RE: [Leaf-user] Linux 2.4 based Firewalls made in Switzerland
> > -graphical config interface (java based, runs on Win/Mac/Linux) > > Screenshot please. The documentation is available online. There are two PDF's which contains scrennshots of the Java tool and the Web based admin: http://dns.lightning.ch/support/resources/pdf/RM_LLinux.pdf http://dns.lightning.ch/support/resources/pdf/UM_ESeries.pdf > Hiding stuff is bunk, but it's also nice when a router > works out of the box, or with three pieces of info, like > ipaddress, username, and password, the way theirs does. To be more exactly: There is a "Easy Setup" and a "advanced setup". The easy setup is very very easy. it's a wizard and you just have to tell the wizard if you're using DHCP, PPPoE or static IP and you're done. The advanced setup allows you to define ipfilter rules, NAT, syslog and so on. --- Sandro Minola | LEAF Developer (http://leaf.sourceforge.net) mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] http://www.minola.ch| http://leaf.sourceforge.net/devel/sminola - worldcontrol:~ # rm -rf /bin/laden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: [Leaf-devel] Moving off of SourceForge...
At 2001-11-13 12:14 -0500, David Douthitt wrote: >FSF Europe is advising authors to move away from SourceForge. > >What do you think? > >http://www.fsfeurope.org/news/article2001-10-20-01.en.html David, I now have a user id on Savana. Do you think this is a good place to create a mirror of our site? If so, I will apply for a LEAF project there. http://savannah.gnu.org/ -- Mike Noyes <[EMAIL PROTECTED]> http://leaf.sourceforge.net/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] RFA (Request For Advice)
On Fri, 11 Jan 2002, Charles Steinkuehler wrote: > > Second question: How hard is it to configure lrp for this type of setup? > > Pretty complicated, although someone was saying one of the add-on firewall > packages supports multiple external interfaces. You'll probably have to > become quite familiar with the kernel's advanced routing features, and > ipchains/iptables rules, regardless. > Actually, I'm pretty certain that it is impossible. The problem is that ip masquerading will only masquerade one interface. I think you need multiple routers unless you keep distinct non-NAT'd IP spaces and use a routing daemon. > > What distributions do you all recommend > > If I'm remembering correctly, and one of the add-on firewall scripts will > support multiple external interfaces (in a way that matches what you want to > do with load-balancing), use whatever disto that script recommends. If > you're going to be coding your own firewall/routing rules, it probably > doesn't matter which disto you pick, although Oxygen and LRP 2.9.8 try to do > less setup for you, so they may be easier to modify than Dachstein, which > tries to do everything for you. > For this task I'd recommend a full distribution of BSD. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Multipule LRP's using VMWARE
Hmm, virtual NIC fault-tolerance in a single physical box with a single physical NIC? Now that's putting the V into VRRP! On 11 Jan 2002 [EMAIL PROTECTED] wrote: > So, as a mere theoritical question > > senario: 3 seperate boxs with seperate gateway/network > destinations. Combine to one box with 4 NICs. > > Question: Why not alias the internal network nic with 2 ip > addresses, set the clients to use whatever gateway they are supposed > to and setup the routing tables to route to the appropriate external > NIC based on the gateway the client is using? > > Now, even if this was posible (and I have NO idea if it is), I > imagine that it would include some seriously customized scripts. > > -sp > > On Thu, 10 January 2002, Jack Coates wrote: > > > > > No -- using three gateways to share load is about as good as it gets. > > > > On Thu, 10 Jan 2002, Patrick last wrote: > > > > > Well I never could get what I was wanting to do working... > > > > > > For example. I have 3 separate internet connections. Different users use > > > different ones for various reasons. But all the users are on the same > > > network, so they just have different gateways set. I don't know how to use a > > > LRP system with 3 external connections, and 1 possibly 2 (1 for a dmz) to > > > the internal network and have different users use different "gateways". Is > > > it possible? > > > > > > Patrick Ford > > > [EMAIL PROTECTED] > > > > > > > > > >From: Jack Coates <[EMAIL PROTECTED]> > > > >To: Patrick last <[EMAIL PROTECTED]> > > > >CC: <[EMAIL PROTECTED]> > > > >Subject: Re: [Leaf-user] Multipule LRP's using VMWARE > > > >Date: Thu, 10 Jan 2002 07:21:35 -0800 (PST) > > > >MIME-Version: 1.0 > > > >Received: from [66.1.155.123] by hotmail.com (3.2) with ESMTP id > > > >MHotMailBE06FB5000294004318942019B7BFBB30; Thu, 10 Jan 2002 07:16:33 -0800 > > > >Received: from felix.monkeynoodle.org (felix.monkeynoodle.org > > > >[192.168.1.1])by mail.monkeynoodle.org (Postfix) with ESMTPid 043B42A7A5; > > > >Thu, 10 Jan 2002 07:14:39 + (UTC) > > > >Received: from felix.monkeynoodle.org (felix.monkeynoodle.org > > > >[192.168.1.1])by felix.monkeynoodle.org (Postfix) with ESMTPid B6DA810CA; > > > >Thu, 10 Jan 2002 07:21:35 -0800 (PST) > > > >From [EMAIL PROTECTED] Thu, 10 Jan 2002 07:17:23 -0800 > > > >In-Reply-To: <[EMAIL PROTECTED]> > > > >Message-ID: > > > ><[EMAIL PROTECTED]> > > > > > > > >On Thu, 10 Jan 2002, Patrick last wrote: > > > > > > > > > > > > > > I was wondering someting. I have 3 lrp boxes. I have a fairly fast spare > > > > > system (dual P3x650). If I installed VMware and put six nics in a > > > >system, > > > > > could I then run 3 "virtual" copies of LRP and not have to have three > > > >boxes > > > > > sitting around? > > > > > > > > > > Patrick Ford > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > >Concievably, but not sure what the point would be. It'd be easier to set > > > >up the one system as a six-interface router, with LRP or a regular > > > >distribution. Having the host distro to run VMWare on would remove a lot > > > >of the security reasons for using LRP, and once you've made that > > > >decision you might as well take advantage of having lots of disk space > > > >and memory to work with. > > > > > > > >-- > > > >Jack Coates > > > >Monkeynoodle: A Scientific Venture... > > > > > > > > > > > > > > > > > > > _ > > > Join the worlds largest e-mail service with MSN Hotmail. > > > http://www.hotmail.com > > > > > > > -- > > Jack Coates > > Monkeynoodle: A Scientific Venture... > > > > > > ___ > > Leaf-user mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
On Sat, 12 Jan 2002, Matt Schalit wrote: > "Sean E. Covel" wrote: > > > Thanks to all of you who offered info. I know just enough Unix (and > > that's useland not admin) to get myself into trouble. > > > > Sean > > > The motto in my favorite unix newsgroup, > is "Learn by destruction." > > Best, > Matthew > I got started by installing Slackware 2.1 on a *tiny* 386 with a 160MB hard drive; in the first six months, I must have whacked and reinstalled that box about fifty times. It took six weeks to figure out reasonable partition sizes on such a small hard drive, and startx took about ten minutes to produce FVWM :-) -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: [Leaf-devel] Moving off of SourceForge...
