Re: [Leaf-user] [OT] graphics processing progs ???
Michael D. Schleif wrote: We have a customer that generates hundreds of images everyday, each of netpbm was the original. Imagemagik can use it to add to it's vast array of file types that it handles. Try out both. The netpbm maintainer is a nice guy. You're not going to do the conversion on the fileserver are you? Regards, Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] root user startup file.
[EMAIL PROTECTED] wrote: So, forgive for being a perpetual newbie. 1) I know there are startup files for each user, a generic startup file for any user (and probably more) but what are the file names and where are they located. Is there a howto for these? The user startup scripts are called .profile, and they are in the user's home directory, ie /root/.profile The system-wide login script is /etc/profile 2) I would also like to make some of my own little script files. I get tired of: mkdir /mnt/floppy mount -t msdos /dev/fd0 /mnt/floppy mkdir /mnt/flash mount -t msdos /dev/fla1 /mnt/flash Because ultimately, I will reboot to try some changes and then have to enter them again. Normally, I run without the floppy attached unless I need to experiment. So when I attach a floppy, I would like to issue a command to perform the mounting. Thanks all. Ok, here's how it's done in /etc/profile, to make a few aliases that help a lot! - #!/bin/sh # there's more stuff here I left out. # the aliases and the one shell function are the # only intersting parts for this post alias l='ls -l' alias ll='ls -al | more' alias cls='clear' alias msl='more /var/log/syslog' alias tsl='tail -f /var/log/syslog' alias m2='mount -t msdos /dev/fd1u1680 /mnt' alias mboot='mount -t msdos /dev/fd0u1680 /mnt' alias uboot='umount /mnt' alias vpf='vi /usr/local/bin/pfw' alias vpo='vi /usr/local/etc/popts' alias vpfu='vi /usr/local/etc/pfuncs' alias vpv='vi /usr/local/etc/pvars' help () { more /var/lib/lrpkg/${1}.help ;} In the above example, the aliases allow you to just type commands simply, ie. mboot Enter and the system will mount the floppy. The last example is the help() shell function I wrote. What that does is gives me a help command the same way I have an mboot command, but this one does more in that it handles command line arguments. ie. At the command prompt, I need to read the quick help on ssh. So I would type help ssh in order to launch the shell function help() with ssh as the first argument, $1. The shell function, help(), runs and executes the following command: more /var/lib/lrpkg/ssh.help Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: NFS mounting through Firewall
Lonnie Cumberland wrote: Hello Again After making some changes to the firewall and setting up the port- forwarding for sunrpc and nfs on udp packets, I am no longer getting an RPC time out but now just: mount: RPC: Unable to receive; errno = Connection refused on the client machine when I try to mount the directory. The client can been seen on the DNS as well as the server has the client IP in its hosts file. Any ideas from here? Cheers, Lonnie Connection refused can arise because a daemon isn't running, something isn't listening on the port, or the permissions are wrong somewhere. It's an indication that the connection to the authentication mechanism never occurred, iirc. Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP and DOC
Yes, I believe it has IDE in it. -Original Message- From: Patrick Nixon [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:20 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Leaf-user] LRP and DOC John, Does your Kernel have IDE/CDRom support in it, or is it just a modified floppy kernel? --Pat On Mon, 28 Jan 2002, Patrick Nixon wrote: John, Let me be the first to congratulate you on a fine procedure and excellent work in doing this! I now have my websurfer proo running without a hard drive! Next project will be PCMCIA for wireless support, then USB ethernet plugged ( I know this works already). Suggestion: On your dos boot, create an autoexec.bat that contains simply '@echo off' so it doesn't ask you for the date/time each time you boot. I had to go about it a bit differnetly since I didn't have a floppy drive, but the same basic steps worked for me. --Pat On Sun, 27 Jan 2002, John Mullan wrote: Patrick (and all): I have created a page to help you on your quest. Please go to my web page at: http://mullan.dns2go.com/ Click on the 'Internet' link on the left panel. Keep in mind that I still consider myself quite a 'beginner' with Linux. However, if your system is similar to mine (IBM clone type with DiskOnChip2000) then I think following my page will result in a working system. I included all files I used to get a working flash based router. I have followed all the advice and included the DOC.O module separate in my distribution (ie; not compiled into the kernal). I look forward to all comments (good and bad) so I may improve my first psuedo-HOWTO. Cheers, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Nixon Sent: Saturday, January 26, 2002 1:51 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: FW: [Leaf-user] LRP and DOC John, Congrats on getting this working. I'm currently spending most of my weekend attempting to get it working and like charles mentioned, I'm running into a 'insufficent low memory error'. How did you get around that? When I attempted to syslinux the DOC using 1.66 it whined about exclusive access. Perhaps you can do a small write up on the steps you took to complete it? Thanks, Patrick On Sat, 26 Jan 2002, John Mullan wrote: Sorry, forgot to leave the link for the file... http://mullan.dns2go.com/files/MullanStein.zip -Original Message- From: John Mullan [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 8:51 AM To: 'Charles Steinkuehler'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] LRP and DOC Charles FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. The board was purchased from ARISE computers, is a PIII 433mhz with DiskOnChip 2000 (80meg), 32meg RAM, Intel 82559 ethernet on board, and DE-538 in the only on-board PCI slot. Obviously this is over-kill for the job at hand, but since it was made available to me :) John PS: I like the WEBLET thing. First time for me and it's a nice feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, January 25, 2002 2:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP and DOC This results in an immediate 'boot fail' message. Note that I have tried minor:1 and minor:0 both with same result. Could there be a problem with the boot sector information? Does 'syslinux' work properly on D.O.C.? I don't know...I have yet to play with syslinux and DOC in an embedded environment. I did get a ZF Linux eval board with a DOC, but when I tried to run syslinux, I never got past the not enough low memory problem (but syslinux *was* running). I'm not sure how the other folks who have used DOC's boot their systems. I suppose you could always fall back to booting dos, and using ldlinux. I also think there are versions of lilo and grub that know how to boot from a DOC... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing
RE: [Leaf-user] serial console...
