Re: [leaf-user] bering glibc vs uclibs
Hello Ronny, Yes bering-glibc is still active and being developed. Regards Eric Wolzak member of the bering crew. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Static Route Setup for Bering Firewall
Hello Simon you wrote : Hi All, Has anyone setup Static routes on Bering 1.2? I am trying to add the following to the /etc/network/interfaces file up route -net 1.2.3.4 netmask 255.255.255.248 gw 4.5.6.7 When I do a ip route, I don't see the route above. I have also tried to add a route using ip route add etc.. etc.. the netmask is transformed like this 255.255.255.248 is 8 +8 +8 + 5 bit or 29 bit ip route add 1.2.3.4/29 via 4.5.6.7 remember 4.5.6.7 should be reachable otherwise it could be necessary to use ip route add 1.2.3.4/29 via 5.5.5.5 via 4.5.6.7 put his line in the interfaces file after up so up ip route add 1.2.3.4/29 via 4.5.6.7 but I am not sure of the exact syntax, since I get an error. Regards eric wolzak member of the bering crew --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
(Fwd) Re: [leaf-user] Problems with my NIC
Forgot to include the list Hello Jose Hey how is everyone doing? FIne ;) Let´s see if you can help me out here. I used to work with LRP a few months ago, but now I wanna do it again to install a firewall. The problem is that now I have bought two NICs SureCom EP-320X-S to do the Two interface option of the manual, but the my boot disk doesn´t see any of the two NIC´s I have tried to install more modules, you know 3c509 but I don´t find the module I need for them. Did any of you work with these NICs before? If so I can I know what the exact module I need for them? I don't have that card but the information I found on the net says you have to use the fealnx.o module , you probably also need the helper module mii.o so mii fealnx Assuming you use Bering 1.2 then you can find the modules here http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.20/kernel/drivers/net Succes Of course if you think that I am forgetting something obvious, please tell me what!!! I know this is a easy step but it is taking me too much time. Thanks Eric Wolzak member of the Bering Crew --- End of forwarded message --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] OpenVPN config for joining two LEAF-based networks?
I'm trying to join two home networks, each behind a LEAF (Bering-uClibc 3.1-beta1) box, into a single network using OpenVPN. Both networks have dynamic IP addresses on their outward (WAN via DSL) interfaces. What I'm hoping to do is make it appear that all hosts on both are available on both, e.g. so that a network printer in one could be used from either network in exactly the same way. Has anybody done this? Can you point me at documentation covering this case (for OpenVPN and Shorewall)? Better, can you share your config files? Thanks! --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* * Play one-handed with Crosswords 4.2 for PalmOS: xwords.sourceforge.net * ** - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] OpenVPN config for joining two LEAF-based networks?
I got it working using openvpn. In the end the only non-documented change I had to make was to enable one router to ping the other over the tun0 interface. If I hadn't been looking for that to succeed before proceeding to add access to the hosts behind the firewalls (which succeeds without additional shorewall changes) it'd have been quicker. The undocumented change to /etc/shorewall/policy is fw vpn ACCEPT vpn fw ACCEPT I think I'll comment this out now that the rest is working. The best guide to setting up is http://openvpn.net/howto.html which provides step-by-step instructions for generating keys, getting server up and client connecting, and then adding hosts behind the two. Keeping an eye on (tail -f) logfiles really helps to see what's going on. Shorewall has good docs on accomodating openvpn too: http://www.shorewall.net/3.0/OPENVPN.html Dealing with both routers having dynamic addresses isn't too bad. The client must specify the server by name, which it then gets from zoneedit.com. The server's firewall must not be specific about the addresses it will allow connections from: [kehome 12:55:29]~\: grep openvpn /etc/shorewall/tunnels openvpn:udp:1194net 0.0.0.0/0 (With a bit of research I could at least mask out addresses outside of my ISP's range.) I assume that when the server's IP address changes it will take some time for the openvpn client to find the server again: it'll start trying immediately, but the changed address will take some time to make it into caches. If that turns out to be a problem I'll have to address it. I didn't consider openswan. Openvpn was the first package I looked at and seemed to do what I needed. There's one problem I'd still like to solve. All of the hosts at the two sites are fixed but one, my laptop, which has different addresses depending on which LAN I'm on. Addresses are given in /etc/hosts on the two routers, which file is identical except for the address of my laptop. I imagine the solution involves having a single DNS server for the whole VPN'd network, but I want to stay away from changes that break either LAN when the VPN connection is down. For now I can just comment out a line in /etc/hosts on both LEAF boxen each time I change locations. :-) Thanks! --Eric Date: Tue, 25 Sep 2007 23:51:53 +0100 From: David M Brooke [EMAIL PROTECTED] Subject: Re: [leaf-user] OpenVPN config for joining two LEAF-based networks? To: leaf leaf-user@lists.sourceforge.