Re: [Leaf-user] Getting Dachsein to work
On Wed, 5 Dec 2001, Vince Schiller wrote: > I abandoned Eiger and now have attempted Dachstein. I am a little confused > by the error message I am getting. > > "No subnet declaration for 'eth1' (0.0.0.0). Please write a subnet > declaration in your dhcpd.conf file for the network segment to which eht1 is > attached." > > I've reviewed the file and am uncertain how to write this subnet > declaration. The help file suggests that I may need to edit > /etc/init.d/dhcpcd as well. > > I've tried various changes to be sure that all the hardware is working. I > am at a loss for how to edit the files. > > I would appreciate any help I can get on this. Thank you. > > vince > > http://www.linux.com/develop/man/5/dhcpd.conf/ -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: Passive FTP Working fine with Dachstein 1.0.1
Charles Steinkuehler wrote:
> > #FTP Server
> > #INTERN_SERVER2="-a -P tcp -L $EXTERN_IP 21 -R 192.168.1.2 21"
> > #INTERN_SERVER3="-a -P tcp -L $EXTERN_IP 21000 -R 192.168.1.2 21000"
>
> The scripts stop at the first missing number, and they start counting from
> zero, so without INTERN_SERVER0 and INTERN_SERVER1 defined, the rest of your
> server settings will be ignored.
>
> This is kind of a pain, and an artifact of the broken sort command on
> earlier systems...
>
> If anyone wants a project, you could work on adapting the walklist function
> to support missing numbers and send me the code...
Right now I don't see who to avoid the problem unless you impose some
sort of maximum variable count. The walk_list condition is designed to
stop via
while
eval ITEM="\$$BASENAME$x"
[ "$ITEM" != "" ]
do
I grepped walk_list in /etc and found 10 instances in both ipfilter.conf
and network.conf. Suppose you set a max list variable size to 20. I
might loose a few pico seconds off my life but how long will that take
lrp to boot for each call to walk_list configured with a max list
variable this big? Wouldn't 20 more than cover all the lists that LRP
uses?
I ripped this idea off from esb2 and modified it for a project I am
working on. I wacked out a section of code and then modified the script
to make widgets not Oracle instance directories.
cat ./walk
#!/bin/bash
# Ident: walk
# Define the number of widgets you are going to
# create. This should equal then number of widgetsX
# variables you have uncommented. This is for all you
# performance freaks. The loop examines which variable
# exists before using it.
max_widgets=8
# Define the widgets variables. See max_widgets.
# my_widget0=VULTURES
my_widget1=BALOO
my_widget2=MOWGLI
# my_widget3=KAA
# my_widget4=HATHI
# my_widget5=BAGHEERA
my_widget6=KING
my_widget7=LOUIE
# ad nausium
# Now make the widgets
# Starting widget variable number.
widgets_list=0
while [ ${widgets_list} -lt ${max_widgets} ]
do
# See if the $my_widgetX varable exists
eval current_widget="\$my_widget${widgets_list}"
if [ "${current_widget}" != "" ]
then
# Now make the widget.
echo "widget produced = ${current_widget}"
fi
# Next widget please.
widgets_list=$((${widgets_list} + 1 ))
done # Done creating widgets.
