[Leaf-user] Problems with PPP, first packet lost
Hi! I have been working fine with my EigerStein2Beta for some time now but I still have one annoying bug that I want to solve now. My router uses pppd which I got from a ppp package somewhere. when one machine tries to access the net, the dial-on-demand pppd dials happily to the net, but my stupid windoze browser times out. I recall that with the 2.0.36 kernels, you would do a echo 1 /proc/somewhere and the router would save the first packet so it will not be lost. Now is this available for the 2.2.16 series of kernels, or is my request not solved by this thing? Thanks for all your help Luis Correia ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Proxy ARP DMZ to Internal Forwarding
Now that my system is FINALLY up and working at 95%, there is one thing not behaving as expected. I have been looking thru my doc links, trying to find a reference to this, and came up blank. I thought I had read somewhere that the default behavior was to allow all traffic from Internal to DMZ --- useful for managing the servers that live there; but disallowing DMZ-initiated traffic back into the Internal network. This is how things are supposed to work. The internal net to DMZ connection is made by masquerading the internal net to the IP of the firewall, so outbound stuff from the internal net to the DMZ is allowed, but the DMZ systems cannot directly see the internal network. Here's what I am getting: Jun 25 06:42:16 cuinn kernel: Packet log: forward DENY eth1 PROTO=6 64.81.226.171:80 192.168.1.201:2539 L=48 S=0x00 I=1095 F=0x4000 T=63 (#41) For everything, including pings and UDP... Filters (I'm still no ace at reading this): For whatever reason, there is no masquerade rule in the forward chain hooking the internal net to the DMZ...there's just the 'global' masquerade rule for the internet (on eth0). Post or e-mail your /etc/ipfilter.conf and I'll take a look at it... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Proxy ARP DMZ to Internal Forwarding
Charles,
Here's the output --- thanks again:
#
#
# ipfilter.conf This file contains the functions that contain the firewall
# and ipfilter configuration. This is an example setup for
# IP masquearding
#
IPFILTER_CONF_VERSION=20010330
# set -x # Uncomment for script debug
IPCH=/sbin/ipchains --no-warnings
IPMASQADM=/usr/sbin/ipmasqadm
# DONT change this!
LOCAL_NET=127.0.0.0/8
LOCAL_IP=127.0.0.1
# Some functions to handle Protocol IP Port tuples
echoProto () {
local IFS='_'
set -- $1
echo $1
}
echoIp () {
local IFS='_'
set -- $1
echo $2
}
echoPort () {
local IFS='_'
set -- $1
echo $3
}
echoIpPort () {
local IFS='_'
set -- $1
echo $2 $3
}
echoSrvIpPort () {
local IFS='_'
set -- $1
echo $4 $5
}
echoMrkMark () {
local IFS='_'
set -- $1
echo $1
}
echoMrkProto () {
local IFS='_'
set -- $1
echo $2
}
echoMrkIpPort () {
local IFS='_'
set -- $1
echo $3 $4
}
echoBpSrc () {
local IFS='_'
set -- $1
echo $2
}
echoBpDstPort () {
local IFS='_'
set -- $1
echo $3 $4
}
echoFwDstPort () {
local IFS='_'
set -- $1
echo $2
}
echoFwSrcIp () {
local IFS='_'
