[leaf-user] setting up eth1 on Bering 1.0-rc3
I'm running Leaf Bering 1.0-rc3, on several Intel machines. The main purpose is to run [EMAIL PROTECTED] from harddiskless Linux workstations connected to my in-home network. The secondary purpose is to learn about networking, firewalls, Linux, etc. I'm out of switch ports, but I have extra network cards laying around. I want to install 2nd NIC cards in several machines to daisy chain them with cross-over cables (router to computer-A to computer-B to computer-C) instead of buying a bigger router/switch or adding another switch or hub. I'm running behind a router anyway, and these machines only run [EMAIL PROTECTED] so I'm not too worried about security. I installed a second NIC in one machine, and installed the module for it, and I see the module initialize during bootup. But I don't know how to activate it as eth1 or how to setup pump to talk to it. The router is doing the DHCP, so I can let the router assign an IP number to eth1 and any other machines downstream of eth1. I'm also using this as a learning tool to understand firewalls, routing, NAT and Linux. I've checked the docs at: http://leaf.sourceforge.net/devel/jnilo/binstall.html and http://leaf.sourceforge.net/devel/jnilo/busers.html But the pump instructions are not idiot proof enough for me. I've meddled with the following files, but to no avail. Can someone point to more novice-friendly docs for this? Or maybe even give me some hints on what to add to the following config files? Thanks. -Dave A. - My network interfaces has this: # /etc/network/interfaces -- configuration file for LEAF network auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp My Pump configuration file (/etc/pump.conf ) has this: retries 3 script /etc/pump.shorewall device eth0 { } My Pump default config file (/etc/default/pump) has this: IFACES=eth0 My Pump init script (/etc/init.d/pump) is blank. -- --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Hard Disk setup
Mike Koceja wrote: Thanks Jeff! I repartitioned the drive to 512 and it is now up and running great. With one exception... I need to setup VPN. I believe I need to setup IPSec. I did use the kernel with IPSec compiled into it. I also downloaded and copied ifconfig.lrp, ipsec.lrp, ipsec509.lrp, and mawk.lrp to the hard drive but I'm not sure how to configure them. How do I activate these files and how should I configure them? I hope someone can help me out this is the last thing I need to get working on my router. You activate these files by either adding them to your LRP= part of the kernel command line in syslinux.cfg (subject to a 256 character limit for all kernel parameters), or you can create a lrpkg.cfg file in the root directory of the hard drive with the names of all packages you want to load. See the DachsteinCD readme for details on using this file. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh - key only - no password
In theory I don't see why it shouldn't work. Steve Wright wrote: Gurus, I am trying to get my LEAF-WISP 2591 to ssh out, and to accept ssh connections and auth with key only. The routers must be able to load/change/reload policy (addresses, routes, rules) on command from the core but this is insecure without ssh. (I can cron a passworded wget off the core httpd, but not secure.) I have read a number of HOWTOs on doing this but it still refuses. My question is ; Will the ssh/sshd on 2591 do key-only (no password) auth, incoming and outgoing ? If it does, then I have a config error and I will continue working on it. TIA, and kind regards, Steve --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Best Regards, Vladimir Ivaschenko Thunderworx - Senior Systems Engineer (RHCE) --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] help: /etc/rc2.d link doesn't get saved
Jacques Nilo wrote: Le Samedi 7 Juin 2003 11:47, Steve Wright a écrit : Gurus, I put a startup link viz ; ln -s /etc/init.d/pppoe-server /etc/rc2.d/S85pppoe-server but on save-and-reboot, it has gone ! How do I add a startup link for runlevel 2 ? Version is leaf-wisp-dist (latest) in the pppoe-server init script add RCDLINKS=2,S85 Then save the package in which pppoe-server is stored In case of WISP-Dist, just save configuration (or run wdistbackup) (have a look at the other init.d scripts coming from Bering) Jacques --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Best Regards, Vladimir Ivaschenko Thunderworx - Senior Systems Engineer (RHCE) --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: leaf-user digest, Vol 1 #1818 - 15 msgs
