTP server address for that FQDN in place of a remote NTP > server address. For example: > address=/time.euro.apple.com/192.168.112.1 > > davidMbrooke > >> On 3 Nov 2016, at 19:07, Dillabough, Dave <dave.dillabo...@bcgeu.ca> wrote: >> >> I would add logging so that you would know if anything was amiss. >> >> To test you could temporarily install a PC at the blocked address and see >> what happens. >> >> For more complete control as IoT devices proliferate I would add a separate >> zone and set up a VLAN for home automation etc. >> >> -Original Message- >> From: Victor McAllister [mailto:victo...@sonic.net] >> Sent: Thursday, November 03, 2016 11:53 AM >> To: Bering List >> Subject: [leaf-user] prevent Iot from the net >> >> I have a couple devices, such as a DVR, on the local net (loc) that I do not >> want to have access to the Internet. Remember the recent DDOS attacks that >> originated with Iot devices! I added this to shorewall rules. >> >> DROP loc:192.168.1.x,192.168.1.y net all >> >> They get their time from the local time server so they have no reason to >> access the net. >> >> I have not tested this, but at least shorewall compiles and runs. Any >> comments. >> >> Victor >> -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] prevent Iot from the net
I have a couple devices, such as a DVR, on the local net (loc) that I do not want to have access to the Internet. Remember the recent DDOS attacks that originated with Iot devices! I added this to shorewall rules. DROP loc:192.168.1.x,192.168.1.y net all They get their time from the local time server so they have no reason to access the net. I have not tested this, but at least shorewall compiles and runs. Any comments. Victor -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] resolv-file is not missing missing
I am testing 5.2.6 (LEAF 2). The test box uses dhcpcd to get its ip and dns from dnsmasq on a 5.2.5 leaf box (LEAF 1) that is connected to the internet. dnsmasq.conf on LEAF 2 has this # Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf resolv-file=/etc/dhcpc/resolv.conf I get this on booting the 5.2.6 (LEAF 2) starting caching dns forwarder: dnsmasq: directory /etc/dhcpc/resolv.conf for resolv-file is missing cannot poll However, /etc/dhcpc/reslov.conf is in place and contains the gateway to the first LEAF. LEAF 2 cannot resolve names. It can ping LEAF 1. It cannot ping the Internet. Everything else seems to be properly configured. Any idea What am I doing wrong? Victor -- Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Update(grade) to Bering 5.x
On 4/5/2016 6:27 AM, Bob von Knobloch wrote: > Hi, > I'm upgrading tp Bering uClibc 5.x from V3. > In the 'old' days, many LEAF packages had dependencies (compression, > encrypt libs etc.). How is this handled today? I see no mention amoug > the package lists (but it seems that all the sourceforge LEAF sites are > down right now). > I can't simply put all the supplied packages on my CF card for lack of > space (256MB) and want shorewall, dnsmasq, openvpn, tcpdump, ntp, ssh... > Is there a list of dependancies somwhere, or are the relevant libs now > supplied in the packages? > > Cheers, > > Bob > I just copy the the syslinux directory, the libraries including libdigest-sha1-perl.lrp, the lrps and lwps such as etc, root, shorewall, u-logd, bbntpd and modules.sqfs (12MB). I don't save moddb. You should get it to boot, depending on what your needs are, on as little as 32 mb or 64 mb. Victor -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering 5.2.5 rc2
Thank you to the developers. I have not tried the upgrade. I just use the old configdb.lrp and so far everything works. Victor -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] leaf 5.2
Upgrading to LEAF 5.2 on a pc engines geode was simple and painless. I just copied the files, the old leaf.cfg and old configdb file and booted. Everything has been working for a couple of days including ulogd. A big thanks to the group who upgrade LEAF almost every month. LEAF is one of the best kept secrets. Not sure why more do not use it. Victor -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] FCC considers banning open source changes to wifi routers
http://hackaday.com/2015/09/02/save-wifi-act-now-to-save-wifi-from-the-fcc/ Victor -- Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991=/4140 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] LEAF routers should not be affected
http://arstechnica.com/security/2015/05/the-moose-is-loose-linux-based-worm-turns-routers-into-social-network-bots/ Victor -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Installation of uClibc 5.1.2-beta1
On 10/24/2014 6:42 PM, Patrick Andersson wrote: Yes. The attached file is the printout from the serial connection. How do I readjust the memory usage during the install process? What does I will not be able to use the find and extract modules feature at install mean? Everything fitted on the CF card, I think. Is there something in the printout from the boot that suggests that? How do I select only the required packages and necessary libraries? I don't want to buy new hardware. The old Bering uClibc is just using 10MB. You could try in leaf.cfg syst_size=24M log_size=2M tmp_size=6M You could extract modules needed for your NICs from modules.tgz using 7-zip on a windows box and copy them to the CF. After booting use the serial console to cp them from the CF to /lib/modules, list them in /etc/modules, backup modules, backup config and then reboot. This might get your hardware to work. The bare minimum packages you will need to load for a firewall are initrd initmod root config etc modules license shorewall iptables perl libdigest-sha1-perl dnsmaq dropbear mhttpd configdb moddb you might load bbntpd after you get it working to keep your clock synched *** Assuming you are using this for a simple home firewall, IMO the big iron box will eventually cost you more (from your monthly power bill) than a small 10 watt firewall box without a fan. If you are in the USA contact me off list - maybe I can find you an old wrap board that works. Victor -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] using LEAF to prepare compact flash
I run several LEAF WRAP and ALIX firewalls, but compact flashes often do not boot after they have been prepared with syslinux. I recently took some CF that failed to boot and found a way to make them work. I used a 686 isolinux version of LEAF to boot on an old laptop and plugged the CF's into a usb to CF adapter. In my case the boot media was /dev/sr0 and the CFs were at /dev/sdb1 #mount -t iso9660 /dev/sr0 /mnt #apkg -i /mnt/hdsupp this should also load mtools.lrp #apkg -i /mnt/libiconv #umount /mnt *** #fdisk -c /dev/sdb p to view the partitions d to delete all the partitions on the CF n to add a new primary partition 1 a to make it bootable t to change the partition type c to make it fat 32 I chose the default first block (2048) I found that if I chose the last block that fdisk suggested, it would not boot with syslinux. So I did not accept the last block. For example, a 512 MB CF, I entered +500M for the last block; or a 128MB CF I typed in +100M so that the partition was slightly smaller than the block size suggested by fdisk and this made the CF bootable. w to write the partition to the CF. *** #mkfs.vfat /dev/sdb #syslinux /dev/sdb #mount -t vfat /dev/sdb1 /mnt #ls -al /mnt and you should see the syslinux boot file on the CF. the key to this procedure was to not make the partition fill the whole CF. I imagine that CF's lie about their structure. They are not like a hard drive. I used 7-zip to copy the LEAF system to the compact flash from a windows box, and it booted just fine using the append line in the latest LEAF versions, e.g. usb_wait=3 etc. Victor -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Installation of uClibc 5.1.2-beta1
On 10/23/2014 4:26 PM, Patrick Andersson wrote: Hello. I have tried to install Bering-uClibc_5.1.2-beta1_i486_syslinux_serial19200 to a CF card and boot an AMD K6 computer with 32 MB of memory. I have a video card inserted during the installation. I'm currently running Bering uClibc with kernel 2.4.33, can't remember the version, booted from a floppy disc on the same computer. I'm attaching the printout from the boot up. 1) Is 32MB enough of memory? If not, what cn I do? 2) Is the CF working OK or is there some trouble? 3) What should I do to get it up and running on the CF? Best Regards Patrick Andersson What happened when you tried to boot 5.1.2b serial? Did you monitor the booting through the serial port? I think 32MB of ram is low. It is possible to run LEAF, but you will not be able to use the find and extract modules feature at install unless you readjust the memory usage during the install process. https://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg24737.html If your CF card is small, you will have to select only the required packages and necessary libraries etc. Why not pick up a low energy, used router. I bought a used three ethernet ALIX board with case on ebay last week just as a spare. Victor -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Shorewall log not rotating
On an ALIX LEAF 5.1.1 shorewall.log just keeps increasing in size each day. Anyone notice this or know the solution. Victor -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering 5.1.2B1 486 syslinux serial
On 10/17/2014 1:30 AM, Erich Titl wrote: Hi Victor on 17.10.2014 01:58, Victor McAllister wrote: On 10/16/2014 3:41 PM, Erich Titl wrote: Hi Victor ... I set up the WRAP with 5.1.2b1 with a serial to usb cable and Terra term. I rebooted the WRAP repeatedly and it never failed to reboot. I used reboot because I set the clock with date -s and reboot does not change the date, which lets me see when I saved the configuration files without seting the date command again. I see, this brings me back to square 1. My WRAP does not obey. By the way, I just bought a new WRAP board on e-bay for about $21. You can still find them occasionally. Well, they are 10 year old boards, for real high speed they don't cut it anymore. Still I believe we should make sure they can still be used. On my personal firewall, I use the ALIX with an AP on the inside of the network, rather than putting the wireless on the router itself, which I used to do. Why did you drop that? Thanks Erich Is it because you are compiling your own version with your own boot code? I used the stock Leaf 486 syslinux serial 5.1.2-beta1 on a 64MB WRAP. I use Terra Term with a serial to USB cable on a windows box to do the configurations. On the first boot, set root password date -s save configuration which will include dropbear stuff I then changed the syst_size =50M; log_size=1M: and tmp_size=10M to get the autodetect modules features to work. reboot On the second boot, I find and search for hardware modules and then backup modules Then change the system, log and tmp sizes back to their original sizes in leaf.cfg before using reboot again. reboot always works for me. *** I find that an ethernet wired access point is easier and is on the inside of the network, rather than slowing down the firewall. A TP-Link wireless router ($25) can be set up with a static IP (192.168.1.253). I don't use the wan port or dhcp on the TP-Link so it acts like a wireless AP. Setup the wireless wpa-2 stuff and it will forward dhcp requests from your wireless clients to the firewall's dnsmasq, where you can manage who gets what IP etc. Victor -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering 5.1.2B1 486 syslinux serial
I tried this on an old WRAP board. Everything worked except the find modules for hardware. lrcfg complained about unavailability of modules.dep even though this file was located in /lib/modules/ and modules.tgz was available. Extracting natsemi, copying it to /lib/modules and adding its name to modules.lrp allowed the system to boot just fine. Impressive work. Thanks for all the hard fork from the development team. Victor -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering 5.1.2B1 486 syslinux serial
On 10/13/2014 6:53 AM, kp kirchdoerfer wrote: Am Montag, 13. Oktober 2014, 15:33:26 schrieb Erich Titl: Hi Andrew on 13.10.2014 10:32, Andrew wrote: Hi. 13.10.2014 09:47, Victor McAllister пишет: I tried this on an old WRAP board. Everything worked except the find modules for hardware. lrcfg complained about unavailability of modules.dep even though this file was located in /lib/modules/ and modules.tgz was available. It seems like there is not enough memory/ramdisk space for extracted modules. They requires approx 20 MB of free mem/free ramdisk. Second this, same experience Will it help if we add natsemi to kmodules (for i486)? kp What if we changed the size of /tmp in leaf.cfg I will try to increase tmp_size=20M next time I set up a wrap board. I think some boards have 128mb of ram. Victor -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering 5.1.2B1 486 syslinux serial
On 10/13/2014 12:25 PM, Andrew wrote: 13.10.2014 21:43, Erich Titl пишет: on 13.10.2014 19:52, Andrew wrote: 13.10.2014 19:48, Victor McAllister пишет: ... Victor You should increase rootfs size. AFAIR /tmp does nothing in modules detection; modules are unpacked into /lib/modules which is part of / tmpfs. Also check if you have enough free RAM (you may try to enable zswap - swap on zram drive, which may increase available RAM - at least by 'swapping' tmpfs uncompressed data like binaries). Couldn't we use a tempfs for unpacking and building modules.dep? What profit of this we'll have? I ran an experiment free reports 61200 1024 byte blocks of memory so evidently this is a 64 MB WRAP board I changed syst_size=60M in leaf.cfg it complained about memory and unavailability of modules.dep but it extracted natsemi and built the moddb.lrp at 1.3 mb. I then changed it back to syst_size=40M and rebooted everything works without extracting natsemi or editing modules.lrp by hand. df reports root as 40960 1K blocks at 28% used. Fortunately natsemi has no dependency. Victor -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] great job on LEAF 5.1.1
just upgraded pcengines geode box. Great job. Worked first time I booted it. I noted that usb_wait=3 is now default in syslinux.cfg the serial console is now 115,200 baud in both syslinux and inittab. Took a while to figure that out since I initially do the setup with a usb to serial adapter and Tera Term. For some reason it did not allow me to use a copy my old configdb.lrp - so I had to type in all my changes - but not a problem since I have two PCengines boxes and swap them out during an upgrade. apkg -l does not list bash as being loaded by any program I use. The media is reporting a serious bug in bash that can be used to take over Linux boxes. Not sure if that applies to any LEAF users. Victor -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] anyone tried LEAF on this from PC-engines
http://www.pcengines.ch/apucool.htm Looks like it fits in the standard PC-Engines case with the addition of a heat sink. Victor -- Slashdot TV. Video for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering-uClibc 5.0.1 booting problem
On 10/5/2013 1:17 PM, Phil Faris wrote: When I try to boot Bering-uClibc 5.0.1 on an Alix machine, I only get a few lines of gibberish and then it hangs. The terminal I am using for viewing works fine on other leaf systems. I created the system on the the 2GB compact flash card using a linux system (fedora 17) by doing the following: 1. Used cfdisk to a) create a single 2GB partition b) set file type to 0C (FAT32 LBA) c) set the bootable flag to on 2. Created a filesystem using mkfs.vfat 3. Made it linux bootable by using syslinux -i 4. exploded the Geode version of the Bering-uClibc 5.0.1 tarball and copied the files to the compact flash Does anyone have an idea of what I might have done wrong? Phil Faris I don't think it is syslinux. A couple of suggestions on the wiki http://bering-uclibc.zetam.org/wiki/Bering-uClibc_5.x_-_User_Guide_-_Basic_Configuration_-_Booting_for_the_First_Time In syslinux.cfg APPEND reboot=bios usb_wait=3 or APPEND libata.dma=0 For me, newer compact flash can fail to boot, while older ones work. I bought some 512 mb CF from pcengines and they always work for me with the usb-wait=3 parameter. Victor -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] wlan0 with alix2d3 - Leaf v.5.0.3
