Re: [Leaf-user] Charles and the inevitable PPTP in DCD
Jim Van Eeckhoutte wrote: Charles , what Im tryin to do in DCD is get it to act as a vpn server and create a tunnel between to Lans across the WAN. I will be connecting to a netopia with mschap or possibly (later down the road) ipsec and L2TP. Any info would be appreciated , searching elsewhere as just thoroughly confused me. First, did you read the VPN-howto? Do you want your lrp machine to act as a pptp server or as a client? Did you manage to find a pptp.lrp or a pptpd.lrp package? I can't help you setting it up as I don't have any experience with it, but I could try to compile the needed programs, if you can't Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] OT: Tulip chipset
Actually, the Tulip chipset was always an Intel-designed chipset, just manufactured by DEC. Now, Intel manufactures them. Huh??? What makes you think that? AFAIK: Intel designed the 825xx series of NIC's, which are OK, but like most things Intel, I'm not too fond of their architecture (anyone here ever written x86 assembly or worked with 8051's?). The 2114x (tulip) series of PCI NIC's were developed in the early-mid '90s by DEC, which was one of the first companies I'm aware of that designed and shipped a wide variety of PCI based system components. This was being driven by their Alpha processors, which have PCI bus controllers built-in to the CPU for maximum performance (ie no NorthBridge chip or it's equivlent required). I believe Intel got the rights to all the DEC semiconductor business (including the NIC PCI bridge designs) when they bought it from Compaq...mainly to kill the Alpha chip, thus proping up their Merced/Itanium processor line, if rumors are to be believed. I still have DEC databooks for the 21140 dating from 1996, long before they imploded and got bought out... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Australian Telstra ISP Woes
Hi, I'm trying to get my friend connected via a dachstein firewall, problem is, he's with Telstra Big Pond (or big drip as we like to call them) (Telstra is Optus@home's main competition). Anyway, Big Pond Advance, from now on refferred to as "BPA", optains it's ip address using a logon program. The source for this program is at: http://bpalogin.sourceforge.net but, how do i create an *.lrp out of it? does anyone have any experience in this field? This would be much appreciated and would like to refer many people to Dachstein after jumping this hurdle. Many thanks in advance, - Stewart Adey -- Melbourne, Australia -- Studying Mechatronics Eng. -
Re: [Leaf-user] RFA (Request For Advice)
I have two cable modem connections coming into my home office and have a dsl line on the way. Currently one of the cable lines is connected to a single machine which is not on the lan. What I'd like to do, especially when the dsl comes in is to set up a box with lrp to share all three broadband connections with the lan and have a separate dmz network setup for a box I can get to from the outside world. I'd also like to do some sort of rudimentary load balancing (round robin would suffice.) Hmm...define more about what you want for load-balancing. Are you wanting to balance internal masqueraded machines internet access, inbound access to servers (e-mail, web, c), or both? I have an old Pentim (166Mhz I believe) with 20MB of RAM and three ISA slots that I'd like to use for this. (assuming I can get an ISA multiport card). This brings me to question 1) Will this box be able to handle that many interfaces (only 3-4 users and no public servers running)? The P166 is plenty fast enough, but with the system you describe, I'd want something with a PCI bus, and several good PCI NIC's (or a multi-port, like the DFE-570TX discussed in a seperate thread). You might also want a bit more memory (depending on exactly how many accessory packages you want to run) Failing that I have a PII 300 with 64MB and 5 PCI slots I can use in a pinch... This would be better (PCI slots), althouh unless you're running VPN, the CPU is overkill, and you'll almost never fill up 64 Meg of RAM... Second question: How hard is it to configure lrp for this type of setup? Pretty complicated, although someone was saying one of the add-on firewall packages supports multiple external interfaces. You'll probably have to become quite familiar with the kernel's advanced routing features, and ipchains/iptables rules, regardless. What distributions do you all recommend If I'm remembering correctly, and one of the add-on firewall scripts will support multiple external interfaces (in a way that matches what you want to do with load-balancing), use whatever disto that script recommends. If you're going to be coding your own firewall/routing rules, it probably doesn't matter which disto you pick, although Oxygen and LRP 2.9.8 try to do less setup for you, so they may be easier to modify than Dachstein, which tries to do everything for you. and how do I go about burning my setup to a ROM (I don't want a hard disk in whatever box I set this up on.)? Well, there are several options. If you're OK with a flash disk, you can use one of the IDE Flash drives, or a compact-Flash card and a CF to IDE adaptor. You can also use something like the M-Systems Disk-On-Chip (you can get ISA/PCI plug in cards that support DOC parts). If you actually want ROM's (ie something that can't be overwritten in-system), you'll have to start looking around at the various embedded vendors...I think you can get ISA (maybe PCI) cards with a bunch of ROM sockets...make sure you can talk to the thing with linux before you buy one, however, or you'll be writing kernel driver code. Correctly formatting your romdisk image, breaking the image into pieces, and burning each OTP ROM is left as an excersize for the reader :-) Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Charles and the inevitable PPTP in DCD
Charles , what Im tryin to do in DCD is get it to act as a vpn server and create a tunnel between to Lans across the WAN. I will be connecting to a netopia with mschap or possibly (later down the road) ipsec and L2TP. Any info would be appreciated , searching elsewhere as just thoroughly confused me. I know virtually nothing about PPTP/mschap and L2TP, but I can help with IPSec if you get to that point... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] !!!!!!IGNORE THE LAST POST FROM ME!!!!!!!!
