Re: [Leaf-user] dachstein and port forwarding (again)
On Sunday 20 January 2002 00:31, David Goodrich wrote: i tried using the _ and it didn't work. unless being on the internal network has something to do with it ... http://complex.wox.org... any ideas? thanks in advance -david Is the complex.wox.org your site? If so, it works from here. I guess maybe noone has told you that because of the ip spoofing rules in the firewall, you cannot access the services through the firewall on anything port-forwarded or DMZ'ed. In other words, you cannot access anything by sending a request through DCD to the internet and then back in through the firewall. You should be able to access them from anywhere else you have allowed through. Hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein glibc
Hi Charles, If I check my /lib folder in the dachstein floppy release I get the impression that you are using glibc 2.1.3 (because of the filenames). But I can't seem to find any confirmations on that major change in the docs. Am I missing something? Is dachstein floppy using 2.1.3 or are the names changed for some other reason? Kim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Firewall Setup / Cable Setup
Ray Olszewski wrote: snip Having found it, we still have to fix it. I don't use the Dach default firewall, but someone else can tell you the edit for it ... or you can try scanning the list archives (the external-privvate-address problem comes up regularly on the list). [Mike, is this problem common enough to deserve a FAQ answer?] Or you can use a different drop-in firewall; I know echowall.lrp, for example, handles private-range external addresses OK. The default Dachstein firewall scripts deny traffic on the external interface that comes from/goes to private-range ip-adresses. I think you can solve this in your case by commenting out line 208 in /etc/ipfilter.conf. Here is how to do it: - Go to the lrcfg menu (if you are not already there), choose 1, then 2. Now you are editing /etc/ipfilter.conf. - Go to line 208 (the line number is at the bottom right of your screen) - Place a # at the beginning of line 208. (just like line 207) - Save the changes, and exit from the editor - Exit from the menu so that you are at the commandline. - On the commandline type this: svi network ipfilter reload - Test the changed firewall. If everything works ok you can backup etc.lrp through the menu. Good luck! Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein glibc
At 13:24 20/01/2002, Ewald Wasscher wrote: Kim Oppalfens wrote: Hi Charles, If I check my /lib folder in the dachstein floppy release I get the impression that you are using glibc 2.1.3 (because of the filenames). Ecuse me, but when I list /lib I see for example: libc-2.0.7.so and not a single filename containing 2.1.3 . Erm, I just double checked, and apparently you are right, I would have sworn that when I checked (and double-checked) yesterday all filenames ended in 2.1.3 (And I only have a dachstein eigerstein floppy available.) Probably wishfull thinking on my part. Sorry to have bothered the list with a stupid question. There are only stupid questions, no stupid answers. (Or was that the other way around?) There is no such thing as gravity, the world just sucks Kim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] rtl8139 vs 8139too was Re: solution to modules not loading from CD
PS - for those who use rtl8139.o - the new 8139too.o is on the CD. I'll soon build a test machine (I have a PPPOE connection I want to see if upgrading the cpu I use on my firewall would improve my connection speed by how much) that will uses rtl8139 NICs and I was wondering was advantage there is to use 8139too.o compared to rtl8139.o... (My current firewall uses Linksys LNE100TX cards (tulip driver)). Is there really an advantage to using one over the other (the page at http://www.scyld.com/network/rtl8139.html#8139too kinda makes me wonder...) Thanks! Nick ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] glibc pppoe...
