Re: [Leaf-user] Oxygen + TFTP boot
Brett J. Hoffman wrote: Hi, I was wondering if anyone has any information on getting Oxygen to boot with TFTP or has any documentation to point me in the right direction. - Thanks - Brett Hoffman Last I tried, loading packages via the net worked well with Oxygen. If I remember correctly, you just have it boot up all the way to a prompt, and as your last startup script, create one that runs the netload program. Netload is a script written by David that is front end for snarf, which can get files via ftp, tftp, and other ways. I make it use ftp and load all my packages that way. It's easy to have only one floppy that way. The only hitch on my setup is that my Unix FTP server won't function properly unless it has net access. So just before I load all my packages via netload, I have to issue an ipchains -A accept -j MASQ -s 10.1.1.0/24 to let traffic flow. (Probably a dns issue.) Best, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Oxygen + TFTP boot
Matt Schalit wrote: Brett J. Hoffman wrote: Hi, I was wondering if anyone has any information on getting Oxygen to boot with TFTP or has any documentation to point me in the right direction. - Thanks - Brett Hoffman Last I tried, loading packages via the net worked well with Oxygen. If I remember correctly, you just have it boot up all the way to a prompt, and as your last startup script, create one that runs the netload program. Netload is a script written by David that is front end for snarf, which can get files via ftp, tftp, and other ways. I make it use ftp and load all my packages that way. It's easy to have only one floppy that way. The only hitch on my setup is that my Unix FTP server won't function properly unless it has net access. So just before I load all my packages via netload, I have to issue an ipchains -A accept -j MASQ -s 10.1.1.0/24 to let traffic flow. (Probably a dns issue.) If you use tftp://somesite/lrp.conf or something like that for a source (after disk packages are loaded) then it should work. lrp.conf needs to have a list of packages to load. I forget the full details, but it should be in syslinux.cfg - or at least some details should be there. Loading packages this way instead of using netload would also mean that when the FTP server starts the network is present and operational. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] thttpd CGI Forms for administrating Firewall through browser
hi all i asked myself, why there is no web-based admin tool for LRP which allows the admin to ENTER something. weblet is great but just a viewer. i first tried to use weblet for HTML forms with post or get method. i found out, that weblet don't support any methods. BUT thttpd does! then i tried how to get form entries parsed with bash. i wrote a script which parses the entries from the user by GET method. result is: $[fieldname]=[string by user] it runs with more than one form field i'm not the bash guru, can someone have a look at my script and tell me, if there is a better way to do that (w/o writing to a temp file). i hope this example is useful for those who want to develop some html forms which allows to admin a LRP box through browser. i know that this is a potential security whole but perhaps someone knows how to protect webpages with a password in thttpd (.htaccess !?) greetings Sandro Minola (Script at the bottom) Example Script: #!/bin/sh STRINGS=`echo $QUERY_STRING|cut -d'' -f*` for STRING in $STRINGS ; do echo $STRING /var/tmp/wwwget.tmp done ; unset STRING ; unset STRINGS . /var/tmp/wwwget.tmp cat - /HTML-DATA Content-type: text/html HTMLHEADTITLEHTML Form TEST Page/TITLE/HEAD $(echo $NAMEOFFIELD1) $(echo $NAMEOFFIELD2) $(echo $NAMEOFFIELD?) $(rm /var/tmp/wwwget.tmp) /BODY/HTML /HTML-DATA ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Proxy-ARP Script Problems
Hello All, I have been trying for a long time now to get the Proxy-ARP set up but I cannot seem to get the scripts to work. In every case, I can easily configure eth0 to talk to the outside world, but then I cannot talk to the DMZ I have been using the EigerStein LRP and in the past have had not troubles setting up the Masquerading firewall. I havebeen trying to set up: With gate (146.9.31.1) INTERNET | | 146.9.31.19 - |LRP| - | 146.9.31.19 | (DMZ) | -- 146.9.31.x - ||| Server Server...Server (38) (18) N Could some one please send me some scripts that they have which are working? I cannot seem to find the problem with mine. Sincerely, Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated TEL:(313) 832-7366 URL: http://www.outstep.com EMAIL: [EMAIL PROTECTED] : [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] thttpd CGI Forms for administrating Firewall through browser