I have found the lrp package for bpa users.. ATTENTION BIG POND ADVANCE USERS-- Andrew Fort has kindly created an lrp package for us Telstra users to use and is available HERE: http://2dex.com/lrp/bpalogin.lrp Remember to send [EMAIL PROTECTED] a "thank you" message! --THAT IS ALL - Stewart Adey -- Melbourne, Australia -- Studying Mechatronics Eng. -
Re: [Leaf-user] WTD: NIC recommendations
I'm not sure what drivers these cards use but I've had problems with the 900 series before. A friend is running 2 905b's in his router and it constantly locks up. I've had experiences with multiple 905 b's and c's where they will work fine for a while then suddenly not so well - and the collision indicating led flickers repeatedly. If I take them off the network and plug them into a hub (with no other computers or hubs attached) the led keeps flickering so I'm not a huge fan of 3com cards just my 2c (canadian, so it really isn't worth much) S From: Scott Ritchie [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Leaf-user] WTD: NIC recommendations Date: Thu, 10 Jan 2002 16:15:32 -0800 Hey all, I'm currently using two Dlink 530TX (via-rhine.o). I've been encountering a few problems; lockups, oversized frame warnings, and that Something Wicked Happend driver error message. After reading a bit in other linux circles, I've found that these are not ideal for a firewall/router application. I've been looking at the 3Com 980X-TXM NIC's. Are these overkill for 13 user / 22 computer lan linked to a cable modem? What would the collective recommend? (for about a $100max per card) Thanks in advance Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Chat with friends online, try MSN Messenger: http://messenger.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dach Floppy
First a comment: The 1680 image, isn't that really a 1722 image? That causes MAJOR problems after you back it up a couple of times. Seems to mount ok as a 1680, but writes don't work too well! The question: After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Any thoughts? Thanks, Sean ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
Nope - I just downloaded it and its a 1680 kilobyte image so its not 1722. Be aware that some drives/floppies have been reported as not handling non standard formats too well I'd try redownloading sshd - and i'm not sure how the key generation works in this package but you might need additional packages. Also run a DF on boot and make sure /dev/ram0 isn't completely full S From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Leaf-user] Dach Floppy Date: Fri, 11 Jan 2002 16:28:27 + First a comment: The 1680 image, isn't that really a 1722 image? That causes MAJOR problems after you back it up a couple of times. Seems to mount ok as a 1680, but writes don't work too well! The question: After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Any thoughts? Thanks, Sean ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Forwarding broadcast traffic?