[EMAIL PROTECTED] wrote: Would any of the people who already tried (and preferably succeeded) upgraded to glibc 2.1.3 give a little bit more explanation at how it is done? I am running a dual floppy eigerstein for the moment and would like a shot. I'm not sure if this is still a requirement with Dachstein but with ES2B the libraries apperently had to be stored in root.lrp (it would crash otherwise, I guess it needs it before loading the rest...). I too had a dual floppy installation (still have, just in case...) and I'm not sure if it would have fit but I must confess that in my case my floppy were formatted as 1.44 Mb and not as 1.68 Mb (I personnally don't trust 1.68...). Is it just a matter of replacing some binaries and maybe some symbolic links? If so which binaries and which links would that be? According to the following URL http://www.gnu.org/software/libc/FAQ.html#s-2.27 most of what has been compiled for glibc 2.0 should work with glibc 2.1 so I hadn't recompiled any of the programs... WARNING THIS IS PROBABLY THE COW BOY WAY OF DOING THINGS AND IF YOU TRY IT YOU'RE DOING IT AT YOUR OWN RISKS AND I WOULD SUGGEST YOU DO A BACKUP OF YOUR DISKS. That said, mostly what I had done was take the libc.lrp package from an Oxygen image, added it to SYSLINUX.CFG and rebooted. Most of the links where taken card of by that operation... I don't remember if I had that problem but it would seem that with Dachstein the following links would still point to glibc 2.0 librairies after that operation... libnss_dns.so.1 libnss_files.so.1 libnsl.so.1 which on a full (Redhat-based) distribution point respectivly to: libnss1_dns-2.1.3.so libnss1_files-2.1.3.so libnsl-2.1.3.so which I would be tempted to copy from that full distribution... Anybody know what they're used for and whether it would be a good idea to copy them over from a full distribution? BTW, don't forget to delete the old glibc libraries before backing up... Or is there more to it than that? Does the kernel version or something in kernel configuration has something to do with it? If there is would somebody please tell us... I already noticed there is a dachstein cd iso with glibc 2.1.3 support, if it is just a matter of replacing binaries could I just copy those from this iso image? I think you're talking of David Douthitt's Oxygen here... AFAIK, DCD (Dachstein CD) as distributed by Charles Steinkuehler uses glibc 2.0... Does somebody distributes an ISO image based on Dachstein which uses glibc 2.1.3? BTW, everything seemed to work ok after I had replaced the librairies but ONCE AGAIN, IF YOU TRY THIS YOU'RE DOING IT AT YOUR OWN RISKS... While I have many years of experience in the computer field I'm still quite a newbie when it comes to Linux and the modifications I had made where at my own risk done in in a trial-error way... (sp?) BTW, if anybody know of anything I've done wrong or that I forgot to do, please do not hesitate to post... Have a nice day! Nick PS: Please forgive my English as it's not my mother tongue. Thanks! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] glibc pppoe...
At 16:45 20/01/2002, Nicolas Riendeau wrote: [EMAIL PROTECTED] wrote: Comments inline Would any of the people who already tried (and preferably succeeded) upgraded to glibc 2.1.3 give a little bit more explanation at how it is done? I am running a dual floppy eigerstein for the moment and would like a shot. I'm not sure if this is still a requirement with Dachstein but with ES2B the libraries apperently had to be stored in root.lrp (it would crash otherwise, I guess it needs it before loading the rest...). I too had a dual floppy installation (still have, just in case...) and I'm not sure if it would have fit but I must confess that in my case my floppy were formatted as 1.44 Mb and not as 1.68 Mb (I personnally don't trust 1.68...). Is it just a matter of replacing some binaries and maybe some symbolic links? If so which binaries and which links would that be? According to the following URL http://www.gnu.org/software/libc/FAQ.html#s-2.27 most of what has been compiled for glibc 2.0 should work with glibc 2.1 so I hadn't recompiled any of the programs... Indeed most of the programs provided they are compiled for glibc 2.0 which means that in order to get some apps working you (or someone else) need to recompile them. WARNING THIS IS PROBABLY THE COW BOY WAY OF DOING THINGS AND IF YOU TRY IT YOU'RE DOING IT AT YOUR OWN RISKS AND I WOULD SUGGEST YOU DO A BACKUP OF YOUR DISKS. Noted :-) That said, mostly what I had done was take the libc.lrp package from an Oxygen image, added it to SYSLINUX.CFG and rebooted. Most of the links where taken card of by that operation... I don't remember if I had that problem but it would seem that with Dachstein the following links would still point to glibc 2.0 librairies after that operation... libnss_dns.so.1 libnss_files.so.1 libnsl.so.1 which on