Here's the output
./walk
widget produced = BALOO
widget produced = MOWGLI
widget produced = KING
widget produced = LOUIE
Here's the walk_list function
cat walk_list
###
#General utilities to process lists of environment variables
###
# A function to walk a list of environment variables
# To use, define a series of BASENAMEx lines in network.conf
# where x is an integer number
# $1 = List Basename
# $2 = Initial integer suffix (usually 0 or 1)
# $3 = Procedure to call
# $4+= Parameters to pass to procedure
# NOTE: Called procedure can reference local walk_list variables, like x
or y
walk_list () {
# x = Variable index, y = count of processed variables
local BASENAME=$1 x=$2 PROCEDURE=$3 ITEM="" y="0"
shift 3
while
eval ITEM="\$$BASENAME$x"
[ "$ITEM" != "" ]
do
y=$(($y + 1))
# 'Call' the procedure, passing the variable to process and any args
eval $PROCEDURE $BASENAME$x $*
x=$(($x + 1))
done
WALK_COUNT=$y
}
Greg
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Getting Dachsein to work
I abandoned Eiger and now have attempted Dachstein. I am a little confused by the error message I am getting. "No subnet declaration for 'eth1' (0.0.0.0). Please write a subnet declaration in your dhcpd.conf file for the network segment to which eht1 is attached." I've reviewed the file and am uncertain how to write this subnet declaration. The help file suggests that I may need to edit /etc/init.d/dhcpcd as well. I've tried various changes to be sure that all the hardware is working. I am at a loss for how to edit the files. I would appreciate any help I can get on this. Thank you. vince ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re:
"Michael D. Schleif" wrote: > > Charles Steinkuehler wrote: > > > > > Did you see my post about net-snmp? This package requires libdb.so.2 which > > > is not part of the libraries on the Dachstein CD. I found the file on the > > > Debian web site in the libdb++ package. Did you include it in either of > > > your net-snmp packages? If not, what do you think about making libdb++ an > > > LRP package? > > > > I just grabbed David's libdb package and added it to the CD. > > We're still getting this: > > ``Starting snmpd: /usr/sbin/snmpd: error in loading shared libraries > libm.so.6: cannot open shared object file: No such file or directory'' > > We have loaded libdb.lrp; yet, this: > > root@trout:/root > # ls -al `find / | grep libm` > -rw-r--r--1 root root 104192 Feb 20 1999 > /usr/local/lib/libm-2.0.7.so > lrwxrwxrwx1 root root 13 Dec 5 06:59 > /usr/local/lib/libm.so.6 -> libm-2.0.7.so > > What to do? I should, probably, also listed this: root@trout:/root # ls -al `find / | grep libd` -rw-r--r--1 root root 6492 Dec 5 09:27 /lib/libdl-2.0.7.so lrwxrwxrwx1 root root 14 Dec 5 06:59 /lib/libdl.so.2 -> libdl-2.0.7.so -rw-r--r--1 root root55588 May 18 2000 /usr/lib/libdb-2.0.7.so lrwxrwxrwx1 root root 14 Dec 5 07:00 /usr/lib/libdb.so.2 -> libdb-2.0.7.so -rw-r--r--1 root root 64 Sep 27 2000 /var/lib/lrpkg/libdb.list -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re:
Charles Steinkuehler wrote: > > > Did you see my post about net-snmp? This package requires libdb.so.2 which > > is not part of the libraries on the Dachstein CD. I found the file on the > > Debian web site in the libdb++ package. Did you include it in either of > > your net-snmp packages? If not, what do you think about making libdb++ an > > LRP package? > > I just grabbed David's libdb package and added it to the CD. We're still getting this: ``Starting snmpd: /usr/sbin/snmpd: error in loading shared libraries libm.so.6: cannot open shared object file: No such file or directory'' We have loaded libdb.lrp; yet, this: root@trout:/root # ls -al `find / | grep libm` -rw-r--r--1 root root 104192 Feb 20 1999 /usr/local/lib/libm-2.0.7.so lrwxrwxrwx1 root root 13 Dec 5 06:59 /usr/local/lib/libm.so.6 -> libm-2.0.7.so What to do? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] OT: Verilink ESF T1 CSU
I know this is off-topic, but I have 4 AT&T Paradyne (made by Verilink) ESF T1 CSU's that someone sent me by mistake. I won an auction for a router, and they sent me these. Anyway, if someone on the list could use these, drop me a private e-mail and they can be yours for the cost of shipping. Don't ask me how the hell they work, I know they act as a termination for a T1. But setting up is your deal, not mine. No tech support included with these! Thanks, Tony [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] IPSec.lrp vs Cipe.lrp
> >I want to setup four VPN tunnels from my office to four different homes. > >I have Dachstein running on each lokation, but I haven't got CD on > >any of them so I have to use disk version. > >My question is should I use IPSec 1.91 or Cipe? IPSec is hard to fit > >on Dachstein with SSH. > >Are there compability issues if I would like to connect a "Road > >Warrior" in the future? > >If I should go with IPSec how can I lose 20 k more from the disk? I > >have removed all modules I don't need, both dhcp packages, > >mkhostkeyfrom ssh and readme.txt. > >I like weblet and dnscache, don't want to lose them. I like IPSec, but I haven't used CIPE. The easy way to fit everything is to go to two floppies. If you don't have extra floppy drives already, they're about the cheapest new disk you can buy (second only to CD-ROM's). You may be able to sqeeze a bit more space on your current system. Make sure you're using the IPSec enabled version of the small kernel, for starters...this is the smallest IPSec kernel I have available. Depending on which disk image you've got, you can perhaps save quite a bit of space by switching from weblet to weblet-tiny (exactly the same, just w/o the JAVA applet on the server, so you have to download the applet to any systems you want to run the bandwidth monitor on). This saves about 50K! Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Could not find kernel image: support.
