[leaf-user] Bering RC2 mport iptables patch.

2002-06-12 Thread Kim Oppalfens 


Hi,

Is there a module for the mport patch available for bering rc2??
If I am not mistaken that is version 1.2.6a of iptables.

A second question is probably for Tom himself but maybe others are
interested as well.

In the tcrules documentation you specify that you have compiled a new tc
binary file
To be able to work with htb.

Is there a place where we can download this binary or should we recompile
ourselfs?

Thanks in advance
Kim Oppalfens

___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering RC2 mport iptables patch.

2002-06-12 Thread Jacques Nilo 

> Is there a module for the mport patch available for
bering rc2??
> If I am not mistaken that is version 1.2.6a of iptables.
I'll check that and come back to you.
> A second question is probably for Tom himself but maybe
others are
> interested as well.
>
> In the tcrules documentation you specify that you have
compiled a new tc
> binary file
> To be able to work with htb.
>
> Is there a place where we can download this binary or
should we recompile
> ourselfs?
The tc.lrp package provided with Bering is patched
accordingly. Check the package section of the
installation guide.
Jacques
--
Profitez de l'offre exceptionnelle Tiscali !
"Internet Gratuit le Jour"
Cliquez ici, http://register.tiscali.fr/forfaits_ls/
Offre soumise à conditions.



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Kim Oppalfens 

Hi all,

I am trying to play around with qos but I am running into troubles with
Marking packets from a specific size.

The command I use

Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10

But it gives me an error on the length stating no rule target match with
that name.
The iptables kernel module is located in /lib/iptables.

Using bering rc2

Kim

___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Charles Steinkuehler 

> I am trying to play around with qos but I am running into troubles with
> Marking packets from a specific size.
>
> The command I use
>
> Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10
>
> But it gives me an error on the length stating no rule target match with
> that name.
> The iptables kernel module is located in /lib/iptables.

A quick glance at man iptables indicates you can only play with mark values
in the mangle table:

TARGET EXTENSIONS
   iptables can use extended target  modules:  the  following
   are included in the standard distribution.
   
   MARK
   This is used to set the netfilter  mark  value  associated
   with the packet.  It is only valid in the mangle table.

   --set-mark mark

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Kim Oppalfens 

Ok, little wel maybe not little but mistake on my part anyway.
But it still doesn't solve the problem though.

IT is still complaining about no rule/target/match by that name

It did solve the problems I had with another filter though.
So thanks anyway :-)

Kim


-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] 
Sent: woensdag 12 juni 2002 17:16
To: Kim Oppalfens; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Iptables -m length --length 1400:1500


> I am trying to play around with qos but I am running into troubles 
> with Marking packets from a specific size.
>
> The command I use
>
> Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10
>
> But it gives me an error on the length stating no rule target match 
> with that name. The iptables kernel module is located in 
> /lib/iptables.

A quick glance at man iptables indicates you can only play with mark values
in the mangle table:

TARGET EXTENSIONS
   iptables can use extended target  modules:  the  following
   are included in the standard distribution.
   
   MARK
   This is used to set the netfilter  mark  value  associated
   with the packet.  It is only valid in the mangle table.

   --set-mark mark

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Charles Steinkuehler 

> Ok, little wel maybe not little but mistake on my part anyway.
> But it still doesn't solve the problem though.
>
> IT is still complaining about no rule/target/match by that name
>
> It did solve the problems I had with another filter though.
> So thanks anyway :-)

OK, how about going back to the basics...do you have the proper modules
loaded?  I don't play much with iptables, but I think you probably need
ipt_MARK.o and/or ipt_mark.o, and maybe iptable_mangle.o.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] (no subject)

2002-06-12 Thread Richard Amerman 

This might or might not be a bit off topic, but the machine I have been working on 
with my Bering setup is connected to a Belkin KVM switch.  Fairly often when I switch 
to another machine and then back to the Bering machine it looses the keyboard.  I have 
tried many things to get it back but always have to reboot (and as you may have 
guessed, I have been caught a couple of times with some un-backed up work!)

 

Any ideas?  I’m not sure if this has anything in particular to do with the LRP 
setup, Linux in general, or maybe just hardware.

 

Thanks!

