Re: [Leaf-user] modules.conf
I was one of the people having trouble with Intel EtherExpress NICs. The wise ones of the list suggested to me this format to use in /etc/modules: (module name) -o (alias) (options to pass to module) Kim, if I'm understanding your post correctly one of your modules is ppp_mppe and the alias you want to establish for it is ppp-compress-18. If this is true then the entries you should use in /etc/modules are: ppp_mppe -o ppp-compress-18 bsd_comp -o ppp-compress-21 ppp_deflate -o ppp-compress-24 ppp_deflate -o ppp-compress-26 Someone please correct me if I'm wrong. Brent Gardner Network Administrator IPRO Tech, Inc. 602-324-4776 [EMAIL PROTECTED] wrote: > > > [EMAIL PROTECTED] wrote: > > > > Aanhalen Jeff Newmiller <[EMAIL PROTECTED]>: > > > > > On Tue, 3 Jul 2001, Kim Oppalfens wrote: > > > > > > > Hi listmembers, > > > > > > > > > > > > I am looking for the file that would replace the modules.conf file of > > > > > > > a normal complete linux distribution in Eigerstein beta 2 > > > > > > Omitted to save disk space. > > > > > hmmm...I am wondering if you could still make your aliases in > /etc/modules. I thought I saw someone uses ethernet aliases for > problems with some ethernet card modules, but I don't recall were they > had to made the alias. > > > Dang, according to the poptop setup faq I need to put 4 alias lines in it. > > > > alias ppp-compress-18 ppp_mppe > > alias ppp-compress-21 bsd_comp > > alias ppp-compress-24 ppp_deflate > > alias ppp-compress-26 ppp_deflate > > > > Is there another place I can put this in? Would /etc/modules accept these > > aliasses? > > > > > To specify which modules get loaded, do it IN THE RIGHT ORDER in > > > /etc/modules. /etc/modules.conf allows you to do it out of order and > > > have > > > the software compensate for your forgetfulness. That is an excessive > > > luxury in a floppy-sized system. > > > > > > --- > > > Jeff Newmiller The . . Go > > > Live... > > > DCN:<[EMAIL PROTECTED]>Basics: ##.#. ##.#. Live > > > Go... > > > Work:<[EMAIL PROTECTED]> Live: OO#.. Dead: OO#.. > > > Playing > > > Research Engineer (Solar/Batteries O.O#. #.O#. with > > > /Software/Embedded Controllers) .OO#. .OO#. > > > rocks...2k > > > --- > > > > > > > > > ___ > > > Leaf-user mailing list > > > [EMAIL PROTECTED] > > > http://lists.sourceforge.net/lists/listinfo/leaf-user > > > > > > > > > > - > > This mail sent through Tiscalinet Webmail (http://webmail.tiscali.be) > > > > ___ > > Leaf-user mailing list > > [EMAIL PROTECTED] > > http://lists.sourceforge.net/lists/listinfo/leaf- user > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > http://lists.sourceforge.net/lists/listinfo/leaf- user > > Brent P. Gardner Network Administrator IPRO Tech, Inc. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] modules.conf
On Wednesday 04 July 2001 12:55 am, you wrote: > Aanhalen Jeff Newmiller <[EMAIL PROTECTED]>: > > On Tue, 3 Jul 2001, Kim Oppalfens wrote: > > > Hi listmembers, > > > > > > > > > I am looking for the file that would replace the modules.conf file of > > > > > > a normal complete linux distribution in Eigerstein beta 2 > > > > Omitted to save disk space. > > Dang, according to the poptop setup faq I need to put 4 alias lines in it. > > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > These aliases are only appropriate when using the kernel module autoloader which LRP does not. You ratehr need to load the modules ppp_mppe.o, bsd_comp.o and bsd_deflate.o. As stated in an earlier post, this is done in /etc/modules. -Tom -- Tom Eastep \ [EMAIL PROTECTED] ICQ #60745924\ http://seattlefirewall.dyndns.org Shoreline, Washington \__ ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] VPN - Advice