Resolved: Indeed the Packard-Bell model A940-TWRA, a Pentium I/ 75Mhz with 16MB ram and a standard NEC floppy, appears to be an oddball. The same diskettes worked fine in a IBM Aptiva P-1 /166 with 16MB, with the same kind of NEC floppy drive. Also, same diskettes worked in a Gateway 2000 P1/75, but after the boot options, at the prompt: boot: a lot of repeated chars (t: or t) appeared, as though the keyboard buffer was full of garbage. Fortunately no returns or linefeeds, I guess. So i backspaced a bit, hit the enter key, and the "none" option was taken correctly. Is it possible that there are a few systems (like the PackardBell) that will have garbage chars that confuse the boot options prompt? Anyway, I am proceeding with a dual-ethernet card firewall/gateway using the latest data disk for firewalls. Wish me luck! >>>RWT David Douthitt wrote: [EMAIL PROTECTED]">"Dr. Richard W. Tibbs" wrote: I built a 1.680 MB boot floppy based on the latest oxygen release, andI tried it out on a humble Packard-Bell Pentium-1 with 16MB ram. That will be rather tight for Oxygen... Syslinux 1.62 comes up and presents several options, but then I get thesubject line message:Could not find kernel image: supportandCould not find kernel image: gerepeated forever. That's not anything I've ever heard of before... is this right aftersyslinux comes up (with a options screen) or is it after you pressenter?___Leaf-user mailing list[EMAIL PROTECTED]https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] IPSec.lrp vs Cipe.lrp
If you decide to switch to a dual floppy boot, this is a great site. http://leaf.sourceforge.net/pub/doc/guide/install-eigerstein/eiger-mod-2disk .html -Original Message- From: Simon Bolduc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 05, 2001 1:27 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject:Re: [Leaf-user] IPSec.lrp vs Cipe.lrp Well I can't see what else you can remove - except comments from the configuration files ;) but I doubt that is gonna do it. You could always try using 1743K disks. This is not recommended as it can lead to a lot of useless diskettes - and non booting systems, plus some floppy drives don't like them. If you do go this route you may need to put the syslinux bootloader on the diskettes again as I have had problems using 1743K images without running syslinux on the disks again - it just gave me boot errors. Its available here... http://syslinux.zytor.com/ Your other option is using a dual floppy boot. S >From: Pär Johansson <[EMAIL PROTECTED]> >To: LEAF <[EMAIL PROTECTED]> >Subject: [Leaf-user] IPSec.lrp vs Cipe.lrp >Date: Wed, 5 Dec 2001 16:58:36 +0100 > >Hi >I want to setup four VPN tunnels from my office to four different homes. >I have Dachstein running on each lokation, but I haven't got CD on >any of them so I have to use disk version. >My question is should I use IPSec 1.91 or Cipe? IPSec is hard to fit >on Dachstein with SSH. >Are there compability issues if I would like to connect a "Road >Warrior" in the future? >If I should go with IPSec how can I lose 20 k more from the disk? I >have removed all modules I don't need, both dhcp packages, >mkhostkeyfrom ssh and readme.txt. >I like weblet and dnscache, don't want to lose them. > > >TIA > >Pär Johansson >-- > > >___ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] IPSec.lrp vs Cipe.lrp
Well I can't see what else you can remove - except comments from the configuration files ;) but I doubt that is gonna do it. You could always try using 1743K disks. This is not recommended as it can lead to a lot of useless diskettes - and non booting systems, plus some floppy drives don't like them. If you do go this route you may need to put the syslinux bootloader on the diskettes again as I have had problems using 1743K images without running syslinux on the disks again - it just gave me boot errors. Its available here... http://syslinux.zytor.com/ Your other option is using a dual floppy boot. S >From: Pär Johansson <[EMAIL PROTECTED]> >To: LEAF <[EMAIL PROTECTED]> >Subject: [Leaf-user] IPSec.lrp vs Cipe.lrp >Date: Wed, 5 Dec 2001 16:58:36 +0100 > >Hi >I want to setup four VPN tunnels from my office to four different homes. >I have Dachstein running on each lokation, but I haven't got CD on >any of them so I have to use disk version. >My question is should I use IPSec 1.91 or Cipe? IPSec is hard to fit >on Dachstein with SSH. >Are there compability issues if I would like to connect a "Road >Warrior" in the future? >If I should go with IPSec how can I lose 20 k more from the disk? I >have removed all modules I don't need, both dhcp packages, >mkhostkeyfrom ssh and readme.txt. >I like weblet and dnscache, don't want to lose them. > > >TIA > >Pär Johansson >-- > > >___ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] SNMP from Wireless Hub
