RE: [Leaf-user] Draft CIPE on LRP how-to
Hi Lee, Hi all It's arrogant because I haven't been able to get cipe working myself work yet! But I think I'm pretty close and the How-to includes some troubleshooting that should help others. As I mentioned in another thread, I don't use CIPE either and didn't tried to use it yet. The only thing I tested was loading the modules and assigning an IP to the CIPE interface (and some other things). I didn't use it in real yet. But I know some people who are successfully running CIPE on LEAF with my package. They are all on the list and you may search the list for cipe and you'll find the threads. Christopher [crayon AT leechbox DOT net] John Hamill [jh AT lan1 DOT com DOT au] Etienne Charlier [ECharlier AT wanadoo DOT be] I hope those people aren't upset about my posting with their names. I've drafted this how-to on how to get Sandro Minola's ciped-1 package working on LRP (Dachstein). Etienne and John found out, that using my original ciped-1.lrp on an IDE-enabled kernel doesn't work. You'll get seg faults. I compiled the cipe binaries for IDE kernels but didn't make a package out of it. Christopher had to do this for himself because he's using an IDE enabled kernel. I asked him to send me his new package (he replaced the binaries). Both, IDE package and IDE binaries are available on my devel space: http://leaf.sourceforge.net/devel/sminola/files/devel/cipe-146-IDE/ http://leaf.sourceforge.net/devel/sminola/files/packages/ For those who speaks german (of course, others may visit it too, some things are in english anyway): My new (german) LEAF homepage is online. There is some documentation, links, files (inlcuding these mentioned above) and a forum for questions. My old one (which I'm sure some of you know) was ugly and outdated. Have a nice week --- Sandro Minola | LEAF Developer (http://leaf.sourceforge.net) mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] http://www.minola.ch| http://leaf.sourceforge.net/devel/sminola - worldcontrol:~ # rm -rf /bin/laden -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Kimber Sent: Tuesday, January 01, 2002 1:35 AM To: [EMAIL PROTECTED] Subject: [Leaf-user] Draft CIPE on LRP how-to This should be my last act of arrogance in 2001 ;-) I've drafted this how-to on how to get Sandro Minola's ciped-1 package working on LRP (Dachstein). It's arrogant because I haven't been able to get cipe working myself work yet! But I think I'm pretty close and the How-to includes some troubleshooting that should help others. If anyone interested in cipe could have a look at it and tell me if there are any obvious errors, I will update it and make it available. Once I've got cipe working, I'm going to turn my attention to IPsec and will write that up as it goes along if there is a demand. Happy New Year everyone and thanks to Charles, Sandro and the many others who work so hard to make this stuff available. Lee CIPE on LRP how-to -Getting and installing the software- Grab the latest ciped-1 package from Sandro Minola's package archive at: http://leaf.sourceforge.net/devel/sminola/files/packages Save it to your LRP floppy and tell LRP to call it on boot by editing either syslinux.cfg (if you boot LRP from a floppy) or the lrpkg.cfg (if you boot from a floppy or a CD) file. Edit it by adding ciped-1 to the end of the line that starts LRP= -Configuring cipe on LRP- Boot the system and make sure that cipe is being loaded. If it is, you should see error messages in the boot display that show that cipe is unable to load the cipe modules using the parameter my.hostname.here and peer.hostname.here. This is a good sign. It means that the ciped-1 package has dumped the cipecb module in the /lib/modules directory and the options files into the /etc/cipe directory. The two options files in the /etc/cipe directory are used to configure two cipe tunnels. We only need to configure one tunnel. (Is that right?) We're going to assume that you want to use cipe to link two subnets, each of which is attached to eth1 of each of your LRP firewalls. Firewall 1's eth1 subnet is 192.168.1.0/24 and Firewall 2's eth1 subnet is 192.168.2.0/24. The network looks like this: (clean up ASCIIgram!) 192.168.1.254 eth1 ---+--| |--+- eth1 192.168.2.254 |Firewall 1+- eth0 111.22.333.4-WAN-111.22.333.55 eth0 --+Firewall 2| 192.168.1.253 cipcb0 -+--| |--+- cipcb0 192.168.2.253 You tell cipe this information either by using LRP's lrcfg menu system and going to Packages | CIPE | Options or by using vi to edit the options files in each firewall's /etc/cipe directory On Firewall 1 /etc/cipe/options.cipcb0 should look like this: # the peer's IP address ptpaddr 192.168.2.253 # our CIPE device's IP address ipaddr 192.168.1.253 # my UDP address. Note: if you set port