Hello, We are currently use and older version of LPR for our gateway/firewall. I would like to upgrade to a later version and add VPN/IPSEC capabilities. With our current setup we have one Static IP address. We are using LPR for NAT, Port forwarding (WEB, FTP, MAIL) to internal servers. It is working great. We have a branch Office I would like to connect with a VPN using IPSEC. Can I accomplish all of this (NAT, PORT FORWARDING, VPN, FIREWALL) with one LPR box at the main office? Would I need a static IP address for the LPR box at the branch office? Can it be done with a dynamic IP address? (much cheaper) Is there a Image for this setup? Heck, if it saves me Days of me fumbling I'll pay $ If there is not an image would the starting point be to download the eigerstein image, get that working then attempt to add the VPN stuff? How about the Seattle firewall could this be added or I'm I pushing it? Thanks in advance. Joe "The recipe for perpetual ignorance is a very simple and effective one: be satisfied with your opinions and content with your knowledge." - Elbert Hubbard ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Help with DNS error logs on Eiger2Beta with PPPoP
Kevin: If you want...just stick 'em in section 11 of the echowall.rules file. That'll do it. -Scott, working on a rev... On Thu, 5 Jul 2001, Kevin wrote: > Thanks Scott > > I even fired up Echowall and still had my log files go out the roof > with those dang packets > > I will search my conf files and see where I can input those two filters > to see if that stops the logging > > >> $IPCHAINS -A input -i $IF_EXT -d 0.0.0.0/0 53 -p udp -j DENY >> $IPCHAINS -A input -i $IF_EXT -d 0.0.0.0/0 53 -p tcp -j DENY ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] modules.conf
[EMAIL PROTECTED] wrote: > Dang, according to the poptop setup faq I need to put 4 alias lines in it. > > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > > Is there another place I can put this in? Would /etc/modules accept these > aliases? Items in /etc/modules in LRP are used as options to /sbin/insmod, so probably not. >From my readings, /etc/conf.modules in the typical Linux distribution is used to control modprobe and depmod, and thus is likely irrelevant to your LEAF configuration (since it does not have modprobe or depmod). Also, the LEAF kernel will not use modprobe to install modules, best I can tell. Thus, just making sure you load the appropriate modules before hand should be enough, since the kernel won't load them on the fly. If you get missing module errors, it means YOU didn't load the modules ;-) To fix it Right Now, just insmod the right modules; to fix it the Right Way add the modules to /etc/modules so the modules load on boot. If I understand correctly, the kernel would "look for" a module "ppp-compress-18" and then modprobe would load the module ppp_mppe; these aliases you need to keep in mind yourself so you know what they mean. You might do something like this, too: cd /lib/modules ln -s ppp_mppe ppp-compress-18 ln -s bsd_comp ppp-compress-21 ln -s ppp_deflate ppp-compress-24 ln -s ppp_deflate ppp-compress-26 Then save modules.lrp. This would allow you to actually USE those aliases, like so: insmod ppp-compress-24 ...and to add them to /etc/modules: ppp-compress-24 ppp-compress-21 ppp-compress-18 Comments? ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] RE: top.lrp results
here is the screen dump of top.lrp on my PI/75 with ISA cards running 32 meg ram with one computer downloading an ISO from redhat, while my pc box had Download meter running at 159.3 kB/sec 7:02am up 14:22, 1 user, load average: 0.30, 0.35, 0.27 22 processes: 19 sleeping, 3 running, 0 zombie, 0 stopped CPU states: 5.9% user, 30.1% system, 0.0% nice, 64.2% idle Mem: 30936K av, 17884K used, 13052K free, 6544K shrd, 6460K buff Swap: 0K av, 0K used, 0K free 3572K cached PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 827 root 10 0 364 364 304 R 0 34.2 1.1 15:29 pppoe 1543 root 3 0 692 692 488 R 0 1.5 2.2 0:28 top 1524 root 0 0 1064 1064 848 R 0 0.1 3.4 0:03 sshd 1 root 0 0 364 364 312 S 0 0.0 1.1 0:02 init 2 root 0 0 00 0 SW 0 0.0 0.0 