Is it possible to configure a set of LRP/LEAF routers to forward broadcast traffic accross a vpn link between the two subnets? If so, how would I go about configuring the boxes to take the traffic? It's possible, but I'm not sure exactly how...you may have to write code to do this. You may also be able to do something with NAT (ie NAT local broadcast address to remote directed broadcast address), seting up mirrored rules on each end for bi-directional communication. If this works at all, you'll have to put filtering rules in place to prevent loops (or you'll loose all your available bandwidth when the first broadcast packet hits your network). A bit of reading up on things like broadcast storms, beat-down, and TCP/IP networking fundamentals (especially the parts about why broadcast packets do NOT go through routers) would probably also be a good idea... Reading between the lines: If you're really asking how to get windows network neighborhood to show resources on both sides of your VPN link, please refer to Samba and/or M$ networking documentation. NOTE: For M$ networking to work properly this way, you must have NT domains that cross the VPN...Samba supports workgroup browsing across the VPN. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
First a comment: The 1680 image, isn't that really a 1722 image? That causes MAJOR problems after you back it up a couple of times. Seems to mount ok as a 1680, but writes don't work too well! No...the floppy is 1680K format... The question: After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Did you make a host-key before trying to start sshd? Is there anything in your logs? Sshd is pretty good about logging any problems... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Did you make a host-key before trying to start sshd? Is there anything in your logs? Sshd is pretty good about logging any problems... You can have a look at http://leaf.sourceforge.net/devel/jnilo/openssh.html Jacques ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
Strange about the 1680 size. Maybe I changed that after I downloaded it? Oh well. I would have, because I need the space. SSHD - Nothing in any of the logs. I've set this up on a few PCs in the past w/o problems. Maybe I'll copy the file again. I had another issue last week where it turned out to be a corrupt tgz file. Thanks, Sean First a comment: The 1680 image, isn't that really a 1722 image? That causes MAJOR problems after you back it up a couple of times. Seems to mount ok as a 1680, but writes don't work too well! No...the floppy is 1680K format... The question: After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Did you make a host-key before trying to start sshd? Is there anything in your logs? Sshd is pretty good about logging any problems... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
Ok, sshd -d (debug!) returns: Stuff More Stuff Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address. - This was Dach Floppy modified to be a static address. How can I tell what is using port 22 already? Thanks, Sean First a comment: The 1680 image, isn't that really a 1722 image? That causes MAJOR problems after you back it up a couple of times. Seems to mount ok as a 1680, but writes don't work too well! No...the floppy is 1680K format... The question: After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Did you make a host-key before trying to start sshd? Is there anything in your logs? Sshd is pretty good about logging any problems... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
Strange about the 1680 size. Maybe I changed that after I downloaded it? Oh well. I would have, because I need the space. SSHD - Nothing in any of the logs. I've set this up on a few PCs in the past w/o problems. Maybe I'll copy the file again. I had another issue last week where it turned out to be a corrupt tgz file. Make sure you changed the disk-size in syslinux.cfg. The 1680 and 1722 formats are quite similar (the 1722 just has 82 tracks, vs 80 for the 1680), so it would probably read OK, but if you don't change the syslinux.cfg boot= setting, writes will corrupt the disk. You can check your current value with ls -l /dev/boot, which should be a symlink to /dev/fd0u1722 for a 1722K disk. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
Did you stop sshd before starting it? That could generate an error like this (as this is what I get executing sshd -d when it is running): # sshd -d debug: sshd version 1.2.27 [i686-unknown-linux] debug: Initializing random number generator; seed file /etc/ssh/ssh_random_seed error: bind: Address already in use fatal: Bind to port 22 failed: Transport endpoint is not connected. so what you probably need to do is: svi sshd stop sshd -d Then you might get output that is a lil more helpful. S From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Dach Floppy Date: Fri, 11 Jan 2002 18:55:51 + Ok, sshd -d (debug!) returns: Stuff More Stuff Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address. - This was Dach Floppy modified to be a static address. How can I tell what is using port 22 already? Thanks, Sean First a comment: The 1680 image, isn't that really a 1722 image? That causes MAJOR problems after you back it up a couple of times. Seems to mount ok as a 1680, but writes don't work too well! No...the floppy is 1680K format... The question: After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Did you make a host-key before trying to start sshd? Is there anything in your logs? Sshd is pretty good about logging any problems... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Dach Floppy