set -- $1
echo $1
}
# A function to filter out Martian source addresses
stopMartians () {
local LIST=$1
shift
# The source addresses listed here are conservatively
# invalid as they are either used as broadcast/multicast
# destation addresses, a special value in IP stacks, loopback
# networks and illegal/ambiguous Classed IP addressing networks.
#
# You can add your 'martian/invalid' source address blocks to the
# MARTIAN_NETS list in /etc/network.conf
# All ones, all zeroes
$IPCH -A $LIST -j DENY -p all -s 0.0.0.0 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 255.255.255.255 -d 0/0 -l $*
# Loop back addresses
$IPCH -A $LIST -j DENY -p all -s 127.0.0.0/8 -d 0/0 -l $*
# Multicast source addresses
$IPCH -A $LIST -j DENY -p all -s 224.0.0.0/4 -d 0/0 -l $*
# RFC 1918/1627/1597 blocks
$IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 172.16.0.0/12 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 192.168.0.0/16 -d 0/0 -l $*
# IANA reserved blocks (Martians from the gated restricted list
# - actually impossible/ambiguous classed networks)
$IPCH -A $LIST -j DENY -p all -s 0.0.0.0/8 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 128.0.0.0/16 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 191.255.0.0/16 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 192.0.0.0/24 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 223.255.255.0/24 -d 0/0 -l $*
# Class E address (experimental use)
$IPCH -A $LIST -j DENY -p all -s 240.0.0.0/4 -d 0/0 -l $*
# Addtions/other IANA reserved blocks
for NET in $MARTIAN_NETS; do
$IPCH -A $LIST -j DENY -p all -s $NET -d 0/0 -l $*
done; unset NET
}
# A function to block services that give trouble on an IFACE
standardBlock () {
local LIST=$1
shift
# Block SMB/Windows networking to protect Windows boxes and to stop
# Windows NT doing braindead things with mail, www, etc
# This also prevents Internet Explorer spraying user logins
# and passwords everywhere
$IPCH -A $LIST -j REJECT -p tcp -s 0/0 -d 0/0 netbios-ns $*
$IPCH -A $LIST -j REJECT -p tcp -s 0/0 -d 0/0 135 $*
$IPCH -A $LIST -j REJECT -p udp -s 0/0 -d 0/0 netbios-ns $*
$IPCH -A $LIST -j REJECT -p udp -s 0/0 -d 0/0 135 $*
$IPCH -A $LIST -j REJECT -p tcp -s 0/0 -d 0/0
netbios-dgm:netbios-ssn $*
$IPCH -A $LIST -j REJECT -p udp -s 0/0 -d 0/0 netbios-dgm $*
$IPCH -A $LIST -j REJECT -p udp -s 0/0 netbios-ns:netbios-dgm -d 0/0 $*
$IPCH -A $LIST -j REJECT -p udp -s 0/0 135 -d 0/0 $*
$IPCH -A $LIST -j REJECT -p tcp -s 0/0 netbios-ns:netbios-ssn -d 0/0 $*
$IPCH -A $LIST -j REJECT -p tcp -s 0/0 135 -d 0/0 $*
}
# A function to control SNMP access on a network
snmpBlock () {
local LIST=$1
local DEST_IP=$2
local SNMP_IP
shift 2
if [ $SNMP_BLOCK != YES -a $SNMP_BLOCK != Yes \
-a $SNMP_BLOCK != yes ] ; then
return 0
fi
for SNMP_IP in $SNMP_MANAGER_IPS; do
$IPCH -A $LIST -j ACCEPT -p udp -s $SNMP_IP -d $DEST_IP 161:162 $*
done; unset SNMP_IP
$IPCH -A $LIST -j REJECT -p udp -s 0/0 -d $DEST_IP 161:162 -l $*
}
# A function to build rule chains for checking the overlapping IP space
# when running a proxy-arp'd DMZ network
ipfilter_dmzChain
Re: [Leaf-user] Problems with PPP, first packet lost
Luis.F.Correia, 2001-06-22 16:26 +0100 I have been working fine with my EigerStein2Beta for some time now but I still have one annoying bug that I want to solve now. My router uses pppd which I got from a ppp package somewhere. when one machine tries to access the net, the dial-on-demand pppd dials happily to the net, but my stupid windoze browser times out. I recall that with the 2.0.36 kernels, you would do a echo 1 /proc/somewhere and the router would save the first packet so it will not be lost. Now is this available for the 2.2.16 series of kernels, or is my request not solved by this thing? Luis, I hope this helps. string: ip_dynaddr site:linuxdoc.org http://www.google.com/search?q=ip_dynaddr+site%3Alinuxdoc.org -- Mike Noyes [EMAIL PROTECTED] FAQs sec00: LEAF SourceForge Site Answers How do I request help? http://sourceforge.net/docman/display_doc.php?docid=1891group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] DAC960.o module needed
Howdy all- I need the module for a DAC960 SCSI RAID card (Mylex Acceleraid 250) for kernel 2.2.16 (I'm running lrp2.9.8). Does anyone have this module that they can send me? Or know of anyplace that I can download it? I don't have a 2.2.16 box around to compile on and I need this for my LRP disaster recovery disk. Thanks again, Zack ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] my head is spinning (long)