Hello All, Sandro hi all i asked myself, why there is no web-based admin tool for LRP which allows the admin to ENTER something. weblet is great but just a viewer. i first tried to use weblet for HTML forms with post or get method. i found out, that weblet don't support any methods. The weblet does accept input,. I used in my webbased shorewall configuration. If you use the original weblet, than you know that by clicking on the pictures you get another information. In the shorewall configuration weblet, I also used a bash script that runs as a result of sending the form. This is a security risk, the other problem is that to change something essential at the configuration ( firewall etc) the weblet has to be run with root rights . I didn't updated the configuration tool, for 2 reasons, got not much time, and no response at all, so I assumed that nobody was interested. BUT thttpd does! then i tried how to get form entries parsed with bash. i wrote a script which parses the entries from the user by GET method. result is: $[fieldname]=[string by user] it runs with more than one form field i'm not the bash guru, can someone have a look at my script and tell me, if there is a better way to do that (w/o writing to a temp file). I'm sorry I didn't have time to try out the script, but I can tell you about my experience with this. I used in my first version a pipe at several places data is processed | now the second proces take place and found out that for a reason I couldn't detect this didn't work out every time. the version data is processed Written_to_tempfile do something with tempfile however worked. As you usually don't have lot's of users configurating your box ;) the loss of speed with a temp file located in Ram won't be a problem IMHO i hope this example is useful for those who want to develop some html forms which allows to admin a LRP box through browser. i know that this is a potential security whole but perhaps someone knows how to protect webpages with a password in thttpd (.htaccess !?) If there are more people interested, we could join our efforts :=) greetings Sandro Minola (Script at the bottom) Example Script: #!/bin/sh STRINGS=`echo $QUERY_STRING|cut -d'' -f*` for STRING in $STRINGS ; do echo $STRING /var/tmp/wwwget.tmp done ; unset STRING ; unset STRINGS . /var/tmp/wwwget.tmp cat - /HTML-DATA Content-type: text/html HTMLHEADTITLEHTML Form TEST Page/TITLE/HEAD $(echo $NAMEOFFIELD1) $(echo $NAMEOFFIELD2) $(echo $NAMEOFFIELD?) $(rm /var/tmp/wwwget.tmp) /BODY/HTML /HTML-DATA back again ;) Eric Wolzak http://leaf.sourceforge.net/devel/ericw ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] thttpd CGI Forms for administrating Firewall through browser
Hi, Hi Eric Nice to hear from you! Thanks a lot for that info! I read the note TODO: POST method. I'm not really worried about this, as support for 'post' would only make folks try to use this as a configuration gateway, for LRP, and I really don't think it's secure enough for that. on Charles' site and based on that I thought that it's just a waste of time to try that with weblet. This was 2 months ago. At this time, I thought that POST is the only form method possible at all... (I'm not the HTML-guy.. :)) You're right, the rights are a big problem. I noticed that 10min after sending this mail to the list. I tried to run thttpd with root rights and it seems that it runs with root rights (ps aux shows that) but no root commands are executed (ipchains and ip commands). I don't have any idea why it won't run. It seems that it runs with weblet... I'll try out my script with weblet. Have a nice weekend Sandro Minola -Original Message- From: Eric Wolzak [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 15, 2001 10:00 PM To: Sandro Minola; [EMAIL PROTECTED] Subject: Re: [Leaf-user] thttpd CGI Forms for administrating Firewall through browser Hello All, Sandro hi all i asked myself, why there is no web-based admin tool for LRP which allows the admin to ENTER something. weblet is great but just a viewer. i first tried to use weblet for HTML forms with post or get method. i found out, that weblet don't support any methods. The weblet does accept input,. I used in my