Re: [Leaf-user] Network Card Problem
Don't forget to check/validate the HW. Make sure you swap out the cable. I have often seen a cable with a bad pin on either the tx or rx sides - usually oxidation on the connectors. Remember that the link light only denotes connectivity one-way so you can have a light at one end and still have a bad cable. Offhand, I do not recall if the local link light means rx ok or tx ok. (anyone???) (You can also have nasty stuff like split pairs where the wires can test ok on a pair scanner but won't transfer data at substantial rate or distance - but seeing as you don't see any data one-way I presume this is not the problem.) dbc. On Mon, 31 Dec 2001, Patrick Nixon wrote: Hello All, I briefly mentioned a few weeks ago a problem I'm having with a specific network card, however, no one had any solid advice and I wasn't sure what the exact problem was so I'm reposting with a bit more information I hope. NIC: 3Com 3C920 Integrated network Card (lists as a 3c905C-TX in some systems) System: Dell Optiplex GX150 Problem: Despite a successful loading of the module 3c59x.o I am unable to receive any data over the network interface. from netstat -i I can see that it's transmitting, just not receiving properly. I have RedHat 7.2 with Kernel 2.4.3-7 running on an identical system, with a 'different' 3c59x.o module and that system is happyhappy. Ideas/suggestions/whathaveyous? --Pat ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user -- David B. Cook, [EMAIL PROTECTED] The only thing Windows this software came close to had an X in front of it. ... Open Source, we play by the rules. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: keyboard and cdrom errors
Even if the keyboard is not your specific problem, eliminate it. Your firewall is a server that is available by SSH so there is no need for keyboards cluttering up you area. If your pc does not have BIOS support for booting without the keyboard Find an old keyboard and rip it open. **If** you find a small circuit board with flat ribbon connecting it to the keyboard **PROCEED**. (In other words, detachable from the circuit board). Rip it out and keep just the cable and the circuit board. Wrap it up nice with electrical tape and plug it into the pc. It should be happy booting without keyboard messages. Access happily from your network. dbc. On Tue, 1 Jan 2002, Peter Jay Salzman wrote: during kernel bootup, i get the following error: AT keyboard timed out Is keyboard present? the connection is good, the keyboard works when i go into bios, and it also works with a configured eigerstein LRP floppy that i have. the machine in question is a very old pentium 66. pete -- David B. Cook, [EMAIL PROTECTED] The only thing Windows this software came close to had an X in front of it. ... Open Source, we play by the rules. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with a webserver on a DMZ network.
It seems I got things working now I can connect to the webserver using my puplic IP I cant use the public IP from the LAN. I have to use the private IP of the box on the DMZ. I can live with that. This is how it's supposed to work... With a private port-forwarded DMZ, there's no way to get DMZ systems to use public IP's to talk to other DMZ systems without bizzare routing tricks. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: keyboard and cdrom errors
begin David B. Cook [EMAIL PROTECTED] Even if the keyboard is not your specific problem, eliminate it. Your firewall is a server that is available by SSH so there is no need for keyboards cluttering up you area. unfortunately, i'm configuring the firewall right now (as in setting up the networking parameters) so ssh doesn't work quite yet. a keyboard would be useful. :-) a friend gave me an old pentium II/233. perhaps my old pentium I/66 outlived its usefulness. i rebooted dachstein on the new machine with no problems (and boy was it faster). it kind of sucks that i had trouble with older hardware; seems like the very thing that LEAF should thrive on. on the upside, boot time is now cut by a third. and my firewall would be able to accept/reject packets VERY QUICKLY. :) with only 2 days till school starts again, i want this firewall up asap... pete ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD ipsec _updown ???