On Sunday 13 January 2002 07:51 am, Mike Noyes wrote: > At 2001-11-13 12:14 -0500, David Douthitt wrote: > >FSF Europe is advising authors to move away from SourceForge. > > > >What do you think? > > > >http://www.fsfeurope.org/news/article2001-10-20-01.en.html > > David, > I now have a user id on Savana. Do you think this is a good place to create > a mirror of our site? If so, I will apply for a LEAF project there. > > http://savannah.gnu.org/ I have almost totally moved the Shorewall project off of Sourceforge. Besides the issues raised in the above article, I worry about the long-term survival of VA Linux (VA Software or whatever they call themselves this week). I see them taking the steps described in the article as a rather desperate attempt to generate some additional revenue through selling the Sourceforge software. -Tom -- Tom Eastep\ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Moving off of SourceForge...
Everyone, Sorry, I forgot to trim my headers. I meant to send this to leaf-devel only. At 2002-01-13 08:20 -0800, Tom Eastep wrote: >On Sunday 13 January 2002 07:51 am, Mike Noyes wrote: > > At 2001-11-13 12:14 -0500, David Douthitt wrote: > > >FSF Europe is advising authors to move away from SourceForge. > > > > > >What do you think? > > > > > >http://www.fsfeurope.org/news/article2001-10-20-01.en.html > > > > David, > > I now have a user id on Savana. Do you think this is a good place to > > create a mirror of our site? If so, I will apply for a LEAF project > > there. > > > > http://savannah.gnu.org/ > >I have almost totally moved the Shorewall project off of Sourceforge. >Besides the issues raised in the above article, I worry about the >long-term survival of VA Linux (VA Software or whatever they call >themselves this week). I see them taking the steps described in the >article as a rather desperate attempt to generate some additional revenue >through selling the Sourceforge software. -- Mike Noyes <[EMAIL PROTECTED]> http://leaf.sourceforge.net/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: Dachstein-CD v1.0.2 as a router only (no firewall)
Hi Kenneth!
> If having some limited success in getting Dachstein 1.02 to run as
> just a router between to private networks, 192.168.1.0 and
> 192.168.2.0, with 192.168.2.0 being a expansion to the 192.168.1.0
> network which is just about full. In terms of machines on either
> network being able to see the other (aka 192.168.1.195 being able
> to ping 192.168.2.195 and vice versa) I've had
I've never tried to do this but I do believe I've a pretty pretty
good idea of where you should look...
> able to be received back by the Network file server other
> information sent by JetDirect on ports 1782 and 161.
More on this later...
> Currently my guess is that the router is blocking such traffic when
> I saw this message in my logs on Dachstein machine:
Only partially...
Let read this log...
> Packet log: input REJECT eth1 PROTO=17 192.168.1.138:1705
> 192.168.2.2:161 L=68 S=0x00 I=44714 F=0x T=128 (#3)
> With 192.168.1.138 being my server and 192.168.2.2 being my printer
On the INPUT chain, for interface eth1, in UDP (PROTO=17), your server
using port 1705 (dynamically assigned) tried to communicate with your
printer on it's port 161 (a service port provided by the printer,
that's interesting...) and all of this was denied by rule #3...
I tried to lookup rule #3 to have a better idea of what was the rule
denying the traffic but unfortunatly (actually fortunatly for me (-; )
I've the FIREWALL ruleset and not the ROUTER one...
Ok, let turn off my ADSL modem and change that ruleset...
Done...
Now let reload it... (svi network ipfilter reload)
O.k., what does the rule #3 looks like now...
0 0 REJECT udp l- 0xFF 0x00 *
0.0.0.0/00.0.0.0/0 * -> 161:162
That's VERY interesting, there's a rule in there specifically for that
kind of traffic...
O.k., what are those ports... Let's go to the IANA for their
assignments... ( http://www.iana.org/assignments/port-numbers )
Port 1782 is HP specific...
hp-hcip 1782/tcphp-hcip
hp-hcip 1782/udphp-hcip
while 161 and 162 are:
snmp161/tcpSNMP
snmp161/udpSNMP
snmptrap162/tcpSNMPTRAP
snmptrap162/udpSNMPTRAP
SNMP!!!
O.k., let's look at /etc/ipfilter.conf...
The relevant part is:
<<
# A function to control SNMP access on a network
snmpBlock () {
local LIST=$1
local DEST_IP=$2
local SNMP_IP
shift 2
if [ "$SNMP_BLOCK" != "YES" -a "$SNMP_BLOCK" != "Yes" \
-a "$SNMP_BLOCK" != "yes" ] ; then
return 0
fi
for SNMP_IP in $SNMP_MANAGER_IPS; do
$IPCH -A $LIST -j ACCEPT -p udp -s $SNMP_IP -d
$DEST_IP 161:162 $*
done; unset SNMP_IP
$IPCH -A $LIST -j REJECT -p udp -s 0/0 -d $DEST_IP 161:162 -l
$*
}
>>
O.k. let's see... If SNMP_BLOCK is not YES (ie if SNMP_BLOCK=NO or
probably just about anything but YES or Yes or yes, I'm sure there's
no other validation of content anywhere else...), the rules won't be
added... So setting SNMP_BLOCK=NO (it's just after
IPFILTER_SWITCH=ROUTER (or FIREWALL or NONE) would work..
OTOH, if you wan't to keep that protection active, you could uncomment
SNMP_MANAGER_IPS in network.conf and put the IP addresses of the pc(s)
you wish to be able to contact your printer using SNMP (I could be
mistaken but it does seem to work that way... BTW, that list is space
separated...) and that should work...