On 4/11/2014 11:53 AM, n22e113 wrote: On 4/11/2014 12:22, Erich Titl wrote: Q2. Am I missing something else? routes and shorewall settings? Hi, Erich, # ip route default via 192.168.72.254 dev eth0 metric 206 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.254 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 192.168.72.0/24 dev eth0 proto kernel scope link src 192.168.72.213 metric 206 /etc/shorewall/interface net eth0 dhcp loc eth1 dhcp wlan wlan0 dhcp /etc/shorewall/masq eth0 192.168.1.0/24 wlan0 192.168.0.0/24 should be eth0 192.168.0.0/24 for wlan0 you are masq from eth0 to wlan0 not from wlan to itself /etc/shorewall/rules SECTION NEW #Testing from upstream router ACCEPT net:192.168.72.0/24 fw tcp 22,80 # ACCEPT wlan net tcp 25,53,80,110,443,465,587,873,993 DNS(ACCEPT) wlan fw /etc/shorewall/zones fw firewall net ipv4 loc ipv4 wlan ipv4 For shorewall, the above are the only changes for testing. Many thanks! Kwon Victor -- Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] exploits on commercial home routers
http://www.bbc.co.uk/news/technology-26287517 Victor -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] No Shorewall Logs
On 12/7/2013 4:38 AM, KP Kirchdörfer wrote: Am Freitag, 6. Dezember 2013, 23:40:53 schrieb Victor McAllister: On 12/6/2013 1:14 PM, Phil Faris wrote: I just installed the Geode version of uClibc 5.0.2-rc2 on my Alix machine. Everything seems to work well EXCEPT I get no Shorewall logs (/var/log/shorewall.log is not created). The shorewall-init.log indicates everything compiles correctly and that Shorewall starts. I made only two modifications to the standard Shorewall configuration: 1. in Ifaces the dhcp OPTION for eth0 was deleted since i have a static IP. 2. In Rules the NTP(ACCEPT) loc fw was uncommented to allow local machines to time sync with LEAF. I would appreciate any suggestion(s) on how to solve this problem. Phil Faris I manage three 5.0.1 leaf routers -two are wrap 486 and one alix geode (static ip). The geode always keeps a shorewall.log. Both WRAP (dhcp - cable) only had shorewall-init.log when first booted up. After a while, one of the WRAP boxes began to maintain a shorewall.log and the other still does not. uptime on both is over 2 months. Haven't had time to troubleshoot it - but you are not the only one to see the problem. Victor Hi Can you pls try to change # default owner, group, and permissions for log files # (defaults are 0, 0, 0600) #owner(root); to # default owner, group, and permissions for log files # (defaults are 0, 0, 0600) owner(root); in /etc/syslog-ng/syslog-ng.conf and restart syslog-ng and shorewall? hth kp I did this on the system that was not creating a shorewall log. I got a new shorewall-init.log - but so far no shorewall log. Maybe when the logs rotate it will create one??? Victor -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] No Shorewall Logs
On 12/6/2013 1:14 PM, Phil Faris wrote: I just installed the Geode version of uClibc 5.0.2-rc2 on my Alix machine. Everything seems to work well EXCEPT I get no Shorewall logs (/var/log/shorewall.log is not created). The shorewall-init.log indicates everything compiles correctly and that Shorewall starts. I made only two modifications to the standard Shorewall configuration: 1. in Ifaces the dhcp OPTION for eth0 was deleted since i have a static IP. 2. In Rules the NTP(ACCEPT) loc fw was uncommented to allow local machines to time sync with LEAF. I would appreciate any suggestion(s) on how to solve this problem. Phil Faris I manage three 5.0.1 leaf routers -two are wrap 486 and one alix geode (static ip). The geode always keeps a shorewall.log. Both WRAP (dhcp - cable) only had shorewall-init.log when first booted up. After a while, one of the WRAP boxes began to maintain a shorewall.log and the other still does not. uptime on both is over 2 months. Haven't had time to troubleshoot it - but you are not the only one to see the problem. Victor -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] 5.0.1 Boot with Grub 0.97, ext2 and alix2d3
On 10/11/2013 12:22 AM, Erich Titl wrote: Hi Kwon on 11.10.2013 00:22, n22e113 wrote: Looks like my issue with libata try the libata.force kernel parameter. Hi, Erich, Thanks! I have been trying all options/parameters from this link: https://www.kernel.org/doc/Documentation/kernel-parameters.txt Wow, that is quite an effort... So far still stuck! I am using an alix2d3 board. Anyone has a solution? Please post. You can try to post your complete boot output, maybe someone with a running alix board can spot the difference. The interesting lines for the ata speed should be gatekeeper kernel: [2.540571] ata1: PATA max UDMA/100 cmd 0x1f0 ctl 0x3f6 bmdma 0xff00 irq 14 gatekeeper kernel: [2.561472] ata2: PATA max UDMA/100 cmd 0x170 ctl 0x376 bmdma 0xff08 irq 15 gatekeeper kernel: [2.737429] ata1.00: ATA-10: SanDisk SDCFB-64, HDX 2.15, max PIO4 gatekeeper kernel: [2.755719] ata1.00: 125440 sectors, multi 0: LBA gatekeeper kernel: [2.773407] ata1.00: configured for PIO4 cheers Erich Using syslinux.I have a bunch of CF's that won't boot and only a few that will. I am using APEND usb_wait=3 without a libata.dma= statement dmesg from my running ALIX booted from a 128MB Sandisk [ 4.226198] ata1: PATA max UDMA/100 cmd 0x1f0 ctl 0x3f6 bmdma 0xff00 irq 14 [4.267950] ata2: DUMMY [ 4.439404] ata1.00: CFA: SanDisk SDCFB-128, vde 1.10, max PIO1 [ 4.474888] ata1.00: 250880 sectors, multi 0: LBA [ 4.506353] ata1.00: configured for PIO1 [ 4.530364] scsi 0:0:0:0: Direct-Access ATA SanDisk SDCFB-12 vde PQ: 0 ANSI: 5 [ 4.634339] sd 0:0:0:0: [sda] 250880 512-byte logical blocks: (128 MB/122 MiB) [ 4.696590] sd 0:0:0:0: [sda] Write Protect is off [ 4.725336] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 [ 4.725584] sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA [ 4.785239] sda: sda1 [ 4.808789] sd 0:0:0:0: [sda] Attached SCSI removable disk Victor -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] no shorewall log
On 10/10/2013 9:43 AM, KP Kirchdörfer wrote: Hello Victor; Am Mittwoch, 9. Oktober 2013, 13:09:30 schrieb Victor McAllister: I manage two remote WRAP 486 firewalls running Bering 5.0.1. If I log in with putty, change shorewall rules - do svi shorewall restart - it says shorewall already running. I have to save configuration and a reboot to implement shorewall changes. When it restarts - I get a shorewall-init.log but no shorewall.log. Both WRAP boxes no longer save the shorewall.log leaf.cfg is root license dhcpcd shorewall dnsmasq dropbear mhttpd webconf bbntpd A PC Engines ALIX running 5.0.1 with essentially the same leaf.cfg saves a shorewall.log every day. Anyone else seen this. As you know: No news are good news - no log, no attack :) Seriously: If I change shorewall settings via ssh (putty in your case) I just run shorewall restart from the commandline - no need to save and reboot see results. I'm not shure I got it right - are no shorewall.logs generated, or are no logs saved by logrotate? kp Two WRAP boxes managed remotely are doing the same thing. No shorewall.log or rotation of shorewall logs shorewall is running - has shorewall-init.log I know there are events that should get loged - for example one box recorded a local martian (badly configured device) in kern.log which also does not rotate daily. syslog rotates messages rotates daemon.log rotate etc. No shorewall.log and kern.log does not rotate. Victor -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] no shorewall log
On 10/10/2013 11:22 AM, KP Kirchdörfer wrote: Am Donnerstag, 10. Oktober 2013, 10:28:17 schrieb Victor McAllister: On 10/10/2013 9:43 AM, KP Kirchdörfer wrote: Hello Victor; Am Mittwoch, 9. Oktober 2013, 13:09:30 schrieb Victor McAllister: I manage two remote WRAP 486 firewalls running Bering 5.0.1. If I log in with putty, change shorewall rules - do svi shorewall restart - it says shorewall already running. I have to save configuration and a reboot to implement shorewall changes. When it restarts - I get a shorewall-init.log but no shorewall.log. Both WRAP boxes no longer save the shorewall.log leaf.cfg is root license dhcpcd shorewall dnsmasq dropbear mhttpd webconf bbntpd A PC Engines ALIX running 5.0.1 with essentially the same leaf.cfg saves a shorewall.log every day. Anyone else seen this. As you know: No news are good news - no log, no attack :) Seriously: If I change shorewall settings via ssh (putty in your case) I just run shorewall restart from the commandline - no need to save and reboot see results. I'm not shure I got it right - are no shorewall.logs generated, or are no logs saved by logrotate? kp Two WRAP boxes managed remotely are doing the same thing. No shorewall.log or rotation of shorewall logs shorewall is running - has shorewall-init.log I know there are events that should get loged - for example one box recorded a local martian (badly configured device) in kern.log which also does not rotate daily. syslog rotates messages rotates daemon.log rotate etc. No shorewall.log and kern.log does not rotate. Victor; the settings for kern.log are set to rotate weekly. You can change that in /etc/lrp.conf . Regarding the shorewall.log - what are the differences between shorewall setup out-of the box and the changes you've made? The differences to the ALIX boxes (which I remember do logging?). Does shorewall out-of-the-box logging? kp Both WRAP boxes have three ethernet ports. Eth0 goes to a cable network served by dhcp. eth1 is loc which is 192.168.2.0/24 shorewall has some DNAT entries to forward ports to video phone devices. These work! eth2 is a DMZ (192.168.5.0/24) setup to do dhcp (via dnsmasq) for a wireless router connected via ethernet to its lan port as an AP. Both machines were creating shorewall.log files until I made changes to shorewall rules and rebooted. Everything works as it is supposed to except no rotating shorewall logs. By the way, I tried to remotely restart shorewall with shorewall restart - and it recompiled and started. when I sued the old command svi shorewall restart it did not restart and just said shorewall already running. One should not use svi Victor -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] no shorewall log
I manage two remote WRAP 486 firewalls running Bering 5.0.1. If I log in with putty, change shorewall rules - do svi shorewall restart - it says shorewall already running. I have to save configuration and a reboot to implement shorewall changes. When it restarts - I get a shorewall-init.log but no shorewall.log. Both WRAP boxes no longer save the shorewall.log leaf.cfg is root license dhcpcd shorewall dnsmasq dropbear mhttpd webconf bbntpd A PC Engines ALIX running 5.0.1 with essentially the same leaf.cfg saves a shorewall.log every day. Anyone else seen this. Victor -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] no shorewall log
On 10/9/2013 1:48 PM, david M brooke wrote: Hi Victor, Based on a quick look at /etc/init.d/shorewall I reckon that the restart block might be broken - seems that it does start without stop. Most people use the shorewall command directly to do a restart. In other words just: shorewall restart not: svi shorewall restart (There are other options too - e.g. perhaps: shorewall reload will do what you need) As regards logging, the shorewall log messages actually come from Netfilter. They are directed to /var/log/shorewall.log via the syslog-ng configuration (as per Shorewall FAQ 16b). Reviewing the contents of /etc/syslog-ng/syslog-ng.conf might give you a hint about what is going wrong. File /etc/lrp.conf controls log file rotation. davidMbrooke On 9 Oct 2013, at 21:09, Victor McAllister wrote: I manage two remote WRAP 486 firewalls running Bering 5.0.1. If I log in with putty, change shorewall rules - do svi shorewall restart - it says shorewall already running. I have to save configuration and a reboot to implement shorewall changes. When it restarts - I get a shorewall-init.log but no shorewall.log. Both WRAP boxes no longer save the shorewall.log leaf.cfg is root license dhcpcd shorewall dnsmasq dropbear mhttpd webconf bbntpd A PC Engines ALIX running 5.0.1 with essentially the same leaf.cfg saves a shorewall.log every day. Anyone else seen this. Victor syslog-ng is present. syslog-ng.conf looks the same on all systems. I did get a shorewall.log the first time I ran both these systems. However, after making changes to shorewall rules and rebooting, I have not got a shorewall.log on either system for more than a week. Shorewall is running. syslong-ng is present. /etc/syslong-ng/syslog-ng.conf has not been modified. By the way, I am running one WRAP on a 16mb flash because I could not get them to boot properly on a newer flash - although I was using append libata.dma=3 usb_wait=3 Victor -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] 486 WRAP tests
A friend has run LEAF on 486 WRAP boxes for several years, which I set up for him. I recently upgraded his WRAP router to Bering 5.0.1 from 4.3. His system is on a cable network. He ran a speed test repeatedly before and after switching the system to 5.0.1. I know this is not a lab test, but his speed tests (as run internally on a windows box) increased from about 7mb/sec to 11 mb/sec on the new version. The new kernel seems to be more efficient at routing?? A couple other comments. I have never been able to get a wireless AP to run on a 486 WRAP box. I can see the wireless network. It interminably says connecting - without doing so. The exact same hostapd configuration on a PC Engines ALIX GEODE works just fine. Has anyone got hostapd to work on a 486 (WRAP) system? I also have trouble finding 64mb or 128mb compact flashes that will boot on either WRAP or ALIX. I use UCLIB 5.0 isolinux booted on a laptop to fdisk the CFs, erase partitions, set up a primary partition (c FAT32), make it bootable, mkfs.vfat and syslinux -s the CF. I have six CFs that work in windows but won't boot from syslinux even though I use the usb_wait=3 and libata.dma=3 on the APPEND line on syslinux.cfg Any suggestions on where to get reliable CFs or what I am doing wrong. Victor -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60133471iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] NSA back doors
On 9/9/2013 9:50 AM, Mike Noyes wrote: On 09/09/2013 08:29 AM, Thomas Nail wrote: -snip- I totally believe that the NSA has and will continue to have significant eavesdropping and signals counter-intelligence capacity, including systems cracking and other nefarious measures. Intercepts have happened and will continue to happen. However, I think that the capabilities of this organization are being overblown in order to prop up it's own reputation and to spread FUD amongst it's enemies (a very good strategy for a spying agency, IMHO). Just looking at the logistical problems of routing and storing that much data - never mind doing any sort of real-time processing on it - makes me think that the grey hats might be exaggerating a bit for their target audience. That, and to sell more news stories... Tom, See: The Utah Data Center, also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the United States Intelligence Community that is designed to store extremely large amounts of data, estimated to be on the order of exabytes or higher. https://en.wikipedia.org/wiki/Utah_Data_Center How does NSA do it? Read about the special room (641A) discovered in an ATT building in San Francisco. Please notice they were using fiber splitting and probably routing the signals using their own equipment. http://en.wikipedia.org/wiki/Room_641A They also have the capability of splitting fiber as it passes between routers through oceans. Read 2005 article on USS Jimmy Carter. http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 If they can split fiber under the ocean, it would be trivial to do it to signals passing through a forest, renting fiber in the same cable to return the signals to their own routers and data centers. After all, they can command silence to those who might notice the evidence of fiber taping. How do they handle all this data? Well they store it in a buffer bigger than google. Eventually data that is not useful surely gets overwritten. Even NSA has limits. My Senator (Dianne Finstein) is the chairwoman of the Intelligence Committee. I wrote her on a number of occasions about the danger to constitutional government by NSA's total surveillance. Her answer is they are not touching the data without a court order. This is nonsense. They simply run everything through huge filters and a human only touches what the filter pulls out as interesting. The parameters of the filters are surely changed daily to fit what they are currently looking for. They can claim no one looked at the data even as the fastest parallel computers in the world are filtering it for them. LEAF can't help you when it comes to fiber taping on the internet backbones but it could help with this problem. http://www.internetnews.com/security/article.php/3895916/Millions+of+Home+Routers+Insecure+Black+Hat.htm Victor -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] NSA back doors