I have not seen where it was mentioned yet (nor do I know if it is required) but I thought that libz had to be loaded before sshd. Just a newbies two cents worth! Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 11, 2002 1:07 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Dach Floppy Thanks, I did already work around that one. I've been working with your 'stein diskettes for awhile now, and they are really starting to make sense. I'd hate to have to switch to another distro! In fact, what I'm woring on now could probably be done easier with another diskette disto (oxygen?) but I'm just too damn comfortable with the 'steins to switch! Thanks, Sean Strange about the 1680 size. Maybe I changed that after I downloaded it? Oh well. I would have, because I need the space. SSHD - Nothing in any of the logs. I've set this up on a few PCs in the past w/o problems. Maybe I'll copy the file again. I had another issue last week where it turned out to be a corrupt tgz file. Make sure you changed the disk-size in syslinux.cfg. The 1680 and 1722 formats are quite similar (the 1722 just has 82 tracks, vs 80 for the 1680), so it would probably read OK, but if you don't change the syslinux.cfg boot= setting, writes will corrupt the disk. You can check your current value with ls -l /dev/boot, which should be a symlink to /dev/fd0u1722 for a 1722K disk. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Dach Floppy
You are correct, but you get a specific error about libz if it is not loaded. Sean I have not seen where it was mentioned yet (nor do I know if it is required) but I thought that libz had to be loaded before sshd. Just a newbies two cents worth! Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 11, 2002 1:07 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Dach Floppy Thanks, I did already work around that one. I've been working with your 'stein diskettes for awhile now, and they are really starting to make sense. I'd hate to have to switch to another distro! In fact, what I'm woring on now could probably be done easier with another diskette disto (oxygen?) but I'm just too damn comfortable with the 'steins to switch! Thanks, Sean Strange about the 1680 size. Maybe I changed that after I downloaded it? Oh well. I would have, because I need the space. SSHD - Nothing in any of the logs. I've set this up on a few PCs in the past w/o problems. Maybe I'll copy the file again. I had another issue last week where it turned out to be a corrupt tgz file. Make sure you changed the disk-size in syslinux.cfg. The 1680 and 1722 formats are quite similar (the 1722 just has 82 tracks, vs 80 for the 1680), so it would probably read OK, but if you don't change the syslinux.cfg boot= setting, writes will corrupt the disk. You can check your current value with ls -l /dev/boot, which should be a symlink to /dev/fd0u1722 for a 1722K disk. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] WTD: NIC recommendations
I am using an Startech ST100S 10/100 on my private interface. It uses the realtek driver (pci-scanrtl8139) and I haven't had any problems with it. It has a $13US MSRP - well below your $100 limit. My public nic is an Aopen ALN-201 or AON-201. It is a 10Mbit PCI that uses the NE2000 driver (8390ne). The service from the cable co. is only 10Mbit tops, so I figured it would suffice, but I wanted to get rid of the ISA cards, to max the bus performance. I have a Dlink 530TX in another linux box, and I get the driver message as well, but I don't get lockups. The message appears, and everything else is fine. That one is running Redhat. Cheers edt - Original Message - From: Scott Ritchie [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 10, 2002 8:15 PM Subject: [Leaf-user] WTD: NIC recommendations Hey all, I'm currently using two Dlink 530TX (via-rhine.o). I've been encountering a few problems; lockups, oversized frame warnings, and that Something Wicked Happend driver error message. After reading a bit in other linux circles, I've found that these are not ideal for a firewall/router application. I've been looking at the 3Com 980X-TXM NIC's. Are these overkill for 13 user / 22 computer lan linked to a cable modem? What would the collective recommend? (for about a $100max per card) Thanks in advance Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