Jack Coates wrote: How would all you smart people suggest improving this? My router is a 486/33 with 24mb RAM and an unused 341mb drive, booting from (2) 1680kb floppies (92% and 68% full). I would like: * updated version, like Dachenstein or Oxygen -- these haven't been focussing on PPP though. Only reason I haven't is that every time I attempt PPP, it seems to take a LONG time to get it right, and causes a lot of headaches in the meantime. Last time I tackled it, I couldn't understand why no one could connect. Then I discovered if you stretched the time out to over three minutes, you could connect (using Win95). After compiling a special version of pppd with better logging, I finally found that it was the inability to communicate with the DNS server that was causing this! And this after a month of haggling I also discovered that ppp.lrp and pppd.lrp conflict with one another, and they aren't up to date either. I have to admit that the option which has looked best to date is FTP installing a full Linux distro or FreeBSD on that little hard drive :-( A regular Unix toolkit instead of busybox and a packaging system would be pretty handy. busybox now supports unpacking RPMs and *.deb files; that comes pretty close. I've been looking at full (small) distributions. For 341M, you should be able to install something like Red Hat if you tweak it and remove a lot of the excess. I'd like to create a Red Hat or Mandrake based distro that would work in just a system as yours... You might want to consider Peanut - it is also designed for small environments like your 486. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] OT: KVM switches
pn] Does anyone here use a KVM switch for GUI workstations? I use the old manual switch boxes for my LRP machines because quality video needs are low. But I've been using a Belkin Omni-Cube 4-port for X/Linux and Windows boxes and am unsatisfied with the video degradation. I'd appreciate any feedback on reasonably-priced KVM switches with decent video performance. Thanks. --- Peter Nosko _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] VPN ?
Hi, I've setup an Eigerstein2BETA system, just starting to play around with it. Is it possible to have it run a vpn server so that I can have outside ssh clients connect to servers in the internal network? Do I have to start using a hard disk instead of floppy? ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] OT: KVM switches
I just went through that same problem of crappy video. What resolution are you using and how long is your cables? Are you getting ghosting? If so, shitcan those cheap ass cables and get one that is shielded. I just picked up a ps/2 set from cyberguys.com for $23 bucks and it solved all the problems. BTW, I am using an OmniView SE 4 port. I use the other crappy cables for text based machines that don't need high resolution. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Nosko Sent: Monday, June 25, 2001 17:48 To: Leaf-User Subject: [Leaf-user] OT: KVM switches pn] Does anyone here use a KVM switch for GUI workstations? I use the old manual switch boxes for my LRP machines because quality video needs are low. But I've been using a Belkin Omni-Cube 4-port for X/Linux and Windows boxes and am unsatisfied with the video degradation. I'd appreciate any feedback on reasonably-priced KVM switches with decent video performance. Thanks. --- Peter Nosko _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Newbie question perhaps.
I noticed you were responding to a question. Did you see the following posting? I received no response. Thanks a buncj if you can help. Glenn Glenn A. Thompson wrote: Hi all: I downloaded and configured Charles Steinkuehler's Static Eiger disk image. I managed to get it working with my intel ethernet cards and also added vim and set it up to port forward a fews services to multiple hosts. All works great. I have been using it for a month now with no poblems. So, now the facility that was using the LRP box (via the lan it sits on) will be connected to another facility through a local private T1. What I want to do is get LRP to firewall (masq and portforward) for both facilities. The current plan is to make one facility 192.168.1.0 and the other 192.168.2.0. I figured I would just use rip on the routers that route between the two facilities. Asumming this can be done, do I just add a second network to the INTERN_NET variable in the network.conf? I don't see any need for RIP, just create some static routes on the LRP box so it knows about all the networks. To connect everything to the internet, just add multiple CIDR network specifications to the INTERN_NET variable (NOTE: This only works with Eiger later firewall scripts). WARNING: Your internal networks won't be able to talk to each other unless you specifically create forwarding rules to allow the traffic. With the default Eiger scripts, this means editing /etc/ipfilter.conf. Clarification: I assume I need to add a static route from the LRP box to the the local loop router. I'm wanting the LRP box to be a choke firewall for two internal lans separated by a T1. This sounds appropriate given your text description of the network. Remember, a picture's worth a thousand words, even if it's an ascii-art network diagram ;-) Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] OT: KVM switches
