[Leaf-user] Denial of Service?
Does LEAF (specifically LRP, on floppy) support blocking denial of service attacks? Also, am I right in thinking that if I use the bwidth package, and limit both interfaces to 64k, then I can effectively resell some of my fixed 512k bandwidth? Many thanks Dave
[Leaf-user] Speakeasy
DPG wrote: Makes me miss the old days, before Speakeasy moved my POP 800 miles further down the copper, and raised my gateway ping from 20 to 100 ms. That move put my servers out of business. :( Now I just have an expensive, high-latency SDSL line but no servers... Did I mention Speakeasy is off my holiday greeting card list? Aren't these the people that are now sponsoring (hosting?) www.rpmfind.net? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Speakeasy
Yeah, I believe they have taken over the primary site, and there are mirrors all over. Their overall throughput is still decent, but the latencies recently introduced by their new cost-saving backhauling architecture make gaming a real pain in the ass. D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Douthitt Sent: Tuesday, September 11, 2001 8:50 AM To: LEAF Users List Subject: [Leaf-user] Speakeasy DPG wrote: Makes me miss the old days, before Speakeasy moved my POP 800 miles further down the copper, and raised my gateway ping from 20 to 100 ms. That move put my servers out of business. :( Now I just have an expensive, high-latency SDSL line but no servers... Did I mention Speakeasy is off my holiday greeting card list? Aren't these the people that are now sponsoring (hosting?) www.rpmfind.net? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] 169.254.0.0/16 net
Scott C. Best wrote: The 169.254.0.0/16 address you speak about is actually what a DHCP client will default to if a valid DHCP server doesn't give it a lease when it asks for one. You accidentally :) solved a mystery I had around here; I saw a 169.254.0.0/16 address on the corporate net and wondered where it came from. Now I know... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Denial of Service?
On Tue, 11 Sep 2001, Dave Anderson wrote: Does LEAF (specifically LRP, on floppy) support blocking denial of service attacks? Also, am I right in thinking that if I use the bwidth package, and limit both interfaces to 64k, then I can effectively resell some of my fixed 512k bandwidth? Many thanks Dave Read http://www.monkeynoodle.org/lrp/LRP-QoS-HOWTO.html (note this is an updated version) and http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html What you want is do-able, though complete blocking of DoS is probably impossible. You can at least minimize their impact, which is gone into in the Advanced Routing HOWTO. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Multiple Interfaces
On Tue, 11 Sep 2001, Charles Steinkuehler wrote: Do you really mean to limit yourself to one and only one host connection through the ppp link? No, but I also don't want to have two default routes because Linux won't use both of them -- basically I want to route by protocol rather than address, which is where the rub is because that's not what the systems (or Internet) are designed to do. Ah, but this is what advanced routing is for. I've not set this up personally, but the documentation I've read through (2.4 advanced routing HOWTO, ip command reference, c) indicate you can use the ipchains/iptables to mark packets, then use these 'marks' to select alternate route tables. This should be flexible to allow you to route by protocol, as well as source IP, and other 'non-standard' selectors. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) That's what I'm trying to do, but there's a gap between theory and implementation :-) -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] PPPD problem (was PPP problems)
Thank you, my routing problem is over now. The PPPD problem remains. There seems to be a misunderstanging about that (my fault, didn't supply enough info). I'm using a package called ADSL.lrp, it contains a few scripts, some other stuff that my ISP requires and PPTP and PPPD. So I DON'T use PPPD.lrp, PPP.lrp or PPTP.lrp, but PPPD is on my LRP-box, I just don't think it's initialised at startup, I think I should add it to inittab or inetd.conf, I just don't know how (to which) and with what parameters. The guy I originally got it from seems to have changed his mail-address, so I can't reach him and ask him how he did it. I supplied the package for anybody who wants to have a look at it. Thank you all for your help and sorry about my crappy english. Bartosz ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