[1] Am I correct that _updown script is *modified* by somebody leaf/lrp to accommodate ipchains, as opposed to the default ipfwadm? Perhaps, that script should include some brief attribution of this non-standard modification? Is there some reason to modify this, as opposed to using a custom script and [left|right]updown=, as recommended by FreeS/WAN? _updown was modified by me (package/distribution maintainer) so it would work as-is in the existing distribution, which seems like the expected behavior. The FreeS/WAN advice still applies: if you're going to change _updown (as a user), you should probably re-name it. Changes to various IPSec scripts are noted on the IPSec package page of my website. [2] Am I correct that there is *no* need to set DCD network.conf settings: EXTERN_PORTS= EXTERN_PROTO[0..9]= since _updown does this by itself? You can add these manually, or let _updown do it for you...you have to decide which is better in your environment. NOTE: If you let _updown create the firewall rules, your VPN links will all go down if you ever manually re-load the firewall rules (ie: net ipfilter reload). [3] The only change required to network.conf is this? EXTERN_UDP_PORTS=network/mask_500 Yes, if you're using [left|right]firewall=yes Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
reading the comments in /etc/modules, it looks like cdrom:/lib/modules is supposed to be mounted on /lib/modules in the ramdisk. that's not happening. as a result, none of the modules i specify in /etc/modules are loading. can someone help me out here? with the /dev/cdrom improvements of 1.0.2, it seems like this sort of thing should be working out of the box rather than try to hack it to work. Exactly what does your /etc/modules file look like? All you should have to do is uncomment the appropritae NIC drivers...no other changes should be necessary. Are the masquerade helper modules loading? What is the output of lsmod? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, ipsec tunnel testing ???
Charles Steinkuehler wrote: Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways, seperated by the big, bad internet ; I remain confused, however, *how* to test the encryption. Yes, I understand how, if both boxes were local and I could place a 3rd in between; but, I cannot do that here. While I'm on 192.168.123.110 (not a DCD firewall/gateway) I do this: ping -p feedfacedeadbeef 192.168.1.20 snip Yes, I know that the FreeS/WAN FAQ emphatically states that this scenario, testing with tcpdump on either gateway, will be confusing; but, however else can I test this setup? Well, your existing tests have shown your network is connected, so what you really need to verify is that the data between your endpoints is really encrypted. Exactly! Recent versions of tcpdump are smart enough to be able to dump the encrypted traffic going over the physical interface without being confused. You basically want to dump the raw traffic going over your external 'net, and verify protocol 50 packets are being sent/recieved, and that the packets don't contain anything that looks like your feedfacedeadbeef ascii string. This is where I am confused! On the DCD firewalls, we have the tcpdump.lrp included w/DCD -- version 3.5. I have compiled v3.6.2 on my development box. Do *both* qualify as ``Recent versions''? If so, how do we accomplish what you outline in your last sentence? Notice, that 192.168.1.254, in my first example, is a DCD firewall/gateway with eth0 as the external interface. The DCD firewall/gateway on the other end has wanpipe as external interface, so I don't want to complicate matters -- right now -- with that variable ; The fact that tcpdump output, for icmp on ipsec0 for this DCD firewall/gateway, clearly shows ``feed face dead beef'' disturbs me ; What are we missing? If you can't get a recent enough tcpdump (I haven't had need to test IPSec this way), if your upstream link is ethernet (ie cable/xDSL), you can listen in on the traffic even if you've only got one IP. Just hook a system with an ethernet NIC up to your upstream link (you'll probably need a 'hublet' or similar to get all 3 NIC's talking)...another LEAF system will work OK. Instead of configuring the external interface on your test box, just enable it with ip link set dev eth0 up and run tcpdump. The interface will go into promiscuous mode, and recieve all traffic, even though it dosn't have an assigned IP, allowing you to sniff the actual traffic on the wire. Once we accomplish your first scenario, then this is moot -- Otherwise, we may need to go this route . . . What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
hi charles, i was under the (wrong) impression that cd:/lib/modules should aleady be mounted when the system boots. i didn't realize that all this is taken care of during the booting process. victor and greg pointed this out to me. the *other* problem was that /etc/modules didn't get backed up when i backed up etc.lrp. it took me awhile to figure this out. it gets backed up with modules.lrp. this was good old trial and error. right now my system boots correctly, and the nics are almost configured. when the system boots, i can configure them by hand. i just need to go through all options and start making the final changes and i think i'll have a working system. pete begin Charles Steinkuehler [EMAIL PROTECTED] reading the comments in /etc/modules, it looks like cdrom:/lib/modules is supposed to be mounted on /lib/modules in the ramdisk. that's not happening. as a result, none of the modules i specify in /etc/modules are loading. can someone help me out here? with the /dev/cdrom improvements of 1.0.2, it seems like this sort of thing should be working out of the box rather than try to hack it to work. Exactly what does your /etc/modules file look like? All you should have to do is uncomment the appropritae NIC drivers...no other changes should be necessary. Are the masquerade helper modules loading? What is the output of lsmod? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) -- PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D PGP Public Key: finger [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein cd 1.0.2: modules are unavailable
is there a mirror of this? it appears to be dead right now. what's the title of the document? maybe i can google for copy somewhere... pete begin Greg Morgan [EMAIL PROTECTED] One more idea is to use some of the other documentation. Take a look at http://nw-hoosier.dyndns.org/rlohman/linux/firewall/index.html. Don't forget to wonder around leaf.sourceforge.net. -- PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D PGP Public Key: finger [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dhcp won't create default route
I am using Eigerstein2beta with dhclient 2.0pl5. I can get an IP from my cable provider just fine, however, no proper default route is assigned (it appears as 0.0.0.0) when I manually set a default route, all is well and client machines can access the internet through the router. Anyone have any suggestions as to whats happening? Can you check your lease file (in /var/state/dhcp/) and verify the ISP is sending you a default route? Do you get any errors output when dhclient is starting and assigning your IP? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] How to save changes from floppy to CD???
