Re: [leaf-user] [Fwd: [Shorewall-users] WebGUI Scripts announcement]
Andrea, >My I ask a question to the list: is it possible to revamp the 'classic' >Bering making new kernel releases and new packages available? How many >request there are - if any - about this? I personally don't like the uClibC >version. Just curious, what don't you like about the uClibc version? Eric --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] [Fwd: [Shorewall-users] WebGUI Scripts announcement]
Erich, I have to admit that webconf is great -- the reason because I've not noticed it is that I didn't find suitable to focus on extra small distro - like the ones allowed by uClibC - due to the cheap opportunities offered by today's CF -- storage space is no more an issue. It would be great to give new life to the classic Bering branch - I can offer some contribution for the docs even if my 'personal interpretation' of the english language should sound 'too personal'. I'm waiting for both webconf & mini_httpd (SSL ready would be a plus) for Bering glibc. Let's resuscitate it! Cheers, - Andrea - Original Message - From: "Erich Titl" <[EMAIL PROTECTED]> To: "Andrea Galmacci - awd" <[EMAIL PROTECTED]> Cc: Sent: Friday, March 11, 2005 8:49 AM Subject: Re: [leaf-user] [Fwd: [Shorewall-users] WebGUI Scripts announcement] > Andrea > > Andrea Galmacci - awd wrote: > > >Not really Erich - where I can find it? The LEAF site has become almost > >unusable and most of the links are dead... > > > > > Try to search the leaf-devel archives for webconf. Nathan Angelacos > wrote and published it. I have it on my revamped Bering... > > >My I ask a question to the list: is it possible to revamp the 'classic' > >Bering making new kernel releases and new packages available? How many > >request there are - if any - about this? I personally don't like the uClibC > >version. > > > > > I am right now using a 2.4.24 kernel with the old glibc 2.0.7 > libraries. I ported/upgraded a number of packages to it but did not > release much, mostly because I am simply too lazy to write a good > documentation. Mind you, I am not concentrating on floppy images. Most > of my installations run from either a CF or DOM. > > I will make webconf and mini-httpd available for Bering glibc asap. > > cheers > > Erich > > > --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Cant connect to external https site
Hi list! (Bering 1.1, problem also verified with Bering-uClibc 2.2.3) I've been buying electronic components for years from my suppliers webshop. Suddenly, starting last week, I cannot connect from any local computer to their secure area (https). My internet bank still works perfectly and other suppliers webshops also works, and general web surfing also works as usual with Bering. I contacted the supplier and they claim that they have made no change to their webshop system. There seems to be no data at all being NAT:ed from their secure area to my local computers. I made some test with tcpdump when I press the connect button in my web browser Connection does not work: # tcpdump host elfa.se tcpdump: listening on eth0 09:39:30.587001 xxx.yyy.84.147.1194 > elfa.se.https: S 1118119148:1118119148(0) win 65535 (DF) 09:39:30.604900 elfa.se.https > xxx.yyy.84.147.1194: S 2629104900:2629104900(0) ack 1118119149 win 32768 (DF) 09:39:30.606431 xxx.yyy.84.147.1194 > elfa.se.https: . ack 1 win 65535 (DF) 09:39:30.606843 xxx.yyy.84.147.1194 > elfa.se.https: P 1:121(120) ack 1 win 65535 (DF) 09:39:30.629747 elfa.se.https > xxx.yyy.84.147.1194: P 1:80(79) ack 121 win 32768 (DF) 09:39:30.630973 elfa.se.https > xxx.yyy.84.147.1194: P 80:86(6) ack 121 win 32768 (DF) 09:39:30.631847 xxx.yyy.84.147.1194 > elfa.se.https: . ack 86 win 65450 (DF) 09:39:30.633499 elfa.se.https > xxx.yyy.84.147.1194: P 86:147(61) ack 121 win 32768 (DF) 09:39:30.635528 xxx.yyy.84.147.1194 > elfa.se.https: P 121:1106(985) ack 147 win 65389 (DF) 09:39:30.713990 elfa.se.https > xxx.yyy.84.147.1194: . ack 1106 win 32768 (DF) 09:39:32.187718 elfa.se.https > xxx.yyy.84.147.1194: P 147:654(507) ack 1106 win 32768 (DF) 09:39:32.195145 elfa.se.https > xxx.yyy.84.147.1194: P 654:2034(1380) ack 1106 win 32768 (DF) 09:39:32.198187 xxx.yyy.84.147.1194 > elfa.se.https: . ack 2034 win 65535 (DF) 09:39:32.197898 elfa.se.https > xxx.yyy.84.147.1194: P 2034:3414(1380) ack 1106 win 32768 (DF) 09:39:32.225221 elfa.se.https > xxx.yyy.84.147.1194: . 