Mark: Hope your HL problems are getting better. Two quick thoughts: Thanks for the replies...I believe the problem lies in the CStrike server config, since this is where the 169.254.0.0 address shows up. When try to run a server on another machine without a WAN adapter...it shows as having the Internal network IP address (192.0.0.0) of the LAN adapter. I believe the echowall config is correct...HLIFE is specified in services, the MACID is there (i even tried to specify all just for the hell of it), and I did change IF_EXT to ppp0 instead of eth0. When I use weblet to see the firewall rules, it appears as though the rules are applied, which is why I agree that I am missing something on the server end. When you echowall start, what it tells you at the end, about which services have been enabled to which IP addresses, is true. :) I guess I would want the server to show the internal LAN IP address (as opposed to the 169.254.0.0), then post the external IP address for people to connect. I will fool around with it more tonight. Right, exactly. Try using the +ip command that Alec suggested when you start the server. Then, from a different ISP altogether, point a CStrike client to your firewall's external interface. It should connect. Since it's a PPPoE setup, this IP address could change frequently, but we can talk about dynamic-DNS once you get the initial connection going. Good luck! -Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] (no subject)
Also, you can use www.gametiger.com to triangulate on your server. You'll want to use their web form to list your server's current IP address, then you can go in and search for your server by name. If it is up and communicating properly with the world, the GameTiger server will see it and report its vital stats (OS type, current map, current # of players, total # of players, etc.). It's like a web-based version of GameSpy, but the stats are collected on a server in Germany, not from you local machine. I used it all the time to get an outside look at my servers. You can also get buddies in IRC to check things and tell you what they see. GL, D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott C. Best Sent: Tuesday, September 11, 2001 4:59 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Leaf-user] (no subject) Mark: Hope your HL problems are getting better. Two quick thoughts: Thanks for the replies...I believe the problem lies in the CStrike server config, since this is where the 169.254.0.0 address shows up. When try to run a server on another machine without a WAN adapter...it shows as having the Internal network IP address (192.0.0.0) of the LAN adapter. I believe the echowall config is correct...HLIFE is specified in services, the MACID is there (i even tried to specify all just for the hell of it), and I did change IF_EXT to ppp0 instead of eth0. When I use weblet to see the firewall rules, it appears as though the rules are applied, which is why I agree that I am missing something on the server end. When you echowall start, what it tells you at the end, about which services have been enabled to which IP addresses, is true. :) I guess I would want the server to show the internal LAN IP address (as opposed to the 169.254.0.0), then post the external IP address for people to connect. I will fool around with it more tonight. Right, exactly. Try using the +ip command that Alec suggested when you start the server. Then, from a different ISP altogether, point a CStrike client to your firewall's external interface. It should connect. Since it's a PPPoE setup, this IP address could change frequently, but we can talk about dynamic-DNS once you get the initial connection going. Good luck! -Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
Scott, I tried the +ip command and no go...I get a message from the server couldn't allocate dedicated server ip port. Now if I just run it without the +ip command it starts and allocates a server IP address of 192.0.0.0 which is my internal ip. I can connect to the server from my other internal machines (by pointing to the internal ip of the server) but nobody can connect from outside of the firewall. When echowall starts is says the the HLIFE service is started on 192.0.0.0 which is correct. I changed the echowall conf to allow port 27016 ( and added the command -port 27016 to the server exe) also so that I can run the server and play from the same machine if needed (the server will use 27016 while the client uses 27015). This shows up in my firewall rules so I'm assuming I did it correctly. I know there is a way to make this work...and I am sure it's all in the HLife server end. I'll keep you posted. Thanks again. Mark - Original Message - From: Scott C. Best [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 11, 2001 5:59 PM Subject: [Leaf-user] (no subject) Mark: Hope your HL problems are getting better. Two quick thoughts: Thanks for the replies...I believe the problem lies in the CStrike server config, since this is where the 169.254.0.0 address shows up. When try to run a server on another machine without a