This is the revelvant part of /etc/network.conf:
<<
###
# IP Filter setup - can pull in settings from above
###
# Set up the basic type of filtering. Can be one of
(none|router|firewall)
# You must load the ip_masq_* modules to enable full IP masquerading,
and
# ip_masq_portfw if you want to forward external ports pop-3, mtp, www
# to internal machines below.
IPFILTER_SWITCH=ROUTER
# This set of variables is used with both sets of filters
SNMP_BLOCK=YES # Block all SNMP (YES/NO)
# List of IP Nos used for SNMP
management
SNMP_MANAGER_IPS="192.168.1.138"
>>
> Also, just as experiment to find out if I even have my network setup
> correctly I did a quick and dirty test using I "think" the same
> configuration with LRP 2.9.8 that I used with Dachstein (as best I
> could
The additionnal parameters (ie the SNMP-related ones) "appear" to
originally come from Materhorn/Eiger scripts (from which Eigerstein &
Dachstein are "derivatives").
> Does anyone have any thoughts on what I might have configured wrong?
Can't say it was actually configured wrong per se but more that some
additionnal config was required...
BTW, I might not have exactly the same scripts as you (but according
to the changelog it seems they should be very close) since my firewall
is Dachstein CD 1.0.1-bas
[Leaf-user] winscp plug
I'd just like to put in a plug for a really nice piece of freeware, winscp2. It is an scp(2) client that acts like an ftp client for moving files between your PC and LRP box but with SSH security. Also works great to move stuff securely from work to my Unix box behind the firewall. It is up there with Putty for quality (it even uses some Putty functionality). A couple of gotchas are: 1) You must disable the auto-lrcfg menu at login (comment out last line in /root/.profile). 2) Disable "lookup user groups" setting on the shell tab or you will get an error message at login (with my DCD box at least). For more info you can take a look at: http://winscp.vse.cz/eng/ Cheers, Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dach Floppy
Jack Coates wrote: > > > The motto in my favorite unix newsgroup, > > is "Learn by destruction." > > > > Best, > > Matthew > > > > I got started by installing Slackware 2.1 on a *tiny* 386 with a 160MB > hard drive; in the first six months, I must have whacked and reinstalled > that box about fifty times. It took six weeks to figure out reasonable > partition sizes on such a small hard drive, and startx took about ten > minutes to produce FVWM :-) > > -- > Jack Coates > Monkeynoodle: A Scientific Venture... I got a good laugh out of this one, first thing in the morning, sipping a cup of coffe, listening to Van Morrison - Into the Mystic. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
Nicolas Riendeau wrote: [snip] > Good luck! > > Nicolas Riendeau > > PS: Please forgive my English as it's not my mother tongue. Thanks! > > PPS: Don't worry, I've rebooted my firewall after these tests (-; > (-; (-; Ok, so are you from somewhere interesting where they write from right to left so that the smileys go right to left, ie (-: as versus left to right :-) ?? Just curious. Me ignorant american. :-o Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] winscp plug
Paul Rimmer wrote: > > I'd just like to put in a plug for a really nice piece of freeware, winscp2. [snip] > For more info you can take a look at: > http://winscp.vse.cz/eng/ > > Cheers, > Paul Heh. Check out the screen shot closely. This is like those Sunday comix where you have to see if you can find what's wrong about the picture. http://winscp.vse.cz/eng/screenshots/large/commander.gif Anybody see it? Anyone? Ok. If you want the anwer, you'll have to scroll down the page, but you're bunk if you don't even look at the screenshot first Answer: It's funny that the function keys listed along the bottom of the winscp window are out of numerical order. It is. It's funny. Go and look at it... go. Go on. There's no more to this. Go already . Go. GO. arggghh. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] winscp plug
Paul Rimmer wrote: > > I'd just like to put in a plug for a really nice piece of freeware, winscp2. Couldn't get it to work with Oxygen. It would log in, but it couldn't negotiate the shell. It looks like the directions call for bash. Thx Paul, Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] winscp plug
> Couldn't get it to work with Oxygen. It would > log in, but it couldn't negotiate the shell. It > looks like the directions call for bash. That's too bad. It works out of the box with Eigerstein and Dachstein with the mods I mentioned. Bash isn't necessary with those. Paul P.S. Are you feeling better after your "function key ordering" episode? :-) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Diald problems on Dachstein
Hello! I'm trying to get diald to run on my Dachstein router. All the scripts have been set up and I try to test the dialup link. I get the following error messages in the /var/log/messages file: connect: Protocol started diald[926]: Connected to site 127.0.0.3 diald[926]: Running pppd (pid = 967). diald[926]: start sl0: RTNETLINK answers: File exists diald[926]: start sl0: RTNETLINK answers: File exists diald[926]: Delaying 10 seconds before clear to dial The diald scripts I'm using are the same ones I've had on a RedHat system working as a similar demand dial-up/router. One other thing. When diald is killed, sl0 remains an active network link. I try to remove it by 'ip link set sl0 down', but that doesn't work. Is it possible that diald doesn't like the new kernel and ip tools (I'm running 2.2.19)? Thanks! Mark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Cable Setup Help
I am attempting to install Dachstein (floppy-based install) on a P166 w/ 64mb Ram. I am using two AOpen AON-325 NIC's. I have eth0 connected to my cable modem (ISP is cableone.net) I have eth1 connected to my hub Also connected to the hub is a XP box (I will be adding a RH 7.1 box soon, in case it matters). I have gotten the floppy setup, installed the appropriate module for my NIC's (rtl8139.o), and have had limited success. Dachstein appears to be setting up my clients correctly via DHCP, as they are assigned the correct IP, Gateway, etc. >From the client (XP) I can ping the LRP box. From the LRP box, I cannot ping the XP >box (192.168.1.1), it just doesn't return any results. I also cannot ping out. Attempting to ping out results in a error that says "not allowed". Needless to say, I cannot connect to the internet via the client box. I am also a little curious, as the eth0 IP is set at 10 , where as my dhcp assigned IP from the ISP is normally a 24.116.36. Any help would be greatly appreciated. Being that I am using a local ISP, I have not been able to find much in the way of others experiences using LRP w/ this ISP. The ISP says that I should just be able to connect a router and share the service. Thanks Sincerely, Justin Pease N u a n c e N i n e Web Usability, Development and Design www.nuance9.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Firewall Setup
While sifting through docs I found this error which I have been receiving, while trying to ping any internet IP from the LRP box: sendto(): operation not permitted It says that this is the result of incorrect setup of the Firewall rules. Where can I find some documentation on setting up a set of Firewall rules that will give me at least minimal access to the net (www & email for now). At least if I can get that working I can slowly work through the rest. My main problem is right now, to test out the router I have to switch my cable modem to it. Once that is done, it makes it difficult (currently impossible) to do any research on problems as they come up. Again, your help is greatly appreciated. Sincerely, Justin Pease N u a n c e N i n e Web Usability, Development and Design www.nuance9.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] DCD, dhclient & /etc/resolv.conf ???