On 9/9/2013 6:28 AM, Mike Noyes wrote: On 09/05/2013 07:47 PM, Victor McAllister wrote: The Guardian has an interesting article on how to make it a little harder for NSA to read your encrypted traffic. Evidently they are tapping fiber, have compromised many routers and have back doors on lots of commercial software. The terrorists are not as dangerous to democracy as the spies. The politician who controls internet decryption can control the world. Think about it. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance Victor, The NANOG mailing list is finding some gems too. NSA Laughs at PCs, Prefers Hacking Routers and Switches http://mailman.nanog.org/pipermail/nanog/2013-September/060773.html The US government has betrayed the Internet. We need to take it back http://mailman.nanog.org/pipermail/nanog/2013-September/060812.html Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty http://mailman.nanog.org/pipermail/nanog/2013-September/060877.html [Cryptography] Opening Discussion: Speculation on BULLRUN http://mailman.nanog.org/pipermail/nanog/2013-September/060894.html The NSA secret court does not allow those forced to give up their users or open secret back doors to tell anyone about the secret orders. (Secret courts, IMO, fundamentally contradicts the notion of equal and open justice for all). Here is a scheme whereby a company would post a dead man switch message. If the sign went away, users would be notified in a negative way. http://www.theguardian.com/technology/2013/sep/09/nsa-sabotage-dead-mans-switch Victor -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] NSA back doors
The Guardian has an interesting article on how to make it a little harder for NSA to read your encrypted traffic. Evidently they are tapping fiber, have compromised many routers and have back doors on lots of commercial software. The terrorists are not as dangerous to democracy as the spies. The politician who controls internet decryption can control the world. Think about it. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance Victor -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Leaf 5.0.1
just finished upgrading from version 4.2 to 5.0.1. my mini_httpd_log is filling up with this when I am using a browser connected to webconf from loc. GET /pix/logo1.gif HTTP/1.1 304 - http://192.168.1.254 GET /pix/logo2.gif HTTP/1.1 304 - http://192.168.1.254 I don't see a logo when using webconf. Anyone else see this? Have I missed something? Victor -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Leaf 5.0.1
On 8/28/2013 11:00 PM, Victor McAllister wrote: just finished upgrading from version 4.2 to 5.0.1. my mini_httpd_log is filling up with this when I am using a browser connected to webconf from loc. GET /pix/logo1.gif HTTP/1.1 304 - http://192.168.1.254 GET /pix/logo2.gif HTTP/1.1 304 - http://192.168.1.254 I don't see a logo when using webconf. Anyone else see this? Have I missed something? I checked on Leaf 4.2.1 and it also has the same error messages. The logo1.gif and logo2.gif files are located in /var/webconf/www/pix and they seem to be there on all LEAF versions. They are called for in preamble.sh. The script is dated 2004 by Nathan Angelacos. Perhaps commenting out the offending get call in preamble.sh will get rid of the problem. Victor -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] bering 5.0.1
I was running Leaf 4.2.1 because I could not get the latter versions to boot on my old PC Engines boxes. Just installed 5.0.1 on a PC Engines Geode with a wireless AP. Here are my notes. It was much easier to set up than the notes on the Bering uClibC 5 user guide. I think some of the users guide still reflects versions 3 and 4. For example, it tells you to add modules for wireless card to the modules file. Used Cream to modify syslinux.cfg before first boot by adding usb_wait=3 to the APPEND line. This solved the hang up half way through the bootup that had kept me from uppgrading. I used Terra Term with a serial to USB cable to make initial configurations. Comment ttyS1::respawn: line in /etc/initab to get rid of continual errors - no ttyS1 on the PC Engines boxes. Ran the find and load modules for hardware from the lrcfg menu. Without adding anything to modules.lrp, it found all the ath9k modules and loaded them - dependencies everything - without any input from me. Just had to back up modules. I only needed to ADD one package in leaf.cfg (hosapd). Other packages need were automatically loaded such as two perl programs for shorewall and three packages for hostapd (libssl,libcrypto and libnl3). These have changed - apparently you no longer need libz and libnl. All I had to do was set up the networks, shorewall, dnsmasq and hostapd. I still did the configuration by hand. I did not use the old configdb.lrp file because shorewall seems to have changed the format of some variables. Everything works. Great job and a big thank you to the developers. Victor -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] uclibc version
On 8/5/2013 6:55 AM, David Fallin wrote: is there a quick/easy way to tell what version we're running? we believe its either 4 or 5, but need to be sure. thanks! mount -t vfat /dev/sda1 /mnt cat /mnt/readme first line lists the LEAF Version uname -a gives the Linux version and the date compiled. apkg -l lists the versions for each package The /inintrd, root and etc packages list the Bering LEAF version At least they do on my system. Victor -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering 5 boot problems
I have not been able to boot either PC Engines WRAP or ALIX boards since version 4.2. It appears the reason is that boot modules pata_sc1200.ko is not in the 486.serial initmod used for the WRAP and pata_amd.ko is not in the Geode serial version used for ALIX. I tried to add the module pata_amd.ko for an ALIX to initrd and initmod, but the module is not in modules.tgz under kernel\drivers\ata. Looks like I will keep running 4.2 until this is fixed, as I don't have the time to compile it. Victor -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] still can't get Bering 5 to boot
On 4/5/2013 11:08 PM, Andrew wrote: 06.04.2013 06:11, Victor McAllister пишет: I used syslinux 4 on compact flashes on a PC Engines ALIX geode version for serial. It loads up until LINUXRC: Root: /dev/ram0 LINUXRC: Looking for leaf.cfg... LINUXRC: Generating default dirs... LINUXRC: Generating /tmp /var/log partitions ... LINUXRC: PKGPATH is empty or unset. Can not install packages. LINUXRC: LRP= is empty or unset. Can not install packages. LINUXRC: chown and chmod /dev... LINUXRC: Loaded Packages LINUXRC: Creating new rootfs... LINUXRC: Switch_root into newfs... can't run '/etc/init.d/rcS': No such file or directory Please press Enter to activate this console. Has anyone got Bering Uclib 5 working on PC Engines hardware? Do initrd and initmod have the required module for reading the pata stuff on the PC engines hardware? Victor Hi. It should drop into console after this. Can you provide output of lsmod, ls /lib/modules and cat /proc/pcibus/devices ? #lsmod sd_mod pata_cs5536 pata+acps ohci_hcd pcspkr ata_generic ehci_hcd lib_ata scsi_mod usbcore usb_common vfat fat isofs #ls /lib/modules 3.4.34-geode ahci.ko.gz ata_generic.ko.gz cdrom.ko.gz fat.ko.gz floppy.ko.gz hid.ko.gz isofs.ko.gz libahci.ko.gz libatat.ko.gz modules.alias modules.dep modules.symbols ohci-hcd.ko.gz pata_acpi.ko.gz pata_cs5500.ko.gz pata_cs5530.ko.gz pata_cs5535.ko.gz pata_cs5536.ko.gz pata_cs1200.ko.gz pcspkr.ko.gz scsi_mod.ko.gz sd_mod.ko.gz sr_mod.ko.ga uhci-hcd.ko.gz usb_common.ko.gz usb-libususal.ko.gz usb_storage.ko.gz usbcore.ko.gz usbhid.ko.gz vfat.ko.gz the PC-Engines WRAP (486 compatible) need patasc-1200.ko to boot I think the PC-Engines ALIX needs pata-amd.ko. to boot. I have not been able to upgrade since ~ uClibc 4.2 with the same freeze at boot, so maybe the modules got dropped off somewhere along the line. Thanks, Victor -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] still can't get Bering 5 to boot
On 4/6/2013 12:47 AM, KP Kirchdoerfer wrote: Am 06.04.2013 09:12, schrieb Victor McAllister: On 4/5/2013 11:08 PM, Andrew wrote: 06.04.2013 06:11, Victor McAllister пишет: I used syslinux 4 on compact flashes on a PC Engines ALIX geode version for serial. It loads up until LINUXRC: Root: /dev/ram0 LINUXRC: Looking for leaf.cfg... LINUXRC: Generating default dirs... LINUXRC: Generating /tmp /var/log partitions ... LINUXRC: PKGPATH is empty or unset. Can not install packages. LINUXRC: LRP= is empty or unset. Can not install packages. LINUXRC: chown and chmod /dev... LINUXRC: Loaded Packages LINUXRC: Creating new rootfs... LINUXRC: Switch_root into newfs... can't run '/etc/init.d/rcS': No such file or directory Please press Enter to activate this console. Has anyone got Bering Uclib 5 working on PC Engines hardware? Do initrd and initmod have the required module for reading the pata stuff on the PC engines hardware? Victor Hi. It should drop into console after this. Can you provide output of lsmod, ls /lib/modules and cat /proc/pcibus/devices ? #lsmod sd_mod pata_cs5536 pata+acps ohci_hcd pcspkr ata_generic ehci_hcd lib_ata Typo? scsi_mod usbcore usb_common vfat fat isofs # lsmod | grep ata pata_cs5536 2071 0 - Live 0x889cc000 pata_acpi 1929 0 - Live 0x889c5000 ata_generic 2216 0 - Live 0x889be000 libata 113555 3 pata_cs5536,pata_acpi,ata_generic, Live 0x8898c000 scsi_mod 94893 2 sd_mod,libata, Live 0x888c1000 #ls /lib/modules 3.4.34-geode ahci.ko.gz ata_generic.ko.gz cdrom.ko.gz fat.ko.gz floppy.ko.gz hid.ko.gz isofs.ko.gz libahci.ko.gz libatat.ko.gz modules.alias modules.dep modules.symbols ohci-hcd.ko.gz pata_acpi.ko.gz pata_cs5500.ko.gz pata_cs5530.ko.gz pata_cs5535.ko.gz pata_cs5536.ko.gz pata_cs1200.ko.gz pcspkr.ko.gz scsi_mod.ko.gz sd_mod.ko.gz sr_mod.ko.ga uhci-hcd.ko.gz usb_common.ko.gz usb-libususal.ko.gz usb_storage.ko.gz usbcore.ko.gz usbhid.ko.gz vfat.ko.gz the PC-Engines WRAP (486 compatible) need patasc-1200.ko to boot I think the PC-Engines ALIX needs pata-amd.ko. to boot. I have not been able to upgrade since ~ uClibc 4.2 with the same freeze at boot, so maybe the modules got dropped off somewhere along the line. What's the content of syslinux.cfg? kp I am using the syslinux.cfg that came with the files. I tried removing the leading slash for initrd.lrp and initmod.lrp and it made no difference. SERIAL 0 19200 DISPLAY syslinux.dpy TIMEOUT 0 APPEND reboot=bios console=ttyS0,19200n8 VERBOSE=1 DEFAULT /syslinux/linux initrd=/initrd.lrp,/initmod.lrp rw root=/dev/ram0 LEAFCFG=/dev/sda1:vfat Victor -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] still can't get Bering 5 to boot
I used syslinux 4 on compact flashes on a PC Engines ALIX geode version for serial. It loads up until LINUXRC: Root: /dev/ram0 LINUXRC: Looking for leaf.cfg... LINUXRC: Generating default dirs... LINUXRC: Generating /tmp /var/log partitions ... LINUXRC: PKGPATH is empty or unset. Can not install packages. LINUXRC: LRP= is empty or unset. Can not install packages. LINUXRC: chown and chmod /dev... LINUXRC: Loaded Packages LINUXRC: Creating new rootfs... LINUXRC: Switch_root into newfs... can't run '/etc/init.d/rcS': No such file or directory Please press Enter to activate this console. Has anyone got Bering Uclib 5 working on PC Engines hardware? Do initrd and initmod have the required module for reading the pata stuff on the PC engines hardware? Victor -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] can't boot Bering 5B1
On 4/1/2013 5:41 AM, KP Kirchdoerfer wrote: Am 01.04.2013 07:04, schrieb Victor McAllister: on a PC Engines ALIX I am using syslinux to boot Bering 5b1 serial Geode. The system boots until LINUXRC: Root: /dev/ram0 LINUXRC: Looking for leaf.cfg... LINUXRC: Generating default dirs... LINUXRC: Generating /tmp /var/log partitions ... LINUXRC: PKGPATH is empty or unset. Can not install packages. LINUXRC: LRP= is empty or unset. Can not install packages. LINUXRC: chown and chmod /dev... LINUXRC: Loaded Packages LINUXRC: Creating new rootfs... LINUXRC: Switch_root into newfs... can't run '/etc/init.d/rcS': No such file or directory Please press Enter to activate this console. This is similar to a problem a couple of years ago on Bering 4 when initrd.lrp did not have the pata_1200.ko module required for the wrap board to see the compact flash and so it cannot find leaf.cfg and complete booting. Anyone else seeing this problem? Victor; yes I can reproduce it. Edit syslinux.cfg and remove the leading slashes from initrd.lrp and initmod.lrp DEFAULT /syslinux/linux initrd=/initrd.lrp,/initmod.lrp rw root=/dev/ram0 ... should be looks like below: DEFAULT /syslinux/linux initrd=initrd.lrp,initmod.lrp rw root=/dev/ram0 ... hth kp KP, I made the changes to syslinux.cfg. It still stops booting at the same place. Victor -- Own the Future-Intelreg; Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] can't boot Bering 5B1
On 4/1/2013 2:32 PM, Andrew wrote: Hi. What syslinux version do you use? BuC 5 requires 4.0 or higher. 3.x doesn't support multiple initrds That may be my problem as I put syslinux on these CF's long ago and just replace the files when new versions come out. Thanks Victor 02.04.2013 00:26, Victor McAllister пишет: On 4/1/2013 5:41 AM, KP Kirchdoerfer wrote: Am 01.04.2013 07:04, schrieb Victor McAllister: on a PC Engines ALIX I am using syslinux to boot Bering 5b1 serial Geode. The system boots until LINUXRC: Root: /dev/ram0 LINUXRC: Looking for leaf.cfg... LINUXRC: Generating default dirs... LINUXRC: Generating /tmp /var/log partitions ... LINUXRC: PKGPATH is empty or unset. Can not install packages. LINUXRC: LRP= is empty or unset. Can not install packages. LINUXRC: chown and chmod /dev... LINUXRC: Loaded Packages LINUXRC: Creating new rootfs... LINUXRC: Switch_root into newfs... can't run '/etc/init.d/rcS': No such file or directory Please press Enter to activate this console. This is similar to a problem a couple of years ago on Bering 4 when initrd.lrp did not have the pata_1200.ko module required for the wrap board to see the compact flash and so it cannot find leaf.cfg and complete booting. Anyone else seeing this problem? Victor; yes I can reproduce it. Edit syslinux.cfg and remove the leading slashes from initrd.lrp and initmod.lrp DEFAULT /syslinux/linux initrd=/initrd.lrp,/initmod.lrp rw root=/dev/ram0 ... should be looks like below: DEFAULT /syslinux/linux initrd=initrd.lrp,initmod.lrp rw root=/dev/ram0 ... hth kp KP, I made the changes to syslinux.cfg. It still stops booting at the same place. Victor -- Own the Future-Intelreg; Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ -- Own the Future-Intelreg; Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ -- Own the Future-Intelreg; Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] can't boot BVering 5B1
on a PC Engines ALIX I am using syslinux to boot Bering 5b1 serial Geode. The system boots until LINUXRC: Root: /dev/ram0 LINUXRC: Looking for leaf.cfg... LINUXRC: Generating default dirs... LINUXRC: Generating /tmp /var/log partitions ... LINUXRC: PKGPATH is empty or unset. Can not install packages. LINUXRC: LRP= is empty or unset. Can not install packages. LINUXRC: chown and chmod /dev... LINUXRC: Loaded Packages LINUXRC: Creating new rootfs... LINUXRC: Switch_root into newfs... can't run '/etc/init.d/rcS': No such file or directory Please press Enter to activate this console. This is similar to a problem a couple of years ago on Bering 4 when initrd.lrp did not have the pata_1200.ko module required for the wrap board to see the compact flash and so it cannot find leaf.cfg and complete booting. Anyone else seeing this problem? Victor -- Own the Future-Intelreg; Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Hardware for LEAF-running WiFi router?