Here's how I understand the process for the Dachstein CD, please correct me where I'm wrong. 1.) Download the CD .iso image and burn your cd with your favorite CD writing software (Nero, Adaptec, etc.). 2.) Boot from the CD to start Dachstein and load into memory. Since you'll need to (likely)or simply want to make some changes (different NIC's, etc.), the menu gives you an option to back-up your changes to a floppy??? is that right??? 3.) How do you get the changes that you've saved on your floppy on a CD??? That's where I'm really confused. Thank you very much! - Create a directory with the CD-Contents on a developemnt system...I use linux, but you can use windows if your software will properly use the floppy-disk boot image to make a bootable CD (Nero will, Adaptec CD-Createor V4 won't...don't know about others) - Do a full backup of the modified package(s) to a floppy disk - Copy the modified packages to your CD-Contents directory - Create a new CD image using appropriate software...make sure you use the bootdisk.bin disk image to make the CD bootable. The proper mkisofs command is included in the CD-ROM readme. - Burn your new CD WARNING: If you need to change root.lrp, the kernel, or any syslinux settings (including root ramdisk size), you'll need to modify the bootdisk.bin floppy-disk image...it's a plain 1.44 Meg disk image, and can be manipulated with all the normal tools (dd, winiamge, rawrite, c) If all went well, you now have a bootable CD that should require no configuration floppy. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, ipsec tunnel testing ???
Charles Steinkuehler wrote: Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways, seperated by the big, bad internet ; I remain confused, however, *how* to test the encryption. Yes, I understand how, if both boxes were local and I could place a 3rd in between; but, I cannot do that here. While I'm on 192.168.123.110 (not a DCD firewall/gateway) I do this: ping -p feedfacedeadbeef 192.168.1.20 snip Yes, I know that the FreeS/WAN FAQ emphatically states that this scenario, testing with tcpdump on either gateway, will be confusing; but, however else can I test this setup? Well, your existing tests have shown your network is connected, so what you really need to verify is that the data between your endpoints is really encrypted. Recent versions of tcpdump are smart enough to be able to dump the encrypted traffic going over the physical interface without being confused. You basically want to dump the raw traffic going over your external 'net, and verify protocol 50 packets are being sent/recieved, and that the packets don't contain anything that looks like your feedfacedeadbeef ascii string. [ snip ] Or, is this what should be done? Note: a.b.c.157 is the public address to 192.168.1.0/24 internal network; and, x.y.z.86 is the public address to 192.168.123.0/24 internal network. From come client on the x.y.z side: # ping -p feedfacedeadbeef 192.168.1.20 Then, this from the DCD gateway/firewall on the x.y.z side: # tcpdump -tx -i eth0 'ip proto 50 or ip proto 51' tcpdump: listening on eth0 x.y.z.86 a.b.c.157: ESP(spi=3579401720,seq=0x20) 4500 0088 0dab 4032 43a9 0cf8 fd56 4004 de9d d559 55f8 0020 f33f 3366 8f63 3b3e 155a 882f 523d a640 4d78 c0fc b7c2 9fef fb6a a.b.c.157 x.y.z.86: ESP(spi=2227707313,seq=0x1d) 4500 0088 2791 3132 38c3 4004 de9d 0cf8 fd56 84c8 1db1 001d ad4a 7c23 e4bf 0ceb bc45 0a55 8b3f a3a0 230f dfcc 0b6e 7ef8 3987 Notice, that this is tcpdump v3.5 and that we are now listening on eth0, *not* ipsec0. Is this _proof_ that encryption is working? What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Linux Router Logo
Ed Zahurak wrote: Hi, folks! I'm new to the LEAF/LRP stuff, but I've already had tremendous luck in setting up a two-Router/Firewall/VPN solution that works great! Anyhoo, I decided my boxes needed a logo, and I wasn't really crazy about another penguin logo. Love Linux, love Tux, but seeing him everywhere... eh. Not too crazy about that. So I created a new logo, one that captures the essence of the penguin (or, well, at least his foot.) and looks professional and distinctive. I'd like to share it with the group. A GIF of the logo is available at: http://www.digitech.org/~tjunkie/lrp3.gif Feel free to use and share this logo image as you wish. Happy New Year, folks! Ed Zahurak [EMAIL PROTECTED] Real penguins don't have webbed feet. They swim using their wings as flippers. Never have figured out why Linux penguins are webbed. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, ipsec tunnel testing ???