pn] Nope, went there, done that. I have the deluxe 6' cables with ferrite cores on each end from the PCs to the switch (just like the cables that come with monitors, except longer) and I think a 10' cable from the monitor to the switch. I can't get much shorted than that with my setup. pn] My windows boxes are running 1152x864@100MHz. The 2 Linux boxes are the same resolution, but I don't know how to tell what the vertical refresh is on them. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Sent: Monday, June 25, 2001 18:30 To: [EMAIL PROTECTED] Subject: RE: [Leaf-user] OT: KVM switches I just went through that same problem of crappy video. What resolution are you using and how long is your cables? Are you getting ghosting? If so, shitcan those cheap ass cables and get one that is shielded. I just picked up a ps/2 set from cyberguys.com for $23 bucks and it solved all the problems. BTW, I am using an OmniView SE 4 port. I use the other crappy cables for text based machines that don't need high resolution. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Nosko Sent: Monday, June 25, 2001 17:48 To: Leaf-User Subject: [Leaf-user] OT: KVM switches pn] Does anyone here use a KVM switch for GUI workstations? I use the old manual switch boxes for my LRP machines because quality video needs are low. But I've been using a Belkin Omni-Cube 4-port for X/Linux and Windows boxes and am unsatisfied with the video degradation. I'd appreciate any feedback on reasonably-priced KVM switches with decent video performance. Thanks. --- Peter Nosko _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] OT: KVM switches
I also use the Belkin Omni-View, PS2, with 6 foot cables. As long as I stay with no higher than 1024x760 the video is okay. So I've been looking also, but the real good ones that work cost many times the price of the Omni-View, and I haven't seen a decently priced switch either. Sam Slade Peter Nosko wrote: pn] Does anyone here use a KVM switch for GUI workstations? I use the old manual switch boxes for my LRP machines because quality video needs are low. But I've been using a Belkin Omni-Cube 4-port for X/Linux and Windows boxes and am unsatisfied with the video degradation. I'd appreciate any feedback on reasonably-priced KVM switches with decent video performance. Thanks. --- Peter Nosko _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] FW: Leaf-user digest, Vol 1 #69 - 4 msgs
added both ttyp1 and ttyp2 to the /etc/securetty file, saved and rebooted putty still will not connect - get Remote Session Closed by Host any other suggestions to get this sshd going?? Message: 1 Date: Mon, 25 Jun 2001 09:14:05 -0700 (PDT) From: [EMAIL PROTECTED] To: Leaf-User@Lists. Sourceforge. Net [EMAIL PROTECTED] Subject: Re: [Leaf-user] Serial Console HOWTO problems - now sshd issues Reply-To: [EMAIL PROTECTED] On Mon, 25 Jun 2001, Kevin wrote: Sorry so late, tried everything I could to get this working. I have now dropped and tried the ssh option. I have successfully installed from two floppy set-up, can backup and have keys made ans saved. When I try to log-in via the putty program, the remote host closes the connection. Check that ttyp1 and ttyp2 are listed in /etc/securetty. You might also want to consider using firewall rules or /etc/hosts.deny to prevent logins from outside your lan. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] anyone using SBC ?
Hi, is anyone using SBC (single board computer) setups for LRP ? Where can I find small sbc's with enclosures that would allow me to build a compact appliance that runs LRP ? Thanks Ricardo ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Ram Disk size and ipmasqadm help
I have 32 meg ram in a p2 75 mhz box with two floppy's. I have the ram disk set up for 16 meg at the present time. Does LRP need the other 16 meg of memory to run the programs or do they run in the 16 meg? I need to add an ipmasqadm rule for IRC to see if that is the problem. I have looked at every config file in the lrcfg program and can not find a place to edit or add the rule. Can anyone shed some light on how to add? thanks ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] anyone using SBC ?