 

Richard Amerman
©¢{(­ç[É8bžAžzF­†Ûiÿü0Á8bžAžzG(›ù^iû¬z¹šŠX§‚X¬¶Wš~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z´‘!¶ÚþWš~šèç-¢¸?¦æÿv‡?v‡&jv z¿Ý¡È×Ïu†Ù¥

Re: [leaf-user] (no subject)

2002-06-12 Thread Charles Steinkuehler 

> This might or might not be a bit off topic, but the machine I have been
working on with my Bering setup is connected to a Belkin KVM switch.  Fairly
often when I switch to another machine and then back to the Bering machine
it looses the keyboard.  I have tried many things to get it back but always
have to reboot (and as you may have guessed, I have been caught a couple of
times with some un-backed up work!)
>
> Any ideas?  I’m not sure if this has anything in particular to do with the
LRP setup, Linux in general, or maybe just hardware.

Do you have the mouse hooked up?  I had problems like this with the mouse
hooked to the KVM when the mouse port was connected to the KVM as well as
the KB.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] (no subject) (actualy -KVM-Bering-lost keyboard)

2002-06-12 Thread Richard Amerman 

I do indead as this was formerly (sigh) a W2K dev box.
 
I will give it a try, though I will be backing up before each switch.
 
Thanks!
 
Richard Amerman

-Original Message- 
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] 
Sent: Wed 6/12/2002 10:33 AM 
To: Richard Amerman; [EMAIL PROTECTED] 
Cc: 
Subject: Re: [leaf-user] (no subject)



> This might or might not be a bit off topic, but the machine I have been
working on with my Bering setup is connected to a Belkin KVM switch.  Fairly
often when I switch to another machine and then back to the Bering machine
it looses the keyboard.  I have tried many things to get it back but always
have to reboot (and as you may have guessed, I have been caught a couple of
times with some un-backed up work!)
>
> Any ideas?  I’m not sure if this has anything in particular to do with the
LRP setup, Linux in general, or maybe just hardware.

Do you have the mouse hooked up?  I had problems like this with the mouse
hooked to the KVM when the mouse port was connected to the KVM as well as
the KB.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)




©¢{(­ç[É8bžAžzF­†Ûiÿü0Á8bžAžzG(›ù^iû¬z¹šŠX§‚X¬¶Wš~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z´‘!¶ÚþWš~šèç-¢¸?¦æÿv‡?v‡&jv z¿Ý¡È×Ïu†Ù¥

[leaf-user] Bering behind Private Network

2002-06-12 Thread Bobby Whitley 

I have a bering 1.0rc2 firewall that I would like to place behind a Netopia Router 
that will provide VPN 
Services between my locations and then I would like to have the bering firewall 
forward the private VPN.

Configuration

Location 1Netopia Router   10.0.5.1 (Gateway)  VPN to Location 2
   DHCP IP address to Bering firewall 10.0.5.59 (eth0) remove rfc
   that restricts private IP routing
   Bering eth1 10.1.0.1
   eth1 is doing DHCP 
   Workstation can get onto the internet through the Bering 
Firewall

Location 2   Netopia Router (10.0.6.1 (Gateway)  VPN to Location 1

I can ping the 10.0.6 network from the Bering firewall.   How do I give location 1 
access to location 2 
(10.0.6.0 Network)?




Bobby Whitley
Initial Contract Services
Information Systems Manager
Voice:  678-584-2009
Fax:  404-806-7550


This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Kim Oppalfens 

 
The problem isn't related to the mangle or mark thingies.

It is the length match that is creating the problem.
the complete iptables filter is a bit longer.
And if I eliminate the length match & just do the same thing
without the length (a simple source ip & destination port) filter
everything works out fine.

Kim

-Original Message-
From: Charles Steinkuehler
To: Kim Oppalfens; [EMAIL PROTECTED]
Sent: 12/06/2002 18:00
Subject: Re: [leaf-user] Iptables -m length --length 1400:1500

> Ok, little wel maybe not little but mistake on my part anyway.
> But it still doesn't solve the problem though.
>
> IT is still complaining about no rule/target/match by that name
>
> It did solve the problems I had with another filter though.
> So thanks anyway :-)

OK, how about going back to the basics...do you have the proper modules
loaded?  I don't play much with iptables, but I think you probably need
ipt_MARK.o and/or ipt_mark.o, and maybe iptable_mangle.o.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] (no subject)

2002-06-12 Thread Phil Faris 

Have you tried pressing the "Scroll Lock" key to see if it unlocks the 
keyboard?