Charles Steinkuehler wrote: Recent versions of tcpdump are smart enough to be able to dump the encrypted traffic going over the physical interface without being confused. You basically want to dump the raw traffic going over your external 'net, and verify protocol 50 packets are being sent/recieved, and that the packets don't contain anything that looks like your feedfacedeadbeef ascii string. This is where I am confused! On the DCD firewalls, we have the tcpdump.lrp included w/DCD -- version 3.5. I have compiled v3.6.2 on my development box. Do *both* qualify as ``Recent versions''? I don't know...I don't try to sniff IPSec packets on the gateway systems...I use a seperate box. Info should be in the FreeS/WAN list archives, or online docs... If so, how do we accomplish what you outline in your last sentence? Um...dump the traffic from eth0, and verify you don't see any feedfacedeadbeef strings. You'll probably want to log everything, and verify you're seeing encrypted protocol 50 packets, and NOT seeing any unencrypted pings. For extra credit, you can use manual keying, provide tcpdump with the keys, and decrypt the IPSec traffic... [ snip ] OK, I received your post *after* my last post, in which I sniffed eth0 for all packets related to protocols 50 51. Subsequently, I realized that my attempt only demonstrated contents of packets for those protocols ; So, I did same ping; but, now I sniffed the external (eth0 wan1, *not* ipsec0) interfaces on *both* ends for *ALL* packets (Note: *no* expression), logged output to a file on each gateway/firewall for ten (10) minutes of pinging, then: grep -i 'feed\|face\|dead\|beef' /tmp/dump.out On one side, there was one instance of 'feed'; but, analysis showed that this was coincidental and between that gateway/firewall and some other point on the internet. Otherwise, all output was clean and apparently random. Is this a valid test? What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dhcp won't create default route
On Wed, 02 Jan 2002, you wrote: I am using Eigerstein2beta with dhclient 2.0pl5. I can get an IP from my cable provider just fine, however, no proper default route is assigned (it appears as 0.0.0.0) when I manually set a default route, all is well and client machines can access the internet through the router. Anyone have any suggestions as to whats happening? I have had to put a legal address in my isp's network to receive a lease/ gateway address here locally w/ roadrunner. It doesn't have to be the proper gateway, just one that is within the same sub/supernet. You enter it in network.conf under the gateway line of eth0. ~Lynn Avants -- If linux isn't the solution, you've got the wrong problem. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Linux Router Logo
Ed Zahurak wrote: A GIF of the logo is available at: http://www.digitech.org/~tjunkie/lrp3.gif Feel free to use and share this logo image as you wish. Ed Zahurak [EMAIL PROTECTED] The logo's actually pretty cool. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] How do you use the bootdisk.bin file???
Hi folks, I'm trying to understand how to create my own bootable CD and some of you have been kind enough to respond. Charles relied to me by saying: Create a new CD image using appropriate software...make sure you use the bootdisk.bin disk image to make the CD bootable. The proper mkisofs commandis included in the CD-ROM readme. I don't understand how to use the bootdisk.bin image with my Nero software to create the CD (I think Nero only recognizes .nrg, .iso, or .cue files...not .bin)??? He goes on to say: WARNING: If you need to change root.lrp, the kernel, or any syslinux settings (including root ramdisk size), you'll need to modify the bootdisk.bin floppy-disk image...it's a plain 1.44 Meg disk image, and can be manipulated with all the normal tools (dd, winiamge, rawrite, c). What does he mean "modify" the bootdisk.bin image, and why would you want to or need to??? Thank you, Craig
Re: [Leaf-user] How do you use the bootdisk.bin file???