WAN adapter...it shows as having the Internal network IP address (192.0.0.0) of the LAN adapter. I believe the echowall config is correct...HLIFE is specified in services, the MACID is there (i even tried to specify all just for the hell of it), and I did change IF_EXT to ppp0 instead of eth0. When I use weblet to see the firewall rules, it appears as though the rules are applied, which is why I agree that I am missing something on the server end. When you echowall start, what it tells you at the end, about which services have been enabled to which IP addresses, is true. :) I guess I would want the server to show the internal LAN IP address (as opposed to the 169.254.0.0), then post the external IP address for people to connect. I will fool around with it more tonight. Right, exactly. Try using the +ip command that Alec suggested when you start the server. Then, from a different ISP altogether, point a CStrike client to your firewall's external interface. It should connect. Since it's a PPPoE setup, this IP address could change frequently, but we can talk about dynamic-DNS once you get the initial connection going. Good luck! -Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
Mark: Okay, so the server allocates the correct IP address, that's a start. Can I ask though: from the LEAF firewall box, can you ping this 192.0.0.0 machine successfully? Perhaps you just meant that IP address as an example, but perhaps not. Also, importantly, type this after you try to connect to your server and fail: tail /var/log/syslog. The firewall *should* be logging any packets that are not getting passed on to your game-server properly. Sure, they'll be other noise in those logs (CodeRed remnants, for instance), but every time you try to connect and fail, a repeatable patch of packet logs should be created. If you could email those along, that'd help. Lastly...don't add 27016 into echowall.conf. Rather, add it into echowall.rules. Open that file for edit, scroll down to the HLIFE section, and copy the 2 lines that have 27015 in them, and repeat them using 27016. So the new lines would look like: #HLIFE#$IPCHAINS -A input -s 0.0.0.0/0 -d $IP_EXT/32 27016 -p udp -j ACCEPT #HLIFE#$IPMASQADM portfw -a -P udp -L $IP_EXT 27016 -R $HLIFE_HOST 27016 Try those, try the firewall check, and keep me posted. Getting close! -Scott I tried the +ip command and no go...I get a message from the server couldn't allocate dedicated server ip port. Now if I just run it without the +ip command it starts and allocates a server IP address of 192.0.0.0 which is my internal ip. I can connect to the server from my other internal machines (by pointing to the internal ip of the server) but nobody can connect from outside of the firewall. When echowall starts is says the the HLIFE service is started on 192.0.0.0 which is correct. I changed the echowall conf to allow port 27016 ( and added the command -port 27016 to the server exe) also so that I can run the server and play from the same machine if needed (the server will use 27016 while the client uses 27015). This shows up in my firewall rules so I'm assuming I did it correctly. I know there is a way to make this work...and I am sure it's all in the HLife server end. I'll keep you posted. Thanks again. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] PPPD problem (was PPP problems)
Thank you, my routing problem is over now. The PPPD problem remains. There seems to be a misunderstanging about that (my fault, didn't supply enough info). I'm using a package called ADSL.lrp, it contains a few scripts, some other stuff that my ISP requires and PPTP and PPPD. So I DON'T use PPPD.lrp, PPP.lrp or PPTP.lrp, but PPPD is on my LRP-box, I just don't think it's initialised at startup, I think I should add it to inittab or inetd.conf, I just don't know how (to which) and with what parameters. I don't know about adsl.lrp, but in general LRP starts daemons with files in /etc/init.d. I'm surprised that your package didn't install one. The ppp startup script included with ppp.lrp is fairly generic and can probably be adapted for your purpose. You need to make it executable and backup /etc before rebooting. Note that the RCDLINKS line automatically creates startup links for you: #! /bin/sh # /etc/init.d/ppp: start or stop PPP. RCDLINKS=2,S20 3,S20 4,S20 5,S20 0,K20 1,K20 6,K20 # NO_RESTART_ON_UPGRADE test -x /usr/sbin/pppd -a -f /etc/ppp/ppp_on_boot || exit 0 case $1 in start) echo -n Starting up PPP link: pppd start-stop-daemon --start --quiet --exec /usr/sbin/pppd -- call provider echo . ;; stop) echo -n Shutting down PPP link: pppd start-stop-daemon --stop --quiet --exec /usr/sbin/pppd echo . ;; restart|force-reload) $0 stop $0 start ;; *) echo Usage: /etc/init.d/ppp {start|stop|restart|force-reload} exit 1 ;; esac exit 0 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user