Is it possible that my ISP is diddling with my /etc/resolv.conf when my fixed-address, dhcp lease is re-negotiated? I am running DCD, dhclient, dnscache and tinydns-private on my local firewall. When the system boots -- as I just did 2 minutes ago -- resolv.conf shows this: search private.network Sometime in the last several hours, something changed this to: search attbi.com This has happened several times in the last couple weeks; but, not so frequently that I've got all of the evidence inline. Obviously, scripts that refer to hosts by short name (cat /etc/hostname) no longer resolve like this ;< The only thing I can figure -- since I didn't change resolv.conf -- is that the lease expired and during re-negotiation, dhclient rewrote the search line ?!?! What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Firewall Setup
What distribution are you using? What IP addresses are you using for your external interface? Quoting [EMAIL PROTECTED]: > While sifting through docs I found this error which I have been > receiving, while trying to > ping any internet IP from the LRP box: > sendto(): operation not permitted > It says that this is the result of incorrect setup of the Firewall > rules. Where can I find some > documentation on setting up a set of Firewall rules that will give me at > least minimal access > to the net (www & email for now). At least if I can get that working I > can slowly work > through the rest. > > My main problem is right now, to test out the router I have to switch my > cable modem to it. > Once that is done, it makes it difficult (currently impossible) to do > any research on > problems as they come up. > > Again, your help is greatly appreciated. > Sincerely, > > Justin Pease > N u a n c e N i n e > Web Usability, Development and Design > www.nuance9.com > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Cable Setup Help
On Sunday 13 January 2002 18:40, [EMAIL PROTECTED] wrote: > Dachstein appears to be setting up my clients correctly via DHCP, as > they are assigned the correct IP, Gateway, etc. > > From the client (XP) I can ping the LRP box. From the LRP box, I > cannot ping the XP box (192.168.1.1), it just doesn't return any > results. Do you have the "private.network" domain and the 192.168.1.254 for your DNS servers on the client boxes? > also cannot ping out. Attempting to ping out results in > a error that says "not allowed". Have you set the GATEWAY=111.222.333.444 variable in network.conf set to your ISP's gateway? I have found that to be necessary in my local area (or atleast a valid ip in the same subnet as my gateway... the 111.222.333.444 doesn't work)? You might also try releasing the lease for your ISP's dhcp server on your other computer your using for internet while DCD is not working _before_ trying to connect with DCD again. If this doesn't work, post the results to "ip addr show", "ip route show", and "netstat -i" -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???
On Sunday 13 January 2002 19:29, Michael D. Schleif wrote: > Is it possible that my ISP is diddling with my /etc/resolv.conf when > my fixed-address, dhcp lease is re-negotiated? It is supposed to so your box can resolve ip host names. This information is sync'ed for use with dnscache. > I am running DCD, dhclient, dnscache and tinydns-private on my local > firewall. When the system boots -- as I just did 2 minutes ago -- > resolv.conf shows this: > > search private.network > > Sometime in the last several hours, something changed this to: > > search attbi.com > > This has happened several times in the last couple weeks; but, not so > frequently that I've got all of the evidence inline. Obviously, > scripts that refer to hosts by short name (cat /etc/hostname) no > longer resolve like this ;< > > The only thing I can figure -- since I didn't change resolv.conf -- > is that the lease expired and during re-negotiation, dhclient rewrote > the search line ?!?! > > What do you think? I think your correct and it stays that way until dnscache and/or tiny-dns update themselves for the new lease. This isn't your ISP hacking your box if that is what your asking, this is normal operation. I go ahead and put my isp's domain name in the dns portion of network..conf, but you may have a conflict with this from what I am gathering from your post. You might make your problem/question a little more clear if this doesn't help you. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: Dachstein PPPoE don't know
>From what I can understand it looks like you dont have your NICs loaded correctly.. Im not sure which module would be needed since you didnt say what LinkSys NIC model you have.. Also, what is the output from the command "ip addr" ? And do make sure you a subscribed to the leaf-user mailing list at sourceforge.net ( http://lists.sourceforge.net/lists/listinfo/leaf-user ) since Im not always able to respond to emails sent to my personal email accounts but other folks on the LEAF mailing list might be able to help -Kenneth Hadley - Original Message - From: "John Atkeison" <[EMAIL PROTECTED]> To: "Kenneth Hadley" <[EMAIL PROTECTED]> Cc: "LEAF-user" <[EMAIL PROTECTED]> Sent: Sunday, January 13, 2002 6:28 PM Subject: Dachstein PPPoE don't know > I am so far behind the curve that I don't know where to start. 8-} I have > a Dachstein floppy firewall on my DSL (Speakeasy static IP) at my office, > and have _that_one_ mostly figured out. > > I've been futzing with 1.02 floppy pppoe dachstein for my home Verizon DSL > connection for a couple weeks off & on in my spare time, with little > success. I am afraid that I do not know enuf to ask intelligent questions, > so I will describe a bit of my setup and se what y'all have to point me to. > (Refs to docs are fine- I am trying to educate myself so I can set this up > for a non-profit client of mine, so I _do_ need to actually know what I am > doing, sooner or later! 8-)) > > The DSL works fine from my Win98 box. That connection uses WinPoET; its > documentation is not terribly informative. > The messages generated by the PPPoE dachstein are different enuf from the > one at the office that I am not sure how to interpret them. I have taken > the Verizon-supplied cable from the Win98 box and tried it in both NICs > (with reboots). > > In messages, this appears > Bringing up adsl link: > .registered device ppp0 > pppoe uses obsolete (PF_INET,SOCK_PACKET) > ..TIMED OUT > I also get the request to "add a subnet for eth1 (0.0.0.0)" but I thought > that might actually be a driver issue, based on what I saw in past posts on > this list (my local archives go back to June 09, 2001). > The firewall box is a P133 and I bought 2 Linksys NICs for this. Dumb > question: I don't have to have TWO tuplip.o drivers do I?? > > When it is up, there's this: > #adsl-start > ..TIMED OUT > #adsl-status > Link is down -- couldn't find interface corresponding to pid 3473 > > OK- now tell me what I _really_ need to tell ya! 8-)) > TIA > John > John Atkeison > [EMAIL PROTECTED] > (302) 888-1979 > (610) 952-2727 > CLIMATE ACTION THEATRE > The mission of Climate Action Theatre (CAT) is to educate the public about > global climate change through science-based dramatic presentations to > groups. CAT encourages audiences to take action to arrest global climate > change. To volunteer in ANY capacity, email [EMAIL PROTECTED] or call (610) > 952-2727. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] RE: Dachstein-CD v1.0.2 as a router only (no firewall)