First if you aren't really familiar with making bootable CDs you can end up with a lot of coasters - so use a CDRW if you can... also you might wanna consider using a CD with floppy setup as it is by far the easier way to do things. that said: You appear to be using windows so you can't really use the proper mkisofs command. What I would personally recommend you do is use WinISO. You will be able to copy your new modules from floppy to the CD image burn the new image and the CD will still be bootable. That is the easiest way to do what you want. The bootdisk.bin file is actually just a binary image of a floppy disk (with a boot sector and everything else). If you wanted to change say how much system ram would be configured for the file system of the router you would have to edit a file contained within bootdisk.bin. If you can get your router up and running without having to alter anything here then that is the way to go. People who end up changing that particular value are usually running several packages that either extend the robustness of the router or help to monitor it. S From: Craig Caughlin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Leaf-user] How do you use the bootdisk.bin file??? Date: Wed, 2 Jan 2002 14:18:32 -0800 Hi folks, I'm trying to understand how to create my own bootable CD and some of you have been kind enough to respond. Charles relied to me by saying: Create a new CD image using appropriate software...make sure you use the bootdisk.bin disk image to make the CD bootable. The proper mkisofs command is included in the CD-ROM readme. I don't understand how to use the bootdisk.bin image with my Nero software to create the CD (I think Nero only recognizes .nrg, .iso, or .cue files...not .bin)??? He goes on to say: WARNING: If you need to change root.lrp, the kernel, or any syslinux settings (including root ramdisk size), you'll need to modify the bootdisk.bin floppy-disk image...it's a plain 1.44 Meg disk image, and can be manipulated with all the normal tools (dd, winiamge, rawrite, c). What does he mean modify the bootdisk.bin image, and why would you want to or need to??? Thank you, Craig _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] How do you use the bootdisk.bin file???
Hi, When you start NĂ©ro, select CD-ROM (Boot) in the wizard. Y'll get a tab (Boot) where you can find a group called "Source of boot image file" select "Image File" then browse the filesystem to select the "bootdisk.bin" file Click the button "New" Now, you can add file to yourCD layoutand burn it Regards, Etienne - Original Message - From: Craig Caughlin To: [EMAIL PROTECTED] Sent: Wednesday, January 02, 2002 11:18 PM Subject: [Leaf-user] How do you use the bootdisk.bin file??? Hi folks, I'm trying to understand how to create my own bootable CD and some of you have been kind enough to respond. Charles relied to me by saying: Create a new CD image using appropriate software...make sure you use the bootdisk.bin disk image to make the CD bootable. The proper mkisofs commandis included in the CD-ROM readme. I don't understand how to use the bootdisk.bin image with my Nero software to create the CD (I think Nero only recognizes .nrg, .iso, or .cue files...not .bin)??? He goes on to say: WARNING: If you need to change root.lrp, the kernel, or any syslinux settings (including root ramdisk size), you'll need to modify the bootdisk.bin floppy-disk image...it's a plain 1.44 Meg disk image, and can be manipulated with all the normal tools (dd, winiamge, rawrite, c). What does he mean "modify" the bootdisk.bin image, and why would you want to or need to??? Thank you, Craig
Re: [Leaf-user] How do you use the bootdisk.bin file???
ACK! HTML mail. Please don't do that any more. In NERO (I think) you need to go to File\New Scroll down to CD-ROM (Boot) Browse to the bootdisk.bin Essentially, bootable CD's use floppy boot technology to perform bootups. So the 'bootable' floppy must be placed at the start of the CD Rom so that it knows it is bootable. -sp On Wed, 02 January 2002, Craig Caughlin wrote: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=iso-8859-1 META content=MSHTML 6.00.2712.300 name=GENERATOR STYLE/STYLE /HEAD BODY bgColor=#ff DIVFONT face=Arial size=2Hi folks,/FONT/DIV DIVFONT face=Arial size=2I'm trying to understand how to create my own bootable CD and some of you have been kind enough to respond. Charles relied to me by saying:/FONT/DIV DIVFONTFONT face=Arial size=2/FONT/FONTnbsp;/DIV DIVFONTFONT face=Arial size=2EMCreate a new CD image using appropriate software...make sure you use the bootdisk.bin disk image to make the CD bootable.nbsp; The proper mkisofs commandBRis included in the CD-ROM readme./EM/FONT/FONT/DIV DIVFONTFONT face=Arial size=2/FONT/FONTnbsp;/DIV DIVFONTFONT face=Arial size=2I don't understand how to use the bootdisk.bin image with my Nero software to create the CD (I think Nero only recognizes .nrg, .iso, or .cue files...not .bin)??? He goes on to say: /FONT/FONT/DIV DIVFONTFONT face=Arial size=2/FONT/FONTnbsp;/DIV DIVFONTFONT face=Arial size=2EMWARNING:nbsp; If you need to change root.lrp, the kernel, or any syslinux settings (including root ramdisk size), you'll need to modify the bootdisk.bin floppy-disk image...it's a plain 1.44 Meg disk image, and can be manipulated with all the normal tools (dd, winiamge, rawrite, amp;c)./EM /FONT/FONT/DIV DIVFONTFONT face=Arial size=2/FONT/FONTnbsp;/DIV DIVFONT face=Arial size=2FONT face=Times New RomanFONT face=ArialWhat does he mean modify the bootdisk.bin image, and why would you want to or need to???/FONT/FONT/FONT/DIV DIVFONT face=Arial size=2FONT face=Times New RomanFONT face=Arial/FONT/FONT/FONTnbsp;/DIV DIVFONT face=Arial size=2FONT face=Times New RomanFONT face=ArialThank you,/FONT/FONT/FONT/DIV DIVFONT face=Arial size=2FONT face=Times New RomanFONT face=ArialCraig/FONT/DIV DIVFONT size=3BR/FONT/DIV/FONT DIVBR/DIV/FONT/BODY/HTML ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] How do you use the bootdisk.bin file???