IMO this is great information, and should be put in the official Bering Reference Manual. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ http://www.angelfire.com/or/paulrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) On Sun, 08 Jun 2003 15:48:04 -0700 [EMAIL PROTECTED] writes: Subject: Re: [leaf-user] Edit Bering Config files Offline From: David M Brooke [EMAIL PROTECTED] It may not be obvious from the name, but an LRP package file is just a regular gzip'ed tar file, which you can unpack into a directory structure and edit before re-creating the LRP package file. If your other machine is running Linux, you can mount the disk as user 'root' under a temporary directory (e.g. /mnt/tmp - create this if it doesn't already exist) using a command like mount -t msdos /dev/fd0u1680 /mnt/tmp You can then unpack the contents of e.g. etc.lrp with a command like tar -zxvf /mnt/tmp/etc.lrp which will create a new directory etc in the current directory containing the contents of the Bering /etc directory. Re-creating the LRP file once you've made the changes is mostly just the reverse of the above (e.g. tar -zcvf /mnt/tmp/etc.lrp etc). I seem to recall that the maximum possible compression is used for LRP files to make as much as possible fit onto a floppy disk, but presumably if you don't do that it will get corrected next time you write the file from LRCFG. Don't forget to umount /mnt/tmp before ejecting the disk. If your other machine is running Windows then I think it's possible to use WinZip to read .tar.gz files, but you may have to rename them as such first. I'm not sure if WinZip can create a .tar.gz file though. -- David M Brooke [EMAIL PROTECTED] --__--__-- From: eric wolzak [EMAIL PROTECTED] To: Simon Chalk [EMAIL PROTECTED], # all steps in one liners ;) mkdir /temp mount -t msdos /dev/fd0u1680 /mnt cp /mnt/etc.lrp /temp cd /temp tar -xzf etc.lrp rm etc.lrp # can be easier but more dangerous.don't leave etc.lrp in temp, otherwise it will be package in the new etc.lrp #now edit your files cd . edit #if ready move back to temp cd /temp #tar all your files and the subdirectories to etc.tar tar -cf etc.tar * # zip the tar file this will create etc.tar.gz gzip etc.tar # rename etc.tar.gz back mv etc.tar.gz etc.lrp # check the size for security reasons ls -l etc.lrp # and compare with the original and free disk space ls -l /mnt # if ok mv etc.lrp /mnt # clean up cd / rm /temp -rf umount /mnt # wait till everything is written back. # of course you can tar and zip as a one pipe process. btw if you can edit etc.lrp from the boot disk, you also can edit the real files in etc.lrp ;) and back them up. The best thing to hit the internet in years - Juno SpeedBand! Surf the web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Multiple VPNs in Bering 1.2
My current firewall uses Dachstein 1.02 and acts as a central site VPN device. I have numerous VPNs using the ipsec0 interface. Each VPN has a fixed address and of course different subnets. I wish to replace the current firewall with Bering 1.2, but I am having problems configuring the VPNs on Shorewall. I've read the Shorewall docs, but they are directed more toward road-warrier VPNs, not numerous lan-lan tunnels. Can anyone (Tom?) show me how to do this, or point me to some existing documentation? Roger --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] managing remote routers was: help: /etc/rc2.d link doesn't getsaved
Vladimir Ivaschenko wrote: Jacques Nilo wrote: How do I add a startup link for runlevel 2 ? Version is leaf-wisp-dist (latest) in the pppoe-server init script add RCDLINKS=2,S85 Then save the package in which pppoe-server is stored In case of WISP-Dist, just save configuration (or run wdistbackup) Yes, I discovered this to my delight. 8-) In the latest version, even the contents of /root are saved - very nice for the developer, and almost not noticeable that it is a compact-flash based system. A very nice little package. /me bows to the developers. btw, I am writing a few bash scripts that run on standard RedHat 7/8/9. My Intent is build a 'core' server that can handle a bunch of remote routers. So far I have written ; a wrapper script for ssh that does `push router command` a setup script that contacts a new router, checks name resolution etc etc with it, and then uploads ssh keys so the router can be commanded with `push` and no password. Next I will be building more scripts to manage client connections and routing policy on said routers, and hopefully automate most things so I do not have to log on to the routers and manage everything by hand. If anyone wants to participate, perhaps we might work together on an appropriate list. regards, Steve --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Multiple VPNs in Bering 1.2