a full (Redhat-based) distribution point respectivly to: libnss1_dns-2.1.3.so libnss1_files-2.1.3.so libnsl-2.1.3.so which I would be tempted to copy from that full distribution... Anybody know what they're used for and whether it would be a good idea to copy them over from a full distribution? BTW, don't forget to delete the old glibc libraries before backing up... Or is there more to it than that? Does the kernel version or something in kernel configuration has something to do with it? If there is would somebody please tell us... Yes please do I already noticed there is a dachstein cd iso with glibc 2.1.3 support, if it is just a matter of replacing binaries could I just copy those from this iso image? I think you're talking of David Douthitt's Oxygen here... AFAIK, DCD (Dachstein CD) as distributed by Charles Steinkuehler uses glibc 2.0... Does somebody distributes an ISO image based on Dachstein which uses glibc 2.1.3? Yups on http://leaf.sourceforge.net somebody is distributing an image as proof-of-concept BTW, everything seemed to work ok after I had replaced the librairies but ONCE AGAIN, IF YOU TRY THIS YOU'RE DOING IT AT YOUR OWN RISKS... While I have many years of experience in the computer field I'm still quite a newbie when it comes to Linux and the modifications I had made where at my own risk done in in a trial-error way... (sp?) Standard disclaimer detected ;-) BTW, if anybody know of anything I've done wrong or that I forgot to do, please do not hesitate to post... Have a nice day! Nick PS: Please forgive my English as it's not my mother tongue. Thanks! çava, Je l'ai compris assez bien :-) There is no such thing as gravity, the world just sucks ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] rtl8139 vs 8139too was Re: solution to modules not loading from CD
On Sunday 20 January 2002 08:48, Nicolas Riendeau wrote: Is there really an advantage to using one over the other (the page at http://www.scyld.com/network/rtl8139.html#8139too kinda makes me wonder...) No, there doesn't seem to be an _advantage_ to using *too. From the linked info, it seems that the *too module is geared a little more towards pcmcia than pci. It appears to be a performance trial under any circumstance following a new method and I haven't personally heard a bad thing about this particular module/method myself (yet). -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] glibc pppoe...
Kim Oppalfens wrote: At 16:45 20/01/2002, Nicolas Riendeau wrote: [EMAIL PROTECTED] wrote: According to the following URL http://www.gnu.org/software/libc/FAQ.html#s-2.27 most of what has been compiled for glibc 2.0 should work with glibc 2.1 so I hadn't recompiled any of the programs... Indeed most of the programs provided they are compiled for glibc 2.0 which means that in order to get some apps working you (or someone else) need to recompile them. There are some exceptions but it seems most (all?) of the binaries which comes with Dachstein/LEAF work perfectly with glibc 2.1... One of the reason why I had switched (and will switch back as soon as the gzip/gunzip problems is resolved) is that while I don't have a development glibc 2.0-based system I have both a glibc 2.1 2.2 system with which I can recompile programs/apps... I think you're talking of David Douthitt's Oxygen here... AFAIK, DCD (Dachstein CD) as distributed by Charles Steinkuehler uses glibc 2.0... Does somebody distributes an ISO image based on Dachstein which uses glibc 2.1.3? Yups on http://leaf.sourceforge.net somebody is distributing an image as proof-of-concept I just downloaded it... It SEEMS (s)he got rid libnss_dns.so.1 libnss_files.so.1 (which I guess are not used by Dachstein?) added libnsl-2.1.3.so. The rest SEEMED similar to the mods I had done... BTW, everything seemed to work ok after I had replaced the librairies but ONCE AGAIN, IF YOU TRY THIS YOU'RE DOING IT AT YOUR OWN RISKS... While I have many years of experience in the computer field I'm still quite a newbie when it comes to Linux and the modifications I had made where at my own risk done in in a trial-error way... (sp?) Standard disclaimer detected ;-) (-; (-; (-; Exactly... (-; (-; (-; PS: Please forgive my English as it's not my mother tongue. Thanks! çava, Je l'ai compris assez bien :-) Le contraire m'aurait surpris... (-; (-; (-; I must confess that I had noticed that I was posting to somebody in Belgium so I kinda knew that even if I had used an expression/idiom which sound too French-like you would probably have understood it... Have a nice day! Nick ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] IPsec error in logs
Anyone know how to get rid of this error in the logs? Running IPSec 1.91 from Charles site on Dachstien CD 1.02. router kernel: ip_demasq_esp(): Inbound from 65.xx.xx.xx SPI EBC4FE83 has no masq table entry Thanks ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] glibc pppoe...