Nicolas Riendeau wrote: [snip] > Good luck! > > Nicolas Riendeau > > PS: Please forgive my English as it's not my mother tongue. > > Thanks! > > PPS: Don't worry, I've rebooted my firewall after these tests > > (-; (-; (-; > Ok, so are you from somewhere interesting where Kinda depends whether you think Canada is interesting or not... (-; (-; (-; > they write from right to left so that the smileys > go right to left, ie (-: as versus left to right :-) ?? No, it's because I'm left-handed... (-; (-; (-; > Just curious. Me ignorant american. :-o (-; No problem... Have a nice day! Nick PS: BTW, Kenneth after you've had a chance to test it please let us know if that was the problem (ie the SNMP... parameters...). Thanks! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Firewall Setup
A couple of things are happening. First, it seems that your Dach box is not obtaining a proper address from your ISP. If your address used to be 24.116.x.x, you should be seeing something similar now. Since it is getting assigned a 10.x.x.x address, the ipfilter code is generating the "operation not permitted" message --- as Dachstein disallows RFC 1918 addresses (of which the 10.x.x.x is). Since these are reserved for the "private" side of networks, the external interface will reject everything if an "illegal" address is configured on that interface. The thing to track down is why the external interface is not obtaining the proper IP from your ISP. That is outside of my experience, since I have always used static IPs. I'd recommend you walk very carefully thru the network.conf, paying close attention to the sections involving dynamic external IPs. A good step-by-step procedure for setting it up can be found at: http://www.pigtail.net/LRP/ --- about half way down the page is where the fun begins... Also note, some ISPs restrict your connection to a specific MAC address. If your ISP does that, it may be rejecting your attempt to obtain a DHCP lease. If that is the case, you will have to notify your ISP to give the MAC of your intended external NIC. I recall somewhere that some systems have "trick" for spoofing the MAC address, so you don't have to involve the ISP. Unfortunately, I haven't seen that approach in action, and I don't know if or how it would work. Good luck, Dan Quoting [EMAIL PROTECTED]: > I am using the most recent DachStein Floppy based distro. > The current install appears to have setup 10.x.x.x IP addresses for the > external NIC (eth0). > This seems strange to me, as in the past the ISP DHCP assigned IP was > 24.116.x.x. > > Thanks. > > Justin > > On 13 Jan 2002 at 20:02, [EMAIL PROTECTED] wrote: > > What distribution are you using? > What IP addresses are you using for your external interface? > > > Quoting [EMAIL PROTECTED]: > > > While sifting through docs I found this error which I have been > > receiving, while trying to > > ping any internet IP from the LRP box: > > sendto(): operation not permitted > > It says that this is the result of incorrect setup of the Firewall > > rules. Where can I find some > > documentation on setting up a set of Firewall rules that will give me > at > > least minimal access > > to the net (www & email for now). At least if I can get that working > I > > can slowly work > > through the rest. > > > > My main problem is right now, to test out the router I have to switch > my > > cable modem to it. > > Once that is done, it makes it difficult (currently impossible) to > do > > any research on > > problems as they come up. > > > > Again, your help is greatly appreciated. > > Sincerely, > > > > Justin Pease > > N u a n c e N i n e > > Web Usability, Development and Design > > www.nuance9.com > > > > > > ___ > > Leaf-user mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > > Sincerely, > > Justin Pease > N u a n c e N i n e > Web Usability, Development and Design > www.nuance9.com > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???
guitarlynn wrote: > > On Sunday 13 January 2002 19:29, Michael D. Schleif wrote: > > Is it possible that my ISP is diddling with my /etc/resolv.conf when > > my fixed-address, dhcp lease is re-negotiated? > > It is supposed to so your box can resolve ip host names. This > information is sync'ed for use with dnscache. No, it is *not* supposed to do that! Why should it? The system administrator ought to be in charge of the system, which includes /etc/resolv.conf. If some automated process is diddling with system configuration files, there had better be a good, _documented_ reason ;> Adding to the `search' directive is one thing -- replacing it is quite another ;< Since I am running tinydns-private, *replacing* the search statement breaks my dns! And, *why* would I want to seach the domain attbi.com? They will not delegate any attbi.com subdomain to me -- so, what purpose could it serve? > > I am running DCD, dhclient, dnscache and tinydns-private on my local > > firewall. When the system boots -- as I just did 2 minutes ago -- > > resolv.conf shows this: > > > > search private.network > > > > Sometime in the last several hours, something changed this to: > > > > search attbi.com > > > > This has happened several times in the last couple weeks; but, not so > > frequently that I've got all of the evidence inline. Obviously, > > scripts that refer to hosts by short name (cat /etc/hostname) no > > longer resolve like this ;< > > > > The only thing I can figure -- since I didn't change resolv.conf -- > > is that the lease expired and during re-negotiation, dhclient rewrote > > the search line ?!?! > > > > What do you think? > > I think your correct and it stays that way until dnscache and/or > tiny-dns update themselves for the new lease. This isn't your ISP > hacking your box if that is what your asking, this is normal operation. > I go ahead and put my isp's domain name in the dns portion of > network..conf, but you may have a conflict with this from what I > am gathering from your post. You might make your problem/question > a little more clear if this doesn't help you. I believe that I am quite clear on what I'm asking. Unfortunately, I think that you missed my point entirely . . . Where is it documented that dhclient will re-write resolv.conf? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???
On Sunday 13 January 2002 21:34, Michael D. Schleif wrote:
> I believe that I am quite clear on what I'm asking. Unfortunately, I
> think that you missed my point entirely . . .
>
> Where is it documented that dhclient will re-write resolv.conf?
Thank-you for being direct. After a 30 second Google search on
resolv.conf, I found the information below. Sorry I did not take the
30 seconds before posting originally.