On Mon, 9 Jun 2003 14:53:36 -0400, Roger E McClurg [EMAIL PROTECTED] wrote: My current firewall uses Dachstein 1.02 and acts as a central site VPN device. I have numerous VPNs using the ipsec0 interface. Each VPN has a fixed address and of course different subnets. I wish to replace the current firewall with Bering 1.2, but I am having problems configuring the VPNs on Shorewall. I've read the Shorewall docs, but they are directed more toward road-warrier VPNs, not numerous lan-lan tunnels. Can anyone (Tom?) show me how to do this, or point me to some existing documentation? You might check the recent archives of the Shorewall mailing list -- this topic has come up a couple of times recently and there have been examples posted. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Multiple VPNs in Bering 1.2
Hi Roger, Here is the message I sent to Shorewall mailing list. M Lu. - Original Message - From: M Lu [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 12:10 AM Subject: Re: [Shorewall-users] Two VPN connections (IPSEC) Hi, Tom just helped me on this issue a couple of days ago. This is what I do when I have 2 tunnels (subnet-subnet) to one site. You have 2 tunnels to 2 sites but should be similar /etc/shorewall/tunnels ipsec net64.128.24.x vpn,vpn2 # You may need 2 lines here (each for diffrent remote IP) in /etc/shorewal/interfaces - ipsec0 in /etc/shorewall/hosts vpn ipsec0:192.168.15.0/24 vpn2ipsec0:192.168.22.0/24 and the corresponding rules and policy for vpn, vpn2 and your network. I hope that helps. M Lu. From: Phil Foxton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Shorewall-users] Two VPN connections (IPSEC) Date: 03 Jun 2003 16:57:11 +0100 Hi, I currently have a good setup running shorewall to protect my network at home, and it works fine if I just want to have a tunnel to one site (lets call it Challenge) but if I add a tunnel to another site (lets call it Stony), the tunnel comes up ok (I can see from ipsec look that the tunnels are there) but I cannot pass any traffic over them, even though I can send traffic over the original tunnel. Any ideas? RGDS Phil -- Phil Foxton [EMAIL PROTECTED] Intelligent Maintenance Systems Ltd ___ Shorewall-users mailing list Post: [EMAIL PROTECTED] Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ___ Shorewall-users mailing list Post: [EMAIL PROTECTED] Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm - Original Message - From: Roger E McClurg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 09, 2003 11:53 AM Subject: [leaf-user] Multiple VPNs in Bering 1.2 My current firewall uses Dachstein 1.02 and acts as a central site VPN device. I have numerous VPNs using the ipsec0 interface. Each VPN has a fixed address and of course different subnets. I wish to replace the current firewall with Bering 1.2, but I am having problems configuring the VPNs on Shorewall. I've read the Shorewall docs, but they are directed more toward road-warrier VPNs, not numerous lan-lan tunnels. Can anyone (Tom?) show me how to do this, or point me to some existing documentation? Roger --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Windows Contivity Client Gets Through Dachstein, Linux Client Doesn't
Hi, I have been a satisfied user of LRP-based firewalls for several years now. However, I now have a problem. I have an old 486 running Dachstein v.1.0.2 (the normal floppy image with the 2.2.19-3 IPsec enabled Linux kernel), acting as a firewall between DSL and my home network. I have a dual-boot laptop which I am trying to use to connect to my corporate intranet using the Nortel Netlock Contivity Client. When I boot the laptop to Windows 2000 and use the Windows version of the client from behind the firewall, everything works fine. When I boot the laptop to Linux and use the Linux version of the client with the laptop connected directly to the DSL modem, everything works fine. But when I boot the laptop to Linux and use the Linux version of the client from behind the firewall, the client claims to have successfully established a connection, but nothing gets through the connection. If I ping any address (including numerical addresses within the intranet) it says N packets transmitted, 0 packets received, 100% packet loss. I realize I probably need to provide a lot more specific information for anyone to help me, but for now I just have a simple multiple-choice question. Could someone please tell me whether a) I need to change the configuration of Dachstein on the 486 box b) I need to change the configuration of my Linux laptop c) I need to change both d) This cannot be determined from the information I have given Just in case it is useful, here is what the routing table on the Linux laptop (named guruseva) looks like when the Contivity client has connected through the firewall (which is at 192.168.1.254 on the private subnet for my home network): Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.91.171.51 192.168.1.254 255.255.255.255 UGH 0 00 eth0 172.21.1.48 guruseva255.255.255.255 UGH 0 00 lo 204.68.140.61 172.21.1.48 255.255.255.255 