Re: [leaf-user] trouble accessing firewall
Hi At 20:06 07.04.2004 -0400, Dave Rose wrote: I am standing up a bering firewall and have made it through the 3c509 troubleshooting phase, or so I thought. I am unable to ping the internal side of the firewall from my other computers. I am not sure icmp to the firewall is enabled in shorewall by default. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OpenVPN on Bering
I'm only posting a reply to the LEAF list since that is where I prefer Leaf Shorewall support to be handled. I also dislike getting involved in mail threads that are cross-posted on several lists. AdStar wrote: I'm trying to setup a VPN (openvpn version 1.5.0) connection from my home (ADSL, static IP) to my Office (Static IP). Both networks have a leaf Bering machine as there firewalls, both running shorewall 1.4.7c. I followed the guide at http://www.shorewall.net/1.4/OPENVPN.html but I'm not 100% sure I have got it right. I can get the openvpn side of things to connect but cannot ping any machines on either side of the VPN from the firewall or internal machines. a) Your Shorewall rules/policies don't permit and fw-vpn traffic so that rules out fw access via the tunnel. b) I believe that the routes that you are adding are specifying the wrong gateway -- they should specify the remote end of the tunnel as the gateway, not the local end. c) I suggest that you shorewall clear then debug your tunnel. Once it is working that way *then* start Shorewall. You will then be confident that any remaining problems are in your Shorewall config and not in your tunnel/routing setup. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] trouble accessing firewall
Really wouldn't matter, just yet, that ping isn't enabled. If he has no link light from the LEAF box on his switch/hub, and no light on the networking card, then there's an issue that's lower than Layer 3 (IP), and probably an issue at Layer 1 (Physical). After he figures out the reason he doesn't have link, then yeah, the firewall issue with ICMP comes into play. :) Henning Jebsen wrote: Did you allow pinging to/from the firewall ? You have to switch it on explicitly in recent versions: http://www.shorewall.net/ping.html Greetings ! --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Open Brick E
Bao, I've tried Lexar and SanDisk. I've tried both DOS and LEAF boot images on each of the CFs. I've used both Linux and DOS fdisk programs. I've tried every combination imaginable, and in all cases the boot terminates at Verifying DMI Data Pool. Do you have any ideas? Roger leaf-user-request @lists.sourceforge.net Sent by: leaf-user-admin 04/07/2004 11:03 PM Please respond to leaf-user To: [EMAIL PROTECTED] cc: Subject:leaf-user digest, Vol 1 #2233 - 3 msgs Date: Wed, 7 Apr 2004 21:18:45 -0400 From: Bao C. Ha [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Open Brick E On Wed, Apr 07, 2004 at 07:47:43PM -0400, Roger E McClurg wrote: Hi Roger, Is anyone running LEAF on the OpenBrick E hardware with compact flash? If so, can you please tell me what brand you are using? Lexar seems to be the best. We do use other brands occasionally. Bao -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 530-8817 fax: (714) 530-8818 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Open Brick E
On Thu, Apr 08, 2004 at 12:17:51PM -0400, Roger E McClurg wrote: Hi Roger, I've tried Lexar and SanDisk. I've tried both DOS and LEAF boot images on each of the CFs. I've used both Linux and DOS fdisk programs. I've tried every combination imaginable, and in all cases the boot terminates at Verifying DMI Data Pool. Do you have any ideas? It usually means that the CF still has some DOS information on its boot sector. What boot loader are you using? I just use Grub, since it seems to work better than syslinux. Bao -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 530-8817 fax: (714) 530-8818 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] trouble accessing firewall
Thank you to everyone who responded to my request for help. It appears that I was the victim of my own stupidity. I inadvertantly grabbed an old 100MB hub to use (not a 10/100MB hub). Needless to say, the 3c509 cards did not work. I have replaced the hub and everything is fine now. On another note, I have determined that there is a small but vital piece of information missing from the linux Ethernet HOWTO. That is, if you attempt to specify any parameters on the 3c509 driver line(s) in the /etc/modules file, the driver will NOT load. Once the cards are appropriately set with the DOS utility, the simple 3c509 entry works like a charm. Thanks again, Dave - Original Message - From: Dave Rose [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 8:06 PM Subject: [leaf-user] trouble accessing firewall I am standing up a bering firewall and have made it through the 3c509 troubleshooting phase, or so I thought. I am unable to ping the internal side of the firewall from my other computers. My hardware - 486DX4 100Mhz PCI video card 20MB RAM Floppy disk 3c509B-TP (I have two of these cards installed in the ISA bus) Hardware configuration --- NO Hard drive (controller disabled in BIOS) NO comm/parallel ports (disabled in BIOS) Set the 3c509-TP cards to IRQ7,5 and IO addresses of 0x300,0x280 and disabled the ISA plug and play feature and successfully ran the 3COM diagnostics function on each card) Software configuration 1.) downloaded the bering 1.2 software (Windows utility to make the boot floppy- Bering_1.2_img_bering-1680.exe from http://download.sourceforge.net/leaf/) 2) downloaded the bering 1.2 modules (Bering_1.2_modules_2.4.20.tar.gz from http://download.sourceforge.net/leaf/) 3) I booted the floppy I made in the first step and added the 3c509.o ethernet card driver to /lib/modules 4.) I modified /etc/modules to add the line 3c509 5) I pretty much left /etc/network/interfaces to the default settings since they are set up initially for the configuration that I am looking for The problem Although the system recognizes both cards (IRQs and IO addresses) at startup, the eth1 interface fails to activate, light up the led on the hub and can not be pinged from my other workstation on the internal lan. Any ideas how to proceed would be much appreciated. Thanks Dave --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] HDPARM
Personally, I'd second this 'motion' for this to be posted to SF. A large factor in my deciding to go with a 2-floppy setup (vs a HD) was my desire to reduce energy consumption on my box which runs 7/24. I even underclocked the CPU so as to be able to disconnect the PS-fan and keep it further quiet and less energy-consuming! As we watch energy prices rise (not to mention the problem of global climate change caused by CO2 emissions from, in part, electrical generating stations) this HD-powerdown, though small in it's energy CO2 savings, is nonetheless a step in the right direction. scott; canada Roger E McClurg wrote: I created an hdparm.lrp package for Bering 1.2. It uses the 5.2 version of hdparm from RedHat 9.0. The package includes a script called spindown. Spindown will automatically put the HD into standby mode (hdparm -y) at the end of the boot process. I can send it to anyone interested, but if the developers think it is useful maybe one of them will agree to put it up on Sourceforge. Roger --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html