0:00 kflushd 3 root 0 0 00 0 SW 0 0.0 0.0 0:00 kupdate 4 root 0 0 00 0 SW 0 0.0 0.0 0:00 kpiod 5 root 0 0 00 0 SW 0 0.0 0.0 0:00 kswapd 779 root 0 0 248 248 208 S 0 0.0 0.8 0:00 update 813 root 0 0 364 364 296 S 0 0.0 1.1 0:00 adsl-connect 825 root 0 0 692 692 552 S 0 0.0 2.2 0:00 pppd 826 root 0 0 332 332 280 S 0 0.0 1.0 0:00 sh 1020 root 0 0 516 516 420 S 0 0.0 1.6 0:00 syslogd 1022 root 0 0 408 408 300 S 0 0.0 1.3 0:00 klogd 1026 root 0 0 388 388 328 S 0 0.0 1.2 0:00 inetd 1035 root 0 0 220 220 184 S 0 0.0 0.7 0:00 watchdog 1038 root 0 0 440 440 364 S 0 0.0 1.4 0:00 cron -Original Message- From: Kenneth Hadley [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 03, 2001 4:22 PM To: Kevin Cc: [Leaf-user] Subject: Re: http://leaf.sourceforge.net/devel/khadley/ where there is a copy available, let me know what kind of results you get though most sites will top you off at 100 odd kps a sec...and Ive found the best way to saturate a DSL connection is to use multiple machines behind you LEAF box downloading from multiple sites.one client with a couple of downloads going wont saturate a line (or give you a accurate enough idea about your firewalls speed) al Message - From: "Kevin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 03, 2001 1:17 PM > can you e-mail me the top.lrp program to test? > > I am using a Pentium I with 75 mhz cpu and 32 meg of ram with ISA cards on a > DSL line > > Most of the time on large downloads from fast sites, will sustain 125-150 > speed on the download > > > > Message: 12 > From: "Kenneth Hadley" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: [Leaf-user] Re: LRP PPPoE > Date: Fri, 29 Jun 2001 09:17:42 -0700 > Reply-To: [EMAIL PROTECTED] > > with top > I will send you a top.lrp package if you wish to test your CPU usage..my > tests are subjective untill I get more data > > > > Kenneth Hadley > PC / Network Specialist > McCormick Selph Inc. > [EMAIL PROTECTED] > > ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
FW: [Leaf-user] Help with DNS error logs on Eiger2Beta with PPPoP Attn; Charles or Victor
-Original Message- From: Kevin [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 11:51 AM To: Leaf-User@Lists. Sourceforge. Net Subject: Re: [Leaf-user] Help with DNS error logs on Eiger2Beta with PPPoP Attn; Charles or Victor HELP!! I tried to search via Geocrawler for DNS and Scripts and it found nothing...ouch Any help on the script to run to stop this logging? Thanks Message: 4 Date: Tue, 03 Jul 2001 18:24:36 -0700 From: Victor McAllister <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Help with DNS error logs on Eiger2Beta with PPPoP Reply-To: [EMAIL PROTECTED] 64.37.200.46 is one of the IPs used by some companies for geographic load balancing. A whole list of machines all hit your port 53 at the same time. It doesn't do any damage, but the log entries can run to 100k or more. I use Charles' little script to modify the firewall to not log this garbage. There was a message on this lit a couple of days ago with the script for esb2... If you can't find -- holler. > I need some help in not logging the following DNS error types: > > Packet log: input DENY ppp0 PROTO=6 64.37.200.46:41613 66.20.176.251:53 L=44 > S=0x00 I=0 F=0x T=242 (#42) > > I am using the Eiger2beta with PPPoP from Ken on a two floppy disk set-up. > > I have a dsncache.lrp module running and have three IP's for the DNS servers > to ensure these all find a way home. > > from /etc/network.conf > DNS0=192.168.1.254 > DNS1=205.152.0.20 > DNS2=205.152.0.5 > > What else is needed to help? ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Help with DNS error logs on Eiger2Beta with PPPoP