3414:4794(1380) ack 1106 win 32768 (DF) 09:39:32.227529 xxx.yyy.84.147.1194 > elfa.se.https: . ack 4794 win 65535 (DF) 09:39:32.229098 elfa.se.https > xxx.yyy.84.147.1194: . 4794:6174(1380) ack 1106 win 32768 (DF) 09:39:32.253142 elfa.se.https > xxx.yyy.84.147.1194: . 6174:7554(1380) ack 1106 win 32768 (DF) 09:39:32.255430 xxx.yyy.84.147.1194 > elfa.se.https: . ack 7554 win 65535 (DF) 09:39:32.265453 elfa.se.https > xxx.yyy.84.147.1194: . 8503:9883(1380) ack 1106 win 32768 (DF) 09:39:32.267712 xxx.yyy.84.147.1194 > elfa.se.https: . ack 7554 win 65535 (DF) 09:39:32.268511 elfa.se.https > xxx.yyy.84.147.1194: . 9883:11263(1380) ack 1106 win 32768 (DF) 09:39:32.270768 xxx.yyy.84.147.1194 > elfa.se.https: . ack 7554 win 65535 (DF) 09:39:32.290157 elfa.se.https > xxx.yyy.84.147.1194: . 11263:12643(1380) ack 1106 win 32768 (DF) 09:39:32.292997 xxx.yyy.84.147.1194 > elfa.se.https: . ack 7554 win 65535 (DF) 09:39:32.292746 elfa.se.https > xxx.yyy.84.147.1194: . 12643:14023(1380) ack 1106 win 32768 (DF) 09:39:32.295213 xxx.yyy.84.147.1194 > elfa.se.https: . ack 7554 win 65535 (DF) Connection works: # tcpdump host www.skandiabanken.se tcpdump: listening on eth0 09:43:42.19 xxx.yyy.84.147.1212 > www.skandiabanken.se.https: S 1181752056:1181752056(0) win 65535 (DF) 09:43:42.209103 www.skandiabanken.se.https > xxx.yyy.84.147.1212: S 2946904773:2946904773(0) ack 1181752057 win 17520 (DF) 09:43:42.211559 xxx.yyy.84.147.1212 > www.skandiabanken.se.https: . ack 1 win 65535 (DF) 09:43:42.211841 xxx.yyy.84.147.1212 > www.skandiabanken.se.https: P 1:106(105) ack 1 win 65535 (DF) 09:43:42.236244 www.skandiabanken.se.https > xxx.yyy.84.147.1212: . 1:1461(1460) ack 106 win 17415 (DF) 09:43:42.236641 www.skandiabanken.se.https > xxx.yyy.84.147.1212: P 1461:2178(717) ack 106 win 17415 (DF) 09:43:42.239854 xxx.yyy.84.147.1212 > www.skandiabanken.se.https: . ack 2178 win 65535 (DF) 09:43:42.255086 xxx.yyy.84.147.1212 > www.skandiabanken.se.https: P 106:288(182) ack 2178 win 65535 (DF) 09:43:42.279716 www.skandiabanken.se.https > xxx.yyy.84.147.1212: P 2178:2221(43) ack 288 win 17233 (DF) 09:43:42.283726 xxx.yyy.84.147.1212 > www.skandiabanken.se.https: P 288:943(655) ack 2221 win 65492 (DF) 09:43:42.302365 www.skandiabanken.se.https > xxx.yyy.84.147.1212: P 2221:2246(25) ack 943 win 16578 (DF) 09:43:42.323868 xxx.yyy.84.147.1212 > www.skandiabanken.se.https: P 943:1047(104) ack 2246 win 65467 (DF) 09:43:42.347936 www.skandiabanken.se.https > xxx.yyy.84.147.1212: . 2246:3706(1460) ack 1047 win 16474 (DF) 09:43:42.350027 www.skandiabanken.se.https > xxx.yyy.84.147.1212: . 3706:5166(1460) ack 1047 win 16474 (DF) 09:43:42.352874 xxx.yyy.84.147.1212 > www.skandiabanken.se.https: . ack 5166 win 65535 (DF) 09:43:42.354149 www.skandiabanken.se.https > xxx.yyy.84.147.1212: . 5166:6626(1460) ack 1047 win 16474 (DF) 09:43:42.356141 www.skandiabanken.se.https > xxx.yyy.84.147.1212: P 6626:8069(1443) ack 1047 win 16474 (DF) 09:43:42.358896 xxx.yy
[leaf-user] Cant connect to external https site
Came to my mind that anyone can test: Browse to http://www.elfa.se/en/ and press the button "Order status" at the bottom of the page. For me nothing comes up and the browser times out after a while. (You dont need an account at Elfa to test this) /Lars --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Cant connect to external https site