Am Freitag, 18. Januar 2002 08:48 schrieb [EMAIL PROTECTED]: Aanhalen Nicolas Riendeau [EMAIL PROTECTED]: Would any of the people who already tried (and preferably succeeded) upgraded to glibc 2.1.3 give a little bit more explanation at how it is done? I am running a dual floppy eigerstein for the moment and would like a shot. Is it just a matter of replacing some binaries and maybe some symbolic links? If so which binaries and which links would that be? Or is there more to it than that? Does the kernel version or something in kernel configuration has something to do with it? I already noticed there is a dachstein cd iso with glibc 2.1.3 support, if it is just a matter of replacing binaries could I just copy those from this iso image? I've done this ISO-Image and it is a little bit more than just to replace libraries (see the README). The few other necessary changes are related to the bootdisk limit of 1.44 mb. The current image is based on dachstein 1.0.1. I'm working to get in sync with dachstein 1.0.2. I use the usual lrp packages like dnscache, tinydns, dhcpd etc. and some other lrp's. Until today only squid needed a recompile with glibc 2.1.3. kp ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] glibc pppoe...
I've done this ISO-Image and it is a little bit more than just to replace libraries (see the README). The few other necessary changes We where both talking (I think?) of what was needed to go from glibc 2.0 to glibc 2.13. Your image goes beyond only changing the librairies (it corrects a few things and add new functionalities) but I was mainly looking at what you had done library-wise... are related to the bootdisk limit of 1.44 mb. This had gone somewhat unoticed on my part since I don't run Dacstein from either a floppy or a CD, I run it from an old write-protected SCSI hd... (which just like the normal floppy version is only used to store the lrp files, I don't actually try to mount it to get files from it). I use the usual lrp packages like dnscache, tinydns, dhcpd etc. and some other lrp's. Until today only squid needed a recompile with glibc 2.1.3. I guess it was trying to access something which changed between glibc 2.0 glibc 2.1 (libio?). Thanks for the info! Have a nice day! Nick ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Fwd: Re: [Leaf-user] glibc pppoe... (oops, forgot something)]
Nicolas Riendeau wrote: [Actually, double Oops since I forgot to post in on the mailing list...] Oops, I forgot something... I'm not sure if this is still a requirement with Dachstein but with ES2B the libraries apperently had to be stored in root.lrp (it would crash otherwise, I guess it needs it before loading the rest...). If this is still a requirement It is, and it was. you'll have to go into /var/lib/lrpkg and remove the libc.* files and probably edit packages backdisk (or their equivalent in Eigerstein) so that they no longer refer to the libc.lrp package... You're right about removing the /var/lib/lrpkg/libc.* files. This doesn't seem to be needed with Oxygen so it might no longer be required with Dachstein but it did seem necessary with ES2B... (Don't know if it was with plain Eigerstein...). Almost all programs on unix systems need some kind of c-library (libc). The programs in oxygen's root.lrp are statically linked with a tiny c-library (uClibc), so that they have a builtin libc and don't need a seperate one. The advantage of this is that Oxygen's root.lrp is independent of the version of glibc used. So if you feel like it you should be able to replace the libc.lrp that comes with Oxygen (it contains glibc-2.1.3) with your shiny new home-made 2.2.4 version. The disadvantage is that it costs a bit of diskspace (approx. 65kb on the ramdisk, 25kb on the floppy), because of the builtin libc. I hope this explains things a bit for you. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Updating port forwarding with dynamic IP