webbased shorewall configuration. If you use the original weblet, than you know that by clicking on the pictures you get another information. In the shorewall configuration weblet, I also used a bash script that runs as a result of sending the form. This is a security risk, the other problem is that to change something essential at the configuration ( firewall etc) the weblet has to be run with root rights . I didn't updated the configuration tool, for 2 reasons, got not much time, and no response at all, so I assumed that nobody was interested. BUT thttpd does! then i tried how to get form entries parsed with bash. i wrote a script which parses the entries from the user by GET method. result is: $[fieldname]=[string by user] it runs with more than one form field i'm not the bash guru, can someone have a look at my script and tell me, if there is a better way to do that (w/o writing to a temp file). I'm sorry I didn't have time to try out the script, but I can tell you about my experience with this. I used in my first version a pipe at several places data is processed | now the second proces take place and found out that for a reason I couldn't detect this didn't work out every time. the version data is processed Written_to_tempfile do something with tempfile however worked. As you usually don't have lot's of users configurating your box ;) the loss of speed with a temp file located in Ram won't be a problem IMHO i hope this example is useful for those who want to develop some html forms which allows to admin a LRP box through browser. i know that this is a potential security whole but perhaps someone knows how to protect webpages with a password in thttpd (.htaccess !?) If there are more people interested, we could join our efforts :=) greetings Sandro Minola (Script at the bottom) Example Script: #!/bin/sh STRINGS=`echo $QUERY_STRING|cut -d'' -f*` for STRING in $STRINGS ; do echo $STRING /var/tmp/wwwget.tmp done ; unset STRING ; unset STRINGS . /var/tmp/wwwget.tmp cat - /HTML-DATA Content-type: text/html HTMLHEADTITLEHTML Form TEST Page/TITLE/HEAD $(echo $NAMEOFFIELD1) $(echo $NAMEOFFIELD2) $(echo $NAMEOFFIELD?) $(rm /var/tmp/wwwget.tmp) /BODY/HTML /HTML-DATA back again ;) Eric Wolzak http://leaf.sourceforge.net/devel/ericw ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Some advice please
I dont know a whole lot about LEAF and would like some advice, please. I would like to use LEAF as a way to join a network that has a cable modem for internet access and a network that needs extra security(later). The cable modem network used DHCP and so does the extra secure side. I need both NICs to use DHCP. Since I am in early testing stages, I would like to totally turn off the firewall portion. I have a pentium 100 with 32MB ram and SMC 1211 and KNE110. Downloaded and created a disk useing the Eigerstein distro from the LEAF site. I have gotten the two NICs to get recognised, useing IP ADDR SHOW, they both show up, but only one (eth1) will even try to get a DHCP address. I tried adding eth0 to the line EXTERN_IF line in network.conf, but it only causes tons of firewall errors on boot up. Can someone please help me get DHCP working on both NICs and totally turn off firewalling?? I will be happy to send any info asked for. Thanks a ton, David ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] DSL and Cable combination question
Well, maybe listen-only BGP would help (see zebra.lrp), but probably not since you're still doing NAT and it will hose TCP communications if half the packets are masq'ed with one IP and the other half are masq'ed with the other IP. Not to mention that I still haven't been able to get any Linux box to masq on two different external interfaces -- masq'ing N internal interfaces behind a single external works, but multiple externals doesn't for me. The problem is that when you have two circuits to two totally different networks, the router has to send the traffic belonging to a given session on one or the other pipe in order to avoid breaking a lot of assumptions -- unless you're doing NAT before it even gets to your LRP... hmm, just thought of that... - Cable LAN - NAT - LRP - DSL Now the LRP can safely round-robin its two external circuits without breaking anything. All you need to make that happen is equal-cost multipath routing, which is explained nicely in the Advanced Networking HOWTO on www.linuxdocs.org. Man, I'll have to try this myself after the kids go to