Tried it in Opera and it came back with an Order Status page asking for order Number! I use Bering uclibc 2.2 and Squid 2.5 stable ymmv, sorry I cannot be more helpful. Ask away of you like! Regards, Matt > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Lars > Sent: Friday, March 11, 2005 8:34 PM > To: leaf-user@lists.sourceforge.net > Subject: [leaf-user] Cant connect to external https site > > Came to my mind that anyone can test: > > Browse to http://www.elfa.se/en/ and press the button "Order > status" at the bottom of the page. For me nothing comes up > and the browser times out after a while. (You dont need an > account at Elfa to test this) > > /Lars > > > > > --- > SF email is sponsored by - The IT Product Guide Read honest & > candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > -- > -- > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Cant connect to external https site
lars, UI just tried it with Mozilla and got no problem. Firewall: Bering uclibc 2.1 on an 66 Mhz Winchip (memory only no disks) Joep On Fri, 2005-03-11 at 11:33, Lars wrote: > Came to my mind that anyone can test: > > Browse to http://www.elfa.se/en/ and press the button > "Order status" at the bottom of the page. For me > nothing comes up and the browser times out after a > while. (You dont need an account at Elfa to test this) > > /Lars > > > > > --- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Cant connect to external https site
Tried IE 6.0.29 and Firefox 1.0. Both came up with an order status screen. Bering 2.2.2 - Bob Coffman -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lars Sent: Friday, March 11, 2005 5:34 AM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] Cant connect to external https site Came to my mind that anyone can test: Browse to http://www.elfa.se/en/ and press the button "Order status" at the bottom of the page. For me nothing comes up and the browser times out after a while. (You dont need an account at Elfa to test this) /Lars --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Some stupid question (IPSec VPN)
Hi all, Just a fast stupid question. I want to create a lot (~20) LAN to LAN tunnels using OpenSwan. Do I need an ipsec device for each one? From memory, default kernel comes with 4 of such devices, do you need to recompile to get more? Also, in this same machine want to stablish a Roadwarrior - LAN scenario with around 10 users. Again, do I need an ipsec device for each one? Very thankful in advance. PS.- Yes, I know I should ask in OpenSwan list, but I'm already subscribed to a lot of lists and don't want to subscribe to a new one just for one question :) -- Jaime Nebrera - [EMAIL PROTECTED] --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some stupid question (IPSec VPN)
On Friday 11 March 2005 10:58, Jaime Nebrera wrote: > Hi all, > > Just a fast stupid question. > Fast stupid answer: From my experience, ipsec[n] gets mapped to a physical interface; so as long as you don't have ~20 gateways to the Internet, you should be fine. If your "home office" lan has 1 gateway to the internet, you will end up using only ipsec0 for all 30 (20 lan + 10 rw) connections. > I want to create a lot (~20) LAN to LAN tunnels using OpenSwan. Do I > need an ipsec device for each one? From memory, default kernel comes > with 4 of such devices, do you need to recompile to get more? > > Also, in this same machine want to stablish a Roadwarrior - LAN > scenario with around 10 users. Again, do I need an ipsec device for each > one? > > Very thankful in advance. > > PS.- Yes, I know I should ask in OpenSwan list, but I'm already > subscribed to a lot of lists and don't want to subscribe to a new one > just for one question :) --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some stupid question (IPSec VPN)
Hi Jaime, I have not many occasions to help, so . Jaime Nebrera wrote: Hi all, Just a fast stupid question. I want to create a lot (~20) LAN to LAN tunnels using OpenSwan. Do I need an ipsec device for each one? From memory, default kernel comes with 4 of such devices, do you need to recompile to get more? If I commit no error, an ipsec device is associated to a network interface (ppp0, or eth0). you must define several ipsecN interfaces only if you use several network interfaces (and this case is seldom...) So, in your case, if you use the eth0 interface for the "Internet" connection, you can set up several ipsec tunnels only through the ipsec0 device. Also, in this same machine want to stablish a Roadwarrior - LAN scenario with around 10 users. Again, do I need an ipsec device for each one? Here, I am certain : with roadwarrior clients, only one ipsec device is needed. Very thankful in advance. PS.- Yes, I know I should ask in OpenSwan list, but I'm already subscribed to a lot of lists and don't want to subscribe to a new one just for one question :) Fabrice --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some stupid question (IPSec VPN)