Hello, I need some help working with LRP. I have the Eigerstein pppoe version beta 0.4 running on an old Pentium box as my router. Internet connection is a dynamic IP via ADSL from Earthlink. (I want static IP, but Earthlink tells me, Static IP has been used up in your area. Call Verizon for further info. !!) I use Roaring Penguin's adsl-start script family to manage the ADSL connection. Everything has worked fine for nearly a year as far as the ADSL connection goes. Eight months ago I configured the newtwork to accept incoming ssh and www packets and forward them to a Linux box on the network, using the info from http://lrp.steinkuehler.net/files/packages/network.txt This worked fine. Then I wanted to get a domain name I could use to address my web server from the outside. I use the dynamic DNS service at http://www.dyndns.org to do this. In order for the domain name to dynamic IP adddress mapping to be updated automatically when Earthlink changes my dynamic IP (which it does frequently), I use Paul Burry's ddclient program, http://clients.dyndns.org/unix.php . This works fine to update the new IP with dyndns.org. The current problem I have is this: When Earthlink updates the dynamic IP, the LRP box does not update the port forwarding from address with the new dynamic IP. So the web and ssh servers are no longer accessible from the outside. If I reboot the LRP box, everything is fine, but that is a manual process, and naturally I want it to be automatic. I know what the LRP commands are to update the from IP for port forwarding: # Get new dynamic IP EXT_IP=`/sbin/ip addr show dev ppp0 | grep inet | cut -f2 -d' '` # Clear old port fwd entries /usr/sbin/ipmasqadm portfw -f # Add entries with new dynamic IP /usr/sbin/ipmasqadm portfw -n -a -P tcp -L dynamic_ip 22 192.168.1.200 22 /usr/sbin/ipmasqadm portfw -n -a -P tcp -L dynamic_ip 80 192.168.1.200 80 The LRP box does not have crontab, ssh, or telnet on it, so I seemingly can't run a cron job or update it from the internal Linux box. I tried to add these commands to the Roaring Penguin adsl-connect script that runs when Earthlink changes the dynamic IP, but it didn't work. Anyone have any ideas how I can do this? Is it possible that IP masq is not really what I should be using? I am not even sure what it is, I think it was on by default in the LRP distribution, and since it worked I didn't fool with it. Thanks in advance, Tom = Tom Atwater tomath2o.yahoo.com __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Double NATed dmz help needed
Hi all, I have set up a stock EB2 box at my wife's house (she's in school, not that it matters :)) and it works (sort of). Here is my situation/problem(s). 1. The provider here in Blacksburg is providing ethernet directly, and is offering a static external address, but only for external connections. She is EXTERNALLY accessible, but the EB2 has to set to a 10.100 address; clearly they are using portfw on a box and just forwarding everything. The DNS servers they provide are also in the 10.100 range. Unfortunately, I am seeing every 10.100 packet in my deny log, i.e.: Packet log: input DENY eth0 PROTO=2 10.100.80.200:65535 239.255.255.250:65535 L=32 S=0x00 I=64721 F=0x T=1 O=0x0494 (#45) Packet log: input DENY eth0 PROTO=2 10.100.80.56:65535 224.0.0.2:65535 L=32 S=0x00 I=31615 F=0x T=1 O=0x0494 (#45) Packet log: input DENY eth0 PROTO=2 10.100.80.56:65535 224.0.1.24:65535 L=32 S=0x00 I=31616 F=0x T=1 O=0x0494 (#45) I have adjusted my cron job to rotate and remove a bit faster so my router doesn't lock up from full logs, but I can't figure out how to a) figure out which rule is actually #45 and b) how to tailor it to deny but not log _just_ the 10.100 stuff. I have tried to count through the rules and figure out where it is, but to no avail 2. I can't seem to get sendmail to work behind this odd double NAT setup. I have opened up smtp in EB2 (EXTERN_TCP_PORTS=0/0_ssh 0/0_smtp 0/0_www 0/0_imap 0/0_pop-3) and I have changed my /etc/hosts on the server so that it looks like: whickedwheels:/etc# cat hosts 127.0.0.1 whickedwheels 192.168.1.1 whickedwheels whickedwheels.com Sendmail seems to start ok, but nothing seems to get to it, it sends out just fine, but nothing comes in. Anyone done a similar setup? Thanks in Advance Morgan Reed ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Double NATed dmz help needed
