[Leaf-user] DCD, ipsec tunnel testing ???
OK, I'm getting the hang of this -- happy new year! Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways, seperated by the big, bad internet ; I remain confused, however, *how* to test the encryption. Yes, I understand how, if both boxes were local and I could place a 3rd in between; but, I cannot do that here. While I'm on 192.168.123.110 (not a DCD firewall/gateway) I do this: ping -p feedfacedeadbeef 192.168.1.20 Then, I goto the other side (192.168.1.254, the remote DCD firewall/gateway) and do this: tcpdump -tx icmp However, I get this: tcpdump: listening on ipsec0 192.168.1.20 192.168.123.110: icmp: echo reply 4500 0054 664b 7f01 d78a c0a8 0114 c0a8 7b6e ff15 6d42 3c31 6ffe 5b58 feed face dead beef feed face dead beef feed face dead beef feed face dead beef But, I never get any echo requests! If I do this: ping -p feedfacedeadbeef 192.168.123.130 from 192.168.123.110 and do this: tcpdump -tx icmp from 192.168.123.130, then I see this: tcpdump: listening on eth0 192.168.123.110 192.168.123.130: icmp: echo request 4500 0054 3ea7 4001 c3c0 c0a8 7b6e c0a8 7b82 0800 42fd 7142 3c31 701a 0008 0b4d feed face dead beef feed face dead beef feed 192.168.123.130 192.168.123.110: icmp: echo reply 4500 0054 f096 ff01 52d0 c0a8 7b82 c0a8 7b6e 4afd 7142 3c31 701a 0008 0b4d feed face dead beef feed face dead beef feed Yes, I know that the FreeS/WAN FAQ emphatically states that this scenario, testing with tcpdump on either gateway, will be confusing; but, however else can I test this setup? What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] dachstein cd 1.0.2: modules are unavailable
complete LRP newbie here. i'm trying to set up dachstein cd 1.0.2. reading the comments in /etc/modules, it looks like cdrom:/lib/modules is supposed to be mounted on /lib/modules in the ramdisk. that's not happening. as a result, none of the modules i specify in /etc/modules are loading. can someone help me out here? with the /dev/cdrom improvements of 1.0.2, it seems like this sort of thing should be working out of the box rather than try to hack it to work. pete -- PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D PGP Public Key: finger [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
Peter Jay Salzman [EMAIL PROTECTED] wrote: complete LRP newbie here. i'm trying to set up dachstein cd 1.0.2. reading the comments in /etc/modules, it looks like cdrom:/lib/modules is supposed to be mounted on /lib/modules in the ramdisk. Dachstein takes care of this for you so there must be some other problem. 1.) Uncomment the Ethernet modules you need. Many of the newer PCI base ethernet modules require a pci-scan module. Uncomment the supporting modules too! 2.) Next hurdle is the new way of thinking with a LEAF distribution. The whole OS is all contained in memory. So even though you saved your changes, they will not survive a reboot. But on the flip side that's great because if there is a problem a person just reboots. What this means to you is that you many not be using the backup menu to save the changes you just made to the modules file. Please use lrcfg--you boot into it as root--and select the b option for Back-up. Use d modules and t modules to set the destination and type of backup respectfully. d should be floppy and t should be partial. You will use this technique later when you master the modules and start configuring other packages. 3.) Make sure you have some sort of configuration option on your floppy. I can boot from a cdrom so I only have a lrpkg.cfg file containing the single line with out quotes of etc,local,modules,ramlog,dhclient,dnscache,dhcpd,weblet,lncurses,vim. This is a good newbie configuration. 4.) reboot 5.) See if you have ethernet connectivity. If so continue on configuring the rest of the modules. 6.) Report back and let us know if you have success. 7.) Most of all give yourself patience. It is worth the wait to get your feet wet with a leaf distro. LOL we were all newbies once except people like Ray O., Charles S., and Dave Douthitt. They just know. that's not happening. as a result, none of the modules i specify in /etc/modules are loading. can someone help me out here? with the /dev/cdrom improvements of 1.0.2, it seems like this sort of thing should be working out of the box rather than try to hack it to work. pete ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
Peter Jay Salzman wrote: complete LRP newbie here. i'm trying to set up dachstein cd 1.0.2. reading the comments in /etc/modules, it looks like cdrom:/lib/modules is supposed to be mounted on /lib/modules in the ramdisk. that's not happening. as a result, none of the modules i specify in /etc/modules are loading. can someone help me out here? with the /dev/cdrom improvements of 1.0.2, it seems like this sort of thing should be working out of the box rather than try to hack it to work. pete Modules can load from the cdrom on dachstein. When I do an # ls /lib/modules it is empty because the modules were loaded into memory from the cd. to test which modules are loaded use lsmod hanroute: -root- # lsmod Module PagesUsed by ip_masq_vdolive 1180 0 (unused) ip_masq_user3708 0 (unused) ip_masq_raudio 2980 0 ip_masq_portfw 2416 2 ip_masq_mfw 3196 0 ip_masq_h3236280 0 (unused) ip_masq_ftp 3576 0 ip_masq_autofw 2476 0 (unused) tulip 32424 2 pci-scan2300 0 [tulip] isofs 17692 0 ide-cd 22672 0 cdrom 26712 0 [ide-cd] What kind of problem are you having loading modules? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