On 12/6/2012 9:30 AM, Eric House wrote: It's time to get a dedicated hackable WiFi router to replace the consumer-grade stuff I keep having to replace (while the Soekris and PCEngines boards running our LEAF firewalls just keep going.) Does this list maintain a -- list -- of hardware known to work with LEAF? I assume I'll get a PCEngines Alix board. But I'm not confident in picking a Mini-PCI WiFi card since I've seen so many discussions about working around problems. Can anybody recommend a card currently available that's working well for him/her with stock LEAF (Bering uClibc)? Until recently (latest generation of Atom processors), I trusted Intel to take Linux compatibility seriously. Can their Mini-PCI cards be trusted? Thanks! --Eric I use a mini-pci using an Atheors chip in a PCEngines ALIX for 802-11g. I don't do 11n. In uses ath9k. They are cheap - good enough for my purposes. http://www.amazon.com/TP-Link-TL-WN861N-300M-Mini-PCI/dp/B0035GV6FE Victor -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Best place for own shell scripts
On 11/25/2012 6:53 AM, Markus Koelle wrote: Hi, where in LEAF filesystem is the recommended place to store own perl and shell scripts? The scripts should be saved with standard config backup mechanism. Cheers Markus Add the names of the scripts to local.lrp listing the directory and name of the script. Mine lists one script /etc/dns.conf var/lib/lrpkg/local.local /etc/dns.conf Victor -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] dnsmasq problem?
On 7/8/2012 4:42 AM, n22e113 wrote: I put the dns servers in a separate file /etc/dns.conf to decouple dnsmasq from resolv.conf. This file only has the IPs of my ISPs DNS servers. resolve.conf only has 127.0.0.1 Hi, Victor, I have the same setup as yours, a separate file /etc/ppp/resolv.conf: nameserver 206.248.a.b nameserver 206.248.c.d For 4.2.1, I am seeing a lot of these in my /var/log/daemon.log.0: Jul 7 07:49:48 ns1 dnsmasq[4671]: reading /etc/ppp/resolv.conf Jul 7 07:49:48 ns1 dnsmasq[4671]: using nameserver 206.248.c.d#53 Jul 7 07:49:48 ns1 dnsmasq[4671]: using nameserver 206.248.a.b#53 Jul 7 08:35:31 ns1 dnsmasq[4671]: reading /etc/ppp/resolv.conf Jul 7 08:35:31 ns1 dnsmasq[4671]: using nameserver 206.248.c.d#53 Jul 7 08:35:31 ns1 dnsmasq[4671]: using nameserver 206.248.a.b#53 But for 3.1.x, I don't have the above behavior! The above 4.2.1 box is not in production yet and is experiencing lots of DSL disconnect at the moment! Would it be possible when you had lost your DNS query you had actually lost your DSL/cable connection momentary? Kwon That is possible. I do not see the DSL modem break synch - but it is possible that noise on the line or a loose connection between me and the POTS is causing the trouble. I will attempt to capture the behavior with an o-scope. Victor -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] dnsmasq problem?
On 7/3/2012 11:24 PM, Erich Titl wrote: Hi Victor at 03.07.2012 19:37, Victor McAllister wrote: I am running LEAF 4.2.1 Every once in a while i run into long pauses trying to resolve an a DNS address. I have 3 internal networks (one wireless) all of which look to the router for DNS. My /etc/reslov.conf nameserver 127.0.0.1 nameserver isps dns numbers nameserver 192.168.1.254 nameserver 192.168.2.254 nameserver 192.168.5.254 *** dnsmasq finds its nameservers from /etc/resolv.conf # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. #interface= interface=lo interface=eth1 interface=eth2 interface=wlan0 *** Occasionally I get long pauses on clients looking for say www.google.com During these pauses that can last for several seconds, I can run a nslookup ON THE LEAF BOX nslookup www.google.com and it just hangs looking for an address. If I run nslookup www.google.com ns1.sonic.net it seems to resolve the address (ns1.sonic.net is my isp's primary dns) The way I understand the resolver is that it takes the uplink DNS server primarily from /etc/resolv.conf Now your resolv.conf points to your own local DNS server. You state that your dnsmasq settings get the name from resolv.conf, so that looks like a loop. I have not understood the above settings, where yoiu specify name servers apparently for all your interfaces. In a primitive set up I would first decouple dnsmasq from resolv.conf. Then put your real uplink DNS server into both. Secondly if you want to make dnsmasq depend from resolv.conf, then set your real uplink dns server there. I believe what happens is something like 1) your dnsmasq settings primarily build a loop 2) the resolver is timing out and tries to figure out where else to look according to the DNS hints 3) it follows the redirections in the hints and by sheer luck it finds a server which is willing to respond. cheers Erich Thanks Erich I changed resolv.conf to only list 127.0.0.1 and my isps DNS machines. This improved the workings of dnsmasq. It has only lost its bearings to the outside DNS once in two days. When it did so, I did an nslookup on the router specifying the ip of the outside DNS servers and it immediately found its bearings. Evidently dnsmasq can get lost even when it only knows itself and two dns servers. I put the dns servers in a separate file /etc/dns.conf to decouple dnsmasq from resolv.conf. This file only has the IPs of my ISPs DNS servers. resolve.conf only has 127.0.0.1 This is working - but I will watch it for a while to see if dnsmasq can still get lost. Thanks. Victor -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] dnsmasq problem?
I am running LEAF 4.2.1 Every once in a while i run into long pauses trying to resolve an a DNS address. I have 3 internal networks (one wireless) all of which look to the router for DNS. My /etc/reslov.conf nameserver 127.0.0.1 nameserver isps dns numbers nameserver 192.168.1.254 nameserver 192.168.2.254 nameserver 192.168.5.254 *** dnsmasq finds its nameservers from /etc/resolv.conf # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. #interface= interface=lo interface=eth1 interface=eth2 interface=wlan0 *** Occasionally I get long pauses on clients looking for say www.google.com During these pauses that can last for several seconds, I can run a nslookup ON THE LEAF BOX nslookup www.google.com and it just hangs looking for an address. If I run nslookup www.google.com ns1.sonic.net it seems to resolve the address (ns1.sonic.net is my isp's primary dns) after it finds the dns server, then nslookup www.google.com server 127.0.0.1 address 1: 74.125.224.145 address 2: 74,125.224.144 etc. Is something wrong with my dnsmask configuration. It did not used to act this way and I have not changed how I have it configured. by the way, ip -s link sh does not show any dropped packets or errors on any interface. Victor -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] pixelserv.pl
I am thinking of using a spare WRAP box on my network to serve up a transparent single pixel gif using a DNS list of known ad servers through dnsmasq. Anyone one done this with LEAF? Victor -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] 4.2.1 Geode serial version problem with iptables
I am using the same leaf.cfg as I used on a 486 serial version 4.2.1rc1 box. However, shorewall wont run. #apkg -l /initrd root copnfig etc modules license mawk iptables ip6tables libm perl shorwall dnsmasq dropbear local mhttpd webconf hostapd libnl libssl libcrpto configdb moddb #svi shorewall start Starting Shorewall Firewall: Compiling Your kernal/iptables do not include state match support. No version of Shorewall will run on this system. webconf reports that shorewall is running - but with the following warning. modprobe: modules ip_tables not found in module.dep iptables v1.4.9.2: can't initialize iptables who? (do you need to insmod?) Perhaps iptables on your kernel needs to be upgraded. Anyone else experience this on ALIX Geode (PCEngines)? Victor -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] dnsmasq experiments
I have been playing with dnsmasq to see if I can improve the way it functions on my 3 network wrap box. here are some of the changes I made to dnsmasq.conf domain-needed bogus-priv I use dhcp-host= to configure each client ** TO prevent windows boxes from filling the daemon log up with attempts to find nonexistent proxies. dhcp-option=252,\n ** uncomented and increased the cache size cache-size=600 *** Here are some nslookup tests. My Leaf box is shadrach. My isp's primary dns is ns1.sonic.net shadrach# nslookup ns1.sonic.net 127.0.0.1 server: 127.0.0.1 address 1: 127.0.0.1 localhost name: ns1.sonic.net address 1: ns1.sonic.net 208.201.224.11 from a client windows shell nslookup server: shadrach address: 192.168.1.254 which indicates it knows dns is on the leaf box. nslookup ns1.sonic.net server: ns1.sonic.net address: 208.201.224.11 Any suggestions are welcome. Victor -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] dnsmasq caching
Anyone use dnsmasq for locally caching dns requests? It does not seem to be setup for local caching in its default configuration. Anyone tried it and can comment on its efficiency? Victor -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Trying to upgrade to Bering-uClibc 4.x
On 4/11/2012 7:32 AM, Brad Klinghagen wrote:
I am trying to upgrade my current firewall which is using LEAF Bering uClibc
3.x something. I'm taking things cautiously because I had read information
about changes with the 4.x version, especially around Shorewall, so I wanted
to take things slowly and not put myself into huge hole of problems. I
downloaded the file Bering-uClibc_4.1_geode_syslinux_ser.tar. I tried to boot
a clean and basic install on a duplicate platform as I have installed in my
production network. I can't get it to boot up completely so I am asking for
assistance.
Can you help me figure out what I'm doing wrong (it's probably something
obvious I missed)?
SITUATION DETAILS FOLLOW
See below for details about my situation:
I am using a duplicate hardware platform to the one currently installed into
my production network. I installed a base version of Bering-uClibc v4.1 for
the AMD Geode processor. I am not using a hard drive, nor USB drive, but a
compact flash which plugs into the built in connector. I formatted the CF
with a single partition of FAT32 and installed syslinux version 4.05 (dated
2011-12-09) and then installed the files from the TAR file. I made
appropriate adjustments to the SYSLINUX.CFG and the LEAF.CFG files for the
hardware. I changed the drive to boot from to /dev/sdb1/ and increased the
SYST_SIZE=512M, TEMP_SIZE=128M AND LOG_SIZE=64M. I did change what packages
(LRP) files were loaded by LEAF. I wanted to start with the bare bones and
build upon success.
When I booted the system, it seemed like it was going to boot fully however
it stopped when booting the kernel. Here's what the the system displayed (I
plugged in a VGA monitor so I could see the boot process messages) up to the
point it stopped (enclosed in the brackets []:
[
SYSLINUX 4.05 EDD 2011-12-09 Copyright © 1994-2011 H. Peter Anvin et al
{Bering LP Shield image displayed on screen} Bering-uClibc Firewall
(4.1 - 2011-10-08)
(uClibc 0.9.30.3 Bering-uClibc team)
This image brought to you by:
The LEAF project:
http://leaf.sourceforge.net
The Shorewall project:
http://www.shorewall.net
Loading /syslinux/linux….
Loading/initrd.lrp…ready
Decompressing Linux… Parsing ELF… done.
Booting the kernel.
]
After it displays the last message, nothing happens. It doesn't try to access
any data off the compact flash. The boot process just stops. When I go back
and use the same type of CF loaded with Bering-uClibc 3.x, it boots properly
(just as the production version does).
In the Bering-uClibc 4.x - User Guide - Basic Configuration - Booting for
the First Time section under the Troubleshooting section, I tried to add some
different KMODULES (mainly to see if it would create an error), but it booted
the same as previously. I also tried the changes described in the DMA issues
section. None of these changes worked, nor did they give me further error
information to help point me in a direction to try.