The DachStein kernels do not include serial console by default. At least the tiny ones. Check out Charles's website for more kernels. I'm sure you'll find one with serial support built-in. Just copy it to the floppy, provided that you have room. -Original Message- From: david goodrich [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 6:02 AM To: [EMAIL PROTECTED] Subject: [Leaf-user] serial console... I followed the Serial-HOWTO on lrp.steinkuehler.net and I'm still not getting console messages on my dachstein 1.0.2 floppy setup... however, from the boot logs... Jan 29 00:39:40 firewall kernel: Warning: unable to open an initial console. Jan 29 00:39:40 firewall kernel: Serial driver version 4.27 with MANY_PORTS MULTIPORT SHARE_IRQ enabled\ So to me it looks like it's trying to find a console, /then/ initializing the serial port. I start the serial port with the serial.o module referenced in /etc/modules ... is there a way of doing it so it initializes earlier in the boot process? Also... The weblet-cgi failed to respond when my logs-ramdisk filled... is there any way of automatically purging the logs when it fills the ramdisk? Thanks. -david ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP and DOC
Patrick, I do believe it has IDE support in the kernal. However, I don't use it. It kinda defeats the purpose of having DiskOnChip. John Patrick Nixon gart@starwolf To: John Mullan [EMAIL PROTECTED] .orgcc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [Leaf-user] LRP and DOC 01/28/02 09:19 PM John, Does your Kernel have IDE/CDRom support in it, or is it just a modified floppy kernel? --Pat On Mon, 28 Jan 2002, Patrick Nixon wrote: John, Let me be the first to congratulate you on a fine procedure and excellent work in doing this! I now have my websurfer proo running without a hard drive! Next project will be PCMCIA for wireless support, then USB ethernet plugged ( I know this works already). Suggestion: On your dos boot, create an autoexec.bat that contains simply '@echo off' so it doesn't ask you for the date/time each time you boot. I had to go about it a bit differnetly since I didn't have a floppy drive, but the same basic steps worked for me. --Pat On Sun, 27 Jan 2002, John Mullan wrote: Patrick (and all): I have created a page to help you on your quest. Please go to my web page at: http://mullan.dns2go.com/ Click on the 'Internet' link on the left panel. Keep in mind that I still consider myself quite a 'beginner' with Linux. However, if your system is similar to mine (IBM clone type with DiskOnChip2000) then I think following my page will result in a working system. I included all files I used to get a working flash based router. I have followed all the advice and included the DOC.O module separate in my distribution (ie; not compiled into the kernal). I look forward to all comments (good and bad) so I may improve my first psuedo-HOWTO. Cheers, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Nixon Sent: Saturday, January 26, 2002 1:51 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: FW: [Leaf-user] LRP and DOC John, Congrats on getting this working. I'm currently spending most of my weekend attempting to get it working and like charles mentioned, I'm running into a 'insufficent low memory error'. How did you get around that? When I attempted to syslinux the DOC using 1.66 it whined about exclusive access. Perhaps you can do a small write up on the steps you took to complete it? Thanks, Patrick On Sat, 26 Jan 2002, John Mullan wrote: Sorry, forgot to leave the link for the file... http://mullan.dns2go.com/files/MullanStein.zip -Original Message- From: John Mullan [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 8:51 AM To: 'Charles Steinkuehler'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] LRP and DOC Charles FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. The board was purchased from ARISE computers, is a PIII 433mhz with DiskOnChip 2000 (80meg), 32meg RAM, Intel 82559 ethernet on board, and DE-538 in the only on-board PCI slot. Obviously this is over-kill for the job at hand, but since it was made available to me :) John PS: I like the WEBLET thing. First time for me and it's a nice feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, January 25, 2002 2:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP and DOC This results in an immediate 'boot fail' message. Note that I have
[Leaf-user] re: root user startup file
Thanks Matthew. Just one other question though. Can I string multiple commands together inside one alias? John ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] IPTABLES modules question.
This is slightly off topic, I hope noone minds. I'm doing a little experimenting. I am unclear on something. /lib/iptables contains a BUNCH of modules. e.g libipt_DNAT.so libipt_LOG.so 1. Am I supposed to load those? 2.Does iptables load them as needed? If2. does it remove them periodically, that is could i improve performance by loading them? TIA ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] IPTABLES modules question.