UGH 0 00 nlv0 192.168.1.254 192.168.1.1 255.255.255.255 UGH 0 00 eth0 192.168.1.0 172.21.1.48 255.255.255.0 UG0 00 nlv0 192.168.1.0 * 255.255.255.0 U 1 00 eth0 default 172.21.1.48 0.0.0.0 UG0 00 nlv0 default 192.168.1.254 0.0.0.0 UG1 00 eth0 Here nlv0 is the iface that the Netlock VPN client has set up and 192.91.171.51 is the VPN server I'm connecting to. 172.21.1.48 is the address the VPN server assigned my client. I have a vague idea from searching for info that my problem is related to IPsec over UDP NAT traversal, but I don't know what to do about it (and I find the fact that the Windows client works fine particularly mind-boggling). Thanks in advance for any help, Ruchira Datta [EMAIL PROTECTED] --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Changing root to /dev/hda2
I don't realy think i'm un-embedding, since i'm choosing to use a Disk-on-flash media to start the embedded OS. Floppys my fail and use much more energy than a disk-on-flash. Since the smalest DoF I got have 16Mb and I have memmory conserns (RAM=16Mb that I can't expand due to no spare mamory slots) I wanted to use the extra HD space to free up ram memmory. So the two things I thought is to enable swap and put the rootfs away fro the ram. I think I changed all things in initrd to mount the rootfs in DoF hda1 and every things goes well just befor init. As I told I added a sh -i just before the exec /sbin/init and my hda1 is correctly mounted and accessible as /. I do not understand while init complains about opening hda1. I must be missing something in the boot proccess, so if somebody go this to work (the linuxrc in initrd seams to be tempered before for something like this, since there was an if for rootfs != /dev/ram0) or could give some ideas while init complains I would realy apreciate. Cópia Lynn Avants [EMAIL PROTECTED]: On Wednesday 04 June 2003 06:48 pm, [EMAIL PROTECTED] wrote: After I installed bering1.2 on /dev/hda1 of an disk-on-chip IDE, I whant to release the ram used by the root device in /dev/ram0. I copied the hole root into /dev/hda2 and made a new initrd2.lrp where I added pertinent fs and included some code in linuxrc to mount the new root. Then I added an option in syslinux.cfg where root=/dev/hda2 ant intird=initrd2.lrp. You do realize what you are doing is un-embedding an embedded OS and you'll have to change several things (including mounts like /) in initrd and likely in some of the boot scripts (like mountfs). swapon is not compiled into busybox because we normally don't use a swap partition so you'll likely have to recompile BB or use the Slink utility to do so. Other people have done this, so you may find some help in the leaf-user/leaf-devel archives for duplication, but this is not a normal setup for LEAF. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Changing root to /dev/hda2
On Monday 09 June 2003 05:40 pm, [EMAIL PROTECTED] wrote: I don't realy think i'm un-embedding, since i'm choosing to use a Disk-on-flash media to start the embedded OS. Floppys my fail and use much more energy than a disk-on-flash. Since the smalest DoF I got have 16Mb and I have memmory conserns (RAM=16Mb that I can't expand due to no spare mamory slots) I wanted to use the extra HD space to free up ram memmory. So the two things I thought is to enable swap and put the rootfs away fro the ram. That *is* the difference between embedded and non-embedded. Embedded runs from a ramdisk and non-embedded runs from a non-RAM disk. ;) As I said before, LEAF is not designed to run with the '/' filesystem on any media other than ramdisk... which is *exactly* what you are attempting to do. I think I changed all things in initrd to mount the rootfs in DoF hda1 and every things goes well just befor init. As I told I added a sh -i just before the exec /sbin/init and my hda1 is correctly mounted and accessible as /. I do not understand while init complains about opening hda1. I must be missing something in the boot proccess, so if somebody go this to work (the linuxrc in initrd seams to be tempered before for something like this, since there was an if for rootfs != /dev/ram0) or could give some ideas while init complains I would realy apreciate. You can't mount it more than once concurrently...it's already mounted. This is likely located in pivot_root and this has been discussed before. You should be able to find something about the mods necessary in the leaf-user/leaf-devel archives unless someone has the mods off the top of their head. I would look at where init changes the '/' fs from initrd to the real running '/' filesystem (pivot_root). -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] boot floppy to boot Bering cdrom