Ricardo Kleemann, 2001-06-25 15:21 -0800 is anyone using SBC (single board computer) setups for LRP ? Where can I find small sbc's with enclosures that would allow me to build a compact appliance that runs LRP ? Ricardo, Take a look at our hardware links. http://leaf.sourceforge.net/links.php?menu=2 -- Mike Noyes [EMAIL PROTECTED] FAQs sec00: LEAF SourceForge Site Answers How do I request help? http://sourceforge.net/docman/display_doc.php?docid=1891group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] FW: Leaf-user digest, Vol 1 #69 - 4 msgs
I disagree. ttyp0 ttyp1 - is not needed for ssh login. I recommend not having ttyp0 enabled in /etc/securetty. Perhaps you did not add sshd to /etc/hosts.allow sshd: 192.168.1.1 if you are only allowing logins from internal network single machine sshd: 192.168.1.0/255.255.255.0 for internal network not recommended sshd: ALL sshd: Kevin wrote: added both ttyp1 and ttyp2 to the /etc/securetty file, saved and rebooted putty still will not connect - get Remote Session Closed by Host any other suggestions to get this sshd going?? ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] OT: KVM switches
At 05:48 PM 06/25/2001 -0400, Peter Nosko wrote: pn] Does anyone here use a KVM switch for GUI workstations? I use the old manual switch boxes for my LRP machines because quality video needs are low. But I've been using a Belkin Omni-Cube 4-port for X/Linux and Windows boxes and am unsatisfied with the video degradation. I'd appreciate any feedback on reasonably-priced KVM switches with decent video performance. Thanks. --- Peter Nosko I'm using a Generic Brand manual KVM 4 station switch (SW192323M-4) $22.00 and 6' Video cables (UC1818-06) $6.00 from http://www.nwcable.com. I'm using it to connect a 17 CTX Ultra Screen and MS Natural KBD to 2 Windows and 2 Linux boxes. I can drive the monitor to 1600x1200 and it looks crisp. Much better than my eyes can handle. The two problems I have with this KVM. 1) The KVM must be switched to a Windows box during boot or it or it won't see the KBD. (It is a pain trying to use Windows without a KBD.) 2) The mouse drivers get confused when you switch between boxes which can require a reboot to fix. (I use a separate mouse for each computer.)
RE: [Leaf-user] OT: KVM switches
pn] What I've noticed is more important than the specific resolution/refresh rate is that all devices attached should use as similar as possible a resolution/refresh rate. But I still notice (most on the Win2K Server) several areas on the screen that waver, similar to the way you see heat rising off a road surface. I consider spending more, but I want to make sure that throwing money at the problem will actually solve it. Sam Slade Said: I also use the Belkin Omni-View, PS2, with 6 foot cables. As long as I stay with no higher than 1024x760 the video is okay. So I've been looking also, but the real good ones that work cost many times the price of the Omni-View, and I haven't seen a decently priced switch either. Sam Slade Peter Nosko wrote: pn] Does anyone here use a KVM switch for GUI workstations? I use the old manual switch boxes for my LRP machines because quality video needs are low. But I've been using a Belkin Omni-Cube 4-port for X/Linux and Windows boxes and am unsatisfied with the video degradation. I'd appreciate any feedback on reasonably-priced KVM switches with decent video performance. Thanks. --- Peter Nosko _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] RE: IPSEC problems