I'm trying to understand how to create my own bootable CD and some of you have been kind enough to respond. Charles relied to me by saying: Create a new CD image using appropriate software...make sure you use the bootdisk.bin disk image to make the CD bootable. The proper mkisofs command is included in the CD-ROM readme. I don't understand how to use the bootdisk.bin image with my Nero software to create the CD (I think Nero only recognizes .nrg, .iso, or .cue files...not .bin)??? He goes on to say: Look through the Nero documentation on making a bootable CD. One option for bootable CD's is to use a floppy disk image...when you tell Nero to make this sort of a bootable CD, there should be a way to specify the floppy-disk image file to use. Point Nero to the bootdisk.bin file for the bootable floppy image, and you'll have a bootable CD-ROM. WARNING: If you need to change root.lrp, the kernel, or any syslinux settings (including root ramdisk size), you'll need to modify the bootdisk.bin floppy-disk image...it's a plain 1.44 Meg disk image, and can be manipulated with all the normal tools (dd, winiamge, rawrite, c). What does he mean modify the bootdisk.bin image, and why would you want to or need to??? You only need to modify the bootdisk image if you're changing something contained on it, which would include (as indicated) root.lrp, the kernel itself, or the syslinux configuration. The easiest way to alter the disk image (on non-linux systems) is to make a floppy disk using the image file, edit the floppy disk as required (ie update linux, root.lrp, and/or edit syslinux.cfg), and then turn the floppy back into a disk image file. Finally, use the new image file to make your CD bootable. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] How do you use the bootdisk.bin file???
begin Craig Caughlin [EMAIL PROTECTED] Hi folks, I'm trying to understand how to create my own bootable CD and some of you have been kind enough to respond. Charles relied to me by saying: Create a new CD image using appropriate software...make sure you use the bootdisk.bin disk image to make the CD bootable. The proper mkisofs command is included in the CD-ROM readme. I don't understand how to use the bootdisk.bin image with my Nero software to create the CD (I think Nero only recognizes .nrg, .iso, or .cue files...not .bin)??? He goes on to say: i think a little confusion is going on here. if i'm not mistaken, nero is a cd writer, yes? there are two things you're going to create: a cd and a floppy. 1. burn the CD iso image. ie- make a copy of the cd. use nero for that. 2. make a copy of a boot floppy. i don't use windows (at all!), so i couldn't tell you how to do it from windows. however, from linux, you want to do: dd if=bootdisk.bin of=/dev/fd0 the file bootdisk.bin is, loosely, a raw copy of the floppy itself. it's not an ISO image. on the c0wz site, there's an excellent tutorial on boot floppies in general. it's thorough enough (imho) to be a definitive source on the topic. after you set up your router/firewall, you can play around with creating your own bootfloppy with a larger format, like 1.680MB instead of 1.44MB. hopefully, i've said something here that sparked understanding. if you understood all this, you can follow the first few steps of the README file on the dacherstein cd. WARNING: If you need to change root.lrp, the kernel, or any syslinux settings (including root ramdisk size), you'll need to modify the bootdisk.bin floppy-disk image...it's a plain 1.44 Meg disk image, and can be manipulated with all the normal tools (dd, winiamge, rawrite, c). What does he mean modify the bootdisk.bin image, and why would you want to or need to??? if you: 1. if you create a larger capacity boot floppy (optional. see above) 2. want to play around with loading different modules (optional) you need to modify the file syslinux.cfg and/or lrpkg.cfg (both are on the boot floppy). that's all i can really think of which is obvious. it's up to you. i don't think there's a pressing need to modify the boot disk -- i think you can pretty much get by without modifying it. however, the default list of packages may not be to your liking. for example, i can't live without tcpdump. :) in dachstein 1.0.1, you *had* to modify syslinux.cfg if the cdrom wasn't /dev/hda. in version 1.0.2 it, thankfully, detects the cdrom so you don't have to do this anymore. pete -- PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D PGP Public Key: finger [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] How do you use the bootdisk.bin file???