Hardware :
A fanless network device platform made by Acrosser. The model is the AR-B1554
(there is another model of same config except it has 256MB SDRAM). I do have
a user guide document from Acrosser with more hardware details if it will
help.
CPU - AMD Geode GX-MMX
CPU Clock - 333 MHz
Primary Master Disk - None
Primary Slave Disk - LBA, DMA 2, 4096 MB - 4 GB Compact Flash (SanDisk Ultra
II 15 MB/s)
128 MB SDRAM on-board (
Base Memory - 640K
Extended Memory - 1216000K
Cache Memory - 32K
Serial Port - 3F8
Parallel Ports - none
SDRAM at Rows : 0 1
mini-PCI bus
2 -USB 1.1 ports
3 10/100 MB NIC - RealTek 8139
Did you try adding a libata.dma statement in syslinux.cfg
Add libata.dma=3 to the APPEND line so that the complete line reads:
APPEND reboot=bios libata.dma=3
Victor
--
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
[leaf-user] LEAF developers great work
I have been running home built routers since the Linux Router Project days. I just updated a few WRAP and Soekris boxes with 4.1.1Beta1 running WPA2 wireless g (ath9k). The word kudos means praise and renown. Although LEAF does not get a lot of renown - the project is worthy of praise. I use putty to setup the drivers and basic network - then webconf to edit things like hostapd and shorewall from a windows box. KUDOS to the great team of developers. Victor -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] ip_conntrack
Using Bering 4.0 on WRAP (486 serial) - when logged in as root cat /proc/net/ip_conntrack lists the ports and the connections work ok. however using webconf clicking on active connections it reports cat can't open '/proc/net/ip_conntrack': permission denied Bering-uClibc_4.0_i486_syslinux_ser.tar.gz did not contain any lwp files for webconf so I took them from Bering-uClibc_4.0_i686_isolinux_vga.iso Victor -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] wd1100 watchdog
I use several old Wrap and Soekris boxes running leaf firewalls. (Too cheap to replace with ALIX!!!) Bering 4.0 has some great features and implements easily on these boards. Thank you to the development team. One thing I did not find is a WD1100 watchdog module for the 2.6 kernel. Eric Titl had a patch for this hardware watchdog for Bering 3. I see a Vonage patch but the Vonage main website has an untrusted certificate. Anyone got a watchdog working for these boards in Bering 4.0? Victor -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] bering 4.0 and wrap pcs
On 1/20/2011 5:38 PM, Trev Peterson wrote: Hello there, I'm interested in testing the 4.0 betas on wrap pc boards but want to make sure I don't waste/duplicate work already done. I see the ide drivers for the wrap are not in beta1 but are marked for inclusion in beta2. As such I have the following questions: 1. Have the wrap pc ide modules already been compiled and committed in beta2 ? 2. Do we have an eta on beta2? 3. How do we provide changes to help the beta? The developer guide shows how to build from source but I didn't see anyway of sharing that so we all don't have to keep repeating the process. I'm looking forward to trying this out on the wrap boxes (I have a number of the deployed). Just curious how to contribute. Thanks, I have tested Beta 1 on a spare WRAP and Soekris board (both use the same processor model). I used an image supplied by David M Brooke. The regular beta 1 does not boot up on WRAP / Soekris because it does not contain the proper modules for those boards. I have not put the boxes into production yet - am awaiting betas 2, but everything boots up, is configurable etc. Victor -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Problems with BlackBerry device and Leaf Router
On 1/1/2011 4:19 PM, Jim Dancer wrote: Hi - I have been using Leaf for a while (currently running 3.1.1- latest 2.4 kernel) and have not really had any complaints at all but recently my wife acquired a BlackBerry Torch but she cannot connect to the internet using our local Wifi setup. We are using a WPA-PSK setup and the device appears to authenticate properly and obtain a DHCP address and DNS information from the server but no matter what I try the phone simply won't make a connection to the internet. Does anyone have any similar experience? There seem to be lots of complaints all over the net related to commercial routers but none seem directly applicable to my situation. Any suggestions would be appreciated. Sincerely JimD I am not a blackberry user - but it seams it uses tcp port 3101 for communications. Assuming you are assigning a fixed ip of 192.168.1.4 (via dnsmasq), then in the Shorewall rules file # Blackberry ACCEPTnetloc:192.168.1.4 tcp 3101 Try that and see it that allows access to the Blackberry servers. Victor -- Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] dhcpcd does not forget the old static address
I am using Bering 3.1 which has been running without fail for over a year. I had a static IP and recently changed to dhcp. I purged all record of the old address in /etc/network/interfaces, added dhcp on eth0. Then I shut off the router so it would reboot with no remembrance of temporary files. Yet dhcpcd rejects the address proffered by my isp (A.B.C.D) because it requested my old address which was in a different network. My old static Ip address was W.X.Y.Z dhcpcd[662]: broadcasting DHCP_REQUEST for W.X.Y.Z (old address) dhcpcd[662]: dhcpIPaddrLeaseTime=86400 in DHCP server response. dhcpcd[662]: dhcpT1value is missing in DHCP server response. Assuming 43200 sec dhcpcd[662]: dhcpT2value is missing in DHCP server response. Assuming 75600 sec dhcpcd[662]: DHCP_ACK received from (A.B.C.D) I continue to operate with the old address. The only record I find for he old address is in /var/lib/dhcpc/dhcpcd-eth0.info With a shutdown and reboot, everything in /var should be lost. How do I get dhcpcd to accept the address offered by my isp and forget the old address. Victor -- Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] trying Bering 4 on WRAP box
I did the following to build my compact flash. I put syslinux on a Compact flash and copied the files to the CF from a windows box. I the booted the 486 iso version the CF attached through a USB port mount -t vfat /dev/sdb /mnt1 to mount the compact flash *** edited syslinux.cfg like this for a serial console serial 0 19200 DISPLAY syslinux.dpy TIMEOUT 0 APPEND CONSOLE=ttyS0,19200n8 APPEND reboot=bios VERBOSE=1 DEFAULT /syslinux/linux initrd=initrd.lrp rw root=/dev/ram0 LEAFCFG=/dev/sda1 * firewall# cd /tmp firewall# tar -zxvf /mnt1/etc.lrp unpacks etc.lrp in the /tmp directory firewall# edit etc/inittab Comment out the tty1 and tty2 lines like this. #tty1::respawn:/sbin/getty 38400 tty1 #tty2::respawn:/sbin/getty 38400 tty2 Uncomment the ttyS0 line - leave the ttyS1 commented ttyS0::respawn:/sbin/getty -L ttyS0 19200 vt100 #ttyS1::respawn:/sbin/getty -L ttyS0 19200 vt100 ^q SAVE? y * firewall# tar cvf - * | gzip -9 etc.lrp this rebuilds etc.lrp with the modified inittab file firewall# cp etc.lrp /mnt1/etc.lrp copies the changed etc.lrp to the compact flash. * when I boot the CF in the WRAP box the console works until it stops with LINUXRC: Looking fr leaf.cfg... LINUXRC: Generating default dirs... LINUXRC: Generating /tmp /var/log partitions ... LINUXRC: PKGPATH is empty or unset.. Can not install packages. *** my leaf.cfg looks like this # List of packages to load LRP=root config etc modules iptables dhcpcd keyboard libm perl shorwall dnsmasq dropbear mhttpd webconf # Device(s) to load from PKGPATH=/dev/sda1:vfat # RAM Disk partition sizes log_size=8M tmp_size=8M * Bering 3 had different initrd.lrp for different boot media. The boot section of initrd.lrp does not contain any files as far as I can see. Is this a problem or is it me doing something stupid. Victor -- Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Problems with Bering uclibc 3.1.1 beta3 on Soekris
On 7/25/2010 1:06 PM, Tim Wegner wrote: I have been happily running various verions of lrp for many years. most recently, LEAF Bering-uClibc 2.3 uClibc 0.9.20 Rev 3 on a headless Soekris net 4801 box. This has been running for five years are so with no problems. I want to upgrade to 3.1.1, but can't get the boot process to quite complete, gets hung with Starting periodic command scheduler: cron. can't open /dev/tty1: No such d LEAF Bering-uClibc 3.1.1 Rev 6 uClibc 0.9.28 firewall ttyS0 can't open /dev/tty1: No such device can't open /dev/tty2: No such device ... To simplify things, I took the floppy image and copied the files to a compact flash card that already had syslinux (albeit an older version - does that matter?), and made the following changes: 0. did not overwrite ldlinux.sys from syslinux. 1. edited leaf.cfg to change to: PKGPATH=/dev/hda1:msdos 2. edited syslinux.cfg in same way to use /dev/hda1, and also add support for serial port (only way to see what's happening on a Soekris) 3. copied initrd_ide_cd.lrp to initrd.lrp 4. Edited inittab in etc.lrp to add a getty line for serial port. I haven't added the natsemi.o module yet, but that shouldn't prevent boot process from completing (I would think). I just want to get to a login prompt, then I think I can get the rest of the way. There's no problem with the old setup, I just would like to get current. Also, there's a broken link to the usb image: http://prdownloads.sourceforge.net/leaf/Bering-uClibc_3.1.1- beta3_usb_bering-uclibc-iso.bin.img.gz?download This link gives the models file by mistake. Is the USB image someplace? Any advice would be appreciated. There is a lot on the web for leaf/soekris, but it's all older than my old setup. Is there something else I have to do to set up the serial port? Thanks, Tim Here's what I get through the serial port, with a little bit snipped: DMI not present. Kernel command line: reboot=bios console=ttyS0,19200n8, nodma=hda ide=nodma BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 LEAFCFG=/dev/hda1:msdos Initializing CPU#0 Detected 266.661 MHz processor. Calibrating delay loop... 532.48 BogoMIPS Memory: 127244k/131072k available (865k kernel code, 3440k reserved, 97k data, 60k init, 0k highmem) Checking if this processor honours the WP bit even in supervisor mode... Ok. Dentry cache hash table entries: 16384 (order: 5, 131072 bytes) Inode cache hash table entries: 8192 (order: 4, 65536 bytes) Mount cache hash table entries: 512 (order: 0, 4096 bytes) Buffer cache hash table entries: 8192 (order: 3, 32768 bytes) Page-cache hash table entries: 32768 (order: 5, 131072 bytes) CPU: NSC Unknown stepping 01 Checking 'hlt' instruction... OK. POSIX conformance testing by UNIFIX PCI: PCI BIOS revision 2.01 entry at 0xf7861, last bus=0 PCI: Using configuration type 1 PCI: Probing PCI hardware PCI: Probing PCI hardware (bus 00) Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket Starting kswapd pty: 256 Unix98 ptys configured keyboard: Timeout - AT keyboard not present?(ed) keyboard: Timeout - AT keyboard not present?(f4) Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled ÿttyS00 at 0x03f8 (irq = 4) is a 16550A ttyS01 at 0x02f8 (irq = 3) is a 16550A Real Time Clock Driver v1.10f floppy0: no floppy controllers found RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize Initializing Cryptographic API NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP, IGMP IP: routing cache hash table of 1024 buckets, 8Kbytes TCP: Hash tables configured (established 8192 bind 16384) ip_tables: (C) 2000-2002 Netfilter core team arp_tables: (C) 2002 David S. Miller NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. RAMDISK: Compressed image found at block 0 Freeing initrd memory: 402k freed VFS: Mounted root (minix filesystem). Freeing unused kernel memory: 60k freed LINUXRC: Bering - Initrd - 3.1.1 Rev 6 uClibc 0.9.28 Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx hda: Hitachi XX.V.4.2.0.0, CFA DISK drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 hda: attached ide-disk driver. hda: 62592 sectors (32 MB) w/1KiB Cache, CHS=489/4/32 Partition check: hda: hda1 hda: hda1 hda: hda1 LINUXRC: Mounting a 6M TMPFS filesystem... hda: hda1 hda: hda1 LINUXRC: Installing - root: /dev/hda1 config: /dev/hda1 etc: /dev/hda1 modules: /dev/hda1 iptables: /dev/hda1 dhcpcd: /dev/hda1 keyboard: /dev/hda1 shorwall: /dev/hda1 ulogd: /dev/hda1 dnsmasq: /dev/hda1 dropbear: /dev/hda1 mhttpd: /dev/hda1 openntpd: /dev/hda1 webconf: /dev/hda1 configdb: configdb(nf!) moddb: /dev/hda1 - Finished. sh: argument expected LINUXRC: Loaded Packages Loading keymap: us.maploadkmap: can't open
Re: [leaf-user] Write Protect
Gordon Bos wrote: Victor McAllister wrote: Write protected hardware requires physical access to the LEAF box. A software write protect has the advantage that you can set and unset the read and write access to the boot media with putty, ssh. I use two scripts loaded by local.lrp. Granted this is a little cumbersome because you have to keep a copy of three modules on your desktop machine and scp / winscp them over as needed. If you command a reboot, the machine is restored to read write status since the scripts are only run manually via ssh. I'm kind of puzzled why you would not run the delete script at boottime. How can you be sure that the system won't reboot without you knowing it? uptime 473 days if I do an uptime and it says 1 day - I will investigate why. (I use a WRAP with a 12 volt battery connected via diodes in parallel with the power supply. The dsl modem and switches are on a UPS. If the AC goes down, my network connection stays up for several hours so laptops can still have access. That is why the LEAF stays up even when the power goes down several times a year.). I only need to SCP the modules over to back up a configuration change. The files necessary for boot are still on the boot media, just not in ram. As you say, no security is perfect. Someone who reads this post, if they could break in, could figure out what modules to bring along. They would need SSH access which is only open to specific public IPs. Statements as to computer security have been around since the early days. No system is ever really secure. If you want to make a system completely secure, you should enclose it in concrete and drop it in the ocean. All barriers fail if someone can get physical access to the system. Which roughly translates in that the highest level of security is reached by a system that is console operated only (and not connected to other computers, but that's not an option in this case). In regards to LRP and LEAF I've always respected that rule and never added any remote access to the box. No ssh, no https. Gordon -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
On Mon, 2009-08-10 at 09:27 -0700, Mike Noyes wrote:
You can obtain a write protect hardware option fairly easy now. It's not
like it was seven years ago, when a hardware hack (ADM module using the
LD017 controller chip) was necessary.
http://reviews.cnet.com/usb-flash-drives/?filter=502909_14791771_
Write protected hardware requires physical access to the LEAF box. A
software write protect has the advantage that you can set and unset the
read and write access to the boot media with putty, ssh. I use two
scripts loaded by local.lrp. Granted this is a little cumbersome because
you have to keep a copy of three modules on your desktop machine and
scp / winscp them over as needed. If you command a reboot, the machine
is restored to read write status since the scripts are only run manually
via ssh.