Never mind. What a dumbbutt. I misread a sample script. gaaahhh! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Internal Network
Looking at the timestamps, I have BOX3-eth1 and BOX3-eth2 backwards. BOX3 is doing something wrong with the return traffic, and my guess is that its policy routing rule says to send ALL HTTP-related traffic to BOX1. If so, the rule should be to send all traffic with a DESTINATION port of 80 to BOX1, but route SOURCE 80 normally. Hope that helps, Jack On Mon, 28 Jan 2002, Jack Coates wrote: Well, here's what I've got so far -- I didn't get any sleep last night and need to go fix that, but here's a few questions and assumptions: SYN 192.168.10.3:2727 - eth1[BOX3]eth2 - eth1[BOX1]ppp0 NAT:62.234.0.234.61706 - www.monkeynoodle.org:80 packet goes into BOX3 06:34:16.517303 192.168.10.3.2727 66.1.155.123.80: S 1254467949:1254467949(0) win 16384 mss 1460,nop,nop,sackOK (DF) packet comes out of BOX3 06:34:16.517089 192.168.10.3.2727 66.1.155.123.80: S 1254467949:1254467949(0) win 16384 mss 1460,nop,nop,sackOK (DF) packet goes into BOX1 and gets NAT'd ASSUMPTION -- BOX1's clock is 15 seconds fast. packet comes out of BOX1 06:34:31.223667 62.234.0.234.61706 66.1.155.123.80: S 1254467949:1254467949(0) win 16384 mss 1460,nop,nop,sackOK (DF) 2/10ths of a second later... 192.168.10.3:2727 - eth1[BOX3]eth2 - eth1[BOX1]ppp0 NAT:62.234.0.234.61706 - www.monkeynoodle.org:80 ACK packet goes into BOX1 and gets NAT'd 06:34:31.443667 66.1.155.123.80 62.234.0.234.61706: S 3199824407:3199824407(0) ack 1254467950 win 5840 mss 1412,nop,nop,sackOK (DF) the BOX3-eth2 trace never shows packets coming back from the Internet, only leaving. ASSUMPTION: packet goes into BOX3 packet comes out of BOX3 06:34:16.747496 66.1.155.123.80 192.168.10.3.2727: S 3199824407:3199824407(0) ack 1254467950 win 5840 mss 1412,nop,nop,sackOK (DF) I'll finish up tomorrow night, but BOX3 ETH2 is a place to start looking. Jack On Mon, 28 Jan 2002, Reginald R. Richardson wrote: Ok Jack, talk to me know, have some info for you...i think we going to get it talk now, i think i see the problem, but the solution, i need you helping minds again... Attached you'll find tcpdump files of what's happening with these Routers overhere in Europe.. My understanding of the DUMP, is not up to par, but according to me this is what i see and assumed, but as always, u can correct if i'm wrong.. Workstation 192.168.10.3 is sending his HTTP (80) traffic to his default router Box3 (eth1) 192.168.10.254, and i can clearly see him forward it according the the CABLE rule (fwmark2) to Box1 (eth), so no problem there, after that short journey, i see Box1 (eth1) forwards it to the Internet via ppp0, so everybody happy there... No the Internet www.monkeynoodle.org kindly accepts this request, and for some reason or the other, decides to answer to this poor request coming from europe..as i check again, i can see PPP0 telling www.monkeynoodle.org, yes, yes..i sent u a request...so gimme my reply, and he kindly answers that reply, and forwards it to his next door neighbour (box1 eth1), no he feels good, that he gets his reply back, and being a good guy, he sends it back down the chain to BOX3 eth2, No box2 see this Port 80 packet coming in LOUD and clear...and kindly answers it with joy, to forward it back to the poor Workstation, that's waiting in vain for a reply, but eth2 has to send it via his neighbour, which is BOX3 eth1, which i can clearly see him doing. But wait just one sec there..(Houston, i think we have a problem), yepeth1 is either refusing to answer, or he's just not seeing this Port80 packet coming to him from eth1 ...TIMEOUT...RAIN CHECK. Now were here wondering WHAT the hell went wrong, is that, eth1 is angry with his neighbour eth2 and refuse to answer, or is it that he don't know the way back to send the packet back to the poor workstation (192.168.10.3). Now, help us (me, myself and I) out there, what is missing here...well i think you read my entire ip routes and ip tables etc, so u have enough info to see whaz wrong, if any more info is needed please let me know and i'll send it live and direct to you... attached u'll find tcpdumps, and somekind of ASCII netdiagram of HomeNet in Europestruggling to offer Mommy, Daddy and kids a descent internet connection.. BTW:i was looking at leaf for the ipcheck, but ain't find it...do u have a link for me... thnks for the help so far.. I think we going to get it work now.but this is PHASE I, Phase II to follow, that is PORT FORWARDING, had some problems with it, but will check it out again, after we have this running like a TRAIN Once again, thanks for your help and your ENERGY. I think i'll get this one working, i'm seeing the LIGHT, better than when i was trying it with 1BOX, and two, external interfaces... I HAVE A DREAM/HOPE, that it gonna work.. cheers Reggie On Sat, 26 Jan 2002 15:35:55 -0800 (PST), Jack Coates wrote:
Re: [Leaf-user] DCD, ipsec, gateways road warriors ???