Jaime Nebrera wrote: Hi all, Just a fast stupid question. I want to create a lot (~20) LAN to LAN tunnels using OpenSwan. Do I need an ipsec device for each one? From memory, default kernel comes with 4 of such devices, do you need to recompile to get more? As mentioned, you need one ipsec device per physical interface used with OpenSwan. You shouldn't need more than one unless you've got multiple upstream links to various ISP's. Also, in this same machine want to stablish a Roadwarrior - LAN scenario with around 10 users. Again, do I need an ipsec device for each one? No. But you do need to be careful about how you arrange your IPSec infrastructure. You'll want to stay away from pre-shared-secrets (which dramatically limit your options in setting up road-warrior connections with different settings) and instead use RSA keys or certificates, which allow unique per-client settings (as well as much better security, since you don't have the same secret shared between ~10 people...as Benjamin Franklin said, "Three may keep a secret if two of them are dead" :-). -- Charles Steinkuehler [EMAIL PROTECTED] --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] [Fwd: [Shorewall-users] WebGUI Scripts announcement]
On Wed, 2005-03-09 at 15:42, Tom Eastep wrote: > This is my second attempt to forward this announcement to the Leaf User > list -- the first one is being held for moderation and my experience > with this list is that posts held for moderation sit for a week and then > are rejected without comment Tom, I'm the list admin, and I don't process held messages every day. The only reasons for posts being held follow: Post from an email address not subscribed to the list. Only messages with a content-type of "text/plain" or "multipart/signed" are automatically posted to the list. All other content-types, and base64 encoded posts are held for administrative action. Using leaf-user https://lists.sourceforge.net/lists/listinfo/leaf-user -- Mike Noyes http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] [Fwd: [Shorewall-users] WebGUI Scripts announcement]
Mike Noyes wrote: > > Only messages with a content-type of "text/plain" or > "multipart/signed" are automatically posted to the list. All > other content-types, and base64 encoded posts are held for > administrative action. > I typically have my mailer configured to forward posts as attachments. I had to temporarily reconfigure it to forward in-line. I used to have restrictive policies like that for the Shorewall lists but found that simply making them closed to non-members solves the problem without the hassle of having to moderate. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Cant connect to external https site
Thanks to Matthew, Danny, Joel and Robert (did I forget someone?)who tested to access the site witout problem. The strange thing is that I moved the Bering-uClibc box home over the weekend and now it also works for me. The only difference is that I now use a different ISP. When I cannot access the site I am connected via a radio lan serving many customers in the area. Can this possibly have anything to do with connection problems like this? I have not had any problems with any other site. /Lars Peterson --- Lars <[EMAIL PROTECTED]> wrote: > Came to my mind that anyone can test: > > Browse to http://www.elfa.se/en/ and press the > button > "Order status" at the bottom of the page. For me > nothing comes up and the browser times out after a > while. (You dont need an account at Elfa to test > this) > > /Lars > > > --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html