Thanks Charles. I'll be giving this a try on the weekend. I'll post my successes/failures.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Friday, November 16, 2001 9:26 AM To: John Mullan; Leaf-User Subject: Re: [Leaf-user] Wishing to upgrade to Dachstein > I have a slightly older version of Charles' LRP, with plenty of settings I > have made and some extra masq modules. What I need to know is: What do I > do to bring my version up to Dachstein without finding and recreating all > the little settings I have made? Is this going to be an easy upgrade? > > I have been using an IDE version almost since I started. I have copied down > the "normal" Dachstein which, upon reading, has IDE support and the > necessary VPN (for future, I don't yet use that) in the kernal. So I'm > thinking that it shouldn't be too bad. Another concern is if the masq > modules are compatible and if I can locate updated ones if necessary. I think you will find most masquerading modules are now available in the default kernel build. You will have to check to be sure...compare what you're running (use lsmod to find out) with the modules available in the new kernel tree: http://lrp.steinkuehler.net/files/kernels/Dachstein-normal/modules/ or http://lrp.steinkuehler.net/files/kernels/Dachstein-small/modules/ For your configuration, I suggest you migrate your existing network.conf settings to the new firewall manually. I normally do this with the following general procedure: Rename your existing etc.lrp somehing else (like etcx.lrp) or copy it to a different disk so it won't get loaded. Delete your existing modules.lrp, and replace with the modules package from Dachstein Boot into Dachstein using the default Dachstein etc.lrp Configure your modules, adding any required modules not in the default package, and deleting any you don't need. Verify everything works using "svi modultils start", and backup modules. Unpack your old etc into /tmp. With the disk containing your old etc (etcx.lrp) mounted on /mnt, do the following: cd /tmp zcat /mnt/etcx.lrp | tar -xv This will put your old etc directory in /tmp/etc. Copy over any files you may have manually created/modified. Possibilities include: crontab, fstab, hostname, ipchains.*, localtime, nsswitch... Manually merge your settings from your previous network.conf file into the new network.conf Reload the firewall rules and verify they match your previous rules. I like to create and print out a list of the ipchains rules from my running system, then build a new configuration on a test machine, comparing it's configuration with the hardcopy previous config. When they match (or I know why they differ), I migrate the test configuration to my production firewall. You may find both the output of "svi network ipfilter list" and "ipchains -nvL --line-numbers" to be useful. Backup etc Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user