So, we blew away that wins server and put samba (nmb-207.lrp) on each gateway. It's taken some tweaking and reading man smb.conf http://us6.samba.org/samba/docs/man/smb.conf.5.html. Still, windoze functionality is severely lacking across the wan! Do the samba servers need to communicate with each other? If so, the DCD gateways cannot ping each other, because they are concurrent with the gateway itself -- although, from anywhere else on the remote network, we can ping the opposite gateway by private address. This is a routing issue. The VPN connects the two private IP LAN's. Default traffic sent between the two VPN gateways will use a source IP of the primary external interface, so the gateway-gateway packets don't match your subnet-subnet tunnel. You can either build a gateway-gateway tunnel for the samba traffic, or possibly send the gateway-gateway traffic through the existing subnet-subnet tunnel via advanced routing. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] re: root user startup file
Thank you Jeff. Still one more question (always questions) What directory would the scripts be put into? Is there a DOS equivilent of a PATH that is searched? John Jeff Newmiller [EMAIL PROTECTED] To: [EMAIL PROTECTED] vis.ca.us cc: [EMAIL PROTECTED] Sent by: Jeff Subject: Re: [Leaf-user] re: root user startup file Newmiller jdnewmil@pvusa. localnet 01/29/02 11:11 AM On Tue, 29 Jan 2002 [EMAIL PROTECTED] wrote: Thanks Matthew. Just one other question though. Can I string multiple commands together inside one alias? Sort of. It is usually clearer to make a script if you have more than one or two commands, but you can use quotes if you want: alias test='ls ; ls' --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Internal Network
Jack, what u say makes lots of sense to me, i do have it set that all HTTP traffic be sent to box1 via eth2(box3) Well, with my limited amount of linux experience, i need some help on the commands of getting done what u suggested and that is: the rule should be to send all traffic with a DESTINATION port of 80 to BOX1, but route SOURCE 80 normally Below is my ip ru listing, with the fwmark of 2 for HTTP (port 80), which is then routed to 192.168.1.6(box1) via dev eth2 (box3) All i need is a simple how-to, one the command line for my ip route for the TABLE Cable as u can see below it's only just routing all traffic to 192.168.1.6 via dev eth2 thnks ip ru ls 0: from all lookup local 32764: from all fwmark 1 lookup adsl 32765: from all fwmark 2 lookup cable 32766: from all lookup main 32767: from all lookup default # ip ro ls table cable default via 192.168.1.6 dev eth2 # ipchains Chain input (policy ACCEPT: 100740 packets, 8739050 bytes): prot opt tosa tosx ifname mark outsize source destination ports tcp -- 0xFF 0x00 * 0x2 192.168.10.0/24 0.0.0.0/0 *- 80 udp -- 0xFF 0x00 * 0x2 192.168.10.0/24 0.0.0.0/0 *- 80 Chain forward (policy ACCEPT: 75921 packets, 6589166 bytes): Chain output (policy ACCEPT: 95403 packets, 8331173 bytes): On Tue, 29 Jan 2002 07:11:07 -0800 (PST), Jack Coates wrote: Looking at the timestamps, I have BOX3-eth1 and BOX3-eth2 backwards. BOX3 is doing something wrong with the return traffic, and my guess is that its policy routing rule says to send ALL HTTP-related traffic to BOX1. If so, the rule should be to send all traffic with a DESTINATION port of 80 to BOX1, but route SOURCE 80 normally. Hope that helps, Jack On Mon, 28 Jan 2002, Jack Coates wrote: Well, here's what I've got so far -- I didn't get any sleep last night and need to go fix that, but here's a few questions and assumptions: SYN 192.168.10.3:2727 - eth1[BOX3]eth2 - eth1[BOX1]ppp0 NAT:62.234.0.234.61706 - www.monkeynoodle.org:80 packet goes into BOX3 06:34:16.517303 192.168.10.3.2727 66.1.155.123.80: S 1254467949:1254467949(0) win 16384 mss 1460,nop,nop,sackOK (DF) packet comes out of BOX3 06:34:16.517089 192.168.10.3.2727 66.1.155.123.80: S 1254467949:1254467949(0) win 16384 mss 1460,nop,nop,sackOK (DF) packet goes into BOX1 and gets NAT'd ASSUMPTION -- BOX1's clock is 15 seconds fast. packet comes out of BOX1 06:34:31.223667 62.234.0.234.61706 66.1.155.123.80: S 1254467949:1254467949(0) win 16384 mss 1460,nop,nop,sackOK (DF) 2/10ths of a second later... 192.168.10.3:2727 - eth1[BOX3]eth2 - eth1[BOX1]ppp0 NAT:62.234.0.234.61706 - www.monkeynoodle.org:80 ACK packet goes into BOX1 and gets NAT'd 06:34:31.443667 66.1.155.123.80 62.234.0.234.61706: S 3199824407:3199824407(0) ack 1254467950 win 5840 mss 1412,nop,nop,sackOK (DF) the BOX3-eth2 trace never shows packets coming back from the Internet, only leaving. ASSUMPTION: packet goes into BOX3 packet comes out of BOX3 06:34:16.747496 66.1.155.123.80 192.168.10.3.2727: S 3199824407:3199824407(0) ack 1254467950 win 5840 mss 1412,nop,nop,sackOK (DF) I'll finish up tomorrow night, but BOX3 ETH2 is a place to start looking. Jack On Mon, 28 Jan 2002, Reginald R. Richardson wrote: Ok Jack, talk to me know, have some info for you...i think we going to get it talk now, i think i see the problem, but the solution, i need you helping minds again... Attached you'll find tcpdump files of what's happening with these Routers overhere in Europe.. My understanding of the DUMP, is not up to par, but according to me this is what i see and assumed, but as always, u can correct if i'm wrong.. Workstation 192.168.10.3 is sending his HTTP (80) traffic to his default router Box3 (eth1) 192.168.10.254, and i can clearly see him forward it according the the CABLE rule (fwmark2) to Box1 (eth), so no problem there, after that short journey, i see Box1 (eth1) forwards it to the Internet via ppp0, so everybody happy there... No the Internet www.monkeynoodle.org kindly accepts this request, and for some reason or the other, decides to answer to this poor request coming from europe..as i check again, i can see PPP0 telling www.monkeynoodle.org, yes, yes..i sent u a request...so gimme my reply, and he kindly answers that reply, and forwards it to his next door neighbour (box1 eth1), no he feels good, that he gets his reply back, and being a good guy, he sends it back down the chain to BOX3 eth2, No box2 see this Port 80 packet coming in LOUD and clear...and kindly answers it with joy, to forward it back to the poor Workstation, that's waiting in vain for a reply, but eth2 has to send it via his neighbour, which is BOX3 eth1, which i can clearly see him doing. But wait just one sec there..