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain Hi Eric, I did something similar on Bering-uClibc 3.0.1 a while back, albeit using OpenSwan (ipsec.lrp) rather than OpenVPN. One of my WAN addresses was effectively static though - I don't know how you'll get on if *both* addresses are dynamic. Maybe if you use a dynamic DNS service you can define the configuration with names rather than IP addresses... ? I set up the two networks to have different loc network addresses at each site - 192.168.1.0/24 at one location and 192.168.11.0/24 at the other - and configured OpenSwan to provide a tunnel which routed between them. Clients at each site could connect transparently to clients at the other site. It all worked fine, but was a bit slow since I was using ADSL with 2Mb/s of download bandwidth but only 256Kb/s of upload bandwidth at each location. I've now torn down this installation since it was no longer required, but I think I've still got copies of my config files somewhere. I forget why I chose to go down the IPsec (OpenSwan) route rather than the SSL/TLS (OpenVPN) route - any particular reason why you're looking at OpenVPN rather than OpenSwan? There's some documentation on both options in the Bering-uClibc User's Guide: http://leaf.sourceforge.net/doc/buc-user.html davidMbrooke On Tue, 2007-09-25 at 11:29 -0700, [EMAIL PROTECTED] wrote: I'm trying to join two home networks, each behind a LEAF (Bering-uClibc 3.1-beta1) box, into a single network using OpenVPN. Both networks have dynamic IP addresses on their outward (WAN via DSL) interfaces. What I'm hoping to do is make it appear that all hosts on both are available on both, e.g. so that a network printer in one could be used from either network in exactly the same way. Has anybody done this? Can you point me at documentation covering this case (for OpenVPN and Shorewall)? Better, can you share your config files? -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* * Play one-handed with Crosswords 4.2 for PalmOS: xwords.sourceforge.net * ** - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt
[leaf-user] tftpd working on uClibc 3.1-beta1?
I've installed tftpd.lrp, uncommented its line in /etc/inetd.conf, rebooted, and added a world-readable file to /tftpboot. ~/: ll /tftpboot/date.txt -rw-rw-rw-1 root root 29 Sep 27 12:36 /tftpboot/date.txt /etc/hosts.allow contains this: ALL: 192.168.221.0/255.255.255.0 and I've modified shorewall to let loc connect to fw using udp/tftp. When I run tftp on a local host against the firewall, the packets get through, but I get errors in /var/log/daemon.log reading or writing: host: tftp put date.txt firewall: Sep 27 12:39:31 chloris in.tftpd[8732]: tftpd: write: Operation not permitted host: tftp get date.txt firewall: Sep 27 12:39:35 chloris in.tftpd[8733]: tftpd: write(ack): Operation not permitted Interestingly, both put and get have the effect of emptying the target file, the file that would be replaced if the command succeeded. Is it possible this is a tmpfs problem? Is tftpd.lrp working for anybody? Any insight into what's wrong? Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* * Play one-handed with Crosswords 4.2 for PalmOS: xwords.sourceforge.net * ** - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Got tftpd working: was missing ntrack_tftp module
I wrote: I'd like to suggest that the need to download and install ip_conntrack_tftp be added to the help message for tftpd.lrp. And maybe that the module be added, commented out by default, to /etc/modules. Martin replied: I added the module in CVS to /etc/modules (commented out) and added a note to the tftpd help file. [...] If you'd like me to change something about the wording of the comments (or if you have ideas on how to make things more clear), please let me know The /etc/modules change looks perfect. For the help message, how about adapting the wording from the shorewall ports page: # Note that tftpd requires the module ip_conntrack_tftp. (If it is # serving via a NAT'd interface it also requires ip_nat_tftp, which must # be loaded second). This will all change, I guess, if LEAF moves to a version of shorewall that includes the /etc/shorewall/modules file. Thanks! --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* * Play one-handed with Crosswords 4.2 for PalmOS: xwords.sourceforge.net * ** - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Can anyone run Bering 5.1.x on Soekris net6501?