in dachstein 1.0.1, you *had* to modify syslinux.cfg if the cdrom wasn't /dev/hda. in version 1.0.2 it, thankfully, detects the cdrom so you don't have to do this anymore. Actually, you had to modify pkgpath.cfg on your configuration floppy, although you *could* modify the syslinux parameters on the CD, but doing so was definately the *hard* way of solving the problem...this situation is exactly why pkgpath.cfg support was added. Using the new /dev/cdrom, however, is definately much easier...no mods required at all! Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] need help with port forwarding
Do you have the corresponding ports *open* in the EXTERN_TCP_PORTS section? If
not, the forwarding rules are inside waiting for a bride that's locked out of
the church ;)
Also, since it looks like you have re-numbered your network from the default
(changed 192.168.1 to 192.168.0) you should have a stroll back thru your
configs, to make sure you have changed every instance of 192.168.1.
Dan
Quoting Peter Jay Salzman [EMAIL PROTECTED]:
i'm using dachstein 1.0.2 on a home network firewall. everything
seems
hunky dory:
network cards are both recognized and configured correctly
masquerading works on the internal machines
everyone can ping everyone, both inside and out.
the last hurdle is port forwarding -- it looks ok, but isn't working
(i'm not receiving mail, and i can't telnet to the smtp port from a
remote machine). note that the internal server that handles mail, ftp
and apache is satan.diablo.net (192.168.0.2). the firewall is
mephisto.diablo.net (eth0: 64.164.47.8 eth1: 192.168.0.1).
modules:
ip_masq_user3708 0 (unused)
ip_masq_portfw 2416 4
ip_masq_ftp 3576 0 (unused)
ip_masq_mfw 3196 0 (unused)
ip_masq_autofw 2476 0 (unused)
rtl813910856 1
tulip 32424 1
pci-scan2300 0 [rtl8139 tulip]
isofs 17692 0
ide-cd 22672 0
cdrom 26712 0 [ide-cd]
forwarded ports:
# ipmasqadm portfw -l
prot localaddrrediraddr lportrport pcnt
pref
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet 24
ssh 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet smtp
smtp 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet www
www 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet ftp
ftp 10 10
here are the relevent variables i've set. i'm wondering what the
difference between them is. they look to do the same thing to me:
INTERN_SERVERS=tcp_${EXTERN_IP}_ftp_192.168.0.2_ftp
tcp_${EXTERN_IP}_smtp_192.168.0.2_smtp
# These lines use the primary external IP address...if you need to
# port-forward
# an aliased IP address, use the INTERN_SERVERS setting above
INTERN_FTP_SERVER=192.168.0.2 # Internal FTP server to make
available
INTERN_WWW_SERVER=192.168.0.2 # Internal WWW server to make
available
INTERN_SMTP_SERVER=192.168.0.2 # Internal SMTP server to make
available
#INTERN_POP3_SERVER=192.168.0.2 # Internal POP3 server to make
available
#INTERN_IMAP_SERVER=192.168.0.2 # Internal IMAP server to make
available
INTERN_SSH_SERVER=192.168.0.2 # Internal SSH server to make
available
EXTERN_SSH_PORT=24 # External port to use for internal
SSH
i'm looking at this, and i can't see anything that's wrong. the
output
of ipmasqadm looks compelling. it LOOKS like it should be working.
help! any advice? what exactly is the difference between
INTERN_SERVERS and INTER_.*_SERVER? i'm not too sure what an
aliased IP address is. does that refer to a masqueraded ip address
(like 192.168.0.2)?
any help greatly appreciated. i've been staring at this for far too
long. :)
pete
--
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
PGP Public Key: finger [EMAIL PROTECTED]
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