(Houston, i think we have a problem), yepeth1 is either refusing to answer, or he's just not seeing this Port80 packet coming to
RE: [Leaf-user] Firewall setup Questions, Newbie
I need to setup a firewall for my office. There is already a router/gateway box but we dont have access to it in order to put a firewall on. I would like to use a LEAF box as a firewall directly behind the router. Is You should provide lots more information about your existing setup. I'll focus on DHCP. Does the DHCP server live behind the existing router/gateway? Does the office network use real, routable IPs or private ones? it possible to set one of the LRP dists up as a firewall only? DHCP is already setup on another machine and I cannot start changing the IP's of the office computers. There I don't understand. DHCP provides dynamic IPs, so the office computers may be changing IPs willy-nilly. DHCP clients are agnostic about the source of their DHCP services. In fact, they broadcast requests for those services to all (255.255.255.255). If one of the machines on your side of the router is providing DHCP service, the LEAF box could replace that DHCP server, or not, as you wish. If the DHCP server will be outside the router and LEAF boxes, you can use dhcrelay to pass DHCP requests and responses to the DHCP server. I can provide a copy of dhcrelay.lrp if you like, but you have bigger questions to answer before that package would be of any use to you. isn't much mention of setting up a firewall solely in the documentation that I have seen, is there an example of what needs to be configured for a LRP dist? Any help is greatly appreciated, Cheers, Brian -Richard - Apologies, I'll be clearer. All the machines reside behind router.The DHCP box assigns real routable IP's. There are also several machines with set IP's in the same range which cannot change. The LEAF box could do the DHCP job but I'd prefer to leave the current machine as is. What I'm looking to do is put the LEAF box immediatly behind the router/gateway and infront of all machines in the network. As the gateway is already set up and DHCP is taken care of I just need to configure a LEAF to be a transparent firewall. Thanks again. Brian. *** ADVERTISEMENT ** For ALL the latest Soccer news on your club, GAA sports results and the latest on your F1 stars plus much more check out http://sport.iol.ie/sport. Sport On-Line It's a passion ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] re: root user startup file
[EMAIL PROTECTED] wrote: Thanks Matthew. Just one other question though. Can I string multiple commands together inside one alias? John Sure, here's what I do on a different system: -- cddev() { cd /home/matthew/Uber/Dev; pwd ;} mcd1() { mount -F cdfs -r /dev/cdrom/cdrom1 /mnt echo Cd mounted.\n ;} uboot() { umount /mnt ;} fwho() { cls; ftpwho ;} xpcp() { cd /usr/lib/powerchute; /usr/lib/powerchute/xpowerchute ;} -- Now the last command is useful because the program xpowerchute require the user be in the directory for it to execute properly. But the downside of that shell function is that, once you exit xpowerchute, you'll be left in /usr/lib/powerchute, not where you originally called xpcp from. That can be frustrating to have your aliases bounce you around the filesystems. So in case you want to return to the original directory you called xpcp from, you could write the shell function like this: xpcp() { ( cd /usr/lib/powerchute; /usr/lib/powerchute/xpowerchute ) ;} or like this, which is more often seen: xpcp() { ( cd /usr/lib/powerchute /usr/lib/powerchute/xpowerchute ) echo Program completed pwd } What directory would the scripts be put into? Is there a DOS equivilent of a PATH that is searched? These aliases and shell functions come from my /etc/profile. They are written in that file, which gets executed for every user, when the user logs in. If you want the aliases and shell functions to be executed only for user root, then put them into /root/.profile, which is often written in shorthand notation as ~/.profile, where the ~ means the user's home directory or as $HOME/.profile. Are you with me so far? These aliases and shell functions that are in one of those files get executed as I mentioned at login time. Once those get executed, they are stored in the shells memory and are accessible no matter what your $PATH is set as. They become built-in, To list your built in variables, like PATH, use set To list your built in aliases, use alias To list your built in shell functions your are supposed to be able to use set, but that doesn't work on Oxygen, so, if you know the name of a command that's a shell function and you want to see how it's defined, you use type help and that would look like this: # type help help is a function help() { more /var/lib/lrpkg/${1}.help } It took me a bit to learn all those tricks. I hope you like them. Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] pppoe and dyndns
