Charles,
(Moving this to leaf-user from leaf-dev, it's more a user message.)
First thanks for everything you have done on LRP, especially
EigerStein and the documentation and packages at your site. I
have just been spending a lot of time studying network.txt and have
found it very thorough and well-written. I am really in your debt,
more than you know!
What I am doing is migrating my EigerStein2Beta system to
Extended Scripts 1.0. My first goal (now achieved) was to make
the extended scripts work like EigerStein (that is, with DHCP
working on eth0). My second goal, to be done today, I hope, is to
add a DMZ.
1. I finally figured out that if am using DHCP to get an IP for eth0,
that eth0 should not be included in IF_AUTO.
Just want to verify that I have this right.
I should have
IF_AUTO="eth1 eth2"
and not
IF_AUTO="eth0 eth1 eth2"
since I am using DHCP on eth0. Is that correct?
If this is right, it probably deserves a comment in network.conf and
a mention in network.txt.
2. There appears to be a bug in the extended scripts 1.0
/etc/init.d/network file. I'm guessing you already know about this,
but what the heck, here it is:
In the code fragment:
if [ "$IPALWAYSDFRG" ]; then
if [ "$IPALWAYSDEFRAG_KERNEL" = "YES" ]; then
echo "1" >/proc/sys/net/ipv4/ip_always_defrag
&& vb echo -n "[IP Always Defrag: ENABLED] "
else
echo "0" >/proc/sys/net/ipv4/ip_always_defrag \
&& vb echo -n "[IP Always Defrag: DISABLED] "
fi
fi
There is no continuation character "\" after the first
ip_always_defrag
The funny thing is I didn't notice this at all in my EigerStein2Beta
setup, but I got an error message about it when for a lark I dropped
my versions of network.conf, ipfilter.conf, and network into Ewald's
version of EigerStein2Beta. That version almost works for me, but
not quite, but rather than debug it I am going to wait for your
version of the EigerStein upgrade. I will migrate my setup to your
new version when it is available, and would be more than happy to
help debug it.
Now on to trying out a DMZ on eth2 :-)
Tim Wegner
Date sent: Thu, 12 Jul 2001 08:00:53 -0500
From: Charles Steinkuehler <[EMAIL PROTECTED]>
Subject: Re: [Leaf-devel] More packaging enhancements
To: [EMAIL PROTECTED]
Send reply to: [EMAIL PROTECTED]
> > A couple of requests.
> >
> > 1. It would be useful to integrate one the extended scripts unto
> > DachStein. (You probably already thought of this :-)
>
> <snip>
>
> > So it would be nice for DachStein to be EigerStein2beta workalike
> > (e.g. with the network defaults as I mentioned above) with the
> > added functionality of the extended scripts already in there in case
> > the user decided he or she needed them.
>
> Yes, this is planned. The scripts released with Dachstein will likely be
> the last of the 'Mountain' firewall scripts, as future plans are to support
> several pre-packaged firewall scripts (seawall, rcf, &c).
>
> > 2. One irritation it would be nice to fix (though it may go beyond the
> > "quick upgrade to EigerStein2Beta philosophy) would be to
> > somehow extend the 256 character limit of the syslinux.cfg
> > APPEND= line. When I add a second drive to PKGPATH and add
> > serial support, I'm over the limit. I can't do both. (I recall that David
> > did something in Oxygen to get around this.)
>
> The 256 character limit is a kernel restriction, so is unlikely to change
> soon. It is possible to load non-critical LRP packages AFTER the kernel has
> booted, from a config file stored on disk, dramatically reducing the size of
> the LRP= part of the kernel command line. I believe this is what David is
> doing with O2.
>
> > Finally, a quick question. If all I want to do is add a simple DMZ to
> > my EigerStein2Beta network via a third ethernet board for a web
> > server at the public IP of the LRP box (which is using dhcp), which
> > is better:
> >
> > 1. upgrade to the extended scripts 1.0
> > 2. upgrade to the extended scripts 1.1
> > 3. upgrade to the CD scripts
> >
> > It looks to me like the extended scripts 1.0 have enough
> > functionality, but it also looks to me like the DHCP section in those
> > scripts doesn't have improvements you added to EigerStein2Beta.
> > If I recall correctly, bothe extended scripts 1.1 and the CD scripts
> > have the newer DHCP code. But I could easily just paste that
> > section into network.conf from scripts 1.0. As near as I can tell
> > that's the only issue.
>
> You're correct...the 1.0 scripts support what you want. I'd stick with the
> 1.0 scripts and paste in any dhcp mods you need. The 1.1 scripts require
> you manually edit ipfilter.conf, as a couple IP addresses are hard-coded
> (this will be fixed in the Dachstein scripts).
>
> Charles Steinkuehler
> http://lrp.steinkuehler.net
> http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
>
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-devel
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