Speaking of lazy...I'm actually trying to create a not a firewall floppy based Linux to run SETI@Home on some junk PCs I have laying around. I'm pretty familiar with the 'steins, so I thought I could just delete some stuff and have a working system. I'm almost there, except I need to be able to get into the box (ssh) to monitor it. Probably should have used Oxygen, but last time I looked, it was quite different from 'steins, and I was to lazy to figure it out. Now here I am trying to trouble-shoot what I messed up. Did I save any time? Maybe not! Thanks for your input though! Sean Well I'm lazy so I use SeaWall - which will give you the output via 'seawall status', but even that doesn't tell you what is listening on what port. Just that the port is open and whether it is being forwarded or not. You could always try SeaWall - as it closes all ports and opens them based on different configuration files S From: [EMAIL PROTECTED] To: Simon Bolduc [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Dach Floppy Date: Fri, 11 Jan 2002 19:13:38 + No luck. Same results. I had already checked with ps aux to see if it was running already. I must have got something else running on 22, butI have no idea what. Any magic to see what is running on what ports? Thanks, Sean Did you stop sshd before starting it? That could generate an error like this (as this is what I get executing sshd -d when it is running): # sshd -d debug: sshd version 1.2.27 [i686-unknown-linux] debug: Initializing random number generator; seed file /etc/ssh/ssh_random_seed error: bind: Address already in use fatal: Bind to port 22 failed: Transport endpoint is not connected. so what you probably need to do is: svi sshd stop sshd -d Then you might get output that is a lil more helpful. S From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Dach Floppy Date: Fri, 11 Jan 2002 18:55:51 + Ok, sshd -d (debug!) returns: Stuff More Stuff Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address. - This was Dach Floppy modified to be a static address. How can I tell what is using port 22 already? Thanks, Sean First a comment: The 1680 image, isn't that really a 1722 image? That causes MAJOR problems after you back it up a couple of times. Seems to mount ok as a 1680, but writes don't work too well! No...the floppy is 1680K format... The question: After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Did you make a host-key before trying to start sshd? Is there anything in your logs? Sshd is pretty good about logging any problems... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] WTD: NIC recommendations
I have a Dlink 530TX in another linux box, and I get the driver message as well, but I don't get lockups. The message appears, and everything else is fine. That one is running Redhat. The Something Wicked Happed! error is a catch all report. Doesn't say what the cause is, in any case its not a good sign. I'm looking for good performer/stable NIC. Not something thats good 95% of the time. I even have a second machine in place to take over the router functions when maintenance is needed or if something happens to the first machine, that way there is as little downtime as possible. I'm looking into the Dlink 570TX. Looks nice, most of the propaganda is devoted to WinNT, does anyone know if Linux can take advantage of using all four ports to make 800Mbps. This would be killer on my file server. Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
[EMAIL PROTECTED] wrote: BTW, that is a literal 0.0.0.0 in the debug output, not just me hiding my ip. Sean Ok, sshd -d (debug!) returns: Stuff More Stuff Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address. - This was Dach Floppy modified to be a static address. How can I tell what is using port 22 already? The 0.0.0.0 is fine, and it is telling the sshd to listen on port 22 on all ip addresses configured into the Os. (ie eth0 and eth1). As long as you have port 22 on eth0 blocked, you're not going to have anyone connecting from the external side. Thus running the sshd on 0.0.0.0 is safe enough. To find out if a server is running on a particular port, you use the netstat command: netstat -an or netstat -a if you have an interest in human readable names. What does ps tell you? Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Observations on DCD/IPSec Setup Documentation
After yanking several handfulls of hair from my head, I finally got my VPN lab fully functional and tested. Thanks to all those here who helped. I am in the process of documenting the process I used --- skipping all the false starts, dead-ends, and hand-wringing ;-) I'll be interested in the opinions of list members on how this works out. It is intended to be very similar to Richard Lohmans very fine baby-steps documentation -- kind of cookbook style, with no assumptions built in. Anyone interested in participating, please let me know. One key observation that I'd like clarification on: Routing Non-routable Addresses in Dachstein. I followed a rough lab setup I found on the 'net, that used generic Red Hat boxes for each tunnel endpoint, with a dual NIC Red Hat box between them doing vanilla ip forwarding. I followed the diagrams to the letter so I couldn't get lost, but in the end, nothing worked. It appears to me that using the author's private IPs on eth0 of a DCD box just doesn't work. DCD seems to be enforcing the non-routable rule. I changed all my 172.16 networks to 174.16 networks, and the floodgates opened up. Questions: 1. Is my observation correct? Is the LRP/DCD code enforcing the non-routable rule? 2. Where does this code live/how can it be deactivated or reconfigured? Thanks, Dan ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Observations on DCD/IPSec Setup Documentation