On 18 Sep 2014, at 19:38, Timothy Wegner wrote: David wrote: If you do press Enter to activate this console are you able to mount the USB drive manually? If not then it is probably a Driver (i.e. missing Module) issue; if you can always mount it manually then it's normally a timing issue, and usb_wait should help. You might need usb_wait=4 or more, I guess, if 3 is not working. In the console I don't see any device like sda1 in /dev, so I would presume I can't mount manually. I think the hypothesis that there is a missing module is a good guess. Hi Tim, Yep, definitely sounds like a missing module. I guess take a look at the output from 'lsmod' on your working system and compare with what you get after the press Enter prompt. davidMbrooke -- Slashdot TV. Video for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Is this typical of what fills everybody's logs? -was- Re: [Leaf-user] Hits on port 53.
firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:1188 216.136.89.118:80 L=48 S=0x00 I=19303 F=0x4000 T=116 SYN (#25) Dec 2 12:59:00 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:2996 216.136.89.124:80 L=48 S=0x00 I=21931 F=0x4000 T=115 SYN (#25) Dec 2 12:59:03 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:2996 216.136.89.124:80 L=48 S=0x00 I=23524 F=0x4000 T=116 SYN (#25) Dec 2 12:59:13 firewall kernel: martian source 2889fea9 for fea9, dev eth1 Dec 2 12:59:13 firewall kernel: ll header: ff ff ff ff ff ff 00 80 ad 3c 28 ca 08 00 Dec 2 12:59:14 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:1458 216.136.89.109:80 L=48 S=0x00 I=29044 F=0x4000 T=116 SYN (#25) Dec 2 12:59:17 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:1458 216.136.89.109:80 L=48 S=0x00 I=30994 F=0x4000 T=116 SYN (#25) Dec 2 12:59:22 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:2706 216.136.89.100:80 L=48 S=0x00 I=33267 F=0x4000 T=115 SYN (#25) Dec 2 12:59:25 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:2706 216.136.89.100:80 L=48 S=0x00 I=34480 F=0x4000 T=116 SYN (#25) Dec 2 13:05:04 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:2778 216.136.89.123:80 L=48 S=0x00 I=12229 F=0x4000 T=115 SYN (#25) Dec 2 13:05:07 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:2778 216.136.89.123:80 L=48 S=0x00 I=13884 F=0x4000 T=116 SYN (#25) Dec 2 13:05:48 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:1534 216.136.89.120:80 L=48 S=0x00 I=32500 F=0x4000 T=115 SYN (#25) Dec 2 13:05:50 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:1534 216.136.89.120:80 L=48 S=0x00 I=34369 F=0x4000 T=116 SYN (#25) Dec 2 13:06:28 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.0.0.5:137 216.136.89.125:137 L=78 S=0x00 I=24279 F=0x T=109 (#10) Dec 2 13:06:29 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.0.0.5:137 216.136.89.125:137 L=78 S=0x00 I=24282 F=0x T=109 (#10) Dec 2 13:06:31 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.0.0.5:137 216.136.89.125:137 L=78 S=0x00 I=24283 F=0x T=109 (#10) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3427 216.136.89.98:21 L=48 S=0x00 I=1999 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3428 216.136.89.99:21 L=48 S=0x00 I=2000 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3429 216.136.89.100:21 L=48 S=0x00 I=2001 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3432 216.136.89.103:21 L=48 S=0x00 I=2004 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3433 216.136.89.104:21 L=48 S=0x00 I=2005 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3434 216.136.89.105:21 L=48 S=0x00 I=2006 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3436 216.136.89.107:21 L=48 S=0x00 I=2008 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3437 216.136.89.108:21 L=48 S=0x00 I=2009 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3438 216.136.89.109:21 L=48 S=0x00 I=2010 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: forward DENY eth2 PROTO=6 217.224.199.118:3441 216.136.89.112:21 L=48 S=0x00 I=2013 F=0x4000 T=118 SYN (#25) Dec 2 13:48:59 firewall kernel: Packet log: input DENY eth0 PROTO=6 217.224.199.118:3442 216.136.89.113:21 L=48 S=0x00 I=2014 F=0x4000 T=118 SYN (#44) __ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [leaf-user] firewall....