Thanks Scott I even fired up Echowall and still had my log files go out the roof with those dang packets I will search my conf files and see where I can input those two filters to see if that stops the logging -Original Message- From: Scott C. Best [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 2:53 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Help with DNS error logs on Eiger2Beta with PPPoP Kevin: Heya. Sorry for the late reply: as you can see in the archives, there was a big discussion regarding unsolicited TCP packets to port 53. Intentionally misconfigured packets, too, ones set with both the SYN and ACK flags, as if your firewall tried to initiate a connection. Your firewall would/should reply with a SYN RST (I believe) and the response time from that reply is what the load-balancing software is trying to measure. Very annoying. The really annoying part is that...most LEAF users aren't even running DNS on their firewall or on their LAN. Sure, we all *use* DNS, as clients, but my impression it that LEAF is used more to protect a LAN of users than a LAN of servers. Maybe that'd be a good poll for the LEAF site. :) Anyhow...if you're not running a DNS server on your firewall or on your LAN, you can safely ignore anything that shows up on port 53. The rules would look something like: $IPCHAINS -A input -i $IF_EXT -d 0.0.0.0/0 53 -p udp -j DENY $IPCHAINS -A input -i $IF_EXT -d 0.0.0.0/0 53 -p tcp -j DENY It used to be that only renegade DHCP and NetBIOS packets needed to be explicitly filtered without logging, as they are so terribly common and equally harmless. This annoying "DNS-based load balancing scan" has, I think, moved into that category. -Scott > I need some help in not logging the following DNS error types: > > Packet log: input DENY ppp0 PROTO=6 64.37.200.46:41613 66.20.176.251:53 L=44 > S=0x00 I=0 F=0x T=242 (#42) > > I am using the Eiger2beta with PPPoP from Ken on a two floppy disk set-up. > > I have a dsncache.lrp module running and have three IP's for the DNS servers > to ensure these all find a way home. > > from /etc/network.conf > DNS0=192.168.1.254 > DNS1=205.152.0.20 > DNS2=205.152.0.5 > > What else is needed to help? ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] games, IPsec VPN from *behind* LRP firewall
Vance: Hard to say. Obviously, you can connect multiple clients to a VPN server if it's only one at a time: just switch the settings to show who should be connected, and re-start. But I suspect you're asking about doing it simultaneously. This is tricky. In fact, I suspect it's not possible if you're using your LEAF/LRP disk to NAT a single IP address to be shared with your whole LAN. That is, IPsec requires the use of both ipmasqadm and ipfwd to forward the TCP and AH packets across the NAT'ing firewall. I know that the ipmasqadm part can only forward TCP from one IP-addresss tied to the external interface to exactly one machine on your LAN. The ipfwd utility, though, may be able to send it to more than one. So...do you have one external IP address, or a collection of them (some ISPs have 5-IP-Address packages, for instance)? If only one, I think the short answer is: no, this can't be done. Love to be wrong, of course. If someone's gotten this to work somehow, start typing. :) cheers, Scott >What if I want multiple client machines behind a LRP firewall to be able to >connect to a VPN server? The echowall rules only allow one MAC id. Or do >they? Can this be done? > >Vance Price > >>Now your LRP box should be VPN capable. You still need >> to configure the firewall to support your client Win98 box, >> however. For that, I use echowall. Tell it the MAC-ID of the >> box you want to IPSec from, put that into "IPSEC_HOST_MACID" >> field in the .conf file. If you don't know the MAC-ID, just use >> "echowall scan" to see a list for your whole LAN. Then put IPSEC >> into the WANTED_SERVICES list ( actually, I think it's there by >> default). Once your .conf is updated, use "echowall start" and >> it should all fly. >> No, really. :) ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] modules.conf