/etc/dhclient.conf
Here it is, with some thing changed to protect the innocent. Note the
extra space within the quotes at the end of the domain-name line. Note
that although I mention the supersede command in resolv.conf is being
modified, and not by me, it is not included below. I have no idea why
that is. But I know the below worked for me. timeout 60;
retry 60;
reboot 10;
select-timeout 5;
initial-interval 2;
script "/etc/dhclient-script";
prepend domain-name "mydomain.com ";
prepend domain-name-servers 127.0.0.1;
interface "eth0" {
request subnet-mask, broadcast-address, routers,
domain-name-servers,
domain-name, host-name;
require domain-name-servers;
media "link2";
}
This was copied from:
http://www.freebsddiary.org/resolv.php
It seems to be a somewhat documented problem with dhclient that affects
all systems running it. I'll go through the dhclient package if you
want.
Hope this helps.
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Message log Overflow crashes EigerStein
I am a novice with linux and the EigerStein router has run flawlessly for many months on my old 486. The last week My router crashes every 1-2 days and I have to restart it. The message log seems to overflow with the following: and 10.38.64.1 is not an IP address assigned by either me or my provider. Any ideas on how to make the EigerStein handle this better? I tried the suggestion on Domain Spaming by Victor form 6/9/2001 (dns floods port 53) but is seems to have no effect. I have tried changing the port in his solution to both 67 and 68 still no effect! Any help would be appreciated. I do not want to have to run out and buy a router. but don't know what to do. GregO Jan 13 20:05:40 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=340 S=0x00 I=24287 F=0x T=255 (#9) Jan 13 20:05:53 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24295 F=0x T=255 (#9) Jan 13 20:06:00 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=352 S=0x00 I=24301 F=0x T=255 (#9) Jan 13 20:06:25 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24333 F=0x T=255 (#9) Jan 13 20:06:29 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24339 F=0x T=255 (#9) Jan 13 20:06:37 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24341 F=0x T=255 (#9) Jan 13 20:06:53 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24347 F=0x T=255 (#9) Jan 13 20:07:25 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24365 F=0x T=255 (#9) Jan 13 20:07:29 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24369 F=0x T=255 (#9) Jan 13 20:07:37 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24375 F=0x T=255 (#9) Jan 13 20:07:53 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24383 F=0x T=255 (#9) Jan 13 20:08:25 myrouter kernel: Packet log: input DENY eth0 PROTO=17 10.38.64.1:67 255.255.255.255:68 L=359 S=0x00 I=24405 F=0x T=255 (#9) The daemon log looks like this. Sep 22 23:20:11 myrouter dhclient: All rights reserved. Sep 22 23:20:11 myrouter dhclient: Sep 22 23:20:11 myrouter dhclient: Please contribute if you find this software useful. Sep 22 23:20:11 myrouter dhclient: For info, please visit http://www.isc.org/dhcp-contrib.html Sep 22 23:20:11 myrouter dhclient: Sep 22 23:20:14 myrouter dhclient: Listening on LPF/eth0/00:a0:24:c8:32:f6 Sep 22 23:20:14 myrouter dhclient: Sending on LPF/eth0/00:a0:24:c8:32:f6 Sep 22 23:20:14 myrouter dhclient: Sending on Socket/fallback/fallback-net Sep 22 23:20:14 myrouter dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 Sep 22 23:20:14 myrouter dhclient: DHCPACK from 24.26.163.32 Sep 22 23:20:24 myrouter dhclient: bound to 65.30.237.66 -- renewal in 37879 seconds. Jan 13 17:43:53 myrouter dhcpd: Internet Software Consortium DHCP Server 2.0pl1 Jan 13 17:43:53 myrouter dhcpd: Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. Jan 13 17:43:53 myrouter dhcpd: All rights reserved. Jan 13 17:43:53 myrouter dhcpd: Jan 13 17:43:53 myrouter dhcpd: Please contribute if you find this software useful. Jan 13 17:43:53 myrouter dhcpd: For info, please visit http://www.isc.org/dhcp-contrib.html Jan 13 17:43:53 myrouter dhcpd: Jan 13 17:43:53 myrouter dhcpd: Listening on LPF/eth1/00:60:97:11:4d:da/192.168.1.0 Jan 13 17:43:53 myrouter dhcpd: Sending on LPF/eth1/00:60:97:11:4d:da/192.168.1.0 Jan 13 17:43:53 myrouter dhcpd: Sending on Socket/fallback/fallback-net Jan 13 17:43:54 myrouter dhclient: Internet Software Consortium DHCP Client 2.0pl1 Jan 13 17:43:54 myrouter dhclient: Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. Jan 13 17:43:54 myrouter dhclient: All rights reserved. Jan 13 17:43:54 myrouter dhclient: Jan 13 17:43:54 myrouter dhclient: Please contribute if you find this software useful. Jan 13 17:43:54 myrouter dhclient: For info, please visit http://www.isc.org/dhcp-contrib.html Jan 13 17:43:54 myrouter dhclient: Jan 13 17:43:57 myrouter dhclient: Listening on LPF/eth0/00:a0:24:c8:32:f6 Jan 13 17:43:57 myrouter dhclient: Sending on LPF/eth0/00:a0:24:c8:32:f6 Jan 13 17:43:57 myrouter dhclient: Sending on Socket/fallback/fallback-net Jan 13 17:44:03 myrouter dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7 Jan 13 17:44:03 myrouter dhclient: receive_packet failed on eth0: Network is down Jan 13 17:44:03 myrouter dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11 Jan 13 17:44:03 myrouter dhclient: DHCPOFFER from 10.38.64.1 Jan 13 1
Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???
guitarlynn wrote:
>
> On Sunday 13 January 2002 21:34, Michael D. Schleif wrote:
>
> > I believe that I am quite clear on what I'm asking. Unfortunately, I
> > think that you missed my point entirely . . .
> >
> > Where is it documented that dhclient will re-write resolv.conf?
>
> Thank-you for being direct. After a 30 second Google search on
> resolv.conf, I found the information below. Sorry I did not take the
> 30 seconds before posting originally.
[ snip ]
> prepend domain-name "mydomain.com ";
> prepend domain-name-servers 127.0.0.1;
>
> interface "eth0" {
> request subnet-mask, broadcast-address, routers,
> domain-name-servers,
> domain-name, host-name;
> require domain-name-servers;
> media "link2";
> }
>
> This was copied from:
> http://www.freebsddiary.org/resolv.php
> It seems to be a somewhat documented problem with dhclient that affects
> all systems running it. I'll go through the dhclient package if you
> want.