At 10:22 AM 6/12/02 -0700, Richard Amerman wrote:
>This might or might not be a bit off topic, but the machine I have been 
>working on with my Bering setup is connected to a Belkin KVM 
>switch.  Fairly often when I switch to another machine and then back to 
>the Bering machine it looses the keyboard.  I have tried many things to 
>get it back but always have to reboot (and as you may have guessed, I have 
>been caught a couple of times with some un-backed up work!)
>
>
>
>Any ideas?  I’m not sure if this has anything in particular to do with 
>the LRP setup, Linux in general, or maybe just hardware.
>
>
>
>Thanks!
>
>
>
>Richard Amerman
>©¢{(­ç[É8bžAžzF­†Ûiÿü0Á8bžAžzG(›ù^iû¬z¹šŠX§‚X¬¶Wš~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl² 
>‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z´‘!¶ÚþWš~šèç-¢¸?¦æÿv‡?v‡&jv z¿Ý¡È×Ïu†Ù¥


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Charles Steinkuehler 

> The problem isn't related to the mangle or mark thingies.
>
> It is the length match that is creating the problem.
> the complete iptables filter is a bit longer.
> And if I eliminate the length match & just do the same thing
> without the length (a simple source ip & destination port) filter
> everything works out fine.



> The command I use
>
> Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10
>
> But it gives me an error on the length stating no rule target match with
> that name.
> The iptables kernel module is located in /lib/iptables.

Um...maybe that's because there is no -m length match rule?  At least not
according to man iptables on my RedHat 7.2 system.  Maybe you need some
add-on kernel modules/patches that aren't in the default kernel?

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Wireless security with LEAF and VPN

2002-06-12 Thread David Suh 

I saw the original note from Charles Baker which mentioned the 2002 issue of
Linux Journal about setting up a wireless home network.  Unfortunately, the
article is only available to subscribers. So here goes...

Is there a difference in the security arrangement at the point in between
the wireless access point and the client in the two scenarios below?  It
would seem that in the scenario A, implementing the VPN gateway with
FreeS/WAN at the LRP box secures you from the point of the company VPN to
the LRP router.  However, once inside your LAN, the data that is transmitted
between the wireless access point and the client is no longer secure (no
encryption provided by the VPN).

In scenario B, it would seem that because you are masquerading to the point
of the client, the data will be encrypted over the wireless network for the
entire length of transmission from the company VPN to the end point at the
client.

Granted, you can implement further security measures over your wireless LAN,
but leaving that out of the discussion, does scenario B offer more
protection?  Is there a fallacy in my thought process here and that scenario
B is just as vulnerable?  Could it be that hacker tools like Airsnort and
WEPcrack can still decrypt the data?


Scenario A
    _   ___
 ||| ||Wireless|   |   |
 |Company |___(Internet)___| LRP || Access |__///__|Client |
 |  VPN   |   ()   | VPN ||  Point |   |___|
 |||_|||


Scenario B
    __  ___
 ||| LRP  |   |Wireless|   |   |
 |Company |___(Internet)___|IPSec |___| Access |__///__|Client |
 |  VPN   |   ()   | Masq |   |  Point |   |VPN End|
 |||__|   ||   |___|


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] [ leaf-Support Requests-568227 ] eth1, 64MB CompactFLASH IDE problem?

2002-06-12 Thread noreply 

Support Requests item #568227, was opened at 2002-06-12 14:01
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=213751&aid=568227&group_id=13751

Category: Release/Branch: Dachstein
Group: None
Status: Open
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Mike Noyes (mhnoyes)
Summary: eth1, 64MB CompactFLASH IDE problem?

Initial Comment:
I am trying to install "DachStien" on a 64MB 
CompactFLASH IDE drive, but I "must" use eth1 as my 
connection to the Internet. 

Where do I make the proper changes from eth0 to eth1?


Thank you for your time and efforts.