On Fri, 11 January 2002, [EMAIL PROTECTED] wrote: One key observation that I'd like clarification on: Routing Non-routable Addresses in Dachstein. I followed a rough lab setup I found on the 'net, that used generic Red Hat boxes for each tunnel endpoint, with a dual NIC Red Hat box between them doing vanilla ip forwarding. I followed the diagrams to the letter so I couldn't get lost, but in the end, nothing worked. It appears to me that using the author's private IPs on eth0 of a DCD box just doesn't work. DCD seems to be enforcing the non-routable rule. I changed all my 172.16 networks to 174.16 networks, and the floodgates opened up. Questions: 1. Is my observation correct? Is the LRP/DCD code enforcing the non-routable rule? Yes. 2. Where does this code live/how can it be deactivated or reconfigured? Haven't played with Dachenstein yet, but look here: http://sourceforge.net/docman/display_doc.php?docid=2869group_id=13751 for where it was in the Eigerstein series. I suspect it may still be there. It that's the case, let me know and I'll update it. Dan -sp ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Observations on DCD/IPSec Setup Documentation
I followed a rough lab setup I found on the 'net, that used generic Red Hat boxes for each tunnel endpoint, with a dual NIC Red Hat box between them doing vanilla ip forwarding. I followed the diagrams to the letter so I couldn't get lost, but in the end, nothing worked. It appears to me that using the author's private IPs on eth0 of a DCD box just doesn't work. DCD seems to be enforcing the non-routable rule. I changed all my 172.16 networks to 174.16 networks, and the floodgates opened up. Questions: 1. Is my observation correct? Is the LRP/DCD code enforcing the non-routable rule? Yes. 2. Where does this code live/how can it be deactivated or reconfigured? The stopMartians () procedure of /etc/ipfilter.conf. You can comment out the private IP blocks in this procedure if you want to send/recieve from reserved private IP addresses on your external interface. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Forwarding broadcast traffic?
Building off of Charles' comment: If you *are* looking to enable subnet-to- subnet browsing of Windows shares, Samba does the trick without much heartache at all. I have an SME/e-smith box on one end of my VPN lab setup, and a remote machine on the other end. The remote-end clients simply have the IP address of the SME box (default configured as a Master) in the WINS server configuration of the Windows IP configuration. The remote clients report themselves to the Master, and it in turn re-advertises their existence to the local subnet. So all Windows clients on a 10.1.2.0/24 network can see all Windows clients thru the tunnel on a 192.168.1.0/24 subnet (and vice versa), thru an intervening 174.16.1.0/24 simulated internet. Works slick. If you want a braindead-easy Samba server (and really a complete drop-in Linux replacement for NT server) see the details at www.e-smith.org. It's open source and freely distributed, with commercial support if desired. My primary fileserver runs 2 60 GB disk RAID 1, on a P100 throw-away. Free. And I mean, braindead easy... Dan Quoting Ed Zahurak [EMAIL PROTECTED]: Is it possible to configure a set of LRP/LEAF routers to forward broadcast traffic accross a vpn link between the two subnets? If so, how would I go about configuring the boxes to take the traffic? Thanks, Ed Z. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Australian Telstra ISP Woes
Hi Stewart, The easiest thing to do is to have a look at http://quarkau.go.dyndns.org and have a look at mu LEAF page - on there I have an ES2B image with the correct configuration for BigPong Broadbland Cable users. There's a readme that lets you know what changes you need to make to this image for your particular location. I have an updasted image (here) for Optus users (as I now no longer have a BigPong account, gee, lemme guess why), and will upload this, and a similar one for BigPong when I get a chance. Regards, HiltonT On Sat, 2002-01-12 at 00:34, Stewart Adey wrote: Hi, I'm trying to get my friend connected via a dachstein firewall, problem is, he's with Telstra Big Pond (or big drip as we like to call them) (Telstra is Optus@home's main competition). Anyway, Big Pond Advance, from now on refferred to as BPA, optains it's ip address using a logon program. The source for this program is at: http://bpalogin.sourceforge.net but, how do i create an *.lrp out of it? does anyone have any experience in this field? This would be much appreciated and would like to refer many people to Dachstein after jumping this hurdle. Many thanks in advance, -- --- Stewart Adey --- ---Melbourne, Australia--- --- Studying Mechatronics Eng. --- -- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Dach Floppy