I have a friend who uses DCD 1.02 on a pppoe connection. I have a static so I can't test out pppoe. I have spent some time on the phone trying to help him trouble shoot. I had him put svi network ipfilter reload in the /etc/ppp/ip-up to make sure his port forwards are updated after his external ip changes. He has a dyndns account and ez-ipupdate which is properly configured. It works correctly from a cold boot but does not update the dns service when the isp changes the external ip. Is there a script to put in /etc/ppp/ip-up or will this work? svi network ipfilter reload svi ez-ipupdate stop svi ez-ipupdate start Comments from pppoe user solicited. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] hn.org and domain names
This is a bit off topic but I'm desperate for some help. I finally purchased a domain name through godaddy.com, ronin-tech.com (recommended at hn.org). I then created a vanity and virtual domain mapping acount at hn.org. hn.org gave me delegated servers which I entered at godaddy.com (ns1.hn.org and aux1.hn.org). When I log into my account at godaddy it shows these two machines as the name servers. I am hoping to use HN's services to map my domain to my dynamic ip-address (see http://hn.org/www/overview/virtual/). 3 weeks later I still cannot get it to work. For some reason my domain is still parked at hn.org's park server: 64.71.163.52. If I run the dig tool at hn.org (http://hn.org/www/tools/dig.cgi) with the ns1.hn.org as the server, ronin-tech.com as the host and Type A, I get the following: ; DiG 8.3 @64.71.163.40 A ronin-tech.com ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUERY SECTION: ;; ronin-tech.com, type = A, class = IN ;; ANSWER SECTION: ronin-tech.com. 4H IN A 64.71.163.52 ;; AUTHORITY SECTION: ronin-tech.com. 1D IN NSns1.hn.org. ronin-tech.com. 1D IN NSaux1.hn.org. ;; ADDITIONAL SECTION: ns1.hn.org. 10M IN A64.71.163.40 aux1.hn.org.10M IN A64.71.163.43 ;; Total query time: 0 msec ;; FROM: phobos.hufftown.com to SERVER: 64.71.163.40 ;; WHEN: Tue Jan 29 19:39:45 2002 ;; MSG SIZE sent: 32 rcvd: 123 Does anyone have an idea as to what is happening here? I think its something to do with the ANSWER SECTION showing hn's park server. I've no idea how that is supposed to change. I've been looking for an email address at hn.org to ask them but cannot find any contact info. Any help would be greatly appreciated. Cheers, Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ip filtering
This is something of an odd request, but here goes... I'm a college student, and use my dachstein 1.0.2 floppy firewall to keep my servers away from all the hacktivity on the local net... I forward the necessary services to my servers, easy enough. But here's the deal: my floor wants to put on a game tournament to raise money, and we want to make sure that nobody else gets to the game server except ip's that have paid the entry fee. I tried using [from /etc/network.conf] EXTERN_TCP_PORT4=[ip of paid-for user]/32 27015 EXTERN_TCP_PORT5=[another paid-for ip]/32 27015 [and so on and so forth] and then pointed to the port 27015 server with [from /etc/network.conf] INTERN_SERVERS=... tcp_${EXTERN_IP}_27015_192.168.1.11_27015 ... but that only works for the EXTERN_TCP_PORTx ip with the highest x-value (only the last referenced ip address can get in, none of the others)... i'd like to allow only the ip addresses in the list to access port 27015, and it's not just a subnet.. it will be a list of (essentially) random ip addresses. I think maybe ipchains can do it, but I'm extremely new to this whole lrp game. Thanks for your help. You're on the right track...what you list above ought to work (assuming your EXTERN_TCP_PORTx settings start with x=zero and increment with no missing numbers). Can you provide the output of net ipfilter list? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ip filtering
Hm... it seems to be working now. I had them not-in-sequence (i.e. 0,3,4,5 were rules, but 12 forwarded other things... I put the rules in sequential order and it seemed to work. Odd. Well, thanks for the help :] -david -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 7:04 PM To: david goodrich; [EMAIL PROTECTED] Subject: Re: [Leaf-user] ip filtering This is something of an odd request, but here goes... I'm a college student, and use my dachstein 1.0.2 floppy firewall to keep my servers away from all the hacktivity on the local net... I forward the necessary services to my servers, easy enough. But here's the deal: my floor wants to put on a game tournament to raise money, and we want to make sure that nobody else gets to the game server except ip's that have paid the entry fee. I tried using [from /etc/network.conf] EXTERN_TCP_PORT4=[ip of paid-for user]/32 27015 EXTERN_TCP_PORT5=[another paid-for ip]/32 27015 [and so on and so forth] and then pointed to the port 27015 server with [from /etc/network.conf] INTERN_SERVERS=... tcp_${EXTERN_IP}_27015_192.168.1.11_27015 ... but that only works for the EXTERN_TCP_PORTx ip with the highest x-value (only the last referenced ip address can get in, none of the others)... i'd like to allow only the ip addresses in the list to access port 27015, and it's not just a subnet.. it will be a list of (essentially) random ip addresses. I think maybe ipchains can do it, but I'm extremely new to this whole lrp game. Thanks for your help. You're on the right track...what you list above ought to work (assuming your EXTERN_TCP_PORTx settings start with x=zero and increment with no missing numbers). Can you provide the output of net ipfilter list? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Filtering (URL) text.