> Hope this helps.
Perhaps, `supersede domain-name "private.network"' will work for me --
we'll see. The downer is, that with several DCD's to maintain,
/etc/dhclient.conf must be hard-coded to accommodate this change ;<
The real puzzler is that, after reboot, the system is *correct* -- only
sometime later, something changes and the system is no longer correct!
In fact, since the transition from @home to attbi.com, I had *no*
problems until this last week. I am not yet sure that this is the
cause, that only at lease expiry and re-negotiation does dhclient
overwrite /etc/resolv.conf -- who knew?
Thank you, for these pointers! Even though this overwriting doesn't
make any sense to me, that it is known to others and a workaround is
available is encouraging . . .
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: Dachstein PPPoE don't know
definatly no modules loaded for your NIC's since you would see some messages about them right before > Jan 13 18:43:24 firewall kernel: CSLIP: code copyright 1989 Regents of the > University of California > Jan 13 18:43:24 firewall kernel: PPP: version 2.3.7 (demand dialling) > Jan 13 18:43:24 firewall kernel: PPP line discipline registered. > Jan 13 18:43:24 firewall kernel: PPP Deflate Compression module registered Have you tried uncommenting "pci-scan" and "tulip" in /etc/modules? .im not sure if this is the proper module for your LinkSys cards but its worth a shot -Kenneth Hadley - Original Message - From: "John Atkeison" <[EMAIL PROTECTED]> To: "Kenneth Hadley" <[EMAIL PROTECTED]> Cc: "[LEAF-user]" <[EMAIL PROTECTED]>; "John Atkeison" <[EMAIL PROTECTED]> Sent: Sunday, January 13, 2002 7:33 PM Subject: Re: [Leaf-user] Re: Dachstein PPPoE don't know > I am on [Leaf-user] but I cannot post direcly because of the postmaster > account restriction- more on that in a separate email. > > The NICs are > Linksys LNE100TX (v5.1) > Linksys LNE100TX (v2) > > And- > #ip addr > 1: lo: MTU 3924 qdisc noque > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope global lo > 1336: ppp0: mtu 1500 qdisc noop qlen 10 > link/ppp > > From network.conf: > eth0_IPADDR=1.1.1.2 > eth0_MASKLEN=30 > eth0_BROADCAST=+ > eth0_DEFAULT_GW=1.1.1.1 > eth0_IP_KRNL_LOGMARTIANS=YES > eth0_IP_SHARED_MEDIA=NO > eth0_BRIDGE=NO > eth0_PROXY_ARP=NO > eth0_FAIRQ=NO > > ### > eth1_IPADDR=192.168.1.254 > eth1_MASKLEN=24 > eth1_BROADCAST=+ > eth1_IP_SPOOF=YES > eth1_IP_KRNL_LOGMARTIANS=YES > eth1_IP_SHARED_MEDIA=NO > eth1_BRIDGE=NO > eth1_PROXY_ARP=NO > eth1_FAIRQ=NO > ### > Heres messages: > Jan 13 18:43:24 firewall syslogd 1.3-3#31.slink1: restart. > Jan 13 18:43:24 firewall kernel: klogd 1.3-3#31.slink1, log source = > /proc/kmsg started. > Jan 13 18:43:24 firewall kernel: Cannot find map file. > Jan 13 18:43:24 firewall kernel: Loaded 58 symbols from 14 modules. > Jan 13 18:43:24 firewall kernel: Linux version 2.2.19-3-LEAF (root@debian) > (gcc version 2.7.2.3) #1 Sat Dec 1 12:15:05 CST 2001 > Jan 13 18:43:24 firewall kernel: BIOS-provided physical RAM map: > Jan 13 18:43:24 firewall kernel: BIOS-e820: 0009fc00 @ (usable) > Jan 13 18:43:24 firewall kernel: BIOS-e820: 0400 @ 0009fc00 (usable) > Jan 13 18:43:24 firewall kernel: BIOS-e820: 05f0 @ 0010 (usable) > Jan 13 18:43:24 firewall kernel: Detected 133638 kHz processor. > Jan 13 18:43:24 firewall kernel: Console: colour VGA+ 80x25 > Jan 13 18:43:24 firewall kernel: Calibrating delay loop... 266.24 BogoMIPS > Jan 13 18:43:24 firewall kernel: Memory: 95180k/98304k available (732k > kernel code, 416k reserved, 1232k data, 44k init) > Jan 13 18:43:24 firewall kernel: Dentry hash table entries: 16384 (order 5, > 128k) > Jan 13 18:43:24 firewall kernel: Buffer cache hash table entries: 131072 > (order 7, 512k) > Jan 13 18:43:24 firewall kernel: Page cache hash table entries: 32768 > (order 5, 128k) > Jan 13 18:43:24 firewall kernel: CPU: Intel Pentium 75 - 200 stepping 0c > Jan 13 18:43:24 firewall kernel: Checking 386/387 coupling... OK, FPU using > exception 16 error reporting. > Jan 13 18:43:24 firewall kernel: Checking 'hlt' instruction... OK. > Jan 13 18:43:24 firewall kernel: Intel Pentium with F0 0F bug - workaround > enabled. > Jan 13 18:43:24 firewall kernel: POSIX conformance testing by UNIFIX > Jan 13 18:43:24 firewall kernel: PCI: PCI BIOS revision 2.10 entry at 0xfb620 > Jan 13 18:43:24 firewall kernel: PCI: Using configuration type 1 > Jan 13 18:43:24 firewall kernel: PCI: Probing PCI hardware > Jan 13 18:43:24 firewall kernel: Linux NET4.0 for Linux 2.2 > Jan 13 18:43:24 firewall kernel: Based upon Swansea University Computer > Society NET3.039 > Jan 13 18:43:24 firewall kernel: NET4: Unix domain sockets 1.0 for Linux > NET4.0. > Jan 13 18:43:24 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0 > Jan 13 18:43:24 firewall kernel: IP Protocols: ICMP, UDP, TCP > Jan 13 18:43:24 firewall kernel: TCP: Hash tables configured (ehash 131072 > bhash 65536) > Jan 13 18:43:24 firewall kernel: Initializing RT netlink socket > Jan 13 18:43:24 firewall kernel: Starting kswapd v 1.5 > Jan 13 18:43:24 firewall kernel: Software Watchdog Timer: 0.05, timer > margin: 60 sec > Jan 13 18:43:24 firewall kernel: Real Time Clock Driver v1.09 > Jan 13 18:43:24 firewall kernel: RAM disk driver initialized: 16 RAM disks > of 6144K size > Jan 13 18:43:24 firewall kernel: Floppy drive(s): fd0 is 1.44M > Jan 13 18:43:24 firewall kernel: FDC 0 is a National Semiconductor PC87306 > Jan 13 18:43:24 firewall kernel: RAMDISK: Compressed image found at block 0 > Jan 13 18:43:24 firewall kernel: RAMDISK: Uncompressing root archive: done. > Jan 13 18:43:24 firewall kernel: RAMDISK: Auto Filesystem - minix: 2048i > 6144bk 68fdz(68) 1024zs 2147483647ms > Jan 13 18:43:24 firewall kernel: VFS: Mounted root (minix files
[Leaf-user] Telstra ADSL PPPoE guide needed!