"Brent P. Gardner" wrote: > If this is true then the entries you should use > in /etc/modules are: > > ppp_mppe -o ppp-compress-18 > bsd_comp -o ppp-compress-21 > ppp_deflate -o ppp-compress-24 > ppp_deflate -o ppp-compress-26 > > Someone please correct me if I'm wrong. Sounds right to me - but won't these lines: ppp_deflate -o ppp-compress-24 ppp_deflate -o ppp-compress-26 ...cause ppp_deflate.o to be loaded twice? Can that be avoided? ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with DNS error logs on Eiger2Beta with PPPoP
Kevin wrote: Thanks Scott I even fired up Echowall and still had my log files go out the roof with those dang packets I will search my conf files and see where I can input those two filters to see if that stops the logging archive message the List of IPs I block is here: hanroute: -root- # cat /etc/dns_floods 140.239.176.162 140.239.227.9 194.205.125.26 194.213.64.150 202.139.133.129 203.194.166.182 203.208.128.70 207.55.138.206 208.184.162.71 209.249.97.40 212.23.225.98 212.78.160.237 216.220.39.42 216.33.35.214 216.34.68.2 216.35.167.58 62.23.80.2 62.26.119.34 63.209.147.246 64.14.200.154 64.37.200.46 64.55.37.26 64.56.174.186 64.78.235.14
[Leaf-user] LRP as four port router
I am using LRP 2.9.8 with four ethernet cards and four computers are attached to it .The problem i am facing is that the computer attached to LRP and pinging to the LRP and vice versa .But the computers are not pinging to each other.The computer attached to eth0 (192.168.1.2) is com puter A with IP = 192.168.1.10 .The computer A is pinging 192.168.2.2 and also 192.168.2.0 but it is not pinging to 192.168.2.10 ans same is the case with rest of the interfaces . The computer A is pinging to all the interfaces of LRP but not pinging the computer attached to the interface.On computer A i have given the default route to reach the computer B and also the rest of computers I have also tried IPCHAINS but still the computer is not pinging. My network settings are ipchains INTERFACESCOMPUTER ATACHED 192.168.1.2 eth0 A = 192.168.1.10 192.168.2.2eth1 B = 192.168.2.10 192.168.3.2 eth2 C = 192.168.3.10 192.168.4.2eth3 D = 192.168.4.10 My network.conf file setting are : VERBOSE=YES MAX_LOOP=15 DHCP_SLEEP=15 IPFWDING_KERNEL=YES IPFWDING_FW=NO IPMASQ_DLOOSE=NO CONFIG_HOSTNAME=YES CONFIG_HOSTSFILE=YES CONFIG_DNS=NO # Interfaces IF0_IFNAME=eth0 is attached to computer A = 192.168.1.10 IF0_IPADDR=192.168.1.2 IF0_NETMASK=255.255.255.0 IF0_BROADCAST=192.168.1.255 IF0_IP_SPOOF=NO IF1_IFNAME=eth1 is attached to computer A = 192.168.2.10 IF1_IPADDR=192.168.2.2 IF1_NETMASK=255.255.255.0 IF1_BROADCAST=192.168.2.255 IF1_IP_SPOOF=NO IF2_IFNAME=eth2 is attached to computer A = 192.168.3.10 IF2_IPADDR=192.168.3.2 IF2_NETMASK=255.255.255.0 IF2_BROADCAST=192.168.3.255 IF2_IP_SPOOF=NO IF3_IFNAME=eth3 is attached to computer A = 192.168.4.10 IF3_IPADDR=192.168.4.2 IF3_NETMASK=255.255.255.0 IF3_BROADCAST=192.168.4.255 IF3_IP_SPOOF=NO ### # Hosts #HOST0_IPADDR=192.168.7.123 HOST0_GATEWAY_IF=default HOST0_GATEWAY_IP=192.168.1.200 HOST0_IPMASQ=NO HOST0_IPMASQ_IF=default # Networks NET0_NETADDR=192.168.1.0 NET0_NETMASK=255.255.255.0 NET0_GATEWAY_IF=eth0 NET0_GATEWAY_IP=192.168.1.2 NET0_IPMASQ=NO NET0_IPMASQ_IF=$IF0_IFNAME NET1_NETADDR=192.168.2.0 NET1_NETMASK=255.255.255.0 NET1_GATEWAY_IF=eth1 NET1_GATEWAY_IP=192.168.2.2 NET1_IPMASQ=NO NET1_IPMASQ_IF=$IF1_IFNAME NET2_NETADDR=192.168.3.0 NET2_NETMASK=255.255.255.0 NET2_GATEWAY_IF=eth2 NET2_GATEWAY_IP=192.168.3.2 NET2_IPMASQ=NO NET2_IPMASQ_IF=$IF2_IFNAME NET3_NETADDR=192.168.4.0 NET3_NETMASK=255.255.255.0 NET3_GATEWAY_IF=eth3 NET3_GATEWAY_IP=192.168.4.2 NET3_IPMASQ=NO NET3_IPMASQ_IF=$IF3_IFNAME # Gateways (Default Routes) #GW0_IPADDR=$HOST0_IPADDR GW0_IFNAME=$IF0_NAME #** correct variable is $IF0_IFNAME GW0_METRIC=1 # Port Fowarding #PF0_IFNAME=$IF0_IFNAME PF0_DESTIP=192.168.0.10 PF0_TPORTS=53:5353,80:80,25:25,110:110,21:21,20:20,22:22 PF0_UPORTS=53:5353 _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] PPPd & LCP Conf-Req Time-outs.