hi victor and greg, begin Greg Morgan [EMAIL PROTECTED] Peter Jay Salzman [EMAIL PROTECTED] wrote: reading the comments in /etc/modules, it looks like cdrom:/lib/modules is supposed to be mounted on /lib/modules in the ramdisk. Dachstein takes care of this for you so there must be some other problem. ok, so /lib/modules *should* be empty? that's the first thing that's gone right today. i've had 3 floppies in a row fail on me. i was getting ready to make a trip out to frys to buy a new drive when my girlfriend pulled out a brand new floppy and it worked. i swear floppies were more reliable a few years ago. 1.) Uncomment the Ethernet modules you need. Many of the newer PCI base ethernet modules require a pci-scan module. Uncomment the supporting modules too! ok, truth be told, i didn't configure /etc/modules because i was thinking that /lib/modules being empty was a show stopper. i'll go back and start configuring modules right now. one question -- i grok the concept of the filesystem going away unless it's backed up to floppy. what i don't grok so much is the concept of partial backups. the readme file on the cd is confusing. what i'd LIKE to think is that anything i modify will be packaged up in its own etc.lrp file on the floppy and untarred over the /etc generated by the cd version of etc.lrp. however, the one thing i did manage to gather from the readme file is that it's not quite this simple. can you tell me a little bit about how partial backups work? (good stuff snipped) ok, i'll go back and follow the instructions. wish me luck! 7.) Most of all give yourself patience. It is worth the wait to get your feet wet with a leaf distro. thanks for saying this. the gumption factor was pretty low this morning! :) pete -- PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D PGP Public Key: finger [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
Peter Jay Salzman wrote: snip one question -- i grok the concept of the filesystem going away unless it's backed up to floppy. what i don't grok so much is the concept of partial backups. the readme file on the cd is confusing. what i'd LIKE to think is that anything i modify will be packaged up in its own etc.lrp file on the floppy and untarred over the /etc generated by the cd version of etc.lrp. however, the one thing i did manage to gather from the readme file is that it's not quite this simple. can you tell me a little bit about how partial backups work? snip For the etc.lrp I choose full backup. Partial backups have just been introduced with the CD release. I have not hacked a package but this is my conceptial idea of what Charles has just done. Before a full backup of the package was required. With the current version the boot scripts have been modified to read the binary stuff and the config seperately. A partial backup puts all the config stuff on a floppy. It overrides the config stuff that is on the cdrom package. The cdrom package is loaded then your config file is loaded. You will notice this one day as you see linuxrc do its magic. If you are still uncomfortable with this idea of partials, start using fullback ups and at a later point when things work migrate to partials. The whole point of either option is to save room on small foot print disks like floppies. LEAF distros are studies in micro engineering. I am excited about the CDrom versions because I loose lots of 168K formatted to Arizona dust bunnies. The normal 144k format seems to be be more dust resistant. Some time in 2002 I want to burn a CD with all my changes. My config doesn't change that much. (LOL the wife and kids hate it when I play.) The floppy would be there for just a place holder so that dachstein can boot. Finally, I take my floppy and copy it all to a directory on the windows/samba server. It is after all an msdos formatted disk. If you lose a floppy just make a new one off the windows directory and you're back in business. I hope this helps, Greg Morgan ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: Your DMZ setup on LRP
Subject: Your DMZ setup on LRP
Date: Tue, 1 Jan 2002 22:54:49 UT
I was just wondering if you could post a .LRP package of the files you
had to modify in order to get your setup to work.
I could benefit from them and I am sure many others would as well.
Happy New Year!!
Scott
--
Scott Palmer
By no way am I an expert on LRP. I just started using it last week becuase
I did not have enough money to buy a Linksys router.
I can show what I have if it can help.