Regards,

Don Carrico


--

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=213751&aid=568227&group_id=13751

___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Kim Oppalfens 

At 20:45 12/06/2002, Charles Steinkuehler wrote:

I think that is indeed correct I think there are seperate kernal modules
for that. but I think they are included in bering.

the directory /lib/iptables contains a file libipt_length.so
So I expect the module patch library whatever it is to be there.

Kim

> > The problem isn't related to the mangle or mark thingies.
> >
> > It is the length match that is creating the problem.
> > the complete iptables filter is a bit longer.
> > And if I eliminate the length match & just do the same thing
> > without the length (a simple source ip & destination port) filter
> > everything works out fine.
>
>
>
> > The command I use
> >
> > Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10
> >
> > But it gives me an error on the length stating no rule target match with
> > that name.
> > The iptables kernel module is located in /lib/iptables.
>
>Um...maybe that's because there is no -m length match rule?  At least not
>according to man iptables on my RedHat 7.2 system.  Maybe you need some
>add-on kernel modules/patches that aren't in the default kernel?
>
>Charles Steinkuehler
>http://lrp.steinkuehler.net
>http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
>
>
>
>___
>
>Sponsored by:
>ThinkGeek at http://www.ThinkGeek.com/
>
>leaf-user mailing list: [EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering behind Private Network

2002-06-12 Thread Jeff Newmiller 

On 2147483647 xxx -1, Bobby Whitley wrote:

> I have a bering 1.0rc2 firewall that I would like to place behind a Netopia Router 
>that will provide VPN 
> Services between my locations and then I would like to have the bering firewall 
>forward the private VPN.
> 
> Configuration
> 
> Location 1Netopia Router   10.0.5.1 (Gateway)  VPN to Location 2
>DHCP IP address to Bering firewall 10.0.5.59 (eth0) remove rfc
>that restricts private IP routing
>Bering eth1 10.1.0.1
>eth1 is doing DHCP 
>Workstation can get onto the internet through the Bering 
>Firewall
> 
> Location 2   Netopia Router (10.0.6.1 (Gateway)  VPN to Location 1
> 
> I can ping the 10.0.6 network from the Bering firewall.   How do I give location 1 
>access to location 2 
> (10.0.6.0 Network)?

If all you want is access from location 1 to location 2, then you can turn
on masquerading in the Bering router.  If you want location 2 to to be
able to access location 1 (seems likely) then you have to explain the
situation to the Netopia routers (requires use of static ip for Bering
eth0).  I don't know if the Netopia router will allow that.

I don't see what the Bering router is buying you in this
configuration.  Do you not trust traffic over the VPN?

---
Jeff NewmillerThe .   .  Go Live...
DCN:<[EMAIL PROTECTED]>Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] FreeS/Wan and tinydns

2002-06-12 Thread Vic Berdin 

Hello Charles,

Your response is quite sufficient. I have not gone to the details of
FreeS/WAN docs yet.
All I know is that it is dependent on a DNS server, specificly the
standard linux DNS server
which is Bind. All I wanted to know is if the tinydns package is enough
to work with
FreeS/WAN. And you said yes. Hence, excellent! And thanks!

Regards, Vic

- Original Message -
From: "Charles Steinkuehler" <[EMAIL PROTECTED]>
To: "Vic Berdin" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, June 11, 2002 10:40 PM
Subject: Re: [leaf-user] FreeS/Wan and tinydns


> > Can FreeS/Wan make use of tinydns instead of bind8? I've read docs
from
> > J.Nilo's site and
> > I'm sold that tinydns is a much better choice compared to bind.
However,
> > I also would like to
> > setup VPN using FreeS/Wan (already patched my kernel). But will
> > FreeS/Wan work with tinydns?
>
> The short answer is "yes", but actually, your question doesn't make
much
> sense.
>
> Tinydns and bind are both DNS servers.  While a DNS server is critical
in
> getting any domains you may be in control of to resolve for folks out
on the
> internet, it doesn't have much to do with name resolution on your
local
> hosts.  What really matters is the contents of the /etc files hosts,
> resolv.conf, nsswitch, and similar.
>
> Charles Steinkuehler
> http://lrp.steinkuehler.net
> http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering - VPN - Pocket PC

2002-06-12 Thread Richard Amerman 

Has anyone had any luck getting Movian VPN for Pocket PC to work with FreeSwan on 
Bering?