Gatesy, From: Gatesy [EMAIL PROTECTED] Date: Sun, 23 Jun 2002 23:26:36 +1000 no sorry not family of billy. ;-) how do i set this thing up?? I am afraid I can't hold your hand here very much... This is not the world of 'download the executable, start the installer, click on OK three or four times and reboot the machine'. This is *not* Windows. How is your Linux knowledge/experience? May I suggest that you visit Charles Steinkuehler's site at http://lrp.steinkuehler.net/ for 'Easy to use disk images and lots of extras' and also perhaps wander around the LEAF website for a while. and how do i get a 1680k floppy? By formatting it with 21 sectors per track instead of 18. This is trivial under Linux and is possible with shareware programs under Windows. 23/06/2002 10:32:11 PM, Mark Plowman [EMAIL PROTECTED] wrote: Gatesy (family of Bill?), From: Gatesy [EMAIL PROTECTED] Date: Sun, 23 Jun 2002 21:22:04 +1000 i dont know if this makles sense but anyway Makes sense to me at least... will the router be a good firewall so i can take zonealarm pro off my main computer to hopefully speed it up abit??? If your (LEAF?) router has been configured as a firewall it will, indeed, be quite a good firewall (truism!). In that sense, you don't need zone-alarm to protect you any more. However, although I don't have any experience with zone-alarm, I do believe that it also monitors *outgoing* connection attempts and maintains a map of program - destination - permission triplets. In this way zone-alarm will also give you a degree of protection against malicious 'Mal-ware' programs that 'phone home' with information about you. This is something that it is impossible to do from a firewall (it only knows of hosts - and can't see which program is initiating the connect attempt). Does zone-alarm really slow you though put that much? I would expect all that much, to be honest (based on theoretical arguments). Do some test downloads from a site 'near' you and see how big the difference is between 'with' and 'without'. If the 'cost of zone-alarm is not all that big, I would suggest keeping it in place - a 'belt *and* braces' approach is alway good in security measures. thanks Greetings -- Mark Plowman, -- Mark Plowman --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] firewall....
Gatesy, From: Gatesy [EMAIL PROTECTED] Date: Mon, 24 Jun 2002 00:12:31 +1000 This thread should go over the mailing list, *please* don't just email me, at least 'CC: [EMAIL PROTECTED]'. If you go over the list and I should stop answering your emails, others might be prepared to take over the thread. If you go over the list and I should give you a useful answer, other might benefit. my linux knowledge of linux is nill and my experience isnt much more. im a windows boy what can i say although i do miss dos. The fact that you miss DOS is probably a good sign, but *some* understanding of Linux is probably a good idea before starting on a LEAF box. To squeeze everything needed onto one floppy (albeit a 1680K floppy) has meant that the number of commands available has been cut back to the *bear* essentials. A LEAF box has an even steeper 'learning curve' that (for instance) a RedHat box and some 'Windows boys (and girls)' find *that* pretty hard. How did you find Charles Steinkuehler's site? He has made things pretty straight forward for people who have just come over from the 'evil empire'. There probably is a *slight* lack of documentation/guides aimed at different knowledge levels, but that does make it all the more important to use what there *is*. One