Richard: Heya. I'll update the fwlog.pl processor at echogent.com so that it offers some advice about packets like these. Charles' advice about how to handle them is good, but I don't think it goes far enough. Here's the "reduce my log noise" from the echowall.rules file. Please note that these rules go *at the very end* of the ipchains setup: # -- # -- Step 12: The very last rules allow anything on the LAN not # -- affected by a DMZ filter to pass, as well as a "Log everything # -- that's not been allowed in by an above rule and is about to be # -- denied" sort of rule. But first, block some harmless log-noise # -- makers that may have made it this far. # #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 255.255.255.255 -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 67 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 68 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 80 -p tcp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 137 -p tcp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 137 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 138 -p tcp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 138 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_EXT -d 0/0 520 -p udp -j DENY #LASTRULES#$IPCHAINS -A input -i $IF_INT -s $NW_INT -j ACCEPT #LASTRULES#$IPCHAINS -A input -i $IF_EXT -s 0/0 -l -j DENY Note that the first one there essentially drops anything, without logging, headed for a broadcast address. I've been lobbying for this collection to be incorporated into the standard Dachstein release. Alas, in time, perhaps. -Scott > I get a lot of these: > > Dec 3 22:55:57 oldbox kernel: Packet log: input REJECT eth1 PROTO=17 > 192.168.77.250:1717 255.255.255.255:162 L=96 S=0x00 I=43029 F=0x > T=31 (#65) > > where 192.168.77.250 is the IP address of my wireless hub. I don't think > I can turn off the behavior in the hub, and I'd rather that the REJECTS > not fill the logs (I get 6-7 entries per hour). > > I'm running the tried and true EigersteinBETA2, and yes, eth1 is the > internal adapter. What's the best approach to take with this stuff? > permit internally? Turn off logging? make a special rule in > ipfilter.conf? > > I'm open to suggestions. > > Richard Minutillo > [EMAIL PROTECTED] > > Oh and BTW, thanks to Paul Rimmer for his suggestion about the port 53 > stuff. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] LEAF on IDSL
I have a number of sites which are getting IDSL service from Conectiv Communications using Cisco 802 routers. These devices get their IP address via DHCP from the ISP and NAT the inside addresses. I'd like to replace the Cisco router with Dachstein so I can use FreeS/Wan at these locations. To do this I know I need to add an ISDN WAN card to Dachstein and duplicate the communications protocol. Since the BRI is doing PPP encapsulation, I presume this means I have PPPoE to contend with. Has anyone tried to replace a Cisco 802 router supporting IDSL with a LEAF router? Any help on this would be greatly appreciated. If I get this working, my next question is going to be "does anyone need Cisco 800 series routers?". Roger McClurg ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Passive FTP Working fine with Dachstein 1.0.1
Charles Steinkuehler wrote: > > > This solution works perfectly and people are able to connect into my > server. My one issue with network.conf is that when I was using the > following lines, the port forwarding did not work. (I know the lines are > commented right now, that is not the problem :-) ) > > #FTP Server > > #INTERN_SERVER2="-a -P tcp -L $EXTERN_IP 21 -R 192.168.1.2 21" > > #INTERN_SERVER3="-a -P tcp -L $EXTERN_IP 21000 -R 192.168.1.2 21000" Charles isn't there a way for this user to autoforward his range of ports rather than have 1 entry for each of the 20 ports? Bob, when you get around to it, you might consider opening up 100 ports or so. If you or anyone else downloads 20 files and does a few directory searches, you can soon run out of passive ports. I can't verify that it will occur on your setup, as your kernel may handle releasing/reusing ports better than mine. But I've seen it happen. Something just to note. Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] some clarifications about cd images