It is probably beyond my scope at the present time, however, is there a way to stop a URL at the door by the text? I'm getting rather sick of seeing other peoples Code Red virus attempting it's shenanegans on my web server. Clogs the logs (poet?). Any URL with 'root.exe' or 'cmd.exe' that just dies at the router would be fantastic. Thanks for any help. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* John Mullan - Technical Manager Ontario Lottery and Gaming Corporation Direct Gaming Distribution Center Personal: mailto:[EMAIL PROTECTED] Business: mailto:[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] One Code Red idea
I found this out there, sounds reasonable but I use OmniHTTPd and don't know if there is a rewrite plugin for it (yet). http://www.linuxchimp.com/stories.php?story=64 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* John Mullan - Technical Manager Ontario Lottery and Gaming Corporation Direct Gaming Distribution Center Personal: mailto:[EMAIL PROTECTED] Business: mailto:[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Another Code Red idea
Perhaps this one is a good as well. http://www.omnilist.org/NIMDAPROOF.pdf *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* John Mullan - Technical Manager Ontario Lottery and Gaming Corporation Direct Gaming Distribution Center Personal: mailto:[EMAIL PROTECTED] Business: mailto:[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: NFS mounting through Firewall
David B. Cook wrote: Would NFS tunneled through SSH be acceptable? dbc. It seems to me like this could be a very interesting solution the only thing bugging me with this is the dynamically assigned nature of some of the ports apparently used by NFS... I haven't played with this (ie tunneling with SSH (at least, not yet)) but doesn't this require per-port redirection? If so, let's say that a protocol has a possibility of using close to 50 ports wouldn't you have to tunnel them more or less separatly (or would you only crypt port 111 and 2049???)... Wouldn't it be a lot better in this case to use a VPN (for which a package is available for Dachstein I believe...)? Is this only to exchange files once in a while if so you could probably transfer them using SCP... (since this actually uses ssh this would actually take care of encryption authentication better than what could be done with NFS). Even when pcs are connected to the same switch/hubs NFS seems to have more than its share of problems (it's reliability when used with MTAs comes to mind...) so I'm far from convinced (security issues aside) that this is a good way to exchange files over the Net... But, nonetheless, SSH does appear to be an interesting solution... If it does work as I believe it does you could actually remap the NFS ports (the ones which don't change, 111 2049) to other ports actually encrypt the data at the same time... Would I actually use it? Yeah, possibly, if I had no better option... But this is all just MHO the standard disclaimers apply here... Have a nice day! Nick ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] hn.org and domain names
Paul Rimmer wrote: [snip] Does anyone have an idea as to what is happening here? I think its something to do with the ANSWER SECTION showing hn's park server. I've no idea how that is supposed to change. I've been looking for an email address at hn.org to ask them but cannot find any contact info. It's looks pretty clear that the new zone data you're trying to submit to hn.org is not getting placed onto ns1.hn.org, and when ns1.hn.org does zone updates to aux1, the updates also aren't any different. How are you going about submitting a new zone info file to hn.org? Matthew Any help would be greatly appreciated. Cheers, Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Filtering (URL) text.