of the things that makes the change over hard for some people is 'between the ears'. You have to be prepared to go back to the beginning. You probably know your way round Dos/Windows pretty well by now and can get it to do most things that you want it to do. Don't forget how much learning and time it took to get here. It will probably take you quite some time to get to the same level with Linux/LEAF. Do you remember how much of struggle it was when you were first presented with that 'C:' prompt? Do you remember how many magazine articles you read, how many books you paged through, how many knowledgeable friends you consulted? Well, you are back there again except that the prompt is now probably '$'. You will probably have to learn something like as much as you learnt when starting with DOS. Lots of concepts you learnt with DOS will be applicable to the LEAF/Linux world, but quite a few new ones will also have to be learnt and that will take *time*. You must get ready for a lot of reading. *Slow* reading. Don't skip paragraphs. Stop, takes rests. Notice the differences and similarities. Compare it to learning a foreign language, frustrating in the beginning, but satisfying in the end. The people on this list will help you with *specific* problems, but in general you will find that people on the Internet are not very sympathetic to people who simply say 'Help, it doesn't do what I want. What must I do?'. Do you know what 'RTFM' means? Well 'RTFM' first and then ask *specific* questions... 23/06/2002 11:47:58 PM, [EMAIL PROTECTED] wrote: Gatesy, From: Gatesy [EMAIL PROTECTED] Date: Sun, 23 Jun 2002 23:26:36 +1000 no sorry not family of billy. ;-) how do i set this thing up?? I am afraid I can't hold your hand here very much... This is not the world of 'download the executable, start the installer, click on OK three or four times and reboot the machine'. This is *not* Windows. How is your Linux knowledge/experience? May I suggest that you visit Charles Steinkuehler's site at http://lrp.steinkuehler.net/ for 'Easy to use disk images and lots of extras' and also perhaps wander around the LEAF website for a while. and how do i get a 1680k floppy? By formatting it with 21 sectors per track instead of 18. This is trivial under Linux and is possible with shareware programs under Windows. 23/06/2002 10:32:11 PM, Mark Plowman [EMAIL PROTECTED] wrote: Gatesy (family of Bill?), From: Gatesy [EMAIL PROTECTED] Date: Sun, 23 Jun 2002 21:22:04 +1000 i dont know if this makles sense but anyway Makes sense to me at least... will the router be a good firewall so i can take zonealarm pro off my main computer to hopefully speed it up abit??? If your (LEAF?) router has been configured as a firewall it will, indeed, be quite a good firewall (truism!). In that sense, you don't need zone-alarm to protect you any more. However, although I don't have any experience with zone-alarm, I do believe that it also monitors *outgoing* connection attempts and maintains a map of program - destination - permission triplets. In this way zone-alarm will also give you a degree of protection against malicious 'Mal-ware' programs that 'phone home' with information about you. This is something that it is impossible to do from a firewall (it only knows of hosts - and can't see which program is initiating the connect attempt). Does zone-alarm really slow you though put that much? I would expect all that much, to be honest (based on theoretical arguments). Do some test downloads from a site 'near' you and see how big
Re: [leaf-user] firewall....