 

My primary need is simply to get VPN to work between Pocket PC and Bering, Movian just 
looks like one of the best options.

 

Richard Amerman
Jš'²ŠÞu¼“†)äç¤jØm¶ŸÿÃ
†)äç¤r‰¿•æŸºÇ«™¨¥Šx%ŠËey§î±êåŠËl²‹«qç讧zØm¶›?þX¬¶Ë(º·~Šàzw­þX¬¶ÏåŠËbú?•æŸºÇ«I@Bm§ÿåy§é®ˆÞrÚ+ƒúno÷hs÷hrf§j«ýÚ‰Ý|÷Xmš

[leaf-user] DHCLIENT errors filling up my log...eigerstein.

2002-06-12 Thread Michael McClure 

I was recently forced to switch from dedicated to dhclient ip by my 
cable modem company.  It worked fine, but I'm getting the following 
messages in my log (which are shown in a manual startup:

# svi dhclient start
Starting dhclient...
Internet Software Consortium DHCP Client 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

   IP filters: [IP Forwarding: DISABLED] flushed
Listening on LPF/eth0/00:80:29:68:a1:4f
Sending on   LPF/eth0/00:80:29:68:a1:4f
Sending on   Socket/fallback/fallback-net
   IP filters: [IP Forwarding: DISABLED] flushed
   IP filters: [IP Forwarding: DISABLED] flushed
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 20
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.

ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
DHCPREQUEST on eth0 to 255.255.255.255 port 67
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPACK from 64.255.221.4
   IP filters: firewall [IP Forwarding: ENABLED]
Would send signal 15 to 1904.
Stopped /usr/sbin/dnscache (pid 1904).
Starting /usr/sbin/dnscache...
bound to 66.235.3.59 -- renewal in 43200 seconds.


In addition, when I tried a restart, I got some errors in the script:
# svi dhclient restart
Starting dhclient...
Internet Software Consortium DHCP Client 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

/var/state/dhcp/dhclient.leases line 36: no option named dhlease
  option dhlease {
 ^
/var/state/dhcp/dhclient.leases line 50: expecting lease declaration.
lease
^
/var/state/dhcp/dhclient.leases line 64: expecting semicolon.
lease
^
/var/state/dhcp/dhclient.leases line 78: expecting lease declaration.
lease
^
/var/state/dhcp/dhclient.leases line 92: expecting semicolon.
lease
^
/var/state/dhcp/dhclient.leases line 106: expecting lease declaration.
lease
^
/var/state/dhcp/dhclient.leases line 120: expecting semicolon.
lease
^
/var/state/dhcp/dhclient.leases line 133: unterminated lease declaration.
lease {
^
   IP filters: [IP Forwarding: DISABLED] flushed
Listening on LPF/eth0/00:80:29:68:a1:4f
Sending on   LPF/eth0/00:80:29:68:a1:4f
Sending on   Socket/fallback/fallback-net
   IP filters: [IP Forwarding: DISABLED] flushed
   IP filters: [IP Forwarding: DISABLED] flushed
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
DHCPDISCOVER on eth0 to 255.255.

Re: [leaf-user] Iptables -m length --length 1400:1500 solved!