**
#! /bin/ash
# rm-ide by Victor McAllister
# This script removes modules to prevent
# access to the boot media - CF ide disk
echo
MODULES=ide-disk ide-detect ide-core
BOOTDIR=/boot/lib/modules
LIBDIR=/lib/modules
for MODULE in ${MODULES}
do
rmmod ${MODULE}
rm ${BOOTDIR}/${MODULE}.o
rm ${LIBDIR}/${MODULE}.o
done
echo
echo The modules needed for IDE access are not plugged into
echo the kernel or located in the TWO modules directories.
echo
echo The Compact Flash is NOT accessible.
#! /bin/sh
# load-ide by Victor McAllister
#
echo Ths script installs ide modules to access Compact Flash
echo First copy the files ide-core.o ide-dectect.o ide-disk.o
echo using SCP to the /lib/modules directory.
echo
MODULES=ide-core ide-detect ide-disk
LIBDIR=/lib/modules
BOOTDIR=/boot/lib/modules
for MODULE in ${MODULES}
do
insmod ${MODULE}
cp ${LIBDIR}/${MODULE}.o ${BOOTDIR}/${MODULE}.o
done
if (lsmod | grep ide-)
then
echo
echo Mount the CF possibly using: mount -t msdos /dev/hda1 /mnt
echo
echo modules necessary are also in /boot/lib/modules
echo for possible backing up your configuration.
else
echo
echo IDE modules not loaded - CF drive not accessible.
echo Did you forgot to SCP the files to /lib/modules?
fi
###
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
Re: [leaf-user] Help with dnscache
Brent Gardner wrote: I have a machine running Bering-uClibc v3.0.2. The machine runs dnscache to provide name resolution for a group of machines. The machine also runs tinydns to provide DNS information about a local domain called corp.local. In order to get dnscache to serve information about the corp.local domain I have to enter these commands after every boot: echo 127.0.0.1 /etc/dnscache/root/servers/local svi dnscache restart I noticed there's a file called @ in /etc/dnscache/root/servers. This file exists after every reboot. The file is not listed in /var/lib/lrpkg/dnscache.list although /etc/dnscache/root/servers is. I'm not fully familiar with how the backup process works in LEAF Bering-uClibc. I don't know if the /etc/dnscache/root/servers item in dnscache.list means 'backup the object called /etc/dnscache/root/servers' or 'backup the object and everything it contains'. If the latter then I'm curious as to why my /etc/dnscache/root/servers/local file isn't there after a reboot. If it put /etc/dnscache/root/servers/local in dnscache.list the file still does not get backed up. If I dissect the configdb.lrp or dnscache.lrp files the @ file does not exist in either of them so I suspect it's being generated by dnscache or daemontools after booting. I'm still researching that, but if this is the case does anyone know how I can cause an arbitrary file to be auto-generated in /etc/dnscache/root/servers with specific content? The contents of /etc/dnscache/root/servers/@ match the contents of /etc/dnscache/env/DNS1 Thanks. Brent Gardner LEAF file system is in RAM. The boot media is only used for loading up the RAM and for saving changes in configuration. The easiest way to keep specific scripts or files through a reboot is to add them to local.lrp. You can list files in any directory, AFAIK. for example my /var/lib/lrpkg/local.local lists three files I put in /usr/sbin. They are saved in local.lrp and restored during reboot as long as local.lrp is in the load list. var/lib/lrpkg/local.local /usr/sbin/rm-ide /usr/sbin/load-ide /usr/sbin/fixclk -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] OpenNTP daemon dying after several days on Bering-uClibc 3.1-beta3
davidMbrooke wrote: Hi, Is anyone else having problems with the OpenNTP daemon dying? I'm running openntpd 3.9p1 Rev 3 uClibc 0.9.28, part of Bering-uClibc 3.1-beta3. I start it, it runs fine for a few days, then it stops. I normally only notice when the clocks on the internal network machines start drifting out of sync - and whenever I check there's no openntpd process running on the firewall (there should be 2 - parent and child). My /etc/openntpd/ntpd.conf is really simple - apart from the comments just: listen on * server 80.4.96.1 I've tried using different servers / multiple servers, but nothing seems to change. 80.4.96.1 isn't a great NTP server (stratum 6) but it's only one hop away from me. I've just re-started the NTP daemon in debug (-d) mode. Hopefully I'll be able to get an error message next time it fails. Then again, I could just switch back to ntpd.lrp which, despite its large size seemed to be reliable. Is that what other people are running? dMb I notice this also but it does not seem to happen with all isps. Not sure why. This is my solution for a cron scrip #! CLKNTP=openntpd if [ -n `pidof openntpd` ]; then /usr/bin/killall $CLKNTP 2/dev/null fi /usr/sbin/openntpd -s exit 0 I add the script to the list in local.lrp so it gets backed up. Add it to /etc/crontab at some period and that fixed my problem Victor - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Register now and save $200. Hurry, offer ends at 11:59 p.m., Monday, April 7! Use priority code J8TLD2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ALIX board
Martin Hejl wrote: Victor McAllister wrote: Has anyone tried LEAF on the PC Engines ALIX board? If so, what are your experiences? watchdog? It is cheaper and smaller than Soekris. I don't have any experience yet, but a few ALIX boards will hopefully arrive at my office in the next few days. The units should work pretty much out of the box, since there's nothing terribly unusual about them (once one has figured out which network driver to use) - but of course, I can't say before I've tried it. I wouldn't be too hopeful about the watchdog though. According to the AMD docs, the CS5536 companion device contains a watchdog timer, but it doesn't look like a driver for kernel 2.4 is available at this time. I've found a relatively recent kernel patch for 2.6 at http://www.mail-archive.com/[EMAIL PROTECTED]/msg253179.html but of course, that doesn't help for kernel 2.4. I'll let you know when I've received the boards and played with them for a bit. Martin Pascal Dornier from PC Engines says he will prepare some DOS sample code - if someone wants to try to implement a watchdog for ALIX. Victor - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] ALIX board
Has anyone tried LEAF on the PC Engines ALIX board? If so, what are your experiences? watchdog? It is cheaper and smaller than Soekris. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ezipupd question
Ken Gentle wrote:
ez-ipudate works just fine...
I have it configured as a daemon, the current default IIRC. The only
trick was adjusting my Shorewall rules to allow outgoing connections
to the DynDNS servers.
I can post more detail if that would be helpful.
It could be helpful. I have done this with ppoe but not with dhcpcd.
On Jan 21, 2008 12:54 AM, Victor McAllister [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Last week I set up a uClibc 3.1b3 for a friend using dhcpcd to
configure eth0.
Now I want to assign a dns name to the box.
I haven't run ezipupd recently - explanation is here.
http://leaf.sourceforge.net/doc/bucu-ezipupd.html
Does this script go in /etc/interfaces where I define eth0?
reload_all() {
/sbin/shorewall restart
echo Starting ez-ipupd from dhclient ...
/etc/init.d/ez-ipupd start
}
Anyone know if ezipupd still works for dyndns.com http://dyndns.com?
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
Re: [leaf-user] Serial access to pristine Bering image
Charles Steinkuehler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 KP Kirchdoerfer wrote: On Wednesday 19 December 2007 16:36:40 Mats Erik Andersson wrote: Hello all, would it be a serious security flaw to arrange that at least the bootfloppy provides a serial console in the form the image is delivered from factory? The neccesary changes are easy enough: 1) an addition of console=ttyS0,19200n8 console=tty0 to the file syslinux.cfg and 2) removal of one hash mark in front of ttyS0 in /etc/inittab. Such serial access would very much lessen the labour to configure a recycled, but functional machine. Regards Mats Erik Andersson Hi Mats; I talked with Eric Spakman and he remembered, why we removed it from the image a few years ago: On machines with no serial console attached the screen was flooded with messages about init respawning too fast about every five seconds. And I think, his memory is correct in that case. So we refuse to change it back -. I hope you understand I agree the proposed solution is unsuitable, but perhaps there's still something that can be done to address the basic problem. What about a one-time script run at boot that checks for a serial port and fires of a getty if it finds one? That would side-step the respawning issues with inittab, not require the initrd scripts dynamically generate inittab based on detected hardware (dangerous IMHO), but would still allow for serial console access 'out of the box'. - -- Charles Steinkuehler [EMAIL PROTECTED] I get around this by having an old machine with an ide to compact flash adapter, a keyboard, a floppy and video. I boot off a modified floppy image that uses the initrd for ide and runs hdsupp.lrp at bootup (without the other stuff like shorewall). I then stepup the compact flash and make it bootable. The machine has a Netgear 311 pci card which is equivalent to the network chips on the WRAP and Soekris. (This verifies network modules are properly loaded). I make repeated bootups, configure everything except the serial console. When everything appears to work, I edit inittab and syslinux.cfg to add the serial console and save the configuration. The CF then goes into the Soekris or WRAP and I have a serial console for fixing any minor mistakes. Usually everything is working at this point and I can use webconf or putty to make any final tweeks. I find this is much faster than scrolling through a long file with a serial console. LEAF 3.1b2 works great. Don't use the openntpd on the image - use the one found here : http://leaf.cvs.sourceforge.net/leaf/bin/packages/uclibc-0.9/28/ Webconf allows one to edit and start and stop processes from a browser with a login and password. LEAF would be more popular if we could keep the documentation a little more current. That is not a complaint. I appreciate the hard work from the Bearing uClibc team. A New Year resolution is to try to help with documentation for LEAF. I would write up my procedure (geared to a Windows user) and put it on the wiki if I had access. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] ulibc 3.1b2 to keep link active
After much procrastination, I finally upgraded a WRAP box to 3.1b2 and it works great. I had to read up on the changes, because I had been running version 2 but it was well worth the upgrade. Future upgrades should be handled almost automatically. Thanks to the uClibc Bering team for the great work. I have one client (using a commercial fw/router) that if there is no activity for 24 hours the isp refuses a dhcp lease. They are presently unplugging the router and plugging it back in to reestablish a lease. I plan to put in a leaf box. Any ideas about how to keep the link alive without using email keepalive. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] uClibc 3.0 and /etc/init.d
Bob Coffman Jr - Info From Data wrote: First of all, thanks to the developers for uClibc 3.0. Very nice work. My question is about saving the configuration. I've added a file to /etc/init.d, however, it is not retained when I save the config nor when I save the modules. I would expect that all of /etc would be retained in a config save - should it? Thanks again - Bob Coffman When you add files, such as specialty scripts, put them wherever you want and then list their names and locations in local.lrp. Then backup the configuration. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] PC Engines docs missing
I really appreciate uClibc 3.0 - upgrading is so simple. Thank you. I am not complaining - just pointing out some documentation links that are 404. In Chapter 13, LEAF for the PC Engines WRAP found here http://leaf.sourceforge.net/doc/bucu-sc1100.html and here http://leaf-project.org/doc/bucu-sc1100.html has a number of bad links - for example the modifications to the syslinux.cfg http://leaf.sourceforge.net/doc/guide/buconsole.html does not exist - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] PC Engines WRAP - Easiest Install?