Gentlemen, Thank you for the *very* constructive additions to my feeble offering. I was staring to worry that I was going to be the only person fielding this thread, and that was starting to scare me! Greetings -- Mark Plowman --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] TURNE ORGANiZASYONLARI iCiN KAMPANYA.. 11.08.2002 23:15:35
align=3D=22center=22=3E =09=09=09=3CIMG SRC=3D=22http=3A=2F=2Fturneorganizasyon=2E8m=2Ecom=2FBir-fidan-2002=5F1917q=2Ejpg=22 WIDTH=3D83 HEIGHT=3D114 alt=3D=22BBG - DEM=DDRCAN=22=3E=3C=2FTD=3E =09=09=3CTD width=3D=2296=22 height=3D=221=22=3E =09=09=09=3Cp align=3D=22center=22=3E =09=09=09=3CIMG SRC=3D=22http=3A=2F=2Fturneorganizasyon=2E8m=2Ecom=2FBir-fidan-2002=5F2018r=2Ejpg=22 WIDTH=3D96 HEIGHT=3D116 alt=3D=22G=D6KHAN TEPE=22=3E=3C=2FTD=3E =09=09=3CTD width=3D=227=22 height=3D=221=22=3E =09=09=09=3Cp align=3D=22center=22=3Enbsp=3B=3C=2FTD=3E =09=3C=2FTR=3E =09=3CTR=3E =09=09=3CTD width=3D=22665=22 height=3D=2210=22 colspan=3D=229=22=3E =09=09=09=3Cp align=3D=22center=22=3E=3Cfont face=3D=22Tahoma=22 size=3D=221=22=3ESanat=E7=FD s=FDralamas=FDndaki dizayn=FDn kariyerle bir ilgisi yoktur=2E =3C=2Ffont=3E=3C=2FTD=3E =09=3C=2FTR=3E =09=3CTR=3E =09=09=3CTD width=3D=22665=22 height=3D=2243=22 colspan=3D=229=22=3E =09=09=09=3Cblockquote=3E =09=09=09=3Cp align=3D=22left=22=3Enbsp=3B=3C=2Fp=3E =3Cp class=3D=22MsoNormal=22 style=3D=22text-indent=3A35=2E4pt=22 align=3D=22center=22=3E =3Cfont face=3D=22Verdana=22=3EAYRICA=2C D=DC=D0=DCN=2C N=DD=DEAN=2C BALO VB=2E ORGAN=DDZASYONLARINIZ =DD=C7=DDN DE=2Cnbsp=3B =3Cbr=3E nbsp=3B ZENG=DDN SANAT=C7I KADROLARIMIZ VE M=DCZ=DDK GRUPLARIMIZLA=3Cbr=3E nbsp=3Bnbsp=3BH=DDZMET=DDN=DDZDEY=DDZ=2E=3Cbr=3E =3Cbr=3E nbsp=3BDAHA AYRINTILI B=DDLG=DD =DD=C7=DDN=3C=2Ffont=3E=3Cb=3E=3Cfont face=3D=22Verdana=22 size=3D=222=22 color=3D=22#FF=22=3E=3Cbr=3E =3Cbr=3E =3C=2Ffont=3E=3Cfont face=3D=22Verdana=22 size=3D=222=22=3ETel=3A=3C=2Ffont=3E=3Cfont face=3D=22Verdana=22 size=3D=222=22 color=3D=22#FF=22=3E =3C=2Ffont=3E=3C=2Fb=3E=3Cfont color=3D=22#FF00FF=22=3E=3Cb=3Enbsp=3B0 212 352 0976 =3Cfont size=3D=222=22=3E=28PBX=29=3Cbr=3E =3C=2Ffont=3EE-Mail =3A =3Cfont color=3D=22#FF00FF=22=3E =3Ca href=3D=22mailto=3Aturneorganizasyon=40mynet=2Ecom=22=3E turneorganizasyon=40mynet=2Ecom=3C=2Fa=3E =3C=2Ffont=3E=3C=2Ffont=3E=3C=2Fb=3E=3C=2Fp=3E =3C=2Fblockquote=3E =3C=2FTD=3E =09=3C=2FTR=3E =3C=2FTABLE=3E =3C=2Fcenter=3E =3C=2Fdiv=3E =3C!-- End ImageReady Slices --=3E =3Cp class=3D=22MsoNormal=22 align=3D=22center=22=3E=3Cfont face=3D=22Verdana=22 size=3D=222=22=3E=3Cbr=3E NOT=3A OLAB=DDLECEK MAIL TRANSFER=DD HATASI NEDEN=DD =DDLE YANLI=DE ADRESE ULA=DEAN MAIL ADRESLER=DD =3Cbr=3E SAH=DDPLER=DDNE VERM=DD=DE OLDU=D0UMUZ RAHATSIZLIKTAN DOLAYI =D6Z=DCR D=DDLER=DDZ=2E=3C=2Ffont=3E=3C=2Fp=3E =3C=2FBODY=3E =3C=2FHTML=3E --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering 1.2 Throughput Test Results
That sounds probable.. Freeswan may default to AES256, which would be similar in performance to 3DES (based on my experience with some commercial VPN solutions). Unfortunately, I don't know the exact syntax.. I've been messing with the KAME IPSec that is in the 2.6 kernel and MacOS X/BSD, rather than Freeswan. But, a google search for Freeswan configs turned up statements like: esp=aes128-sha1,aes128-md5 On Thu, Apr 15, 2004 at 01:54:04PM -0700, Peter Mueller wrote: I did the test with the converted Bering-Contivity yesterday. I ran the VPN as AES then changed to 3DES and ran it again. AES was 6% slower. Any ideas why this would be the case? AES should be faster. I remember seeing a few posts about this. For example, http://lists.freeswan.org/pipermail/users/2002-February/007771.html indicates 89mbps with AES as opposed to 44mpbs with 3DES.Alternatively, the creater of the patch for FreeSWAN indicated 'expect 3 to 2 performance'. Are you sure you're not using double the keysize with your setup? There has to be some explanation. AES _IS_ faster, at least on the 15 or so tunnels I have created. P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering uClibc LEAF user says THANKS!