Hi, I'm running Telstra ADSL and i want to route my internet to 30-40 computers. Does anyone have an image already customized for this kind of setup? Thank you very much in Advance, Stewart Adey. By the way, Telstra uses their own customized program as a user name/password login system. (http://bpalogin.sourceforge.net)(www.2dex.com/lrp/bpalogin.lrp) Get your FREE download of MSN Explorer at http://explorer.msn.com. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Telstra ADSL PPPoE guide needed!
On another board to which I subscribe, they are tossing around this link http://www.synapticserver.com/bpalogin_2howto.html Supposedly, it has the low-down on your system. It is not specific to LEAF, but should at least tell you how Linux in general needs to talk to that ISP's system. Good luck, Dan PS: See how icky html messages come across? In unix-oriented circles, html email really, really frowned upon. Friendly tip ;) Quoting Stewart Adey <[EMAIL PROTECTED]>: > > Hi, I'm running Telstra ADSL and i want to route my internet to > 30-40 computers. Does anyone have an image already customized for this > kind of setup? Thank you very much in Advance, Stewart Adey. > By the way, Telstra uses their own customized program as a user > name/password login system. ( href="http://bpalogin.sourceforge.net";>http://bpalogin.sourceforge.net)( href="http://www.2dex.com/lrp/bpalogin.lrp";>www.2dex.com/lrp/bpalogin.lrp) > > > Get your FREE download of MSN > Explorer at href='http://go.msn.com/bql/hmtag_etl_EN.asp'>http://explorer.msn.com. > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Telstra ADSL PPPoE guide needed!
Hi Stewart, First, html email leaves a bad taste in most people's mouths. Please try to not use html email, especially in unix-based mailing lists. Second, Tel$tra's dodgey authentication system is only needed for their Bigpong Broadbland users- not their ADSL users. Just remember when you set up the PPPoE client in LEAF that your username needs to be @tel$tra.com, not just . Regards, HiltonT ---> Original HTML email message is unfortunately found below... On Mon, 2002-01-14 at 15:29, Stewart Adey wrote: Hi, I'm running Telstra ADSL and i want to route my internet to 30-40 computers. Does anyone have an image already customized for this kind of setup? Thank you very much in Advance, Stewart Adey. By the way, Telstra uses their own customized program as a user name/password login system. (http://bpalogin.sourceforge.net)(www.2dex.com/lrp/bpalogin.lrp) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???
On Sunday 13 January 2002 21:44, guitarlynn wrote: > > Where is it documented that dhclient will re-write resolv.conf? ***NOTE*** QUICK FIX @BOTTOM OF PAGE Other hits on the Google search: If you are running a recent version of the DHCP client, you should be able to disable writing the resolv.conf file by defining a function in /etc/dhclient-enter-hooks called make_resolv_conf, that does nothing. This will replace the standard make_resolv_conf function, which overwrites your /etc/resolv.conf. This is all documented in the dhclient-script man page - if you don't see it there, you need to upgrade. from: http://www.isc.org/ml-archives/dhcp-server/1999/06/msg00181.html I haven't tried that, you can if you want. A patch to the /etc/dhclient-enter-hooks file that defined the make_resolv_conf function might work, I don't have the source the package was compiled with right now. Otherwise I did find the offending section in /etc/dhclient-script (lines 214-217) that overwrite resolv.conf. I don't know where the variable goes when CONFIG_DNS=NO, but if I do I'll submit a patch using something like: # $STATIC_RESOLV is called from wherever CONFIG_DNS=NO is run ## if [ "$STATIC_RESOLV" = "1" ]; then echo else echo search $new_domain_name >/etc/resolv.con for nameserver in $name_domain_name_servers; do echo nameserver $nameserver >>/etc/resolv.conf done fi END OF PATCH# Quick fix for you is to comment out lines 214-217 in /etc/dhclient-script. Hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???
Never mind the patch, I'm way over thinking this..sorry! The simplest route will be to edit your 'network.conf' file as suggested by Charles. Note this: # CONFIG_DNS=(YES/NO) Default: NO # Create /etc/resolv.conf file using DOMAINS and DNSx entries. # Any current resolv.conf file will be **OVERWRITTEN** Scroll down (most of the file) to the DNS config, change to "YES" and simply enter your desired information. It will NOT be changed with this option. Charles has already accounted for this bug, sorry I went braindead. It seems to be my weekend. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, dhclient & /etc/resolv.conf ???
guitarlynn wrote: > > Never mind the patch, I'm way over thinking this..sorry! > > The simplest route will be to edit your 'network.conf' file as > suggested by Charles. > > Note this: > > # CONFIG_DNS=(YES/NO) Default: NO > # Create /etc/resolv.conf file using DOMAINS and DNSx entries. > # Any current resolv.conf file will be **OVERWRITTEN** > > Scroll down (most of the file) to the DNS config, change to "YES" and > simply enter your desired information. It will NOT be changed with > this option. Charles has already accounted for this bug, sorry I > went braindead. It seems to be my weekend. Please, pay careful attention to my posts. Notice, that this problem does *not* occur at bootup; rather, it occurs later on ;> Yes, I have *always* used CONFIG_DNS=YES, which is why this problem is so surprising! -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] no ppp support in kernel (DCD 1.0.2)?
I get this error when enabling ppp and pppd with ppp0 in network.conf: pppd: This system lacks kernel support for PPP. This could be because the PPP kernel module could not be loaded, or because PPP was not included in the kernel configuration. If PPP was included as a module Is this right? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