Martin Hejl wrote: Hi Eric, I have spent a while digging around in the documentation and the archives and have yet to find the answer I am looking for. I have a PCEngines WRAP with a EMP-8602 (wireless card) VPN1411 (VPN Accelerator). I am using a 3.0GB microdrive. I am trying to replace my Linksys WRT54G with this box. What is going to be the fastest/easiest way to get it on LEAF on there? pxe? premade cf image? I like the pxe approach - but that does take quite a bit of tweaking to get things going the first time (unless you're used to setting things like that up). Make sure you have hdsupp.lrp as part of the packages loaded via pxe, then follow the instructions you get when entering help hdsupp (or if that no longer works, cat /var/lib/lrpkg/hdsupp.help) It's a real time saver if you need to set up several boxes at once, but for a single box, I'd go with a CF reader, a full checkout from CVS (or the contents of the CD image. Whichever way you go, make sure you enable a console on the serial port (by adding the proper settings to syslinux.cfg and to /etc/inittab). Otherwise, you'll have a hard time setting things up (since you won't have a console). See http://leaf.sourceforge.net/doc/buci-ide3.html for setting things up to boot from HD/CF and http://leaf.sourceforge.net/doc/buconsole.html for what changes one needs to make to use a serial console. Regarding your proposed setup - I assume the VPN1411 is the mini-pci card made by Soekris (using the Hi/fn 7955 chip). Please note that as far as I know, Bering uClibc does not bring have driver support for that card. It is possible that you can find drivers that compile against the kernel used by Bering uClibc. Last time I checked (which was a while ago) driver support for Linux was flaky at best. You'd most likely only want to use it for IPSec anyway - anecdotal evidence seems to suggest that this card does not help things if you're using it for a user-space app, since apparently, the penalty for crossing into kernel space for making the encryption eats up all of the gains from doing encryption in hardware. Please also note that there seem to be a problem with the BSD drivers (I bring that up because I seem to recall that there has been a port of the BSD crypto layer to Linux to add support for those cards) - see http://lists.soekris.com/pipermail/soekris-tech/2006-October/011161.html maybe that's a problem that only concerns the soekris computers, but if not, you've been warned :-) I hope that helps, Martin I attach a CF to a Dos or Windows box, copy all the LRPs and make the CF bootable. Then I boot the CF in an old box with an IDE to CF adapter. This box has a keyboard, screen and Netgear 311 NICs that use the same modules as the WRAP. I make all the configuration changes except the watchdog and serial console and test everything on this box. The last thing I do is make the changes for the serial console and watchdog then put this configured CF into the WRAP. Works on the first boot. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] shell scripts
[EMAIL PROTECTED] wrote: I have been running a couple of shell scripts on my Bering 2.# box to do some nightly maint work. I had them in the /root directory and saved them by backing up root. My understanding is that with ver 3 this no longer occurs. Only the config files are saved. I was wondering how I go about saving them so that after a reboot the are still present Sorry if this has been previously covered. I must have missed it. I would put them in local.lrp I believe the local help file will explain its usage. List the the files and their locations and they will back up in local.lrp. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Personal bounty for Bering on WRAP1c - $50US
[EMAIL PROTECTED] wrote: Folks, Since I have had my Linux manhood totally squashed under the seemingly simple task of geting Bering up on a PC Engines WRAP 1c and after two weeks of effort, I'm now prepared to offer a $50 US bounty via paypal or direct mailed check to the first person who can provide a working config/image that meets the following requirements. 1) fits on 128 meg CF 2) boots to a serial console from CF 3) ethernet works and gains a DHCP address 4) SSH server up and accepting connections 5) configurable from serial port 6) configurable from http 7) the WRAP1c module should be loaded as well 8) watchdog needs to be working as well. Additional applications that need to be working but not on the initial load. Leaf.cfg should not have these lrp files but they should be present on the image. However, adding these to the LRP= list should not break the boot configuration. Dropbear firewall OpenVPN Snort I will use the time stamp on the email responses to this address ([EMAIL PROTECTED]) to determine the first person to respond. Responses sent to the leaf-user list will NOT qualify. Additionally, in order for the response to qualify, it must include a working email contact as well as a working image. Images will be tested in the order received. The first image that works gets the $50. If you are first in line (again, determined by the email time stamp) and provide an image that either does not work, or generates errors, you will be given 1 and only 1 chance to fix the image. I will provide a Hyperterm output and allow you 24 hrs to fix. If not fixed in that time, I make the determination that the image does not meet the requirements will move to the next person. After I have a working image, I will inform all others on my email list of responders that I have received the image and will notify this list as well. Any special instructions for configuration / passwords should be provided as well. The intent should be for me to format the CF, run syslinux and copy over the .lrp packages and pop the CF in and have it work. I have already gone through about 20 different conflicting or partial documents and have reached my frustration point. Thank you, David Lott I recommend this method. I set everything up on an ide CF in a spare computer that has a keyboard. I use a single Netgear FA311 pci card which uses the same modules as the WRAP so that I can verify that I am using the nic modules. I use a KVM switch so I can copy settings from the running firewall. I setup the network, dyndns, copy the host files in for dropbear, setup shorewall - everything except the serial console and the watchdog. When everything is all configured, I change the watchdog, serial console and backup. I just plug in the new CF into the WRAP and this works every time. It also means the firewall is only down for a few minutes during the CF swap out. I recently built a CF for Bering uClibc 3.0 b2 for my WRAP 1C2. Hopefully this is the last time I will do this as 3.0 can update packages on the fly. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ez-ipupd
C.Dummy wrote: Hello I successfully installed this package. After longer time I'm loosing ip number. When I do /etc/init.d/ez-ipupd stop it says ez-ipupd error:already stopped. Than I do /etc/init.d/ez-ipupd start and connects no problem request successfully. I'm using dsl so I have put line /etc/init.d/ez-ipupd start in /etc/ppp/ip-up. I'm using dyndns. I noticed in mail list that few people had problems with dyndns and ez-ipupd. Is this problem resolved? Andrey This is how I did this on a friend's network who uses pppoe. It still works for him. ez-ipupd only runs once and then stops. Since you start it in the /ppp/ip-up script - it should contact dyndns and notify them of any IP change. - # Main Script starts here run-parts /etc/ppp/ip-up.d svi network ipfilter reload svi ez-ipupd start # last line svi is the same as /etc/init.d/ --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] SCP/SFTP
Doug Sampson wrote: Oh, and I should add that I am using dropbear. ~Doug I'm building a stock Bering uClibc 2.3.1 router and am trying to connect using WinSCP 3.7.6 from the internal network. I keep getting a time-out. Error message says Server refused to start a shell/command. I can successfully access using ssh. What do I need to get a shell running on Bering? I would like to copy files to/from Bering. ~Doug Did you configure winscp to use a shell. Folow the instructions here in winscp. http://sourceforge.net/mailarchive/message.php?msg_id=9995360 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Re: Can't use WCP with Bering UcLibc Beta 4 on CF
kwon wrote: On 8/19/2005 13:25, Troy Aden wrote: This is strange for some reason I can't use WINSCP to access my Bering box. (I can use ssh fine via cmd line - putty) I could use it fine before. But since I switched to Bering beta 4 on CF whenever I try and login it tells me command/bin/sh failed.. I have the same problem (only recently) as user . When I signed on with WinSCP3 (v.3.7.5 build 294), I receive the following error message: #Start of error message Command 'ls -la --full-time' failed with return code 1 and error message ls: unrecognized option `--full-time' BusyBox v1.00-rc3 (2004.08.16-18:29+) multi-call binary Usage: ls [-1AacCdeFilnpLRrSsTtuvwxXhk] [filenames...]. #End of error message My Bering box uClibc v2.2.0. Any help would be much appreciated. Thanks! I don't think it is anything wrong with LEAF - just need to tweek WINSCP a little. I am not using beta 4, but I was able to reproduce the same error message. I got it when I double clicked on the default remote directory in WINSCP. WINSCP issues a command extension that is not covered in busybox. Two possible ways to fix it - at least it worked for me *** In winscp load the stored session without logging in On the leaft side of WINSCP under Environment / Directories change the remote default directory. Mine are: Remote: /lib/modules Local: c:\download\tworoute\ under Environment SCP click on the Shell ENTER button and put in /bin/sh or /bin/ash Uncheck the button for look up user groups Save the session * If you still have problems - I didn't - load the session again and under Environment / SCP uncheck the ls command Try to get full timestamp ls -al gives the date and time anyway under busybox. Save the session and try again. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Can't use WCP with Bering UcLibc Beta 4 on CF
Troy Aden wrote: This is strange for some reason I can't use WINSCP to access my Bering box. (I can use ssh fine via cmd line - putty) I could use it fine before. But since I switched to Bering beta 4 on CF whenever I try and login it tells me command/bin/sh failed.. Can anyone help me out here. This functionality is very useful and I would really like to get this working again. I think you asked this question last year - and here is the answer I gave you then. http://sourceforge.net/mailarchive/message.php?msg_id=9995360 the most important issue is making sure WINSCP knows how to log into the shell. It will ignore the profile file and will not try to run lrcfg. Works for me. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Security and LEAF Bering UClibc
I agree that updating LEAF once a year is a pain. I usually build
another CF on a old box and just swap the CF, reboot once and its done.
Although it is not painless, each time I do it, I change things enough
to warrant the extra work. One of the questions was about write
protecting the CF. I run with the CF write protected and I admit that
this probably makes me lazy since I do not examine the logs as much as I
should (500 dropped packets a day)
I use two little scripts which I run manually for Bearing uClibc write
protect for ide - CF
* * * *
#! /bin/sh
# by Victor McAllister
# load-ide
echo Ths script installs ide modules to access Compact Flash
echo First copy the files ide-core.o ide-dectect.o ide-disk.o
echo using SCP to the /lib/modules directory.
echo
MODULES=ide-core ide-detect ide-disk
for MODULE in ${MODULES}
do
insmod ${MODULE}
done
if (lsmod | grep ide-)
then
echo
echo Mount the CF possibly using: mount -t msdos /dev/hda1 /mnt
echo
echo DO NOT BACKUP INITRD or BACKUP EVERYTHING because the IDE
echo modules are not in /boot/lib/modules in the RAM filesystem.
else
echo
echo IDE modules not loaded - CF drive not accessable.
echo Did you forgot to SCP the files to /lib/modules.
fi
* * * * *
#! /bin/ash
# by Victor McAllister
# rm-ide
# This script removes modules for
# access to the CF ide disk
echo
MODULES=ide-disk ide-detect ide-core
BOOTDIR=/boot/lib/modules
LIBDIR=/lib/modules
for MODULE in ${MODULES}
do
rmmod ${MODULE}
rm ${BOOTDIR}/${MODULE}.o
rm ${LIBDIR}/${MODULE}.o
done
echo
echo The modules needed for IDE access are not plugged into
echo the kernel or located in the TWO modules directories.
echo
echo The Compact Flash is NOT accessable.
* * * * *
Anyone who wants these two scripts packaged as cfprotec.lrp - I can send
as an attachment.
---
SF.Net email is Sponsored by the Better Software Conference EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile Plan-Driven Development * Managing Projects Teams * Testing QA
Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
Re: [leaf-user] CF Card Issues
Richard Amerman wrote: I just backed up all the files off that CF card, did a scandisk and it looks like it fixed everything. I now changed my /etc/init.d/reboot to umount my CF card before rebooting. Though I will plan on always unmounting the CF card when I do not need it. Richard -Original Message- From: M Lu [mailto:[EMAIL PROTECTED] I do not know of the auto umount but you can alias 'reboot' to 'cd ; umount /cf; halt' if you use reboot to reboot your machine. You are luckier than Peter. - Original Message - From: Peter Mueller [EMAIL PROTECTED] It's easy to destroy CF cards this way. I went through two on my routers before understanding that you need to unmount the card ASAP. I umount and remove the modules that allow the CF to be mounted. This way there are only two ways to remount. 1. Reboot. 2. Bring the moules in over the wire and insmod them so that the CF can be mounted. I have a little lrp that loads the scripts to remove and reinstall the modules for my WRAP uClibc system. This way the CF can not be accessed by a buffer overflow or hacker and is write protected until I deliberately make it writable. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] inital install boot problem: bering uclibc 2.2.3, soekris 4501
d tatum wrote:
i'm trying to configure my soekris 4501 with bering uclibc 2.2.3. it
was working fine with 2.2.0, and if i put the old 2.2.0 CF card back in
and boot, it works perfectly. i have been using LEAF since LRP
materhorn days, but only on one or two machines, so installs don't
happen very often, and stuff gets forgotten.
after finding that syslinux 3.08 would not boot properly and downgrading
to 2.11, i got the stock bering 2.2.3 with a renamed initrd_ide.lrp to
boot. i also uncommented the natsemi line in /etc/modules in the
modules.lrp file, and modified the inittab file to enable serial console
output at boot.
also, in previous versions of bering, when modifying the initrd.lrp
modules file, one used to add ide-mod, ide-disk, and ide-probe-mod to
the /boot/etc/modules file. now, there are cdrom, ide-core, ide-disk,
ide-cd, ide-detect, isofs. i would guess the cd related ones are not
necessary for booting off compact flash.
the first indication of trouble is near the end of shorewall startup,
when i saw the following message...
Masqueraded Networks and Hosts:
Error: Unable to determine the routes through interface eth1
upon further investigation, i found that it looks like the natsemi
driver didn't load. also of note are the error messages near the ide
detection
Using /boot/lib/modules/isofs.o
hda: attached ide-disk driver.
hda: task_no_data_intr: status=0x51 { DriveReady SeekComplete Error }
hda: task_no_data_intr: error=0x04 { DriveStatusError }
hda: 15744 sectors (8 MB) w/1KiB Cache, CHS=246/2/32
so what is so different about 2.2.3 than 2.2.0 that i can't get it
working?? i know that's a generic question, but i haven't found
anything to help out, and this seems to me to be a 2.2.3 (or maybe it
crept in 2.2.1 - 2.2.2) specific issue.
why is natsemi not loading?? and what are the ide related error messages??
did you load crc32 first
I think the first commented line in the main body of the modules file
says crc32 is needed for natsemi
thanks very much in advance.
david
for a complete boot history (it's so long, i didn't want to include it
all), i have copied it to a text file and posted it at...
http://www.chromerose.com/leaf/leafboot.txt
for contents of syslinux.cfg and leaf.cfg see...
http://www.chromerose.com/leaf/cfgfiles.txt
ps. i'm on digest mode, so please forgive slow replies.
---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
Re: [leaf-user] ide flash drive question
Andrew Nance wrote: I want to run a 32 MB IDE flash memory as my HD for bering uclibc 2.2.3. According to the directions, I need to give it a first bootable partition and DOS format it. Call me a stupid noob but I don't know how to do that. The drive is 6 months old but I have never ever used it before. Would someone please give me instructions on how to do this using windows XP. I could also but could also use knoppix if its easier. Thanks, Andrew http://www.bootdisk.com/ Windows is not nice to do this as I think you have to use lock to get it to work in windows. You can download a DOS disk from http://www.bootdisk.com/ and use fdisk and format. You need to make sure the BIOS on your computer is correctly setup to read the CF. You can then use syslinux.com in DOS. It is available on the net and probably in the LEAF. syslinux -s c: assuming the CF is recognized as the C drive. You can make a stripped LEAF boot diskette with the hdutil lrp and do it from Linux and follow the instructions listed on the leaf. syslinux -s /dev/hda1. After that all you have to do is copy the LRPs over with DOS or plug it into a CF to USB adaptor and use Windows explorer to copy them over. --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ide flash drive question
Andrew Nance wrote: I want to run a 32 MB IDE flash memory as my HD for bering uclibc 2.2.3. According to the directions, I need to give it a first bootable partition and DOS format it. Call me a stupid noob but I don't know how to do that. The drive is 6 months old but I have never ever used it before. Would someone please give me instructions on how to do this using windows XP. I could also but could also use knoppix if its easier. Thanks, Andrew Sorry - I scrambled things and sent it inadvertently. You can make a LEAF boot diskette - strip the LRPs not needed and install ideutil.lrp and do all the stuff like syslinux -s /dev/hda etc or you can go to http://www.bootdisk.com and fdisk and format it in DOS. This is a mess to do in Widows because it locks the CF Make sure the machine you set it up on has the bios setup to correctly read the CF if you are using a CF to IDE adaptor fdisk format c: syslinux -s c: using syslinux.com (download from the net as this is the DOS program not syslinux.exe You can copy the LRPs with DOS copy or windows explorer (CF - usb adaptor) or linux cp --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Beringuclibc 2.2.3 on Hard disk
[EMAIL PROTECTED] wrote: Hello, I am a new comer to Bering. I managed to install Bering-uclibc 2.2.3 and create a bootable hard drive. I have two questions: 1. If I would like to add other packages at a later stage to the hard disk, what is the best way through a lan? 2. During installation, the userguide (section 4.3. Create a bootable HD)mentions using second floppy with hdsupp.lrp and installing it to get fdisk, etc. To do that it uses the command lprkg -i hdsupp fdisk /dev/hda . I could not find anything about lprkg, package? what? where? To overcome this step I added hdsupp to the leaf.cfg. Any help is appreciated. Sherif A compact flash uses a lot less energy than a hard drive - especially since it is only needed for loading and backup. I write protect mine with software after boot up. You can move files across using scp (if dropbear is running) or winscp from a windows box. lrpkg is a command you type at the prompt. -i means install the package hdsupp is the name of the hdsupp.lrp package that you will load only for partition, format and syslinux the drive. --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Beringuclibc 2.2.3 on Hard disk
Robert K Coffman Jr - Info From Data Corporation wrote:
A compact flash uses a lot less energy than a hard drive - especially
since it is only needed for loading and backup. I write protect mine
with software after boot up.