If I understand your question, one place you can go to is http://www.grc.com/default.htm Look for ShieldsUP!, click the link and follow the directions there. You'll need to do this from one of your machines inside your firewall. Gary --- Terry Erickson [EMAIL PROTECTED] wrote: Now I want to learn about how to test how secure my setup is. Any suggestions? --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: LEAF Bering-uClibc 2.4 release candidate 1 available
KP Kirchdoerfer wrote: Here you'll find the complete Changelog: http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=2MMN_position=2:2 This page displays (in firefox 1.5) as: XML Parsing Error: mismatched tag. Expected: /ul. Location: http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=2MMN_position=2:2 Line Number 246, Column 3: /liupdated to version 1.3.5/li --^ --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] dnsmasq 2.27 Rev 2 on Bering uClibc still segfaulting
dnsmasq 2.27 Rev 2 on Bering uClibc 2.4.1 is segfaulting for me. So I tried building version 2.31 but the build errors out with: make[2]: Entering directory `/tmp/bt/source/dnsmasq/dnsmasq-2.31/src' /tmp/bt/staging/usr/bin/gcc -Os -march=i486 -DNO_GETTEXT `echo | ../bld/pkg-wrapper pkg-config --cflags dbus-1` -Wall -W -c cache.c In file included from cache.c:13: dnsmasq.h:81:23: sys/prctl.h: No such file or directory make[2]: *** [cache.o] Error 1 make[2]: Leaving directory `/tmp/bt/source/dnsmasq/dnsmasq-2.31/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/tmp/bt/source/dnsmasq/dnsmasq-2.31' make: *** [dnsmasq-2.31/.build] Error 2 make: Leaving directory `/tmp/bt/source/dnsmasq' Is anyone else having problems with dnsmasq or able to build 2.31? leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] dnsmasq 2.27 Rev 2 on Bering uClibc still segfaulting
Quoting Eric Spakman [EMAIL PROTECTED]: Hello, dnsmasq-2.31 doesn't build without a lot of tweaking, but before going that road can you tell me on what occasion 2.27 is segfaulting? If you have problems with 2.27 I don't think 2.31 will solve that. We applied a fix to dnsmasq that solves a segfault problem which is also applied upstream. Eric Simon Kelley was able to determine the problem from a core dump I sent him. Here is his reply: Simon Kelley wrote: Looking at the core dump, it's a different problem than the one fixed in the 2.27 patch, but it's already fixed in 2.29 and later versions. For reference, it's a memory overwrite which happens if the DNS system gets presented with a query with an empty (zero-length) name. The malloc implementation in uclibc seems to fall over reliably with a 1-byte overrun at either end of allocated memory, whilst the glibc one seems to survive. It looks like glibc has some unused or nearly unsed stuff there, whilst uclibc packs allocated blocks right next to each other, so that real data gets overwritten. This is why both of these bugs hit uclibc but nobody noticed then under glibc. I don't seem to have Eric's address, so Chris please could you pass this on to him? I'm happy to work on making dnsmasq releases easier to put into OpenWRT, new releases get tested by being linked against uclibc on Debian, but I don't currently have a WRT box to do testing on. Maybe we can work something out? At very least I'm happy to get patches back. I'd also like to encourage openWRT to move the leases file onto flash storage, and use the HAVE_BROKEN_RTC compile flag. That would fix most of the my local machine lose their names when I reboot openWRT problems which I see reported. Cheers, Simon. leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] dnsmasq 2.27 Rev 2 on Bering uClibc still segfaulting