I am using the Dachstein image
kernal 2.2.19 that I got from http://lrp.steinkuehler.net
I added 3 network cards eth0 eth1 are as normal for a simple setup for
external and private lan.
eth2 which is the NIC for the DMZ
I use a crossover cable to connect to the DMZ system.
here is the script.
eth2_IPADDR=192.168.10.254
eth2_MASKLEN=24
eth2_BROADCAST=+
eth2_IP_SPOOF=YES
eth2_IP_KRNL_LOGMARTIANS=YES
eth2_IP_SHARED_MEDIA=NO
eth2_BRIDGE=NO
eth2_PROXY_ARP=NO
eth2_FAIRQ=NO
EXTERN_TCP_PORTS=0/0_80
###
# DMZ setup (optional)
###
# Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
DMZ_SWITCH=PRIVATE
DMZ_IF=eth2
DMZ_NET=192.168.10.0/24
DMZ_OPEN_DEST= udp_${DMZ_NET}_domain
tcp_${DMZ_NET}_domain
icmp_${DMZ_NET}_:
tcp_${DMZ_NET}_www
tcp_192.168.10.22_www #this is the dmz system
# PRIVATE DMZ switches
###
# Services port-forwarded to the DMZ network
# Indexed list: Protocol LocalIP LocalPort RemoteIP [ RemotePort ]
DMZ_SERVER0=udp ${EXTERN_IP} domain 192.168.2.12 domain
DMZ_SERVER1=tcp ${EXTERN_IP} domain 192.168.2.12 domain
DMZ_SERVER1=tcp ${EXTERN_IP} 80 192.168.10.22 80
DMZ_SERVER4=tcp ${EXTERN_IP} www 192.168.10.22 www
# Allow all outbound traffic from DMZ (YES)
# or just traffic from port-forwarded servers (NO)
DMZ_OUTBOUND_ALL=YES
Dont forget to set the DMZ system up correctly.
The default gateway must be the IP of eth2 ie 192.168.10.254.
I hope this does not cause more trouble.
_
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Linux kernel IP masquerading vulnerability possible in Dachstein CD V1.0.2?
Just curious, I was reading up on www.pigtail.net/LRP and found he posted something about this vulnerability. Is this a problem with Dachstein? I am using the kernel 2.2.19 without any mod to IP masq. Here is the link which states the issue (which sort of makes it sound like Dachstein is also vulnerable) http://www.pigtail.net/LRP/ip_masq_vulnerability.html BTW, does anybody know where there might be a link to search leaf-user mail list on Geocrawler, similar to the one listed for linux-router at http://c0wz.steinkuehler.net/ (there is a link there titled Search the LRP list on Geocrawler:) which works great. Haven't had much luck in searching the leaf-user list, other than page by page which ends up putting me to sleep! J/K Thanks for any help. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
One more idea is to use some of the other documentation. Take a look at http://nw-hoosier.dyndns.org/rlohman/linux/firewall/index.html. Don't forget to wonder around leaf.sourceforge.net. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] dachstein cd 1.0.2: keyboard and cdrom errors
during kernel bootup, i get the following error:
AT keyboard timed out
Is keyboard present?
the connection is good, the keyboard works when i go into bios, and it
also works with a configured eigerstein LRP floppy that i have. the
machine in question is a very old pentium 66.
a few days ago, i tried out 1.0.1 (before i knew about 1.0.2), and it
kind of worked with that. kind of meaning that sometimes it did,
and sometimes it timed out. this is pretty consistant.
when i insert the dachstein cd and boot floppy in any other machine in
the house, the keyboard works fine. i've been configuring it on another
machine in the meantime, but eventually, i'd like to use dachstein on my
firewall.
also, when linuxrc does its stuff (loading the .lrp files), i get many,
many non-fatal errors that look like:
cdrom_decode_status { DriveReady SeekComplete error }
eventually, it works after printing
ATAPI reset complete
this isn't fatal -- everything eventually gets loaded, but it takes a
very long time. note that the errors don't appear when the modules are
loading.
any words of wisdom?
pete
--
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
PGP Public Key: finger [EMAIL PROTECTED]
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
This is an excellent How-to --- one I plan to base my upcoming docs off of --- IF it ever comes back on line. I have tried accessing it for the last few days, and it comes up dead Dan Quoting Greg Morgan [EMAIL PROTECTED]: One more idea is to use some of the other documentation. Take a look at http://nw-hoosier.dyndns.org/rlohman/linux/firewall/index.html. Don't forget to wonder around leaf.sourceforge.net. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Linux kernel IP masquerading vulnerability possibleinDachstein CD V1.0.2?
Steve Jeppesen wrote: BTW, does anybody know where there might be a link to search leaf-user mail http://www.mail-archive.com/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] dhcp won't create default route
Title: Message I am using Eigerstein2beta with dhclient 2.0pl5. I can get an IP from my cable provider just fine, however, no proper default route is assigned (it appears as 0.0.0.0) when I manually set a default route, all is well and client machines can access the internet through the router. Anyone have any suggestions as to whats happening?
[Leaf-user] PPTP setup
I need info on setting up PPTP deamon on DachsteinCD 1.0.2 Any howtos or replies would be greatly appreciated. You guys have got me where I am today... hehehe .. take it for what its worth. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