2002-06-12 Thread Kim Oppalfens 


>
>I know your not supposed to answer your own mails but hey
>call schizophrenic ok :-)
>
>Charles nailed it again the libipt is some sort of library but still needs
>the module to work, once I copied the module onto my system everything 
>worked out fine.
>
>Thanks again (it is starting to get boring :-))
>Kim
>
>
>
>>I think that is indeed correct I think there are seperate kernal modules
>>for that. but I think they are included in bering.
>>
>>the directory /lib/iptables contains a file libipt_length.so
>>So I expect the module patch library whatever it is to be there.
>>
>>Kim
>>
>>> > The problem isn't related to the mangle or mark thingies.
>>> >
>>> > It is the length match that is creating the problem.
>>> > the complete iptables filter is a bit longer.
>>> > And if I eliminate the length match & just do the same thing
>>> > without the length (a simple source ip & destination port) filter
>>> > everything works out fine.
>>>
>>>
>>>
>>> > The command I use
>>> >
>>> > Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10
>>> >
>>> > But it gives me an error on the length stating no rule target match with
>>> > that name.
>>> > The iptables kernel module is located in /lib/iptables.
>>>
>>>Um...maybe that's because there is no -m length match rule?  At least not
>>>according to man iptables on my RedHat 7.2 system.  Maybe you need some
>>>add-on kernel modules/patches that aren't in the default kernel?
>>>
>>>Charles Steinkuehler
>>>http://lrp.steinkuehler.net
>>>http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
>>>
>>>
>>>
>>>___
>>>
>>>Sponsored by:
>>>ThinkGeek at http://www.ThinkGeek.com/
>>>
>>>leaf-user mailing list: [EMAIL PROTECTED]
>>>https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>>
>>
>>___
>>
>>Sponsored by:
>>ThinkGeek at http://www.ThinkGeek.com/
>>
>>leaf-user mailing list: [EMAIL PROTECTED]
>>https://lists.sourceforge.net/lists/listinfo/leaf-user
>>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] [ leaf-Support Requests-566756 ] Off-Topic Slink ISO

2002-06-12 Thread noreply 

Support Requests item #566756, was opened at 2002-06-10 11:15
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=213751&aid=566756&group_id=13751

Category: None
Group: None
Status: Closed
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Mike Noyes (mhnoyes)
Summary: Off-Topic   Slink ISO

Initial Comment:
If there's anyone who got the old Debian 2.1 "Slink"
CDs or ISOs I would be very happy if I could get a copy
of them, willing to host them for public download to.

Thanks in advance
  Tosing,  [EMAIL PROTECTED]

--

Comment By: Tosing (tosing)
Date: 2002-06-13 07:47

Message:
Logged In: YES 
user_id=556878

Thanx a lot, I could kiss you guys!



--

Comment By: Mike Noyes (mhnoyes)
Date: 2002-06-10 15:45

Message:
Logged In: YES 
user_id=39521

Based on the most recent comment on this support request, it
is our understanding that this matter has been addressed.
Should you require further assistance from the LEAF project
members, please submit a new support request.

Thank you,

leaf-project.org support

--

Comment By: Nobody/Anonymous (nobody)
Date: 2002-06-10 14:37

Message:
Logged In: NO 

You can find the files, not an image, at 
http://archive.debian.org/dists/slink/

I installed from that.

--

Comment By: Manfred Schuler (mschuler)
Date: 2002-06-10 12:08

Message:
Logged In: YES 
user_id=490757

You can find the images at

ftp://debian.uchicago.edu/debian-cd/archive


--

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=213751&aid=566756&group_id=13751

___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] I drop a packet every 3 minutes; help to ID?

2002-06-12 Thread Eric House 

My shorewall logs show that I'm dropping an identical packet every
three minutes (exactly).  After a reboot of the router the packet
resumes, but might be at a different time -- which makes me wonder
if it's an artifact of the router rather than coming from outside.

Anyway, here's one entry.  Does this mean anything to any of you?

Jun 12 19:26:22 pauling kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=
MAC=01:00:5e:00:00:01:00:20:40:64:a1:fd:08:00 SRC=192.168.100.1
DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2

(My internal networks are 192.168.1.0 and 192.168.2.0.  I'm running
Bering rc2 with AT&T cable.)

Thanks,

--Eric House

**
* From the desktop of: Eric House, [EMAIL PROTECTED]*
*Crosswords 4.0 for PalmOS is out!:   *
**


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] I drop a packet every 3 minutes; help to ID?

2002-06-12 Thread Brad Fritz 


Eric,

On Wed, 12 Jun 2002 22:55:38 PDT Eric House wrote:

> My shorewall logs show that I'm dropping an identical packet every
> three minutes (exactly).  After a reboot of the router the packet
> resumes, but might be at a different time -- which makes me wonder
> if it's an artifact of the router rather than coming from outside.
> 
> Anyway, here's one entry.  Does this mean anything to any of you?
> 
> Jun 12 19:26:22 pauling kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=
> MAC=01:00:5e:00:00:01:00:20:40:64:a1:fd:08:00 SRC=192.168.100.1
> DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
> 
> (My internal networks are 192.168.1.0 and 192.168.2.0.  I'm running
> Bering rc2 with AT&T cable.)