Morgan Reed wrote: Hi all, I have set up a stock EB2 box at my wife's house (she's in school, not that it matters :)) and it works (sort of). Here is my situation/problem(s). 1. The provider here in Blacksburg is providing ethernet directly, and is offering a static external address, but only for external connections. She is EXTERNALLY accessible, but the EB2 has to set to a 10.100 address; clearly they are using portfw on a box and just forwarding everything. The DNS servers they provide are also in the 10.100 range. Unfortunately, I am seeing every 10.100 packet in my deny log, i.e.: Packet log: input DENY eth0 PROTO=2 10.100.80.200:65535 239.255.255.250:65535 L=32 S=0x00 I=64721 F=0x T=1 O=0x0494 (#45) Packet log: input DENY eth0 PROTO=2 10.100.80.56:65535 224.0.0.2:65535 L=32 S=0x00 I=31615 F=0x T=1 O=0x0494 (#45) Packet log: input DENY eth0 PROTO=2 10.100.80.56:65535 224.0.1.24:65535 L=32 S=0x00 I=31616 F=0x T=1 O=0x0494 (#45) The 224.0.1.24 are multicast packets from your isp who is masquerading his network in the private 10.x.x.x address range. If you insert a rule in /etc/ipfilter.conf in stopMartians ahead of the rule that is denying all 10. addresses to specifically deny without logging. This will make the packet get thrown out before it gets to rule 45 which is probably some sort of deny everything else that does not get accepted or specifically rejected. . Put this rule in ahead of the # Multicasts from my provider # to deny w/o logging used since 2/28/2001 # the /32 only fights the single source and destination addresses $IPCH -A $LIST -j DENY -p all -s 10.100.80.56/32 -d 224.0.1.24/32 $* I assume you have already commented out the #RFC 1918/1627/1597 blocks #$IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $* don't forget to svi network reload if it helps cut down the junk in the logs then backup etc. I have adjusted my cron job to rotate and remove a bit faster so my router doesn't lock up from full logs, but I can't figure out how to a) figure out which rule is actually #45 and b) how to tailor it to deny but not log _just_ the 10.100 stuff. I have tried to count through the rules and figure out where it is, but to no avail 2. I can't seem to get sendmail to work behind this odd double NAT setup. I have opened up smtp in EB2 (EXTERN_TCP_PORTS=0/0_ssh 0/0_smtp 0/0_www 0/0_imap 0/0_pop-3) and I have changed my /etc/hosts on the server so that it looks like: whickedwheels:/etc# cat hosts 127.0.0.1 whickedwheels 192.168.1.1 whickedwheels whickedwheels.com Sendmail seems to start ok, but nothing seems to get to it, it sends out just fine, but nothing comes in. Anyone done a similar setup? Thanks in Advance Morgan Reed I assume that in order to get it working in the private address space you have $IPCH -A $LIST -j DENY -p all -s 172.16.0.0/12 -d 0/0 -l $* $IPCH -A $LIST -j DENY -p all -s 192.168.0.0/16 -d 0/0 -l $* ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Updating port forwarding with dynamic IP
Tom Atwater wrote: snip There is a newer Dachstein-PPPoE package available here: http://leaf.sourceforge.net/devel/khadley/ The current problem I have is this: When Earthlink updates the dynamic IP, the LRP box does not update the port forwarding from address with the new dynamic IP. That's wierd. That means that the firewall rules aren't reloaded (or there is a bug in the firewall scripts). So the web and ssh servers are no longer accessible from the outside. If I reboot the LRP box, everything is fine, but that is a manual process, and naturally I want it to be automatic. I know what the LRP commands are to update the from IP for port forwarding: # Get new dynamic IP EXT_IP=`/sbin/ip addr show dev ppp0 | grep inet | cut -f2 -d' '` # Clear old port fwd entries /usr/sbin/ipmasqadm portfw -f # Add entries with new dynamic IP /usr/sbin/ipmasqadm portfw -n -a -P tcp -L dynamic_ip 22 192.168.1.200 22 /usr/sbin/ipmasqadm portfw -n -a -P tcp -L dynamic_ip 80 192.168.1.200 80 If you use the Eigerstein builtin firewall you should reload/restart the firewall like this: svi network ipfilter reload The firewall scripts should read the ip-address from the external interface (if properly configured) and