Syed Irfan wrote: > i have downloaded oxygen cd iso and about to download dachstein-cd iso > the onygen iso is about 600M and dachstein-cd iso is about 18.9M > why is oxygen 600M, i dont understand The reason the Oxygen CDROM is 600M is because it includes a lot of things OTHER than just the Oxygen distribution. Included on the CDROM are: * Documentation in /docs * Kernel sources and patches in /kernel * Source code to every package I can lay hands on - /src * Every package I've done and a few besides (278 at current count) - /pkg * Package archives, including Koon Wong's and others * Red Hat Compatability RPMs to allow you to compile for glibc 2.0 on a glibc 2.1 system * A lot of historical Oxygen images The Dachstein CDROM is 18M because it doesn't include all the extras. I'm working on a CDROM that will be under 150M to fit on one of those tiny CDROMs we're starting to see it'll have a lot of resources but less of the pure development stuff. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Passive FTP Working fine with Dachstein 1.0.1
Thanks Charles, At least that explains it. :-) - Original Message - From: "Charles Steinkuehler" <[EMAIL PROTECTED]> To: "Bob Smith" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, December 05, 2001 12:26 PM Subject: Re: [Leaf-user] Passive FTP Working fine with Dachstein 1.0.1 > > This solution works perfectly and people are able to connect into my > server. My one issue with network.conf is that when I was using the > following lines, the port forwarding did not work. (I know the lines are > commented right now, that is not the problem :-) ) > > #FTP Server > > #INTERN_SERVER2="-a -P tcp -L $EXTERN_IP 21 -R 192.168.1.2 21" > > #INTERN_SERVER3="-a -P tcp -L $EXTERN_IP 21000 -R 192.168.1.2 21000" > > The scripts stop at the first missing number, and they start counting from > zero, so without INTERN_SERVER0 and INTERN_SERVER1 defined, the rest of your > server settings will be ignored. > > This is kind of a pain, and an artifact of the broken sort command on > earlier systems... > > If anyone wants a project, you could work on adapting the walklist function > to support missing numbers and send me the code... > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Passive FTP Working fine with Dachstein 1.0.1
> This solution works perfectly and people are able to connect into my server. My one issue with network.conf is that when I was using the following lines, the port forwarding did not work. (I know the lines are commented right now, that is not the problem :-) ) > #FTP Server > #INTERN_SERVER2="-a -P tcp -L $EXTERN_IP 21 -R 192.168.1.2 21" > #INTERN_SERVER3="-a -P tcp -L $EXTERN_IP 21000 -R 192.168.1.2 21000" The scripts stop at the first missing number, and they start counting from zero, so without INTERN_SERVER0 and INTERN_SERVER1 defined, the rest of your server settings will be ignored. This is kind of a pain, and an artifact of the broken sort command on earlier systems... If anyone wants a project, you could work on adapting the walklist function to support missing numbers and send me the code... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Passive FTP Working fine with Dachstein 1.0.1
Hi everyone,
Let me start off with, Great Work
Charles!
I had this working with LRP 2.9.8, and now
have it working with Dachstein, although I have a few issues with
network.conf.
To start off, I am using Guild FTP
(freeware). This software which has one drawback (besides being Windows
based), it does not run as a service in Windows NT/2000/etc. I am playing around
with some utilities to get around this, but I can live with it. Another good
choice is to pay the $30 and get Bulletproof FTP. The big thing about these FTP
servers is that you can specify the ports that are used with Passive FTP. I use
10 ports in the 20,000 range.
One other thing that is required for your
FTP to work, is a client that supports passive tranfers. I really like CuteFTP,
since it also integrates with the Windows shell.