Daniel Hoffman, 2001-07-03 13:46 -0400 >Jul 2 23:13:07 PenguiNoise pppd[743]: pppd 2.3.5 started by root, uid 0 >Jul 2 23:13:08 PenguiNoise chat[745]: send (AT^M) >Jul 2 23:13:08 PenguiNoise chat[745]: expect (OK) >Jul 2 23:13:08 PenguiNoise chat[745]: ^M Daniel, I apologize for the delayed response. The AT command you're sending to the modem only grabs it's attention. You need to send and ATZ, AT&F1 or something similar to the modem. This will load the "modem defaults/user config" from NVRAM before dialing. I hope this helps. -- Mike Noyes <[EMAIL PROTECTED]> FAQs sec00: LEAF SourceForge Site Answers "How do I request help?" http://sourceforge.net/docman/display_doc.php?docid=1891&group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with DNS error logs on Eiger2Beta with PPPoP
Scott C. Best, 2001-07-04 11:52 -0700 > The really annoying part is that...most LEAF users >aren't even running DNS on their firewall or on their LAN. Sure, >we all *use* DNS, as clients, but my impression it that LEAF >is used more to protect a LAN of users than a LAN of servers. >Maybe that'd be a good poll for the LEAF site. :) Scott, Great a new poll idea! I'll put your idea up next week. Remind me if I forget. Thanks. -- Mike Noyes <[EMAIL PROTECTED]> FAQs sec00: LEAF SourceForge Site Answers "How do I request help?" http://sourceforge.net/docman/display_doc.php?docid=1891&group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP as four port router
Ahmad - you keep posting the same problem but you don't tell us anything new. Did you try entering this on your LRP router? ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.2.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.3.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.4.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.2.0/24 -d 192.168.3.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.2.0/24 -d 192.168.4.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.3.0/24 -d 192.168.4.0/24 -b Each of your networks has a route to the LRP box, but they cannot reach each other unless you provide the method. Try this and then report back the results. I don't run 2.9.8, once you have it have it working you can doubtless add the rules somewhere possibly in network_direct.conf. Ahmad Saeed wrote: > I am using LRP 2.9.8 with four ethernet cards and four computers are > attached to it .The problem i am facing is that the computer attached to LRP > and pinging to the LRP and vice versa .But the computers are not pinging to > each other.The computer attached to eth0 (192.168.1.2) is com puter A with > IP = 192.168.1.10 .The computer A is pinging 192.168.2.2 and also > 192.168.2.0 but it is not pinging to 192.168.2.10 ans same is the case with > rest of the interfaces . The computer A is pinging to all the interfaces of > LRP but not pinging the computer attached to the interface.On computer A i > have given the default route to reach the computer B and also the rest of > computers > > I have also tried IPCHAINS but still the computer is not pinging. > My network settings are > ipchains > INTERFACESCOMPUTER ATACHED > 192.168.1.2 eth0 A = 192.168.1.10 > 192.168.2.2eth1 B = 192.168.2.10 > 192.168.3.2 eth2 C = 192.168.3.10 > 192.168.4.2eth3 D = 192.168.4.10 ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dshield LRP script?
Has someone modified the Dshield.org reporting script so that it runs on EigerStein? Out of the box I don't have all of the commands installed (it throws its first errors on WC and TR). Any suggestions? -Liam #!/bin/sh # DShield bash client. V 0.0.1 # # Parameters # # your dshield userid. leave '0' to submit anonymous logs. userid=0 # your return email address. leave 'none' to submit anonymous logs. email=none # where to send logs to. replace with your own e-mail address for testing. [EMAIL PROTECTED] # what lines to grep for. 'input DENY' should get it # change if you are logging differently (e.g. different chain name or # redirect/reject instead of deny filter="input DENY" # temp. file to remember length of log file between runs. state=/var/tmp/dshield # name of log file. logfile=/var/log/messages # where to find your 'mail' program. mail='/bin/mail' # setup a temp file name. tmp=/tmp/dshield.$$.tmp # # the 'logic part'. Try to avoid changing this part. # last_count=0 # read length of file from 'state' if [ -e $state ] ; then last_count=`cat $state | tr -d "\n"` fi # get current length of log file length=`wc -l $logfile | sed 's/[^0-9]//g' | tr -d "\n"` # if the new length is short than the old length, # we assume a new log file was opened. Take it all. if [ "$length" -lt "$last_count" ] ; then last_count=0 fi #calculate how many lines where written since we ran last. count=$[length-last_count] # get the new lines from the log file and write them to $tmp tail -$count $logfile | grep "$filter" > $tmp # only send an e-mail if the $tmp file is not empty if [ -s $tmp ] ; then $mail -s "FORMAT LINUX USERID $userid" $to < $tmp fi #delete tmp file. rm /tmp/dshield.$$.tmp #remember new length of log file. echo $length > $state ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] cf card with ide adaptor
I just ordered a 64 meg compact flash - comes with ide adapter. Dave Cinege described it on the LRP list. I just ordered one for a thin server. Much more than what you should ever need for an LRP box? Price $19 plus shipping. Should save lots of power in the age of conservation. cf + ide adapter
Re: [Leaf-user] Dshield LRP script?