Greetings, I don't have space on a single floppy for all the packages. So, I create a bootable ISO Bering CD but my pc does not support CDROM boot. Is there a floppy image available to just allow me to boot up from the floppy which then in turn to boot up the Bering ISO from the cdrom ? Thanks. Newton __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Changing root to /dev/hda2
On Mon, 9 Jun 2003, Lynn Avants wrote: On Monday 09 June 2003 05:40 pm, [EMAIL PROTECTED] wrote: I don't realy think i'm un-embedding, since i'm choosing to use a Disk-on-flash media to start the embedded OS. Floppys my fail and use much more energy than a disk-on-flash. Since the smalest DoF I got have 16Mb and I have memmory conserns (RAM=16Mb that I can't expand due to no spare mamory slots) I wanted to use the extra HD space to free up ram memmory. So the two things I thought is to enable swap and put the rootfs away fro the ram. That *is* the difference between embedded and non-embedded. Embedded runs from a ramdisk and non-embedded runs from a non-RAM disk. ;) I beg to differ. There is no direct linkage between embedded and ramdisk. Personally, I think it is easier to work with a ramdisk root, but there are certainly advantages to having a flash disk root in the embedded domain. As I said before, LEAF is not designed to run with the '/' filesystem on any media other than ramdisk... which is *exactly* what you are attempting to do. This is very true, but I would not presume to suggest that this would be true for all future LEAF variants. However, if someone chooses to set up a distro that does not use a ramdisk as root, it will not resemble any of the current LEAF variants. That will mean that support for it on this email list may not be very practical because it would differ so much from the normal LEAF variants. So if they remained part of the LEAF alliance, they would probably need a more specialized mailing list. [...] --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Work:[EMAIL PROTECTED] Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Multiple IPSEC Tunnels
I've updated the Shorewall IPSEC documentation to show a setup with two net-to-net tunnels. http://shorewall.sf.net/IPSEC.htm -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Errors--Route through eth0?
My thanks to Tom Eastep and Ray Olszewski, who pointed out some information that would help. I'm working on LEAF Bering 1.2, using a PPP serial modem (as ppp0) and a PCMCIA NIC as eth0 for the internal network. The host is a Toshiba Satellite Pro 460CDX laptop (recycled). The NIC is an older 3Com EtherLink III 3C589D based card (recycled). At boot, the firewall gives an error message of: Masquerade: Error: Unable to determine the routes through eth0 Tom suggested the interface isn't up before Shorewall starts, and that seems reasonable. Ray suggested there was a configuration error, and that seems highly likely, as I'm still learning. Pinging the firewall from the internal network, to the default IP of 192.168.1.254 Destination Host Unreachable. I think I've failed to declare something associated with the PCMCIA cards--I'm not sure where the declaration of the 3c589 driver goes--the documentation isn't clear. I've read the FAQ, but didn't find something that pointed in this direction. I searched the archive, and googled, but also didn't find much. I've pulled the information for troubleshooting, per http://leaf-project.org/pub/doc/docmanager/docid_1891.html. The document at http://leaf.sourceforge.net/pub/doc/guide/install-dachstein/ds-laptop.html there may be a PCI-to-PCMCIA bridge problem (these are older machines). But far more likely is that I've left something out, and I've annotated where my suspicions like, below, in the /etc/modules file. I appreciate the help you're providing, as I'm still learning. uname -a yields Linux firewall 2.4.20 #1 Sun May 11 18:53:34 CEST 2003 i586 unknown ip addr show 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1500 qdisc pfifo_fast qlen 3 link/ppp inet 10.64.64.64 peer 10.112.112.112/32 scope global ppp0 ip route show 10.112.112.112 dev ppp0 proto kernel scope link src 10.64.64.64 default via 10.112.112.112 dev ppp0 lsmod Module PagesUsed by ds 6796 2 i82365 27044 2 pcmcia_core41088 0 [ds i82365] ip_nat_irc 2176 0 (unused) ip_nat_ftp 2784 0 (unused) ip_conntrack_irc2880 1 ip_conntrack_ftp3648 1 ppp_async 6284 0 (unused) ppp_generic16152 1 [ppp_async] slhc4352 0 [ppp_generic] /sbin/shorewall status Shorewall-1.4.2 Status at firewall - Mon Jun 9 20:07:24 UTC 2003 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/00.0. 0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 Chain all2all (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:all2all:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (2 references) pkts bytes target prot opt in out source dest ination 0 0 icmpdeficmp -- *
Re: [leaf-user] Errors--Route through eth0?