Eric Spakman wrote: Hello, dnsmasq-2.31 doesn't build without a lot of tweaking, but before going that road can you tell me on what occasion 2.27 is segfaulting? If you have problems with 2.27 I don't think 2.31 will solve that. We applied a fix to dnsmasq that solves a segfault problem which is also applied upstream. Here is the patch from Simon Kelley to fix the segfault problem in 2.27 rev 2. diff -ur dnsmasq-2.27/src/rfc1035.c dnsmasq-2.27.patched/src/rfc1035.c --- dnsmasq-2.27/src/rfc1035.c 2006-02-11 19:18:36.0 + +++ dnsmasq-2.27.patched/src/rfc1035.c 2006-05-29 10:31:46.0 +0100 @@ -134,7 +134,11 @@ } if (isExtract) -*--cp = 0; /* terminate: lose final period */ +{ + if (cp != (unsigned char *)name) +cp--; + *cp = 0; /* terminate: lose final period */ +} else if (*cp != 0) retvalue = 2; leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] A few notes about the upcoming Bering-uClibc 6.1.0 release
Hi all; today 6.1.0-beta1 has been made available in the FRS https://sourceforge.net/projects/leaf/files/Bering-uClibc/6.1.0-beta1/ LEAF Bering-uClibc 6.1.0 will be based on uClibc-ng 1.0.25, gcc 5.4.0, kernel 4.9, perl 5.26.0 and busybox 1.27. The full blown libiconv package (approx 650kb) has been replaced with uClibc- ng implementation of libiconv (adding a few kb to initrd). initrd merged root.lrp and config.lrp into initrd.lrp In addition to Raspberry1 support for Raspberry3 has been added. The Raspberry3 tarball may also work with Raspberry Pi2, though this hasn't been tested. Also it provides numerous packages updated to latest upstream versions and feature improvements (e.g. shorewall, tor, bind, openvpn, added ldap support to dhcpd). Also new packages has been added: libndp - a library which provides a wrapper for IPv6 Neighbor Discovery Protocol and a tool named ndptool for sending and receiving NDP messages libaio - Library for doing asynchronous I/O libtirpc - The libtirpc package contains libraries that support programs that use the Remote Procedure Call (RPC) API. rpcbind - The rpcbind program is a replacement for portmap. It is required for import or export of Network File System (NFS) shared directories. sqlite - SQLite is a self-contained, high-reliability, embedded, full- featured, public-domain, SQL database engine; required for NFSv4 support. ca-certificates - ca-certificates provides a list of Certification Authorities. It is based on the Debian package, which itself provides the ones from Mozilla dehydrated - ACME client implementation for Let's Encrypt (https://letsencrypt.org/) The default http[s] daemon mini_httpd[s] has been replaced with lighttpd. Therefor lighttpd has been adjusted to run webconf. A note here: by default lighttpd/webconf are installed without ssl support. To add ssl support you need to create your own certificates in /etc/ssl/private, change the lighttpd configuration and save the configuration. A short recipe is given, if you run "help lighttpd" on the commandline. Using lighttpd with ssl is flexible, so you are not bound to the default name "lighttpd.pem", you may create your keys elsewhere, you may even try to use letsencrypt with the dehydrated package to create a key supported by your browser out-of-the box. (If someone works out how to use that, a documentation for the Bering-uClib User Guide is welcome :)) Speaking about the User Guide, there are still gaps in the 6.1 version https://bering-uclibc.zetam.org/wiki/Bering-uClibc_6.x_-_User_Guide if you are capable to fill those or like to add a new chapter, let us know, any help is welcome. For more information see about the changes for LEAF Bering-uClibc 6.1 : https://bering-uclibc.zetam.org/wiki/Bering-uClibc_6.1.x_-_Changelog Feedback and suggestions are welcome. thx for your attention kp -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ---- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/