Liam Tumulty wrote: > > Has someone modified the Dshield.org reporting script so that it runs on > EigerStein? Out of the box I don't have all of the commands installed (it > throws its first errors on WC and TR). Any suggestions? You could use the busybox versions; just take the busybox configuration for Eigerstein and then enable wc and tr for it. For tr, however, you can use sed instead: it would even be more efficient probably: #!/bin/sh # DShield bash client. V 0.0.1 # [...snip...] # last_count=`cat $state | tr -d "\n"` last_count=`echo -n $(echo $state | sed '/^$/d'))` [...snip...] # get current length of log file # length=`wc -l $logfile | sed 's/[^0-9]//g' | tr -d "\n"` length=`echo -n $(wc -l $logfile | sed '/^$/d; s/[^0-9]//g')` [...snip...] # get the new lines from the log file and write them to $tmp # tail -$count $logfile | grep "$filter" > $tmp # busybox tail may not support -999 option format tail -n $count $logfile | grep "$filter" > $tmp [...snip...] # only send an e-mail if the $tmp file is not empty if [ -s $tmp ] ; then # question: does busybox test (or [ ) support the -s option? ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] LEAF flame wars :-)
I was wondering if any of the LEAF mailing lists have encountered a flame war or two since the lists' creation. I think that this is a great list with great users. On another list I use, I was aked if I knew of any other list's that do not have flame wars. :-) Dale. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Trouble with pscp<==>sshd on internal side only
I have sshd running stand-alone on EigerStein2BETA PPPoE Image v.0.4. I'm using Putty pscp 0.51 to send and receive files from an internal workstation and from an external workstation. I normally have only RSA authentication working with a passphrase for a special login account, then I su to root to check status, etc. No root logins. No password authentication. I also use Putty ssh for access. Recently I noticed that internal pscp access defaults down to password authentication (I've temporarily enabled it on to make it work for the examples below.) External access still works with a passphrase. Also, Putty ssh works from everywhere with a passphrase. The network is simply the LRP NAT'ing several Windows workstations in a home ethernet setup. I assume I accidentally made a change in a config file somewhere and didn't realize the impact. How can I make the passphrase work again for pscp on the internal network? -John From the Internet: == C:\>pscp -ls [EMAIL PROTECTED]:/ Passphrase for key "newbie-at-work": drwxr-xr-x 16 root root 640 Jun 30 20:39 . drwxr-xr-x 16 root root 640 Jun 30 20:39 .. drwxr-xr-x 2 root root 1824 Jun 30 20:39 bin ..etc.. == From the internal network: == C:\WINDOWS>pscp -ls [EMAIL PROTECTED]:/ [EMAIL PROTECTED]'s password: <> [EMAIL PROTECTED]'s password: drwxr-xr-x 16 root root 640 Jun 30 20:39 . drwxr-xr-x 16 root root 640 Jun 30 20:39 .. drwxr-xr-x 2 root root 1824 Jun 30 20:39 bin ..etc.. == The ssh daemon config file: == # This is ssh server systemwide configuration file. Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key RandomSeed /etc/ssh/ssh_random_seed ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes StrictModes yes QuietMode no X11Forwarding yes X11DisplayOffset 10 FascistLogging no PrintMotd no KeepAlive yes SyslogFacility DAEMON RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no UseLogin no # CheckMail no # PidFile /u/zappa/.ssh/pid # AllowHosts # DenyHosts lowsecurity.theirs.com *.evil.org evil.org # Umask 022 # SilentDeny yes << EOF >> == The hosts.allow file: == sshd: ALL ALL: 192.168.1.0/255.255.255.0,www.xxx.yyy.zzz << EOF >> == Note: www.xxx.yyy.zzz is my firewall address at work. __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] games, IPsec VPN from *behind* LRP firewall