I put the following into the IPChains
portion of network.conf:
#FTP running on Port 21
EXTERN_TCP_PORT0="0/0 21"EXTERN_TCP_PORT1="0/0
21000"EXTERN_TCP_PORT2="0/0 21001"EXTERN_TCP_PORT3="0/0
21002"EXTERN_TCP_PORT4="0/0 21003"EXTERN_TCP_PORT5="0/0
21004"EXTERN_TCP_PORT6="0/0 21005"EXTERN_TCP_PORT7="0/0
21006"EXTERN_TCP_PORT8="0/0 21007"EXTERN_TCP_PORT9="0/0
21008"EXTERN_TCP_PORT10="0/0 21009"EXTERN_TCP_PORT11="0/0
21010"
And the following into the Port Forwarding section of network.conf
INTERN_SERVERS="tcp_${EXTERN_IP}_21_192.168.1.2_21
tcp_${EXTERN_IP}_21000_192.168.1.2_21000 tcp_${EXTERN_IP}_21001_192.168.1.2_21001 tcp_${EXTERN_IP}_21002_192.168.1.2_21002 tcp_${EXTERN_IP}_21003_192.168.1.2_21003 tcp_${EXTERN_IP}_21004_192.168.1.2_21004 tcp_${EXTERN_IP}_21005_192.168.1.2_21005 tcp_${EXTERN_IP}_21006_192.168.1.2_21006 tcp_${EXTERN_IP}_21007_192.168.1.2_21007 tcp_${EXTERN_IP}_21008_192.168.1.2_21008 tcp_${EXTERN_IP}_21009_192.168.1.2_21009 tcp_${EXTERN_IP}_21010_192.168.1.2_21010"
This solution works perfectly and people are able to connect into my
server. My one issue with network.conf is that when I was using the
following lines, the port forwarding did not work. (I know the lines are
commented right now, that is not the problem :-) )
#FTP Server#INTERN_SERVER2="-a -P tcp -L $EXTERN_IP 21 -R 192.168.1.2
21"#INTERN_SERVER3="-a -P tcp -L $EXTERN_IP 21000 -R 192.168.1.2
21000"#INTERN_SERVER4="-a -P tcp -L $EXTERN_IP 21001 -R 192.168.1.2
21001"#INTERN_SERVER5="-a -P tcp -L $EXTERN_IP 21002 -R 192.168.1.2
21002"#INTERN_SERVER6="-a -P tcp -L $EXTERN_IP 21003 -R 192.168.1.2
21003"#INTERN_SERVER7="-a -P tcp -L $EXTERN_IP 21004 -R 192.168.1.2
21004"#INTERN_SERVER8="-a -P tcp -L $EXTERN_IP 21005 -R 192.168.1.2
21005"#INTERN_SERVER9="-a -P tcp -L $EXTERN_IP 21006 -R 192.168.1.2
21006"#INTERN_SERVER10="-a -P tcp -L $EXTERN_IP 21007 -R 192.168.1.2
21007"#INTERN_SERVER11="-a -P tcp -L $EXTERN_IP 21008 -R 192.168.1.2
21008"#INTERN_SERVER12="-a -P tcp -L $EXTERN_IP 21009 -R 192.168.1.2
21009"#INTERN_SERVER13="-a -P tcp -L $EXTERN_IP 21010 -R 192.168.1.2
21010"
And the Autoforward did not seem to work either.
#FTP passive ports for requests on Port 21#INTERN_AUTOFW0="-A -r tcp
21000 21010 -h 192.168.1.2"
I think that the new options in network.conf are great, but it will take me
a little while to sift through everything, to fully understand them. :-)
Cheers
[Leaf-user] IPSec.lrp vs Cipe.lrp
Hi I want to setup four VPN tunnels from my office to four different homes. I have Dachstein running on each lokation, but I haven't got CD on any of them so I have to use disk version. My question is should I use IPSec 1.91 or Cipe? IPSec is hard to fit on Dachstein with SSH. Are there compability issues if I would like to connect a "Road Warrior" in the future? If I should go with IPSec how can I lose 20 k more from the disk? I have removed all modules I don't need, both dhcp packages, mkhostkeyfrom ssh and readme.txt. I like weblet and dnscache, don't want to lose them. TIA Pär Johansson -- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dnscache & w2k servers ???
Not sure if this makes any difference in your situation, but Win2k does client-side DNS caching (and negative caching, I believe) To disable for testing: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q245437 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] dnscache & w2k servers ???