adjust the portforwarding accordingly. Tell me if it doesn't work. The LRP box does not have crontab, ssh, or telnet on it, so I seemingly can't run a cron job or update it from the internal Linux box. You can edit /etc/crontab; /etc/cron.daily; /etc/cron.hourly or /etc/cron.monthly directly. So it is possible to add a cronjob. If you want remote access (and have enough disk-space left) you can install either Jacques Nilo's OpenSSH packages or my lsh packages (http://leaf.sourceforge.net/devel/jnilo/ and http://leaf.sourceforge.net/devel/ewaldw/ respectively). I tried to add these commands to the Roaring Penguin adsl-connect script that runs when Earthlink changes the dynamic IP, but it didn't work. Try adding the svi network ipfilter reload instead and see if that works. Anyone have any ideas how I can do this? I do! :-) Hope this helps, Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] multi ip port forwarding (to:bela)
hi all, hi Bela I've tried your advice but there's still some problems. 1. secondary legal_IP of eth0 wasn't recognized by the outside world. the ping retruned request timed out but I could ping it from my internal network. 2. from my internal network I could open the web page of both the legal_ip1 and legal_ip2. but not from the outside. 3. from both legal_ip1 and legal_ip2 I could send email to the outside world (eg. yahoo.com), but when I tried to reply, the mail didn't get delivered to the inbox, instead it bounched with comment sorry, I couldn't find host mail.uajy.ac.id and inf.uajy.ac.id 4. I couldn't send email from legal_ip1 to legal_ip2 nor from legal_ip2 legal_ip1. by the way, am i the only one in this whole universe who ever want to do this *multi ip port forwarding* thing? and nobody else ever done this before? any suggestion will be very appreciated. I'm so desperate. this is harder than installing qmail. regards, Gregor +Gregor Gede W. +CENTER FOR INFORMATION SYSTEM +ATMA JAYA YOGYAKARTA UNIVERSITY [EMAIL PROTECTED] +62 81 2271 0583 +62 81 7467 518 WATCHOUT! 3RD INTERNATIONAL SEMINAR ON SUSTAINABLE ENVIRONTMENTAL ARCHITECTURE + DIGITAL ARCHITECTURE, 9-10 MARCH 2002, YOGYAKARTA http://senvar.virtue.nu or http://senvar.uajy.web.id ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] PPP(oE) standards
I'm on Sympatico in Ontario and notice that my ip changes quite frequently. It is stable for a week, then I get bumped twice in a single day. Now, the system renegotiates just fine, however, because network.conf has not been re-run, all my port forwards are broken until I do so (which doesn't help me if I'm at work trying to get in). Does PPP have it in its specs to renegotiate an IP like DHCP does? Or are they forcing a renegotiation by dropping your connection? Does this mean that something placed in /etc/ppp/ip-up.d will automatically get run at that time to fix it? Can I just put network.conf there? What will happen to it as it will probably run from here before it is supposed to on a normal boot sequence? dbc. -- David B. Cook, [EMAIL PROTECTED] Linux -- up 11 days because it can. 10:28pm up 11 days, 22:24, 1 user, load average: 0.96, 0.43, 0.16 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] multi ip port forwarding (to:bela)
Gregor -- First, which address is which. Using the FQDNs you mention below, I find they both resolve, as follows: inf.uajy.ac.id = 202.149.81.61 mail.uajy.ac.id = 202.149.81.55 Replies to your specific questions assume these are the right FQDNs and I am resolving them to the right addresses. If I am not ... then that is where you need to look for the problem. So, the first thing is to confirm that the two addresses are resolving correctly, externally. Second, I cannot do a reverse lookup on either of these addresses. The results: collier:/usr/src/linux# host 202.149.81.61 202.149.81.61 does not exist, try again collier:/usr/src/linux# host 202.149.81.55 202.149.81.55 does not exist, try again This is a DNS problem that should be fixed. It might be causing some of your failures (see below). At 03:12 AM 1/21/02 GMT, GREGOR wrote: hi all, hi Bela I've tried your advice but there's still some problems. 