ps was giving me nothing unusual. netstat -a gave me nothing helpful. Turns out I had the network.conf a little messed up for what I was trying to do. I have only eth0, but still was setting up an eth1. I suspect sshd was trying to start on eth1. Its all working now! Thanks to all of you who offered info. I know just enough Unix (and that's useland not admin) to get myself into trouble. Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Schalit Sent: Friday, January 11, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Dach Floppy [EMAIL PROTECTED] wrote: BTW, that is a literal 0.0.0.0 in the debug output, not just me hiding my ip. Sean Ok, sshd -d (debug!) returns: Stuff More Stuff Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address. - This was Dach Floppy modified to be a static address. How can I tell what is using port 22 already? The 0.0.0.0 is fine, and it is telling the sshd to listen on port 22 on all ip addresses configured into the Os. (ie eth0 and eth1). As long as you have port 22 on eth0 blocked, you're not going to have anyone connecting from the external side. Thus running the sshd on 0.0.0.0 is safe enough. To find out if a server is running on a particular port, you use the netstat command: netstat -an or netstat -a if you have an interest in human readable names. What does ps tell you? Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Connecting to my company's Win2k server via VPN with L2TP/IPsec
First, let me apologize if I get any (or all!) of the technical jargon here confused, backwards, or just plain wrong. Second, let me describe my situation. I am using a Pentium 133mhz with 16MB RAM to run Dachstein 1.0.2 to share my internet connection among the numerous computers in my house. The router runs a DHCP server for the computers on my internal network and runs a DHCP client to connect with my ISP, but this is just for convienence as my ISP provides me with a static IP. The computers (Win98, Win2k, and WinXP) on my internal network all work flawlessly through the router for normal internet access. My company provides access to its network over the Internet in the form of a VPN (operated by a Windows 2000 Server, I believe). I connect to this VPN using Windows 2000 Professional. All worked fine connecting to the VPN through my home router until my company began using L2TP/IPsec for the VPN connections. Now, I get no response from the company VPN server when trying to connect. (Note, however, that I *can* connect just fine when my computer is connected directly to my ISP, i.e. without the interference of my LRP box. So my sense is that there are no configuration problems on the client computer, but rather something wrong with my LRP configuration.) Third, I know very little about Linux -- largely because I lack experience -- but I was wondering if someone might point me in the right direction on this problem. As an additional bit of information, a guy in the IS department informed me that UDP ports 500 and 1701 would be involved in the solution, but I am not certain how to act on this information in configuring my router. I have begun to look at the ipsec.lrp package available for Dachstein, but I have not been able to use it to solve my problems. I do not know, however, if this is a fault in my configuration of the package or if the package does not support Level 2 Tunneling (L2TP). If anyone has some experience in a similar situation or would be willing to help a poor old guy trying to get his LRP box to work again, I would much appreciate it. Thanks, Eric Friedman P.S. Please note as well that while I am currently running Dachstein off of a single floppy, I also have access to a CD or additional floppy drive that I could install in the router box. So do not worry about offering solutions that may require more space than is available on a single floppy: I just want something that will work. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
Check in /etc/inetd.conf if there is a service configured for port 22 [EMAIL PROTECTED] schrieb: BTW, that is a literal 0.0.0.0 in the debug output, not just me hiding my ip. Sean Ok, sshd -d (debug!) returns: Stuff More Stuff Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address. - This was Dach Floppy modified to be a static address. How can I tell what is using port 22 already? Thanks, Sean First a comment: The 1680 image, isn't that really a 1722 image? That causes MAJOR problems after you back it up a couple of times. Seems to mount ok as a 1680, but writes don't work too well! No...the floppy is 1680K format... The question: After modifying the floppy (static IP, delete some stuff) I added libz and sshd. I boot up and after a ps aux, there is no sshd running. I started it manually (sshd -i) and get Protocol Mismatch and its not running. I also started it without the -i (sshd) and it doesn't run. I got libz and sshd (and sshkey) from the Dach CD. Did you make a host-key before trying to start sshd? Is there anything in your logs? Sshd is pretty good about logging any problems... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] When i Do this i get This
# net ifup ppp0 SIOCSIFHWADDR: Device or resource busy Starting interface: ioctl(TIOCSETD(PPP)): Invalid argument(22) pppd: This system lacks kernel support for PPP. This could be because the PPP kernel module could not be loaded, or because PPP was not included in the kernel configuration. If PPP was included as a module, try `/sbin/modprobe -v ppp'. If that fails, check t ppp0 error I get when checking ppp0 in DCD 1.0.2 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