This looks like a multicast packet from your cable modem.  It's
fairly typical for cable modems to use 192.168.100.1 for an
internal interface and apparently some of them, e.g. the Motorola
Surfboards, send out multicast probes.  Here is a link to a thread
where someone asks the same question:
   http://www.luni.org/pipermail/luni/2002-February/004419.html

Bottom line, the source is your cable modem not the router, and
it isn't anything to worry about.

Hope that helps.

--Brad


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] DHCLIENT errors filling up my log...eigerstein.

2002-06-12 Thread Michael McClure 

More info from the logs:


Jun 13 00:03:34 mikerouter dhclient: ip length 328 disagrees with bytes 
received 332.
Jun 13 00:03:34 mikerouter dhclient: accepting packet with data after 
udp payload.
Jun 13 00:03:34 mikerouter dhclient: ip length 328 disagrees with bytes 
received 332.
Jun 13 00:03:34 mikerouter dhclient: accepting packet with data after 
udp payload.
Jun 13 00:03:34 mikerouter dhcpd: receive_packet failed on eth1: Network 
is down
Jun 13 00:03:48 mikerouter dhclient: ip length 328 disagrees with bytes 
received 332.
Jun 13 00:03:48 mikerouter dhclient: accepting packet with data after 
udp payload.
Jun 13 00:03:48 mikerouter dhclient: ip length 328 disagrees with bytes 
received 332.
Jun 13 00:03:48 mikerouter dhclient: accepting packet with data after 
udp payload.
Jun 13 00:04:04 mikerouter dhclient: ip length 328 disagrees with bytes 
received 332.


Any help would be greatly appreciated.

TIA.
mike.

Michael McClure wrote:

> I was recently forced to switch from dedicated to dhclient ip by my 
> cable modem company.  It worked fine, but I'm getting the following 
> messages in my log (which are shown in a manual startup:
>
> # svi dhclient start
> Starting dhclient...
> Internet Software Consortium DHCP Client 2.0pl5
> Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
> All rights reserved.
>
> Please contribute if you find this software useful.
> For info, please visit http://www.isc.org/dhcp-contrib.html
>
>   IP filters: [IP Forwarding: DISABLED] flushed
> Listening on LPF/eth0/00:80:29:68:a1:4f
> Sending on   LPF/eth0/00:80:29:68:a1:4f
> Sending on   Socket/fallback/fallback-net
>   IP filters: [IP Forwarding: DISABLED] flushed
>   IP filters: [IP Forwarding: DISABLED] flushed
> DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
> DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
> DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 20
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
>
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPOFFER from 64.255.221.4
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPOFFER from 64.255.221.4
> DHCPOFFER already seen.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPOFFER from 64.255.221.4
> DHCPOFFER already seen.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPOFFER from 64.255.221.4
> DHCPOFFER already seen.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPOFFER from 64.255.221.4
> DHCPOFFER already seen.
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPOFFER from 64.255.221.4
> DHCPOFFER already seen.
> DHCPREQUEST on eth0 to 255.255.255.255 port 67
> ip length 328 disagrees with bytes received 332.
> accepting packet with data after udp payload.
> DHCPACK from 64.255.221.4
>   IP filters: firewall [IP Forwarding: ENABLED]
> Would send signal 15 to 1904.
> Stopped /usr/sbin/dnscache (pid 1904).
> Starting /usr/sbin/dnscache...
> bound to 66.235.3.59 -- renewal in 43200 seconds.
>
>
> In addition, when I tried a restart, I got some errors in the script:
> # svi dhclient restart
> Starting dhclient...
> Internet Software Consortium DHCP Client 2.0pl5
> Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
> All rights reserved.
>
> Please contribute if yo

[leaf-user] tcpdum

2002-06-12 Thread Reginald R. Richardson 

Hi guys..

Does anyone has the latest version of TCPDUMP.LRP for leaf...

Would believe that's 3.7.1,
Latest I found was 3.6.1 at jack's site...

thnks


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html