Normally, we've been setting up all systems with dhcp and assigning dns servers thusly: 192.168.1.254 # firewall, w/dnscache x.y.z.2 # ISP assigned dns server(s) x.y.z.3 ... I suppose, our theory is, if dnscache gets trashed, at least dns queries will continue to function within the environment. Normally, this works great and dnscache gets a good workout and we cannot see any failover to ISP assigned dns servers. In one of our environments, our customer is running win2k servers & active directory services. In this particular environment, (nearly) all dns queries get handled by the second (x.y.z.2) dns server specified. Of course, if we remove all dns servers other than the firewall/dnscache, then dnscache gets all of the requests and handles them accordingly. H:\>nslookup www.lrp.com *** Can't find server name for address 192.168.1.254: Non-existent domain *** Default servers are not available Server: UnKnown Address: 192.168.1.254 Non-authoritative answer: Name:www.lrp.com Address: 208.218.136.74 We've seen this non-existent domain on other wintel boxen; but, dnscache continues to function properly. Note, this example is without any additional dns servers defined. As you know, active directory services requires that m$oft dns run on the primary domain controller (or, whatever ADS has transmogrified PDC to). The only other oddity in this environment is that, inside the firewall, there is a Cisco router: Internet | firewall/dnscache | Cisco router || | subnet1 subnet2 subnet3 ... What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] OT: Request for info on mini distribution
Hi All This is slightly OT I think, but I would expect some interesting feedback. I want to set-up a laptop (32-64Mb) with a small (and quick to boot!!) OS which allows me to dialup, via a PCMCIA modem, my ISP and then using a browser look at my Ebay/Yahoo/QXL auctions and be able to manage them, also to login via Web email again from the browser (needs Java plugin) to view my emails. That's it really. I know a Jornada 7XX will do it for me, but I have a couple of lower spec laptops which will save me forking out for the Jornada. So any suggestions on a packaged version of Linux + browser which is small would be appreciated. Peter - Peter Stokes Ashlyn Computer Services Ltd Tel: +44 (0)1636-627900 Fax: +44 (0)1636-627909 Mbl: +44 (0)7977-532320 Web: http://www.ashlyn.co.uk - ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] 386 support in Dachstein ?
> I was wondering if there is a Dachstein version of the 2.2.19 kernel that has the 386-noFPU support? Not at this time...sorry Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] E2B DMZ_SWITCH=PRIVATE
> Hi Charles, thanks very much for your response. Assuming that I had
> badly misconfigured the box, I have downloaded E2B (EigerStein2BETA.exe)
> again and started configuration from scratch.
OOPS! Big problem...the Eiger images do NOT support any advanced DMZ
settings. You need to either switch to one of the Dachstein releases (CD or
floppy), or install the extended scripts to get support for a private DMZ.
> After correcting my errors in DMZ_SERVERn entries and placing the DMZ on
> a network separate from the two internal interfaces, the DMZ
> configuration block looks like:
>
> DMZ_SWITCH=PRIVATE
> DMZ_IF="eth3"
> DMZ_NET=172.20.0.0/16
> DMZ_OUTBOUND_ALL=YES
> DMZ_SERVER0="tcp ${EXTERN_IP} www 172.20.0.1 www"
> DMZ_SERVER1="udp ${EXTERN_IP} www 172.20.0.1 www"
This all looks OK, once you get the right scripts in place...
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Migrating Dachstein 1.0.2-CD to harddrive?
> I would like to run Dachstein on a harddrive or flashcard. With the old > Eigerstein2B it wasn't too hard to do. Are there a lot of fundamental > changes required to get the Dachstein image to boot off a harddrive? It should be pretty much exactly like running Eiger off a HDD or flash. One added benifit to Dachstein: it already has support for boot-time loading of modules (see the SCSI section of my HDD HOWTO). This means you can simply put modules in /boot/lib/modules, edit /boot/etc/modules, backup root, and support whatever wacky hardware you want to boot from... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] some clarifications about cd images
Oxygen CD may be considered as a 'Developper's CD for LEAF' May also be used as a Tiny/Small server. Dachstein-CD is Filewall/Router oriented. Hope this clarifies! -Original Message- From: Syed Irfan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 05, 2001 1:37 PM To: LRP/LEAF Mailing List Subject: [Leaf-user] some clarifications about cd images hi i have downloaded oxygen cd iso and about to download dachstein-cd iso the onygen iso is about 600M and dachstein-cd iso is about 18.9M why is oxygen 600M, i dont understand suggessions please thanks syed irfan _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] some clarifications about cd images
hi i have downloaded oxygen cd iso and about to download dachstein-cd iso the onygen iso is about 600M and dachstein-cd iso is about 18.9M why is oxygen 600M, i dont understand suggessions please thanks syed irfan _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