I forgot to mention that we are using PPTP on the VPN not IPSec, if this makes any difference. > Vance: > Hard to say. Obviously, you can connect multiple clients to > a VPN server if it's only one at a time: just switch the settings to > show who should be connected, and re-start. > But I suspect you're asking about doing it simultaneously. > This is tricky. In fact, I suspect it's not possible if you're using your > LEAF/LRP disk to NAT a single IP address to be shared with your whole > LAN. That is, IPsec requires the use of both ipmasqadm and ipfwd to > forward the TCP and AH packets across the NAT'ing firewall. I know that > the ipmasqadm part can only forward TCP from one IP-addresss tied to > the external interface to exactly one machine on your LAN. The ipfwd > utility, though, may be able to send it to more than one. > > So...do you have one external IP address, or a collection of > them (some ISPs have 5-IP-Address packages, for instance)? If only > one, I think the short answer is: no, this can't be done. > Love to be wrong, of course. If someone's gotten this to > work somehow, start typing. :) > > cheers, > Scott > > >What if I want multiple client machines behind a LRP firewall to be able to > >connect to a VPN server? The echowall rules only allow one MAC id. Or do > >they? Can this be done? > > > >Vance Price > > > >>Now your LRP box should be VPN capable. You still need > >> to configure the firewall to support your client Win98 box, > >> however. For that, I use echowall. Tell it the MAC-ID of the > >> box you want to IPSec from, put that into "IPSEC_HOST_MACID" > >> field in the .conf file. If you don't know the MAC-ID, just use > >> "echowall scan" to see a list for your whole LAN. Then put IPSEC > >> into the WANTED_SERVICES list ( actually, I think it's there by > >> default). Once your .conf is updated, use "echowall start" and > >> it should all fly. > >> No, really. :) > ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LEAF flame wars :-)
Hi, > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Dale Long > Sent: Friday, 6 July 2001 13:16 > To: [EMAIL PROTECTED] > Subject: [Leaf-user] LEAF flame wars :-) > > > I was wondering if any of the LEAF mailing lists have > encountered a flame war or two since the lists' creation. > > I think that this is a great list with great users. On > another list I use, I was aked if I knew of any other list's > that do not have flame wars. :-) > > Dale. What - are you troll? Why do you ask about flame wars if you are not after one? Huh??? People like you make me sick with your "I like the Spice Girls" attitude - they SUCK, plain and simple. No musical talent, no nothing! On another note, I haven't seen a flame war in this mailing list. Looks like we have "nice" (or at least "intelligent") users on this list! :-) Regards, Hilton Travis ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] LRP Print Server & LRP Xterminal
I am really interested in SMB uses with lrp and printing. Has anybody been able to make it work with NO hard drive? We have 2 LRP boxes here, 1 Linux Samba Server, 1 Linux Email & Proxy & Intranet Web server (FAQ , Sendmail, Squid and such), 1 Web server (apache) and multiple print servers. Our main server is an AIX RS6000. We also have one stinkinNT server box. We have 40 clients running win9x that I desperately want to convert to remote Xterminals. I have noticed the Linux Samba server does a better job of file serving even though it has less ram and a slower processor. Enough rambling... I would like help on a hard drive less LRP Samba print server and LRP remote xterminals. Are both projects feasible? Where do I start? Any help would be greatly appreciated. Information I.S. PowerShare I.T.Burt H. AdjoodaniI.S. Mgr.[EMAIL PROTECTED]
RE: [Leaf-user] LEAF flame wars :-)
On Fri, 6 Jul 2001, Hilton Travis wrote: > What - are you troll? Why do you ask about flame wars if you are not > after one? Huh??? People like you make me sick with your "I like the > Spice Girls" attitude - they SUCK, plain and simple. No musical talent, > no nothing! > > On another note, I haven't seen a flame war in this mailing list. Looks > like we have "nice" (or at least "intelligent") users on this list! I know. This is an excellent list. An example to society. :-) Dale. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Print Server & LRP Xterminal
On Thu, 5 Jul 2001, Burt Adjoodani wrote: > I am really interested in SMB uses with lrp and printing. > Has anybody been able to make it work with NO hard drive? ... > Enough rambling... I would like help on a hard drive less LRP Samba print server and > LRP remote xterminals. Are both projects feasible? Where do I start? I am looking at this myself. Including fax in/out. This would become a universal print/fax/gateway server. I do not know if I will have this running seperately to the firewall/gateway. The aim is to have a quiet 486 sit in some corner left on all day at home. This would make an ideal net enabled embeded home appliance. I will let you know how I go. Let me know what you think. Dale. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