Charles, Thanks for the information so far! I added the following lines to the ipfilter.conf file at the end: $IPCH -A input -j ACCEPT -p 50 -s 64.241.69.122 -d 24.9.126.49 $IPCH -A input -j ACCEPT -p 51 -s 64.241.69.122 -d 24.9.126.49 $IPCH -A input -pupd -s 64.241.69.122 -d 24.9.126.49 500: -j ACCEPT $IPCH -A input -j ACCEPT -p 50 -s 24.9.126.49 -d 64.241.69.122 $IPCH -A input -j ACCEPT -p 51 -s 24.9.126.49 -d 64.241.69.122 $IPCH -A input -pupd -s 24.9.126.49 -d 64.241.69.122 500: -j ACCEPT I've also set all of the relevant interfaces in /proc/sys/net/ipv4/conf/interfacename/rp_filter to 0 The disks I'm using are Eigerstein 1 with the ipsec floppy kernel in a dual floppy configuration. The network is like this: private 192.168.10.0/24-Router cx1140290-c 24.0.0.0---Internet---Router 64.241.69.122-private 192.168.110.0/24 with the obvious goal of accessing the remote networks for misc. services such as printing SMB etc. In the barf log after the latest changes I can see that the packets are leaving but not showing up on the remote end. The rp_filter setting bothers me.. I figure you have it turned on in the kernel for a reason but Klips says it may not work with the settings as they are default. I also tried echowall 1.22 with this configuration with no apparent change. I have found several referances to using tcpdump to check traffic is there a lrp package for tcpdump? or maybe another utility for troubleshooting the network? Thank you everyone for your advice so far! John Abrams Network Navigators USA
Re: [Leaf-user] Ram Disk size and ipmasqadm help
Kevin wrote: I have 32 meg ram in a p2 75 mhz box with two floppy's. I have the ram disk set up for 16 meg at the present time. Does LRP need the other 16 meg of memory to run the programs or do they run in the 16 meg? You don't tell us which flavor of LRP you use. 6 megs for the ram drive is likely to be enough for most users The rest of the memory is used for the file system, buffers etc I need to add an ipmasqadm rule for IRC to see if that is the problem. I have looked at every config file in the lrcfg program and can not find a place to edit or add the rule. Can anyone shed some light on how to add? thanks perhaps if you tell us the version of your firewall - someone can help with your rule. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Serial Console HOWTO problems - now sshd issues
Kevin wrote: added both ttyp1 and ttyp2 to the /etc/securetty file, saved and rebooted putty still will not connect - get Remote Session Closed by Host any other suggestions to get this sshd going?? I agree with Victor, you don't have to add ttyp1 or ttyp2 and you must have the file /etc/hosts.allow configured correctly. Do you have the private key, identity, generated when sshd was installed, stored away somewhere for executing sessions with putty on your Winbox? You may also need to take a look in the /etc/ssh/sshd_config file: #This is ssh server systemwide configuration file. Port 22 #ListenAddress 0.0.0.0 ListenAddress My.internal.nic.ip HostKey /etc/ssh/ssh_host_key RandomSeed /etc/ssh/ssh_random_seed ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 #For root access via authorized keys only! #PermitRootLogin nopwd PermitRootLogin yes IgnoreRhosts no StrictModes yes QuietMode no X11Forwarding no X11DisplayOffset 10 FascistLogging no PrintMotd yes KeepAlive yes SyslogFacility DAEMON RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication no PermitEmptyPasswords no UseLogin no # PidFile /u/zappa/.ssh/pid AllowHosts My.internal.lan.ips # DenyHosts lowsecurity.theirs.com *.evil.org evil.org # Umask 022 # SilentDeny on RSAAuthentication option set to yes and PasswordAuthentication set to no allows only the machines on the LAN with a valid identity key without the password login option enabled to have access to the LRP machine. -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] OT: KVM switches
Peter Nosko wrote: pn] What I've noticed is more important than the specific resolution/refresh rate is that all devices attached should use as similar as possible a resolution/refresh rate. But I still notice (most on the Win2K Server) several areas on the screen that waver, similar to the way you see heat rising off a road surface. I consider spending more, but I want to make sure that throwing money at the problem will actually solve it. Check out Raritan and ask them why they are so expensive. Check out www.warehouse.com for lots of good KVM's. Find a place that offers satisfaction guaranteed and pay with a credit card. If you want these to work with Lrp, don't connect the mouse cable to the Lrp box. Best, Matt ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] sshd FIXED for my eiger with PPPoP!