bed :-) Jack On Sat, 15 Sep 2001, David McBride wrote: Is there another floppy distro of Linux that can do this in a better way? Thanks, David -Original Message- From: Jack Coates [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 10:12 PM To: David McBride Cc: LEAF list (E-mail) Subject: Re: [Leaf-user] DSL and Cable combination question On Fri, 14 Sep 2001, David McBride wrote: I am new to LEAF. I would like to combine DSL and Cable into a single bandwidth. I have a Pentium 100 with 32 MB and 3 NICs. One KNE110 and two SMC 1211TX. I downloaded and created a LEAF disk from LEAF website. File Eigerstein_img_eigerstien.exe 2.2.16 Kernel. I have read some of the documentation. I dont really understand it. I would like some advice on what direction to go. Should I use static floating routes or do I need to install an aditional module on my LEAF disk. I can do basic stuff like install modules and nic drivers. I dont need firewall support, so I think all I have to do is change that line in network.conf IPFILTER_SWITCH to =none. Not sure what else I need to do. Thanks for the help, David ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user Static floating routes is the closest you'll get to what you want -- if you direct some of your internal machines to one path and some of them to the other. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] DSL and Cable combination question
Oh yeah, couple of catches: 1) you need to have enough IP addresses from one of your providers that you're NAT'ing to a valid IP address which is still routable from the LRP (in other words, at least 5 usable addresses, most of which you'll lose to subnetting. 2) anti-spoofing rules may block you from the other ISP's circuit. These issues are basic to routing, unfortunately -- you're not going to have any better luck with a $10K Cisco router unless you use BGP (see http://www.monkeynoodle.org/lrp/LRP-Load-Balancing-HOWTO.html for what this will require). Jack On Sat, 15 Sep 2001, Jack Coates wrote: Well, maybe listen-only BGP would help (see zebra.lrp), but probably not since you're still doing NAT and it will hose TCP communications if half the packets are masq'ed with one IP and the other half are masq'ed with the other IP. Not to mention that I still haven't been able to get any Linux box to masq on two different external interfaces -- masq'ing N internal interfaces behind a single external works, but multiple externals doesn't for me. The problem is that when you have two circuits to two totally different networks, the router has to send the traffic belonging to a given session on one or the other pipe in order to avoid breaking a lot of assumptions -- unless you're doing NAT before it even gets to your LRP... hmm, just thought of that... - Cable LAN - NAT - LRP - DSL Now the LRP can safely round-robin its two external circuits without breaking anything. All you need to make that happen is equal-cost multipath routing, which is explained nicely in the Advanced Networking HOWTO on www.linuxdocs.org. Man, I'll have to try this myself after the kids go to bed :-) Jack On Sat, 15 Sep 2001, David McBride wrote: Is there another floppy distro of Linux that can do this in a better way? Thanks, David -Original Message- From: Jack Coates [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 10:12 PM To: David McBride Cc: LEAF list (E-mail) Subject: Re: [Leaf-user] DSL and Cable combination question On Fri, 14 Sep 2001, David McBride wrote: I am new to LEAF. I would like to combine DSL and Cable into a single bandwidth. I have a Pentium 100 with 32 MB and 3 NICs. One KNE110 and two SMC 1211TX. I downloaded and created a LEAF disk from LEAF website. File Eigerstein_img_eigerstien.exe 2.2.16 Kernel. I have read some of the documentation. I dont really understand it. I would like some advice on what direction to go. Should I use static floating routes or do I need to install an aditional module on my LEAF disk. I can do basic stuff like install modules and nic drivers. I dont need firewall support, so I think all I have to do is change that line in network.conf IPFILTER_SWITCH to =none. Not sure what else I need to do. Thanks for the help, David ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user Static floating routes is the closest you'll get to what you want -- if you direct some of your internal machines to one path and some of them to the other. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user