Very true. No router should have a running HD in it. However with hdsupp
you can spin the HD down after boot. I use the following script to
accomplish this which I believe has been posted here before:
#! /bin/sh
# Script to spin down hard drive
# /etc/init.d/spindown
RCDLINKS=2,S98
# Spin it down then.
/usr/sbin/hdparm -y /dev/hda
exit 0
As far as securing this, I don't know that you can disable a HD until the
next boot, so the flash drive has an advantage there. (Although if someone
has gotten that far, couldn't they circumvent your write protection?) When
running backups, or mounting /dev/hda1, it spins back up on its own.
Remember to run this script when you are done backing up etc...
- Bob Coffman
To disable the compact flash after boot - you rmmod the modules needed
to mount the flash and rm them from the filesystem. (The modules are
still on the CF /boot/lib/modules directory so a reboot will work). To
make a backup, I scp the modules over the net, and run a script to
reinstall them. This is a fairly good write protect, since the hacker
would have to bring the correct versions of the modules with him and
know the proper load order to access the boot media.
I made cfprotec.lrp written for uClibc LEAF.
*
#! /bin/ash
# by Victor McAllister
# rm-ide
# This script removes modules for
# access to the CF ide disk
echo
MODULES=ide-disk ide-detect ide-core
BOOTDIR=/boot/lib/modules
LIBDIR=/lib/modules
for MODULE in ${MODULES}
do
rmmod ${MODULE}
rm ${BOOTDIR}/${MODULE}.o
rm ${LIBDIR}/${MODULE}.o
done
echo
echo The modules needed for IDE access are not plugged into
echo the kernel or located in the TWO modules directories.
echo
echo The Compact Flash is NOT accessable.
*
#! /bin/sh
# by Victor McAllister
# load-ide
echo Ths script installs ide modules to access Compact Flash
echo First copy the files ide-core.o ide-dectect.o ide-disk.o
echo using SCP to the /lib/modules directory.
echo
MODULES=ide-core ide-detect ide-disk
for MODULE in ${MODULES}
do
insmod ${MODULE}
done
if (lsmod | grep ide-)
then
echo
echo Mount the CF possibly using: mount -t msdos /dev/hda1 /mnt
echo
echo DO NOT BACKUP INITRD or BACKUP EVERYTHING because the IDE
echo modules are not in /boot/lib/modules in the RAM filesystem.
else
echo
echo IDE modules not loaded - CF drive not accessable.
echo Did you forgot to SCP the files to /lib/modules.
fi
*
My cfprotec.lrp simply loads these two files to /usr/sbin and does not
run them. I run them manually as needed.
---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Extremely poor throughput
Robert K Coffman Jr - Info From Data Corporation wrote: Just throwing this out there and see if anyone has any ideas. I have an old P75 with 2 PCI slots and 4 ISA slots. I've been using this as a Bering 1.2 router at a customer location. They asked me to add an additional NIC to it to support another office's internet connection. While I was at it, I upgraded them to Bering uclibc 2.2.2. I tested this router after it was completed, and got extremely bad throughput (around 50kbs from a local FTP server that can easily deliver 10MBs (that should be megabytes) per second. I moved some things around, eliminated a 10MB hub, tried various nics (3c59x/tulip in the PCI, smc-ultra/wd in the ISA slots) and found the best throughput I could get was around 100kbs, and that was using all ISA cards! My theory is that their is some sort of hardware problem with this machine which is limiting this. The slots are all on a riser card, and perhaps that thing is bad. I'm going to install as is, and inform the customer that we need to replace the hardware. Anyone have any alternative ideas why this thing is so slow? - Bob Coffman You did not tell us what is your Internet side. Do you happen to be on a pppoe connection? If so - did you setup CLAMPMSS=YES in Shorewall config? That will really slow things down if you didn't. --- SF.Net email is sponsored by: Tell us your software development plans! Take this survey and enter to win a one-year sub to SourceForge.net Plus IDC's 2005 look-ahead and a copy of this survey Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] cfprotec.lrp for uClibc
I made a package called cfprotec to remove the modules from a uClibc box that boots on a Compact Flash. There is no start up script - it just installs two scripts that can be run manually or perhaps run from profile. One script removes the modules for accessing the compact flash - essentially write protecting it. The other script reinstalls them after using scp or WINSCP to move the modules across the network to /lib/modules/ for backup purposes. If someone wants to try it or suggest improvements - let me know and I will send as an attachment. Bering uses different modules so this only works for uClibc. Erich Titl has created rmide.lrp for Bering that runs immediately after bootup to write protect the flash. The help file WARNS that backing up initrd.lrp (or EVERYTHING) after removing the ide-*.o modules form /boot/lib/modules will make your box unbootable. Victor --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Are shorewall rules transitive?
Tibbs, Richard wrote: Folks, are the rules: accept loc fw tcp 22 accept fw net tcp 22 equivalent to accept loc net tcp 22 TIA, Rick. No. The first one says the local net can access the firewall with ssh The second one says the firwall can accept ssh connections from the whole net (you should at least restrict such a rule to a particular network or even better a single computer on the Internet). You cannot forward a tcp 22 connection to your entire local network. You should identify the computer you want it to go to with a colon and the ip number of the individual machine e,g, loc:192.168.1.7 --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can't save configuration files
Thomas Ginestet wrote: Thomas Ginestet wrote: Hi all, I have successfully installed a Bering 1.2 on my Soekris net4521 but i have a little problem because i can't save any parameters in the config files ( i.e: ip adresses ). I establish the connection to the soekris with serial port (using Minicom running under a root and a normal user account ). Any idea of what i've miss ? Thks in advance, Thomas You fail to tell us what the boot media is on your Soekris. You did not provide any error messages, so we have to guess. Is the boot media a compact flash? Make sure that the destination is correctly configured in the backup menu. Make sure it is not mounted. The backup program will fail to work if the device is already mounted. My boot media is a compact flash. I didn't know i had to choose a destination to backup files...what directory on which media i have to choose/create ? If it is on the compact flash, how can the backup be made ? I don't understand how can the backup be made if the media is unmounted. I've checked up the /var/log/messages files but any error was displayed. Thks for you help Victor from the backup menu in lrcfg you can type d to select the destination for the backup. Assuming your CF is primary master - it should read full, hda1, msdos for each package. umount /dev/hda1 before attempting to backup. THe backup program does its own mount and umount. It is a good idea not to leave the CF mounted. In fact - I rmmod the modules for mounting the CF and then rm them off the ramdrive so that it cannot be mounted without transporting the modules in using WINSCP3 and insmod-ing them. This is a poor man's write protect that means if a cracker could find a security hole, he could not do any damage to the router that a reboot would not cure. Scripts are available to do this from Eric for Bering and I wrote a couple for uClibc that are in the list archives. (different modules used in the two systems) --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] http server on LEAF
I am in need of a simple static web server running on a fanless compact flash box. I have used LEAF for so long that it jis easier to run the box on LEAF than to figure out how to get a minimal system from a redhat. (It will not run on the same box as the firewall.) I found an old version of thttpd on Charles' site that seems to start up ok on uClibc. Anyone got a newer lrp of a simple web server with basic authentication. Comments? suggestions? --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] 2.4.26 IDE Modules for Soekris
Joe Nelson wrote: I'm trying to get the newest kernel installed on my Soekris net4501. In the past I've used the following three modules: /kernel/drivers/ide/ide-mod.o /kernel/drivers/ide/ide-disk.o /kernel/drivers/ide/ide-probe-mod.o I only see /kernel/drivers/ide/ide-disk.o in the latest kernel modules package. Is that all I need or am I missing something? -- Joe Nelson Air Wired [EMAIL PROTECTED] http://www.airwired.net if uClibc it is ide-core, ide-detect , ide-disk in that order to install. In reverse order to rmmod if you want to write-protect the CF after bootup. uClibc has a version downloadable version of initrd that already has these modules setup for boot. Since you don't have a CD - you can rm the CD stuff and backup initrd with those modules only and it should boot. good luck on the soekris. --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf.cfg?
Joe Nelson wrote: I've been running on a really old version of LEAF and have been trying to upgrade it. I'm trying to get Bering-uClibc 2.2.2 going. Some of the config files are a little different than what I'm used to. I'm running this on a Soekris with a CF card. Before, I had a syslinux.cfg and a lrpkg.cfg. Now it looks like I have a syslinux.cfg and a leaf.cfg which looks quite a bit different. I don't think that I have them configured correctly. When I boot up I get the following: LINUXRC: Mounting a 10M TMPFS filesystem... hda: hda1 hda: hda1 VFS: Can't find a Minix or Minix V2 filesystem on device 03:01. hda: hda1 hda: hda1 LINUXRC: LRP= isKernel panic: Attempted to kill init! empty or unset. Can not install packages. .: 285: Can't open /var/lib/lrpkg/root.dev.own I'm assuming that its cause I don't have things properly configured. Here's what my syslinux.cfg looks like: display syslinux.dpy timeout 0 default linux console=ttyS0,19200n8 initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/hda1:msdos PKGPATH=/dev/hda1 tmp_size=16M syst_size=10M My leaf.cfg has everything commented out except LRP: LRP=root config etc local modules iptables ulogd dropbear Any ideas as to where I need to make changes? -- Joe Nelson Air Wired [EMAIL PROTECTED] http://www.airwired.net follow instructions at bottom of this page http://leaf.sourceforge.net/doc/guide/bucu-ide.html --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Weblet + WebConf
Marko Nurmenniemi wrote: There is a minor problem in using these two tools at the same firewall. Logging in weblet is unable to draw summaries Pretty Shorewal Logs if I delete logs from webconf side. This seems to be due to...deleting the log-file.Some other functions are also miss behaving because of this. Is there a way to nullify the file content like it is done automatically and not to delete it so that logging functions would not suffer? -M not sure why you delete the logs but what about just cd /var/log logfile That should make logfile an empty file --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dropbear
Joe Nelson wrote: I seem to be missing the scp binary in my particular dropbear.lrp. I'm using version 0.38 of dropbear. Any ideas on what to do? Is it as simple as grabbing a new lrp for dropbear or would I have to replace keys, etc? Thanks. dropbear has scp client built in. I use winscp3 to move files back and forth. The version on the latest uClibc is 0.43 Rev 2. --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dropbear
Joe Nelson wrote: That's what I thought, but I don't have the scp binary or even a symlink to the dropbearmulti (busybox style). I tried to just make a symlink to dropbearmulti, but that didn't seem to work. I have downloaded the latest dropbear.lrp for uclibc and I'm thinking that I should just use that, but I want to be sure that my keys aren't messed up etc. (This is a production system with clients on it.) Any idea if I'll need to make new keys if I drop in a new dropbear.lrp? -Original Message- From: Victor McAllister [mailto:[EMAIL PROTECTED] Sent: Monday, November 15, 2004 8:43 PM To: Joe Nelson Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Dropbear Joe Nelson wrote: I seem to be missing the scp binary in my particular dropbear.lrp. I'm using version 0.38 of dropbear. Any ideas on what to do? Is it as simple as grabbing a new lrp for dropbear or would I have to replace keys, etc? Thanks. dropbear has scp client built in. I use winscp3 to move files back and forth. The version on the latest uClibc is 0.43 Rev 2. just copy the keys somewhere such as /tmp in the event they are overwriten - my guess is they would not be. If they are not there after installing the newer version: lrpkg - i dropbear - then copy them back before doing a backup. /etc/dropbear/dropbear_rsa_host_key /etc/dropbear/dropbear_dss_hostkey_key that way it will work with the same keys --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WinSCP with Bering Uclibc 2.2.2 (Dropbear)
Troy Aden wrote: Hello list. I am trying to get WinSCP to connect to my Bering box running Dropbear. I know that I am being authenticated because I have tried it with a false password and gotten rejected. What happens is that it tells me starting the session and times out I am allowing shh port 22 to connect to my firewall and I can login with ssh (putty) just fine. Is there something I am missing in my Bering configs? I am assuming that others have used WinSCP to copy files to and from their Bering boxes so I am assuming that I am just missing something simple here. Maybe I have mis-configured WinSCP as well... Any pointers would be most appreciated. Thanks in advance! Troy Open Winscp3 Under advanced options in the left hand panel On the Left Hand pannel - Under Environment - click SCP On the right side Under shell - click the Enter radio button and type in /bin/sh in the panel Under Other Options uncheck Lookup user groups under Remote directories type: / under local directories: c:\yourdirectory name Save the session with a name - maybe dropbear load the session Enter 192.168.1.254 root your password save the session again - same name - dropbear if you like now load and connect with clicks and move files back and forth with encription. I use SCP to store the ide modules on a WIN box. That way my Compact flash is write protected until I move the modules over the wire and insmod them. --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] log of how I installed LEAF to a WRAP box
M Lu wrote:
Hi Victor,
It sounds very cool. Is that difficult to assemble the hardware stuff
(I am not good at it at all)? How much in all you need to spend on the
hardware thing? I have a compact flash card (32M I think) from Canon
camera. Is that possible that I reuse it?
Thanks a lot.
M Lu
the WRAP board is assembled except for plugging in the CF. You have to
take the shell off the 9 pin serial port to get it to plug into the box
which is very small. 8 screws to install the board in the box and
attach the cover.
I wrote a couple of simple scripts to prevent mounting the CF (simple
write protect). It is used in cojunction with WINSCP3 to keep the
modules needed for mounting the CF on another machine. The order you
use in insmod or rmmod the modules is important.
#! /bin/ash
# by Victor McAllister
# rm-ide
# This script removes various modules to
# disable access to the CF ide disk
#
# cd /etc and type ./rm-ide to run
MODULES=ide-disk ide-detect ide-core
BOOTDIR=/boot/lib/modules
LIBDIR=/lib/modules
for MODULE in ${MODULES}
do
rmmod ${MODULE}
rm ${BOOTDIR}/${MODULE}.o
rm ${LIBDIR}/${MODULE}.o
done
***
#! /bin/ash
# by Victor McAllister
# insmodide
# this script reinstalls ide modules moved in from the network
# to the /lib/modules directory.
# start the script by cd /etc and ./insmodide
MODULES=ide-core ide-detect ide-disk
for MODULE in ${MODULES}
do
insmod ${MODULE}
done
echo CF should now be mountable . . .
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