Thank You! Victor! Thank You! Victor! Thank You! Victor! sshd: 192.168.1.0/255.255.255.0 in the /etc/hosts.allow did the trick I did not see that in the docs, so maybe it should be added somewhere for the others like me :) PS - I did delete the other entry of ttyp1 and ttyp2 in the security file Message: 7 Date: Mon, 25 Jun 2001 16:48:59 -0700 From: Victor McAllister [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] FW: Leaf-user digest, Vol 1 #69 - 4 msgs Reply-To: [EMAIL PROTECTED] I disagree. ttyp0 ttyp1 - is not needed for ssh login. I recommend not having ttyp0 enabled in /etc/securetty. Perhaps you did not add sshd to /etc/hosts.allow sshd: 192.168.1.1 if you are only allowing logins from internal network single machine sshd: 192.168.1.0/255.255.255.0 for internal network not recommended sshd: ALL sshd: Kevin wrote: added both ttyp1 and ttyp2 to the /etc/securetty file, saved and rebooted putty still will not connect - get Remote Session Closed by Host any other suggestions to get this sshd going?? winmail.dat
RE: [Leaf-user] OT: KVM switches
Currently using the 2 port Linksys KVM, and I can not sing its praises enough. runs my 21 monitor with no degradation (that I can see) at 1024x728 75 Hz. Monitor rates are one of the things that fall with cheap cables, and the Linksys cables seem to be pretty good. I picked mine up for $56.99 at MicroCenter in VA, this was in the opened bin, the regular price was $65. Morgan Reed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael D. Schleif Sent: Monday, June 25, 2001 11:09 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] OT: KVM switches Peter Nosko wrote: pn] Does anyone here use a KVM switch for GUI workstations? I use the old manual switch boxes for my LRP machines because quality video needs are low. But I've been using a Belkin Omni-Cube 4-port for X/Linux and Windows boxes and am unsatisfied with the video degradation. I'd appreciate any feedback on reasonably-priced KVM switches with decent video performance. Thanks. I highly recommend Linksys KVM's -- for the money, there are none better, IMHO };-Þ http://www.linksys.com/products/group.asp?grid=15 And, this is from somebody who's not likely to own anything else by Linksys ; We've used both the 2-port (PS2KVM2, http://www.linksys.com/products/product.asp?prid=129grid=15) and 4-port (PS2KVM4, http://www.linksys.com/products/product.asp?prid=137grid=15) for several months. Each can be had for well under $100, if you search aggressively. Very rarely have we seen any type of lockup -- usually, due to a connection kicked loose ; The only real gripe we have is, once in awhile, the cursor lags behind the mouse by a couple of milliseconds and you click; but, there's nothing quite there on which to click ; This is not as bad as it may sound -- difficult situation to describe -- but, for some of us who fly around blindly, not always watching what we're doing on automatic pilot, it can be mildly frustrating. What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] OT: KVM switches
On Monday 25 June 2001 08:52 pm, Morgan Reed wrote: Currently using the 2 port Linksys KVM, and I can not sing its praises enough. runs my 21 monitor with no degradation (that I can see) at 1024x728 75 Hz. Monitor rates are one of the things that fall with cheap cables, and the Linksys cables seem to be pretty good. I picked mine up for $56.99 at MicroCenter in VA, this was in the opened bin, the regular price was $65. I'm using the Belkin Omni-View 4 with Belkin 6-foot cable sets here. I found that: a) A system with an ATI Mach 4 on-board graphics adapter sucked when used through the KVM. b) A second system (which I now use as my main Linux desktop) with a Matrox Millenium II AGP produces excellent results with the same cables! -Tom -- Tom Eastep \ [EMAIL PROTECTED] ICQ #60745924\ http://seattlefirewall.dyndns.org Shoreline, Washington \__ ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] EchoWall and MSN Messenger
Any plans to add rules for MSN messenger file transfers and voice? This is one issue I have not been able to find an answer to. Thanks, Vance Price
[Leaf-user] dual modems in parrell
Hi all, I currently am using a eigerstein hdd image with ipsec kernal. I have been asked the question as to whether you can use two modems in parrell to share the link. Can this be done. Thanks in advance. Karl Ponsonby
Re: [Leaf-user] Traffic blocking script
Thanks, Tom! That was it. I rewrote the script in ae, and it worked immediately. --- Tom Eastep [EMAIL PROTECTED] wrote: On Monday 25 June 2001 07:35 am, Richard Lohman wrote: The space preceeding the !/bin/sh has been corrected, but I'm still getting the not found errors. When the system boots, the last thing that happens prior to the block.sh script is that Seawall is run. Here is a brief clip of the screen: -- ... Defining Seawall Chain done. : not found : not found : not found : not found : not found : not found : not found : not found : not found : not found Starting /usr/bin/dnscache... ... These are the symptoms of a shell script whose lines are terminated with CRLF. -Tom -- Tom Eastep \ [EMAIL PROTECTED] ICQ #60745924\ http://seattlefirewall.dyndns.org Shoreline, Washington \__ = - | Richard J. Lohman| If you always do what you've | | Net. Engr./Asst Director | always done, you'll always | | Data Processing Dept.| get what you've always | | Porter County, IN| got. | - __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