On Tue, 29 Jan 2002, John Mullan wrote: It is probably beyond my scope at the present time, however, is there a way to stop a URL at the door by the text? I'm getting rather sick of seeing other peoples Code Red virus attempting it's shenanegans on my web server. Clogs the logs (poet?). Any URL with 'root.exe' or 'cmd.exe' that just dies at the router would be fantastic. Thanks for any help. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* John Mullan - Technical Manager Ontario Lottery and Gaming Corporation Direct Gaming Distribution Center Personal: mailto:[EMAIL PROTECTED] Business: mailto:[EMAIL PROTECTED] Sorry, no good way to do that since LEAF doesn't look into the packet payload. If you have a web server I've written some de-worming tips at http://www.monkeynoodle.org/lrp/deworming.html and if you have an unused IP check out LaBrea at http://www.monkeynoodle.org/lrp/lrp/packages/net-utils -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] logging options for sshd 3.0p1
I need some help in trying to configure what gets logged when using sshd 3.0p1 An older version I used with ESB2 used to log connections, attempted connections and when a connection closed out or was terminated. This version I am using with DCD 1.0.2 only logs when a connection is made, not when it is terminated. I am sort of fearful that any attempts that are unsucessful (from outside my home network) are not being logged. I would like for it to perform the same logging functions that were present when I was using ESB2. Am I correct that I would edit /etc/ssh/sshd_config and add or modify the # Logging section? If so, would it be the LogLevel I should adjust or add something to that section? I have tried to find something on the www.openbsd.org site with the only luck being that the LogLevel could be changed, but with no explanation as to what each setting would do. On sort of a related note, what would be the procedure in updating 3.0p1 to 3.0.2p1? I tried to get into http://leaf.sourceforge.net/devel/jnilo as suggested by Jacques in a earlier msg but could not connect for some reason. Would I just replace my sshd and ssh modules and that is it? Sorry if I have missed any messages to the list and am asking something someone else has already covered, just made the recent installation of Mandrake (dual-boot for now ;( ) and have not been up to date with the mail list for a bit. TIA Steve ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] hn.org and domain names
It's looks pretty clear that the new zone data you're trying to submit to hn.org is not getting placed onto ns1.hn.org, and when ns1.hn.org does zone updates to aux1, the updates also aren't any different. How are you going about submitting a new zone info file to hn.org? The process was: 1) Purchase domain from godaddy.com with it defaulting to being parked at godaddy. 2) get an hn.org vanity and Virtual Domain Mappings account 3) get delegation servers from http://hn.org/ using ronin-tech.com. This returned: Delegation Information for ronin-tech.com. This domain should be delegated to: Primary DNS: ns1.hn.org / 64.71.163.40 (Mandatory Delegation) Auxiliary DNS: aux1.hn.org / 64.71.163.43 (Recommended Delegation) 4) Inform godaddy of the name servers to use for ronin-tech.com. This resulted in the following email: The modifications you requested for the domain RONIN-TECH.COM were successful. The nameservers for RONIN-TECH.COM are now: NS1.HN.ORG, AUX1.HN.ORG Changes may take 24-48 hours to be visible on the Internet. 5) Waited 5 days without doing anything. 6) In the hn.org vanity account HOLD THE PHONE It's amazing what clarity typing stuff in can do. Discovered that there was a login for the Virtual Domain Mappings account that I hadn't modified. Now it works. Sorry about the noise. Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
Thanks Mark and David D. I found out about the disk image formatting the hard way I guess. I also find out that once it is set up for 1.440 you really cant do much to change it. So I got some image files on the cd (oxygen) that were self contained and did not need to look for packages and services from the cd. Those images were formatted to 1.68M (actually when I look at the file size in windows explorer it says 1.62M max). They do work fine. And in order to back up any config changes that I make I load the cd first and let it back up on on the floppy. It makes things a lot quicker since the cd has a nice interface. Hope that may help someone out there. Moving on...One more thing (contribution) I have to say is that for anyone using the 3com905 nics they should look for the module 3c59x.o instead of the 3c905.o for their cards. It does not seems intuitive but I read and tried it and my oxygen box does sees both my network cards now. the new technical/philosophical issue is that: on my oxygen box I gave the eth0 card the IP address of one machine (A) and I assigned a picked IP address to the eth1 card that goes to the hub. this hub is supposed to serve many internal machines that will use the router as their port to the internet. since the original machine (A) had a fixed IP, I did not enable dhcp on the router. So I am thinking that I should pick and choose the ip address of the machines behind the router myself. Does that sound right? I will do some more research and fill you all up. Regards, -M From: Mark Plowman [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question Date: Sun, 27 Jan 2002 11:18:26 +0100 (CET) malik, From: malik menzong [EMAIL PROTECTED] Date: Sun, 27 Jan 2002 04:26:23 + snip 1)Once Im at the root I am prompted to choose b/w some options to configure the router. I found out how I can change and move out of each file that is presented to me, but when trying to save it (back up) it comes with the following error end_request, I/O error dev 02:2c(floppy), sector 19 end_request, I/O error dev 02:2c(floppy), sector 20 At first I thought it was a bad floppy but when I tried some brand new disk the error persisted and nothing got copied. Does that sound like a common thing? Is it the disk? should I make a image file from the cd first? A normal 1.4 M Bytes floppy has 18 sectors per side. Seeing mention of sectors 19 and 20 in the error message, it's probable that you forgot to format the floppy for 1.68 M Bytes (20 sectors per side) Can't help about the rest I am afraid. Greetings Mark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: hn.org and domain names
Hi Paul At 20:58 29.01.2002 -0800, you wrote: Message: 5 From: Paul Rimmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Tue, 29 Jan 2002 17:58:16 -0700 Subject: [Leaf-user] hn.org and domain names This is a bit off topic but I'm desperate for some help. I finally purchased a domain name through godaddy.com, ronin-tech.com (recommended at hn.org). I then created a vanity and virtual domain mapping acount at hn.org. hn.org gave me delegated servers which I entered at godaddy.com (ns1.hn.org and aux1.hn.org). When I log into my account at godaddy it shows these two machines as the name servers. I am hoping to use HN's services to map my domain to my dynamic ip-address (see http://hn.org/www/overview/virtual/). If I understand that correctly then they only provide vanity dynamic dns which means your ronin-tech.com entry would need to be spelled something like bash-2.03$ nslookup ronin-tech.hn.org Server: sunix Address: 10.10.0.10 Non-authoritative answer: Name:ronin-tech.hn.org Address: 24.67.74.14 Maybe that is what you are looking for. Ror REAL dynamic DNS you may have a look at zoneedit.com. They provide dynamic DNS with your real domain name. regards Erich ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user