On Mon, 2003-06-09 at 19:19, Greg Playle wrote: My thanks to Tom Eastep and Ray Olszewski, who pointed out some information that would help. I'm working on LEAF Bering 1.2, using a PPP serial modem (as ppp0) and a PCMCIA NIC as eth0 for the internal network. The host is a Toshiba Satellite Pro 460CDX laptop (recycled). The NIC is an older 3Com EtherLink III 3C589D based card (recycled). At boot, the firewall gives an error message of: Masquerade: Error: Unable to determine the routes through eth0 snip # /etc/modules: kernel modules to load at boot time. # ISA ethernet cards # PCI ethernet cards # should the 3c589_cs.o be declared here? - Yes. You can insert the module on a running system with insmod 3c589_cs I'm very interested in your progress on this project, as I'm about to try something rather similar in the next few weeks. Good luck! --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] boot floppy to boot Bering cdrom
wing newton wrote: Greetings, I don't have space on a single floppy for all the packages. So, I create a bootable ISO Bering CD but my pc does not support CDROM boot. Is there a floppy image available to just allow me to boot up from the floppy which then in turn to boot up the Bering ISO from the cdrom ? I believe the Bering CD-ROMs available use isolinux to boot, rather than the floppy disk emulation mode (which would provide a ready-made floppy boot image). It's pretty easy to roll your own, however. All you need is the proper kernel and initial ramdisk image and a boot-loader. You can grab the proper kernel and initial ramdisk from the Bering CD-ROM. Syslinux is probably the easiest boot-loader to use when working with floppies...you can find it at kernel.org, and the tarball includes both a dos and linux executable. Once you've syslinux'd your floppy to make it bootable, and copied the kernel and initial ramdisk file, all you need is an appropriate configuration. You should be able to copy the kernel command line from the isolinux configuration file on the CD-ROM. If you run into problems, fire off a specific question to the list, and you should get quick help. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Hard Disk setup
I've added them to the LRP= part of the kernel command line in syslinux.cfg. But they don't show up in lrcfg and I still can't use VPN to connect to my work LAN (no big surprise considering). What's next how do I get them to show up in lrcfg? --- Charles Steinkuehler [EMAIL PROTECTED] wrote: Mike Koceja wrote: Thanks Jeff! I repartitioned the drive to 512 and it is now up and running great. With one exception... I need to setup VPN. I believe I need to setup IPSec. I did use the kernel with IPSec compiled into it. I also downloaded and copied ifconfig.lrp, ipsec.lrp, ipsec509.lrp, and mawk.lrp to the hard drive but I'm not sure how to configure them. How do I activate these files and how should I configure them? I hope someone can help me out this is the last thing I need to get working on my router. You activate these files by either adding them to your LRP= part of the kernel command line in syslinux.cfg (subject to a 256 character limit for all kernel parameters), or you can create a lrpkg.cfg file in the root directory of the hard drive with the names of all packages you want to load. See the DachsteinCD readme for details on using this file. -- Charles Steinkuehler [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Errors--Route through eth0?
Please reply to the list. On Mon, 2003-06-09 at 20:49, Greg Playle wrote: I guess I'm a bit puzzled at this. The messages at boot appear to indicate that insmod is throwing unresolved symbol errors when it tries to load 3c589_cs. The things it's trying to refer to appear to be the modules loaded by the pcmcia modules. Later, the load messages show the pcmcia modules loading, but of course, 3c589 isn't working. Should the pcmcia call in syslinux.cfg precede the call to modules.lrp? Well, I haven't used pcmcia with LEAF yet, but yes, the pcmcia drivers (ds and pcmcia_core) must be loaded before the 3c589 driver, as shown by modules.dep: /lib/modules/2.4.20/pcmcia/3c589_cs.o: /lib/modules/2.4.20/pcmcia/ds.o \ /lib/modules/2.4.20/pcmcia/pcmcia_core.o /lib/modules/2.4.20/pcmcia/ds.o:/lib/modules/2.4.20/pcmcia/pcmcia_core.o /lib/modules/2.4.20/pcmcia/pcmcia_core.o: -Richard --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Errors--Route through eth0?