1. secondary legal_IP of eth0 wasn't recognized by the outside world. the ping retruned request timed out but I could ping it from my internal network. inf=61 *is* ping'able from here, but mail=55 is *not (times out) 2. from my internal network I could open the web page of both the legal_ip1 and legal_ip2. but not from the outside. My browser returns home pages of both addresses: http://202.149.81.61/ = Teknik Informatika http://202.149.81.55/ = UAJYWebmail The text of neither home page is in English, so I can't really tell you more than that about them. The second one at least seems right, given the match to the uajy in the FQDNs. And the first says it is the Website of www.inf.uajy.ac.id, so it too is probably right (your domain, if not your actual host). 3. from both legal_ip1 and legal_ip2 I could send email to the outside world (eg. yahoo.com), but when I tried to reply, the mail didn't get delivered to the inbox, instead it bounched with comment sorry, I couldn't find host mail.uajy.ac.id and inf.uajy.ac.id The DNS problem (no reverse lookups) could be the cause of your mail failures. 4. I couldn't send email from legal_ip1 to legal_ip2 nor from legal_ip2 legal_ip1. How do these local mail sends fail? Can you telnet to port 25 on both addresses? If I try, I get different results: collier:/usr/src/linux# telnet 202.149.81.61 25 Trying 202.149.81.61... Connected to 202.149.81.61. Escape character is '^]'. 220 inf.uajy.ac.id ESMTP service ready [1] using MDaemon v3.0.4 R ò collier:/usr/src/linux# telnet 202.149.81.55 25 Trying 202.149.81.55... Connected to 202.149.81.55. Escape character is '^]'. [long wait] 220 mail.uajy.ac.id ESMTP 502 unimplemented (#5.5.1) 250 mail.uajy.ac.id HELO comarre.com 250 mail.uajy.ac.id RCPT From: [EMAIL PROTECTED] 503 MAIL first (#5.5.1) This says to me that (again, assuming I have the addresses right) there is something wrong with your MTA, since it (or something) is *listening* on 202.149.81.55:25 but not responding properly. by the way, am i the only one in this whole universe who ever want to do this *multi ip port forwarding* thing? and nobody else ever done this before? any suggestion will be very appreciated. I'm so desperate. this is harder than installing qmail. Given the differences between my results and yours, I can only suggest that you report the conditions of your tests more completely. -- Never tell me the odds!--- Ray Olszewski-- Han Solo Palo Alto, CA[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: Leaf-user digest, Vol 1 #567 - 11 msgs
At 20:06 20.01.2002 -0800, you wrote: Date: Mon, 21 Jan 2002 00:34:25 +0100 From: Ewald Wasscher [EMAIL PROTECTED] To: Tom Atwater [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Updating port forwarding with dynamic IP Tom Atwater wrote: snip There is a newer Dachstein-PPPoE package available here: http://leaf.sourceforge.net/devel/khadley/ The current problem I have is this: When Earthlink updates the dynamic IP, the LRP box does not update the port forwarding from address with the new dynamic IP. That's wierd. That means that the firewall rules aren't reloaded (or there is a bug in the firewall scripts). So the web and ssh servers are no longer accessible from the outside. If I reboot the LRP box, everything is fine, but that is a manual process, and naturally I want it to be automatic. I know what the LRP commands are to update the from IP for port forwarding: # Get new dynamic IP EXT_IP=`/sbin/ip addr show dev ppp0 | grep inet | cut -f2 -d' '` # Clear old port fwd entries /usr/sbin/ipmasqadm portfw -f # Add entries with new dynamic IP /usr/sbin/ipmasqadm portfw -n -a -P tcp -L dynamic_ip 22 192.168.1.200 22 /usr/sbin/ipmasqadm portfw -n -a -P tcp -L dynamic_ip 80 192.168.1.200 80 If you use the Eigerstein builtin firewall you should reload/restart the firewall like this: svi network ipfilter reload I don't know about Eiger...(actually there is no mountain called Eigerstein ;-) ) but on Dachstein this is normally done in the dhclient-exit-hooks, so it is automatic. Maybe you want to debug what your dhclient does when the address changes. Erich ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user