This is all a bit muddled in my mind, Greg, and the message from Richard Doyle -- which appears to be in reply to something you wrote that I have not seen yet -- confuses me a bit more. What I *think* is going on is simply that the eth0 interface is not being created because you are not loading the module(s) needed to detect and initialize the NIC. At the least, this is the 3c589_cs.o; it includes anything that module depends on. It has (they have) to be in /etc/modules, and if there is more than one, they have to be in the right order. Based on the details in this message of yours and the one Richard posted, I **think** you need to edit /etc/modules to read something like this (my edits are not indented): # /etc/modules: kernel modules to load at boot time. # ISA ethernet cards # PCI ethernet cards # should the 3c589_cs.o be declared here? - pcmcia_core ds. 3c589_cs # Modules needed for PPP connection slhc ppp_generic ppp_async # The three following modules are not always needed #zlib_inflate #zlib_deflate #ppp_deflate # Masquerading 'helper' modules # Other modules available in bering/modules/net/ipv4/netfilter ip_conntrack_ftp ip_conntrack_irc ip_nat_ftp ip_nat_irc insmod'ing the modules in this order should cause the card to be detected and the eth0 interface created ... although in saying this I rely on your identifying this module as the right one for the card and on the depmod info in Richard's message being correct. All your other symptoms are secondary, caused by the eth0 interface not existing. Once it exists, other problems may turn up with your setup ... but until the interface exists, neither we nor you can even begin to evaluate that part of your configuration. BTW, the order of packages in syslinux.cfg has nothing to do with this problem. The order of modules ... and the completeness of the list ... in /etc/modules has everything to do with it. Digression into background: full-strength Linux systems almost universally use modprobe to install modules. modprobe takes care of module dependencies for you, loading what is needed for the named modules. Small distros like LEAF typically use the smaller program insmod, which does not do dependency checking for you. So someone coming to LEAF from Red Hat or Debian needs to adjust his or her thinking a bit to get this stuff rght. Hope this helps. Good luck. At 08:19 PM 6/9/2003 -0600, Greg Playle wrote: My thanks to Tom Eastep and Ray Olszewski, who pointed out some information that would help. I'm working on LEAF Bering 1.2, using a PPP serial modem (as ppp0) and a PCMCIA NIC as eth0 for the internal network. The host is a Toshiba Satellite Pro 460CDX laptop (recycled). The NIC is an older 3Com EtherLink III 3C589D based card (recycled). At boot, the firewall gives an error message of: Masquerade: Error: Unable to determine the routes through eth0 Tom suggested the interface isn't up before Shorewall starts, and that seems reasonable. Ray suggested there was a configuration error, and that seems highly likely, as I'm still learning. Pinging the firewall from the internal network, to the default IP of 192.168.1.254 Destination Host Unreachable. I think I've failed to declare something associated with the PCMCIA cards--I'm not sure where the declaration of the 3c589 driver goes--the documentation isn't clear. [details deleted] --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] initializing eth0 and eth1
How does one initialize both eth0 *and* eth1 ? The docs are unclear. I have a DHCP server (D-link 704 router/switch) upstream of eth0, and I want the computer(s) downstream on eth1 to use the same DHCP server. So far, the computer in question is connecting to the DHCP server and to the internet just fine. I want to connect another computer to this one, via the eth1 and a crossover cable. The module for eth1 is loading fine during bootup. But I can't seem to initialize it fully. --- My network interfaces has this: # /etc/network/interfaces -- configuration file for LEAF network auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp My Pump configuration file (/etc/pump.conf ) has this: retries 3 script /etc/pump.shorewall device eth0 { } My Pump default config file (/etc/default/pump) has this: IFACES=eth0 --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html